我正在学习Yii并且我正在尝试开发RBAC现在的问题是我已经创建了角色等等通过shell执行该脚本我已经有数据库表并且角色和所有内容都被填充。现在我不知道为什么,但
if(Yii::app()->user->checkAccess('admin'))
echo 'Admin';
else
echo 'No Admin';
总是返回没有管理员。我想要做的是根据用户类型显示不同的菜单,即管理员,读者或经理等等。但这失败了。
我也在这里附上我的角色作业
<?php
class RbacCommand extends CConsoleCommand
{
private $_authManager;
public function getHelp()
{return <<<EOD
USAGE
rbac
DESCRIPTION
This command generates an initial RBAC authorization hierarchy.
EOD;
}
/**
* Execute the action.
* @param array command line parameters specific for this command
*/
public function run($args)
{
echo "SHELLLLLLLLLL.\n";
//ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
if(($this->_authManager=Yii::app()->authManager)===null)
{
echo "Error: an authorization manager, named 'authManager'
must be configured to use this command.\n";
echo "If you already added 'authManager' component in
application configuration,\n";
echo "please quit and re-enter the yiic shell.\n";
return;
}
//provide the oportunity for the use to abort the request
echo "This command will create three roles: Admin, Manager, and Reader and the following premissions:\n";
echo "create, read, update and delete Hotels\n";
echo "create, read, update and delete Items\n";
echo "create, read, update and delete Users\n";
echo "create, read, update and delete Category\n";
echo "Would you like to continue? [Yes|No] ";
//check the input from the user and continue if they indicated yes to the above question
if(!strncasecmp(trim(fgets(STDIN)),'y',1))
{
//first we need to remove all operations, roles, child relationship and assignments
$this->_authManager->clearAll();
//create the lowest level operations for users
$this->_authManager->createOperation("createUser","create a new user");
$this->_authManager->createOperation("readUser","read user profile information");
$this->_authManager->createOperation("updateUser","update a users information");
$this->_authManager->createOperation("deleteUser","remove a user from a Hotel");
////create the lowest level operations for projects
$this->_authManager->createOperation("createHotel","create a new Hotel");
$this->_authManager->createOperation("readHotel","read Hotel information");
$this->_authManager->createOperation("updateHotel","update Hotel information");
$this->_authManager->createOperation("deleteHotel","delete a Hotel");
////create the lowest level operations for Category
$this->_authManager->createOperation("createCategory","create a new Item");
$this->_authManager->createOperation("readCategory","read Item information");
$this->_authManager->createOperation("updateCategory","update Item information");
$this->_authManager->createOperation("deleteCategory","delete an Item from a Hotel");
////create the lowest level operations for issues
$this->_authManager->createOperation("createItem","create a new Item");
$this->_authManager->createOperation("readItem","read Item information");
$this->_authManager->createOperation("updateItem","update Item information");
$this->_authManager->createOperation("deleteItem","delete an Item from a Category");
////create the reader role and add the appropriate permissions as children to this role
$role=$this->_authManager->createRole("reader");
$role->addChild("readUser");
$role->addChild("readHotel");
$role->addChild("readCategory");
$role->addChild("readItem");
$role->addChild("createUser");
////create the member role, and add the appropriate permissions, as well as the reader role itself, as children
$role=$this->_authManager->createRole("manager");
$role->addChild("readUser");
$role->addChild("readHotel");
$role->addChild("readCategory");
$role->addChild("readItem");
$role->addChild("createHotel");
$role->addChild("createCategory");
$role->addChild("createItem");
$role->addChild("updateHotel");
$role->addChild("updateCategory");
$role->addChild("updateItem");
$role->addChild("deleteHotel");
$role->addChild("deleteCategory");
$role->addChild("deleteItem");
////create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children
$role=$this->_authManager->createRole("admin");
$role->addChild("reader");
$role->addChild("manager");
$role->addChild("createUser");
$role->addChild("updateUser");
$role->addChild("deleteUser");
echo 'Making Afnan admin';
$this->_authManager->assign('admin','3');
echo 'Making Riaz Manager';
$this->_authManager->assign('manager','2');
echo 'Sucess';
//provide a message indicating success
echo "Authorization hierarchy successfully generated.";
}
}
}
?>
答案 0 :(得分:7)
因为检查访问方法会根据用户ID进行检查,并且如果您的用户身份中没有getId()函数,那么它只会返回名称来代替id,这将导致发送错误
答案 1 :(得分:1)
我正在尝试实施orn RBAC系统,一切似乎都有效,但我遇到的唯一问题是checkAccess无法正常工作。然后我将我的UserIdentity类更改为以下,它开始工作。
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
{
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('title', $record->username);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}