Shulou(Shulou.com)06/03 Report--

Editor to share with you the example analysis of the srbac permission extension module in Yii, I believe that most people do not know much about it, so share this article for your reference. I hope you will gain a lot after reading this article. Let's learn about it together.

The details are as follows:

1. Set permission rules table: can be placed in the module module configuration file

Public function init () {/ / Operation permission table, the following fields must exist: / / itemname role name / ID, / / type authorization project type / 1 (task) or 2 (role), / / bizrule permission / logical operation expression: false has permission to operate, / / data data / YII is temporarily unavailable Yii::app ()-> authManager- > itemTable = 'AuthItem' / / member group-permission corresponding table. The following fields must exist: / / child role / ID, / / parent parent role / ID. This table can be executed in a loop and can inherit Yii::app ()-> authManager- > itemChildTable = 'uthItemChild' at multiple levels. / / member-member group corresponding table. The member group can be the operation name directly. The following fields must exist: / / itemname role name / ID, / / userid user name / ID, / / bizrule permission / logical operation expression false is authorized to operate, / / data data / YII is not available for the time being Yii::app ()-> authManager- > assignmentTable = 'zd_mem_glog'

two。 Implementation rules, where the controller inherits the base class SBaseController, which was originally Controller

Class ProductController extends SBaseController {.} class SBaseController extends Controller {.}

3. SBaseController inherits the base class Controller, prefixed with beforeAction, to achieve permission verification.

Protected function beforeAction ($action) {/ / load the module delimiter $del = Helper::findModule ('srbac')-> delimeter; / / get the module name before $mod = $this- > module! = = null? $this- > module- > id. $del: "; $contrArr = explode (" / ", $this- > id); $contrArr [sizeof ($contrArr)-1] = ucfirst ($contrArr [sizeof ($contrArr)-1]); $controller = implode (". ", $contrArr); $controller = str_replace (" / ",.", $this- > id) / / generate static page module + separator + controller (capital letter) + method (capital letter) example: model-ControllerAction if (sizeof ($contrArr) = = 1) {$controller = ucfirst ($controller);} $access = $mod. $controller. Ucfirst ($this- > action- > id); / / verify whether the access page address is in the always allowed list. Return permission if (in_array ($access, $this- > allowedAccess ()) {return true;} / / verify whether SRBAC is installed, but not installed. The returned permission to access if (! Yii::app ()-> getModule ('srbac')-> isInstalled ()) {return true } / / verify whether SRBAC is enabled or not. The returned permission to access if (Yii::app ()-> getModule ('srbac')-> debug) {return true;} / / permission verification if (! Yii::app ()-> user- > checkAccess ($access) | | Yii::app ()-> user- > isGuest) {$this- > onUnauthorizedAccess ();} else {return true;}}

4. CDbAuthManager reads the current user role

Public function getAuthAssignments ($userId) {$rows=$this- > db- > createCommand ()-> select ()-> from ($this- > assignmentTable)-> where ('userid=:userid', array (': userid'= > $userId))-> queryAll (); $assignments=array (); foreach ($rows as $row) {if (($data=@unserialize ($row ['data'])) = = false) $data=null $assignments [$row ['itemname']] = new CAuthAssignment ($this,$row [' itemname'], $row ['userid'], $row [' bizrule'], $data);} return $assignments;}

5. CDbAuthManager reads the corresponding permissions for roles

Public function getAuthItem ($name) {$row=$this- > db- > createCommand ()-> select ()-> from ($this- > itemTable)-> where ('name=:name', array (': name'= > $name))-> queryRow (); if ($rowbacks created false) {if (($row ['data']) = = false) $data=null; return new CAuthItem ($this,$row [' name'], $row ['type'], $row [' description'], $row ['bizrule'], $data) } else return null;}

6. Corresponding operation of CDbAuthManager read permission

Protected function checkAccessRecursive ($itemName,$userId,$params,$assignments) {if (($item=$this- > getAuthItem ($itemName)) = null) return false; Yii::trace ('Checking permission "'. $item- > getName ().'", 'system.web.auth.CDbAuthManager'); if (! isset ($params [' userId'])) $params ['userId'] = $userId If ($this- > executeBizRule ($item- > getBizRule (), $params,$item- > getData ()) {if (in_array ($itemName,$this- > defaultRoles)) return true; if (isset ($assignments [$itemName])) {$assignment=$assignments [$itemName]; if ($this- > executeBizRule ($assignment- > getBizRule (), $params,$assignment- > getData ()) return true } $parents=$this- > db- > createCommand ()-> select ('parent')-> from ($this- > itemChildTable)-> where (' child=:name', array (': name'= > $itemName))-> queryColumn (); foreach ($parents as $parent) {if ($this- > checkAccessRecursive ($parent,$userId,$params,$assignments) return true;}} return false;}

7. CAuthManager authentication permissions

Public function executeBizRule ($bizRule,$params,$data) {return $bizRule==='' | | $bizRule===null | | ($this- > showErrors? Eval ($bizRule)! = 0: @ eval ($bizRule)! = 0;}

8. Always allow access rule settings

The above is all the contents of the article "sample Analysis of srbac permission extension Module in Yii". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.