1

这是我的 bjyauthorize.global.php 内容

<?php

return array(
'bjyauthorize' => array(

    // set the 'guest' role as default (must be defined in a role provider)
    // 'default_role' => 'guest',

    /* this module uses a meta-role that inherits from any roles that should
     * be applied to the active user. the identity provider tells us which
     * roles the "identity role" should inherit from.
     *
     * for ZfcUser, this will be your default identity provider
     */
    'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',

    /* If you only have a default role and an authenticated role, you can
     * use the 'AuthenticationIdentityProvider' to allow/restrict access
     * with the guards based on the state 'logged in' and 'not logged in'.
     */
      // 'default_role'       => 'guest',         // not authenticated
      // 'authenticated_role' => 'user',          // authenticated
      // 'identity_provider'  => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',


    /* role providers simply provide a list of roles that should be inserted
     * into the Zend\Acl instance. the module comes with two providers, one
     * to specify roles in a config file and one to load roles using a
     * Zend\Db adapter.
     */
    'role_providers' => array(

        /* here, 'guest' and 'user are defined as top-level roles, with
         * 'admin' inheriting from user
         */
        'BjyAuthorize\Provider\Role\Config' => array(
            'admin' => array(),
            'guest' => array()
        ),

        // this will load roles from the user_role table in a database
        // format: user_role(role_id(varchar), parent(varchar))
        'BjyAuthorize\Provider\Role\ZendDb' => array(
            'table'             => 'user_role',
            'role_id_field'     => 'roleId',
            'parent_role_field' => 'parent_id',
        ),

        // this will load roles from the 'BjyAuthorize\Provider\Role\Doctrine'
        // service
        // 'BjyAuthorize\Provider\Role\Doctrine' => array(),
    ),

    // resource providers provide a list of resources that will be tracked
    // in the ACL. like roles, they can be hierarchical
    'resource_providers' => array(
        // 'BjyAuthorize\Provider\Resource\Config' => array(
        //     'pants' => array(),
        // ),

        'BjyAuthorize\Provider\Resource\Config' => array(
            'Collections\Controller\CollectionsController' => array('admin'),
        ),
    ),

    /* rules can be specified here with the format:
     * array(roles (array), resource, [privilege (array|string), assertion])
     * assertions will be loaded using the service manager and must implement
     * Zend\Acl\Assertion\AssertionInterface.
     * *if you use assertions, define them using the service manager!*
     */
    'rule_providers' => array(
        'BjyAuthorize\Provider\Rule\Config' => array(
            'allow' => array(
                // allow guests and users (and admins, through inheritance)
                // the "wear" privilege on the resource "pants"
                // array(array('guest', 'user'), 'pants', 'wear')
                array(array('admin'), 'Collections\Controller\CollectionsController', 'index')
            ),

            // Don't mix allow/deny rules if you are using role inheritance.
            // There are some weird bugs.
            'deny' => array(
                // ...
                 // array(array('admin', 'guest'), 'collections', 'add')
            ),
        ),
    ),

    /* Currently, only controller and route guards exist
     *
     * Consider enabling either the controller or the route guard depending on your needs.
     */
    'guards' => array(
        /* If this guard is specified here (i.e. it is enabled), it will block
         * access to all controllers and actions unless they are specified here.
         * You may omit the 'action' index to allow access to the entire controller
         */
        'BjyAuthorize\Guard\Controller' => array(
            array('controller' => 'index', 'action' => 'index', 'roles' => array('admin','guest')),
            array('controller' => 'index', 'action' => 'stuff', 'roles' => array('admin')),
            array('controller' => 'Collections\Controller\CollectionsController', 'roles' => array('admin', 'guest')),

            // You can also specify an array of actions or an array of controllers (or both)
            // allow "guest" and "admin" to access actions "list" and "manage" on these "index",
            // "static" and "console" controllers
            // array(
            //     'controller' => array('index', 'static', 'console'),
            //     'action' => array('list', 'manage'),
            //     'roles' => array('guest', 'admin')
            // ),
            array('controller' => 'zfcuser', 'roles' => array('admin', 'guest')),
            // Below is the default index action used by the ZendSkeletonApplication
            array('controller' => 'Application\Controller\Index', 'roles' => array('guest', 'admin')),
        ),

        /* If this guard is specified here (i.e. it is enabled), it will block
         * access to all routes unless they are specified here.
         */
        'BjyAuthorize\Guard\Route' => array(
            array('route' => 'zfcuser', 'roles' => array('admin', 'guest')),
            array('route' => 'zfcuser/logout', 'roles' => array('admin', 'guest')),
            array('route' => 'zfcuser/login', 'roles' => array('admin', 'guest')),
            array('route' => 'zfcuser/register', 'roles' => array('guest', 'admin')),
            // Below is the default index action used by    the ZendSkeletonApplicationarray('route' => 'zfcuser/register', 'roles' => array('guest', 'admin')),
            array('route' => 'collections/index', 'roles' => array('guest', 'admin')),
            array('route' => 'home', 'roles' => array('guest', 'admin')),
        ),
    ),
),
);

我有一个这样的数据库结构:

--
-- Table structure for table `user`
--

CREATE TABLE IF NOT EXISTS `user` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) DEFAULT NULL,
`email` varchar(255) DEFAULT NULL,
`display_name` varchar(50) DEFAULT NULL,
`password` varchar(128) NOT NULL,
`state` smallint(5) unsigned DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=7 ;

--
-- Dumping data for table `user`
--

INSERT INTO `user` (`id`, `username`, `email`, `display_name`, `password`, `state`) VALUES
(1, NULL, 'test@test.com', NULL, '$2y$14$fL.K0rieXO.kHsHfOogH8Oaf..C.1GsYqEB49A3Dmxy9ZiMhWHx7.', NULL);

-- --------------------------------------------------------

--
-- Table structure for table `user_role`
--

CREATE TABLE IF NOT EXISTS `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`roleId` varchar(255) NOT NULL,
`is_default` tinyint(1) NOT NULL,
`parent_id` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `user_role`
--

INSERT INTO `user_role` (`id`, `roleId`, `is_default`, `parent_id`) VALUES
(1, 'admin', 1, 'admin'),
(2, 'guest', 1, 'admin');

-- --------------------------------------------------------

-- 
-- Table structure for table `user_role_linker`
--

CREATE TABLE IF NOT EXISTS `user_role_linker` (
`user_id` int(11) unsigned NOT NULL,
`role_id` int(11) NOT NULL,
PRIMARY KEY (`user_id`,`role_id`),
KEY `role_id` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Dumping data for table `user_role_linker`
--

INSERT INTO `user_role_linker` (`user_id`, `role_id`) VALUES
(1, 1);

我已经根据这个问题修改了用户表的列。我已经修改了ZfcUser的映射器,用于 user_id 到 id。它工作正常,因为它没有显示任何错误。

即使没有任何错误,我在登录前访问的任何模块(/user 和 /collections)除了登录页面(zfcuser/login)外,总是得到“403 Forbidden”。

我对 user_role_linker 表的数据有疑问。我没有找到适当的文档来为BjyAuth 库中的 user_role 表输入角色数据。建议我在配置文件或数据库表中是否有任何错误配置或其他任何此处未提及的内容。

4

2 回答 2

1

user_role_linker桌子的问题,领域role_id应该是varchar那么int。我遇到过同样的问题。检查以下转储以获取示例数据。

CREATE TABLE IF NOT EXISTS `user_role_linker` (
`user_id` int(11) unsigned NOT NULL,
`role_id` varchar(128) NOT NULL,
 PRIMARY KEY (`user_id`,`role_id`),
 KEY `role_id` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
--   Dumping data for table `user_role_linker`
--

INSERT INTO `user_role_linker` (`user_id`, `role_id`) VALUES(1, 'admin');
于 2014-09-16T09:12:00.580 回答
0

您可能在不知道您是否正确设置了基础的情况下尝试做太多事情。不是一个完整的答案,但我会建议以下内容;

  • 安装 Zend Framework 开发工具 ( https://github.com/zendframework/ZendDeveloperTools ) 运行后,页面底部有一个工具栏,将告诉您当前拥有的角色。它对许多其他事情也很有用。假设您在登录时具有适当的角色,则一次只设置一名守卫。IE。你目前有“BjyAuthorize\Guard\Controller”和“BjyAuthorize\Guard\Route”设置

  • 您可以只运行其中一个或其他一个来启动,当您运行一个时,您可以测试另一个。只需删除或注释掉 bjyauthorize.global.php 中的相应部分即可。

请注意,行为是,如果您启用警卫,则所有未指定的内容都会被阻止。

在没有看到您的控制器和路由的情况下,我不知道上面的某些配置是否正确,但仔细检查路由名称并使用完全限定的控制器名称可能更安全,例如。代替

array('controller' => 'index',

尝试

array('controller' => 'YourModuleName\Controller\IndexController',

我希望这是一些帮助。

此外,如果你碰巧在某个时候最终使用了 Doctrine ORM,https://github.com/manuakasam/SamUser是一个很好的模块,可以轻松地将 BjyAuthorize、ZFcuser 和 Doctrine 结合在一起。

于 2013-08-19T23:22:17.643 回答