0

Yii2 基于角色的访问控制有问题。在通常的设置中,身份验证规则发生在当前用户的身份。就像在文档中写的一样。授权

就我而言,如何使用另一组模型设置授权(除了基本功能)。?这是我的设置。

auth_assignment[ item_name, user_id] 来自 rbac 迁移, user[ id] 来自 yii2 迁移。我创建了一个新表assignment[user_id相关userrec_id相关]。recognitionorganization

这就是场景。我有角色admin,,,organization-headmember如何检查organization-head, 或是否member属于他们自己的识别模块;不是来自其他组织负责人的其他模块?

我还使用了peixoto的上下文访问控制过滤器。

这是我的检查代码。RecognitionRule 检查是否存在与用户user_id身份相同的用户;并且account_id等于rec_id。第二个条件告诉他是否属于该组织

/**
 * Checks if ID matches user passed via params
 */
class RecognitionRule extends Rule
{
    public $name = 'isRecognition';

    /**
     * @param string|integer $user the user ID.
     * @param Item $item the role or permission that this rule is associated with
     * @param array $params parameters passed to ManagerInterface::checkAccess().
     * @return boolean a value indicating whether the rule permits the role or permission it is associated with.
     */
    public function execute($user, $item, $params)
    {
        if(isset($params['recognition'])){ //Directly specify the model you plan to use via param
            $model = $params['recognition']; 
        }else{ //Use the controller findModel method to get the model - this is what executes via the behaviour/rules
            $id = Yii::$app->request->get('id'); //Note, this is an assumption on your url structure. 
            $model = Yii::$app->controller->findModel($id); //Note, this only works if you change findModel to be a public function within the controller.
        }
        return \common\models\Assignment::find()->where(['rec_id' => $model->id, 'user_id' => $user])->exists();
    }
}

尽管如此,我还是不允许执行该操作。有什么线索吗?

4

1 回答 1

0

我得到了答案。我的答案基于AccessRule 行为和 rbac\Rule $params

RecognitionRule 的片段

/**
 * @param string|integer $user the user ID.
 * @param Item $item the role or permission that this rule is associated with
 * @param array $params parameters passed to ManagerInterface::checkAccess().
 * @return boolean a value indicating whether the rule permits the role or permission it is associated with.
 */
public function execute($user, $item, $params)
{
    if(isset($params['recognition'])){ //Directly specify the model you plan to use via param
        $model = $params['recognition']; 
    } else{ //Use the controller findModel method to get the model - this is what executes via the behaviour/rules
        $id = Yii::$app->request->get('id'); //Note, this is an assumption on your url structure.
    }

    return \common\models\Assignment::find()->where(['rec_id' => $id, 'user_id' => $user])->exists();
}
}
?>

识别控制器

                [
                    'class' => 'common\rbac\ContextAccessRule',
                    'modelClass' => 'frontend\models\recognition',
                    'allow' => true,
                    'actions' => ['view','update'],
                    'roles' => ['viewOwnRecognition', 'updateOwnRecognition'],
                ],
            ],
        ],
    ];
于 2015-07-23T12:32:11.240 回答