0

我有一个具有以下访问限制的控制器:

'access' => [
                'class' => AccessControl::className(),
                'only' => ['index', 'view', 'create', 'update', 'delete'],
                'rules' => [
                    [
                        'actions' => ['index', 'view'],
                        'allow' => true,
                        'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['create'],
                        'allow' => true,
                        'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['update'],
                        'allow' => true,
                        'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['delete'],
                        'allow' => true,
                        'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
                    ],
                ],
            ],

如何将 ' OR ' \Yii::$app->user->identity->isOwner() 添加到所有规则中?

我尝试使用这个变体:

            [
                'actions' => ['index', 'view'],
                'allow' => true,
                'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
                'matchCallback' => function ($rule, $action) {
                    return \Yii::$app->user->identity->isOwner();
                }
            ],

但是,在这种情况下,它将是 ' AND ' 并且不起作用。

我认为这个变体会起作用:

            'rules' => [
                [
                    'actions' => ['index', 'view', 'create', 'update', 'delete'],
                    'allow' => true,
                    'roles' => ['@'],
                    'matchCallback' => function ($rule, $action) {
                        if ($action == 'index') {
                           if (\Yii::$app->user->identity->isOwner() || \Yii::$app->user->can(RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY)) {
                              return true;
                          }
                        }

                        ... other actions

                    }
                ],

但也许有更好更简单的方法?

4

2 回答 2

1

您可以简单地在回调中添加规则:

'rules' => [
    [
        'actions' => ['index', 'view'],
        'allow' => true,
        'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['create'],
        'allow' => true,
        'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['update'],
        'allow' => true,
        'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['delete'],
        'allow' => true,
        'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['index', 'view', 'create', 'update', 'delete'],
        'allow' => true,
        'matchCallback' => function ($rule, $action) {
            return \Yii::$app->user->identity->isOwner();
        },
    ],
],
于 2017-09-15T06:58:27.997 回答
0

这应该工作

[
    'allow' => true,
    'roles' => ['owner'],
],
于 2017-09-14T20:44:33.943 回答