<?php class TblPostController extends Controller{ /** * @return array 过滤器列表,会顺序执行 */ public function filters(){ return array('accessControl', // perform access control for CRUD operations); } /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules(){ return array( array('allow', //代表来宾用户 'actions'=>array('index','view'), 'users'=>array('*'), ), array('allow', //@代表有角色的 'actions'=>array('create','update'), 'users'=>array('@'), ), array('allow', //allow admin user to perform 'admin' and 'delete' 'actions'=>array('admin','delete'), 'users'=>array('admin'), ), array('deny', //*代表所有的用户 'users'=>array('*'), ), ); } } ?>
accessControl其实是CController下的方法,
<?php /** * The filter method for 'accessControl' filter. * This filter is a wrapper of {@link CAccessControlFilter}. * To use this filter, you must override {@link accessRules} method. * @param CFilterChain the filter chain that the filter is on. */ public function filterAccessControl($filterChain){ $filter=new CAccessControlFilter; $filter->setRules($this->accessRules()); $filter->filter($filterChain); } ?>
通过上面我们知道他调用的其实是CAccessControlFilter过滤器。查看手册,accessRules规则的全部说明是。
array( 'allow', // or 'deny' //设置哪个动作匹配此规则 'actions'=>array('edit', 'delete'), // 设置匹配的控制权 // This option is available since version 1.0.3. 'controllers'=>array('post', 'admin/user'), // 设置哪个用户匹配此规则 // Use * to represent all users, ? guest users, and @ authenticated users 'users'=>array('thomas', 'kevin'), // 设定哪个角色匹配此规则. 'roles'=>array('admin', 'editor'), // 指定哪个IP地址匹配这个规则 'ips'=>array('127.0.0.1'), // 指定那种请求方式匹配规则 'verbs'=>array('GET', 'POST'), // 设定一个PHP表达式。它的值用来表明这条规则是否适用。 //在表达式,你可以使用一个叫$user的变量,它代表的是Yii::app()->user。这个选项是在1.0.3版本里引入的。 'expression'=>'!$user->isGuest && $user->level==2', );
2、RBAC验证授权方式
1)在配置文件main.php中配置
authManager' => array( 'class' => 'CDbAuthManager', 'defaultRoles'=>array('guest'),//默认角色 'itemTable' => 'authitem',//认证项表名称 'itemChildTable' => 'authitemchild',//认证项父子关系 'assignmentTable' => 'authassignment',//认证项赋权关系 'connectionID'=>'db' ),
'authitem'这个三个表是yii默认的
2)在创建角色
$auth = Yii::app()->authManager; //创建动作 $auth->createOperation('index','日志列表'); $auth->createOperation('view','查看日志'); $auth->createOperation('create','添加日志'); $auth->createOperation('update','更新日志'); $auth->createOperation('delete','添加列表'); //创建角色 $role = $auth->createRole('admin'); $role->addChild('index'); $role->addChild('view'); $role->addChild('create'); $role->addChild('update'); $role->addChild('delete');