Beispiel #1
0
 /**
  * 检查用户是否有此操作权限
  *
  * @param string the name of the operation that need access check
  * @param mixed the user ID. This should can be either an integer and a string representing
  * the unique identifier of a user. See {@link IWebUser::getId}.
  * @param array name-value pairs that would be passed to biz rules associated
  * with the tasks and roles assigned to the user.
  * @return boolean whether the operations can be performed by the user.
  * @tudo 检查任务的bizrule
  */
 public function checkAccess($itemName, $userId = null, $params = array())
 {
     // 关闭RBAC验证模式时直接返回true
     if (!\Yii::$app->getModule('rbac')->rbacCheck) {
         return true;
     }
     if ($userId == null) {
         $userId = \Yii::$app->user->id;
         //当前用户
     }
     // 根据用户角色组合权限,判断是否有该权限。权限又分操作权限、数据权限、自定义权限。
     // 检查操作权限 先获取用户所有的操作项权限
     $authItems = RbacAuthitems::getUserOperationAuthItems($userId);
     // 如果授权数组为空或返回false,则返回false
     if (!is_array($authItems)) {
         return false;
     }
     $itemName = strtolower($itemName);
     foreach ($authItems as $k => $item) {
         if (strtolower($k) == $itemName) {
             $itemName = $k;
             break;
         }
     }
     if (isset($authItems[$itemName])) {
         return true;
     }
     return false;
 }
 public function actionCheckAuthitems()
 {
     $model = new models\RbacAuthitems();
     //检测此表权限的有效性
     $notExistAuthitems = $model->checkAuthitems();
     $actions = Yii::$app->request->post('actions');
     if ($actions) {
         //安全过滤 防止删除掉不应该删掉的权限
         $actions = array_intersect($actions, $notExistAuthitems);
         // 然后再通过actions name 来删除关系表中的数据
         if (models\RbacAuthitems::deleteAuthItemByNames($actions)) {
             //刷新总允许运行的权限缓存
             models\RbacAuthitems::getAllowedAccess(false);
         }
         $notExistAuthitems = array_diff($notExistAuthitems, $actions);
     }
     return $this->render('/rbac/authitems/checkAuthitems', ['model' => $model, 'notExistAuthitems' => $notExistAuthitems]);
 }
Beispiel #3
0
 public function actionUnAssignUser($user_id, $role_id)
 {
     if (preg_match('/^\\d+$/', $user_id) && preg_match('/^\\d+$/', $role_id)) {
         //删除用户角色的授权
         if (models\RbacUserRole::deleteUserRoles($user_id, [$role_id])) {
             // 更新用户权限缓存
             models\RbacAuthitems::getUserOperationAuthItems($user_id, false);
         }
     } else {
         throw new Exception('params is not safe!');
     }
     return $this->redirect(['/rbac/role/related', 'id' => $role_id]);
 }
 public function actionAssignItems($id)
 {
     $model = self::findModel($id);
     $items = Yii::$app->request->post('authItems');
     if (!is_array($items)) {
         throw new Exception('Invalid request.Params has Error. Please do not repeat this request again.');
     }
     // 安全过滤待授权的项目
     $authItems = models\RbacAuthitems::getCanAssignItems();
     $items = array_intersect($items, $authItems);
     if ($items && models\RbacTaskItems::assignItemsToTask($id, $items)) {
         echo '授权成功';
     } else {
         throw new Exception('授权失败');
     }
 }
 /**
  * The auth items that access is always  allowed. Configured in srbac module's
  * configuration
  * @return The always allowed auth items
  */
 protected function allowedAccess()
 {
     return RbacAuthitems::getAllowedAccess();
 }