Esempio n. 1
0
 /**
  * 检查用户是否有此操作权限
  *
  * @param string the name of the operation that need access check
  * @param mixed the user ID. This should can be either an integer and a string representing
  * the unique identifier of a user. See {@link IWebUser::getId}.
  * @param array name-value pairs that would be passed to biz rules associated
  * with the tasks and roles assigned to the user.
  * @return boolean whether the operations can be performed by the user.
  * @tudo 检查任务的bizrule
  */
 public function checkAccess($itemName, $userId = null, $params = array())
 {
     // 关闭RBAC验证模式时直接返回true
     if (!\Yii::$app->getModule('rbac')->rbacCheck) {
         return true;
     }
     if ($userId == null) {
         $userId = \Yii::$app->user->id;
         //当前用户
     }
     // 根据用户角色组合权限,判断是否有该权限。权限又分操作权限、数据权限、自定义权限。
     // 检查操作权限 先获取用户所有的操作项权限
     $authItems = RbacAuthitems::getUserOperationAuthItems($userId);
     // 如果授权数组为空或返回false,则返回false
     if (!is_array($authItems)) {
         return false;
     }
     $itemName = strtolower($itemName);
     foreach ($authItems as $k => $item) {
         if (strtolower($k) == $itemName) {
             $itemName = $k;
             break;
         }
     }
     if (isset($authItems[$itemName])) {
         return true;
     }
     return false;
 }
Esempio n. 2
0
 public function actionUnAssignUser($user_id, $role_id)
 {
     if (preg_match('/^\\d+$/', $user_id) && preg_match('/^\\d+$/', $role_id)) {
         //删除用户角色的授权
         if (models\RbacUserRole::deleteUserRoles($user_id, [$role_id])) {
             // 更新用户权限缓存
             models\RbacAuthitems::getUserOperationAuthItems($user_id, false);
         }
     } else {
         throw new Exception('params is not safe!');
     }
     return $this->redirect(['/rbac/role/related', 'id' => $role_id]);
 }