/** * 检查用户是否有此操作权限 * * @param string the name of the operation that need access check * @param mixed the user ID. This should can be either an integer and a string representing * the unique identifier of a user. See {@link IWebUser::getId}. * @param array name-value pairs that would be passed to biz rules associated * with the tasks and roles assigned to the user. * @return boolean whether the operations can be performed by the user. * @tudo 检查任务的bizrule */ public function checkAccess($itemName, $userId = null, $params = array()) { // 关闭RBAC验证模式时直接返回true if (!\Yii::$app->getModule('rbac')->rbacCheck) { return true; } if ($userId == null) { $userId = \Yii::$app->user->id; //当前用户 } // 根据用户角色组合权限,判断是否有该权限。权限又分操作权限、数据权限、自定义权限。 // 检查操作权限 先获取用户所有的操作项权限 $authItems = RbacAuthitems::getUserOperationAuthItems($userId); // 如果授权数组为空或返回false,则返回false if (!is_array($authItems)) { return false; } $itemName = strtolower($itemName); foreach ($authItems as $k => $item) { if (strtolower($k) == $itemName) { $itemName = $k; break; } } if (isset($authItems[$itemName])) { return true; } return false; }
public function actionUnAssignUser($user_id, $role_id) { if (preg_match('/^\\d+$/', $user_id) && preg_match('/^\\d+$/', $role_id)) { //删除用户角色的授权 if (models\RbacUserRole::deleteUserRoles($user_id, [$role_id])) { // 更新用户权限缓存 models\RbacAuthitems::getUserOperationAuthItems($user_id, false); } } else { throw new Exception('params is not safe!'); } return $this->redirect(['/rbac/role/related', 'id' => $role_id]); }