Note that the newly created role is not added to the RBAC system yet.
You must fill in the needed data and call ManagerInterface::add to add it to the system.
|
public createRole ( string $name ) : |
||
| $name | string | the role name |
| return | the new Role object | |
/**
* @param $userId
*/
public static function initAdminAuth($userId)
{
self::enSureAuthManager();
/**
* @param $data
* @param \yii\rbac\ManagerInterface $authManager
* @param null $parent
*/
function addItem($data, $authManager, $parent = null)
{
foreach ($data as $d) {
$item = $authManager->createPermission($d['action']);
$item->description = $d['name'];
$authManager->add($item);
$authManager->addChild($parent, $item);
if (isset($d['children'])) {
addItem($d['children'], $authManager, $item);
}
}
}
\App::me()->db->transaction(function () use($userId) {
self::cleanAll();
$role = self::$_authManager->createRole('admin');
$role->description = '超级管理员';
self::$_authManager->add($role);
addItem(self::all(), self::$_authManager, $role);
self::$_authManager->assign($role, $userId);
});
}
protected function prepareData()
{
$rule = new AuthorRule();
$this->auth->add($rule);
$createPost = $this->auth->createPermission('createPost');
$createPost->description = 'create a post';
$this->auth->add($createPost);
$readPost = $this->auth->createPermission('readPost');
$readPost->description = 'read a post';
$this->auth->add($readPost);
$updatePost = $this->auth->createPermission('updatePost');
$updatePost->description = 'update a post';
$updatePost->ruleName = $rule->name;
$this->auth->add($updatePost);
$updateAnyPost = $this->auth->createPermission('updateAnyPost');
$updateAnyPost->description = 'update any post';
$this->auth->add($updateAnyPost);
$reader = $this->auth->createRole('reader');
$this->auth->add($reader);
$this->auth->addChild($reader, $readPost);
$author = $this->auth->createRole('author');
$this->auth->add($author);
$this->auth->addChild($author, $createPost);
$this->auth->addChild($author, $updatePost);
$this->auth->addChild($author, $reader);
$admin = $this->auth->createRole('admin');
$this->auth->add($admin);
$this->auth->addChild($admin, $author);
$this->auth->addChild($admin, $updateAnyPost);
$this->auth->assign($reader, 'reader A');
$this->auth->assign($author, 'author B');
$this->auth->assign($admin, 'admin C');
}
/**
* Save role to [[\yii\rbac\authManager]]
*
* @return bool
*/
public function save()
{
if ($this->validate()) {
if ($this->_item === null) {
if ($this->type == Item::TYPE_ROLE) {
$this->_item = $this->manager->createRole($this->name);
} else {
$this->_item = $this->manager->createPermission($this->name);
}
$isNew = true;
$oldName = false;
} else {
$isNew = false;
$oldName = $this->_item->name;
}
$this->_item->name = $this->name;
$this->_item->description = $this->description;
$this->_item->ruleName = $this->ruleName;
$this->_item->data = Json::decode($this->data);
if ($isNew) {
$this->manager->add($this->_item);
} else {
$this->manager->update($oldName, $this->_item);
}
return true;
}
return false;
}
/**
* @param array $permissions
* @param array $roles
* @return bool
*/
public function createRole(array $permissions, array $roles)
{
if ($this->validate()) {
$object = $this->authManager->createRole($this->name);
$object->description = $this->description;
if ($this->authManager->add($object)) {
foreach ($permissions as $permission) {
$this->authManager->addChild($object, $this->authManager->getPermission($permission));
}
foreach ($roles as $role) {
$this->authManager->addChild($object, $this->authManager->getRole($role));
}
return true;
}
}
return false;
}
/**
* @param bool $validate
* @return bool
*/
public function save($validate = true)
{
if ($validate && !$this->validate()) {
return false;
}
if ($this->isNewRecord) {
$this->role = $this->auth->createRole($this->name);
$this->role->description = $this->description;
if (!$this->auth->add($this->role)) {
return false;
}
} else {
$this->role->name = $this->name;
$this->role->description = $this->description;
if (!$this->auth->update($this->oldName, $this->role)) {
return false;
}
$this->auth->removeChildren($this->role);
}
foreach ($this->actions as $action) {
$this->auth->addChild($this->role, $this->auth->getPermission($action));
}
return true;
}
protected function prepareData()
{
User::reset();
$rule = new AuthorRule();
$this->auth->add($rule);
$uniqueTrait = $this->auth->createPermission('Fast Metabolism');
$uniqueTrait->description = 'Your metabolic rate is twice normal. This means that you are much less resistant to radiation and poison, but your body heals faster.';
$this->auth->add($uniqueTrait);
$createPost = $this->auth->createPermission('createPost');
$createPost->description = 'create a post';
$this->auth->add($createPost);
$readPost = $this->auth->createPermission('readPost');
$readPost->description = 'read a post';
$this->auth->add($readPost);
$deletePost = $this->auth->createPermission('deletePost');
$deletePost->description = 'delete a post';
$this->auth->add($deletePost);
$updatePost = $this->auth->createPermission('updatePost');
$updatePost->description = 'update a post';
$updatePost->ruleName = $rule->name;
$this->auth->add($updatePost);
$updateAnyPost = $this->auth->createPermission('updateAnyPost');
$updateAnyPost->description = 'update any post';
$this->auth->add($updateAnyPost);
$reader = $this->auth->createRole('reader');
$this->auth->add($reader);
$this->auth->addChild($reader, $readPost);
$author = $this->auth->createRole('author');
$this->auth->add($author);
$this->auth->addChild($author, $createPost);
$this->auth->addChild($author, $updatePost);
$this->auth->addChild($author, $reader);
$admin = $this->auth->createRole('admin');
$this->auth->add($admin);
$this->auth->addChild($admin, $author);
$this->auth->addChild($admin, $updateAnyPost);
$this->auth->assign($uniqueTrait, 'reader A');
$this->auth->assign($reader, 'reader A');
$this->auth->assign($author, 'author B');
$this->auth->assign($deletePost, 'author B');
$this->auth->assign($admin, 'admin C');
}
/**
* Create roles.
*/
protected function createRoles()
{
if (!($roles = ArrayHelper::getValue($this->rbac, 'roles'))) {
return;
}
foreach ($roles as $name => $permissions) {
if (!($role = $this->_auth->getRole($name))) {
$role = $this->_auth->createRole($name);
$this->_auth->add($role);
}
foreach ($permissions as $name) {
if (!($child = ArrayHelper::getValue($this->_permissions, $name))) {
$child = $this->_auth->getRole($name);
}
if ($child) {
$this->_auth->addChild($role, $child);
}
}
}
}
