The authorization data will be saved to and loaded from a file
specified by [[authFile]], which defaults to 'protected/data/rbac.php'.
PhpManager is mainly suitable for authorization data that is not too big
(for example, the authorization data for a personal blog system).
Use DbManager for more complex authorization data.
public function testLoginExpires()
{
if (getenv('TRAVIS') == 'true') {
$this->markTestSkipped('Can not reliably test this on travis-ci.');
}
$appConfig = ['components' => ['user' => ['identityClass' => UserIdentity::className(), 'authTimeout' => 10], 'authManager' => ['class' => PhpManager::className(), 'itemFile' => '@runtime/user_test_rbac_items.php', 'assignmentFile' => '@runtime/user_test_rbac_assignments.php', 'ruleFile' => '@runtime/user_test_rbac_rules.php']]];
$this->mockWebApplication($appConfig);
$am = Yii::$app->authManager;
$am->removeAll();
$am->add($role = $am->createPermission('rUser'));
$am->add($perm = $am->createPermission('doSomething'));
$am->addChild($role, $perm);
$am->assign($role, 'user1');
Yii::$app->session->removeAll();
static::$time = \time();
Yii::$app->user->login(UserIdentity::findIdentity('user1'));
// print_r(Yii::$app->session);
// print_r($_SESSION);
$this->mockWebApplication($appConfig);
$this->assertFalse(Yii::$app->user->isGuest);
$this->assertTrue(Yii::$app->user->can('doSomething'));
static::$time += 5;
$this->mockWebApplication($appConfig);
$this->assertFalse(Yii::$app->user->isGuest);
$this->assertTrue(Yii::$app->user->can('doSomething'));
static::$time += 11;
$this->mockWebApplication($appConfig);
$this->assertTrue(Yii::$app->user->isGuest);
$this->assertFalse(Yii::$app->user->can('doSomething'));
}
public function init()
{
parent::init();
if (\Yii::$app->user->isGuest) {
return;
}
}
public function init()
{
parent::init();
if (!Yii::$app->user->isGuest) {
//我们假设用户的角色是存储在身份
$this->assign(Yii::$app->user->identity->role, Yii::$app->user->identity->id);
}
}
public function init()
{
parent::init();
if (!Yii::$app->user->isGuest) {
// we suppose that user's role is stored in identity
$this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role);
}
}
/**
* @inheritdoc
*/
protected function setUp()
{
parent::setUp();
file_put_contents($this->itemFile, file_get_contents(__DIR__ . '/data/_rbac/items.php'));
file_put_contents($this->assignmentFile, file_get_contents(__DIR__ . '/data/_rbac/assignments.php'));
file_put_contents($this->ruleFile, file_get_contents(__DIR__ . '/data/_rbac/rules.php'));
$this->mockWebApplication(['components' => ['authManager' => ['class' => \yii\rbac\PhpManager::className(), 'itemFile' => $this->itemFile, 'assignmentFile' => $this->assignmentFile, 'ruleFile' => $this->ruleFile]]]);
$this->itemController = new ItemController('item', Yii::$app);
$this->itemController->detachBehavior('verbs');
}
public function init()
{
if ($this->authFile === NULL) {
$this->authFile = Yii::getAlias('@app/config/rbac') . '.php';
}
// HERE GOES YOUR RBAC TREE FILE
parent::init();
if (!Yii::$app->user->isGuest) {
$this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role);
// we suppose that user's role is stored in identity
}
}
/**
* @inheritdoc
*/
public function getAssignments($userId)
{
$user = Yii::$app->getUser();
/** @var IdentityInterface|ActiveRecord|null $identity */
$identity = $user->getIdentity();
$assignments = parent::getAssignments($userId);
$model = $userId === $user->getId() ? $identity : $identity::findOne($userId);
if ($model) {
$assignment = new Assignment();
$assignment->userId = $userId;
$assignment->roleName = $model->{$this->roleParam};
$assignments[$assignment->roleName] = $assignment;
}
return $assignments;
}
/**
* @inheritdoc
*/
public function checkAccess($userId, $permissionName, $params = [])
{
$permissionName = preg_replace('#^\\/(.*)#', '$1', $permissionName);
foreach ($this->getPermissions() as $permission) {
if ($permission->type == $permission::TYPE_ROLE) {
continue;
}
if (!preg_match('#^' . $permission->name . '$#', $permissionName)) {
continue;
}
if (parent::checkAccess($userId, $permission->name, $params)) {
return true;
}
}
return parent::checkAccess($userId, $permissionName, $params);
}
public function checkAccess($userId, $permission, $params = [])
{
if (isset(Yii::$app->user)) {
$user = Yii::$app->user->identity;
if (!$user || $user->id != $userId) {
$user = call_user_func([Yii::$app->user->identityClass, 'findIdentity'], $userId);
}
if (isset($user->username)) {
$userId = $user->username;
}
if (isset($user->roles)) {
$this->setAssignments($user->roles, $userId);
}
}
return parent::checkAccess($userId, $permission, $params);
}
public function init()
{
parent::init();
$this->removeAll();
$guestRole = $this->createRole('guest');
$this->add($guestRole);
if (\Yii::$app->user->isGuest)
$this->assign($guestRole, \Yii::$app->user->id);
else
{
$userRole = $this->createRole('user');
$this->add($userRole);
$this->addChild($userRole, $this->getRole('guest'));
if (\Yii::$app->user->identity->isAdmin)
{
$adminRole = $this->createRole('admin');
$this->add($adminRole);
$this->addChild($adminRole, $userRole);
$this->assign($adminRole, \Yii::$app->user->id);
}
else
$this->assign($userRole, \Yii::$app->user->id);
}
}
public function save()
{
parent::save();
}
public function init()
{
parent::init();
}
public function removeAllAssignments()
{
parent::removeAllAssignments();
$this->trigger(self::EVENT_REMOVE_ALL_ASSIGNMENTS, new RemoveAllAssignmentsEvent());
}
/**
* @method array getItemsForAssignUser() Генерирует массив ролей и прав для выбора
* @param integer $userid
*
* @return array
* */
public function getItemsForAssignUser($userid)
{
$assig_items = [];
$allroles = $this->getRoles();
foreach ($allroles as $ap) {
if (!$this->_authMan->getAssignment($ap->name, $userid)) {
$assig_items[$ap->name] = $ap->description . ' ' . $ap->name;
}
}
return $assig_items;
}
public function init()
{
parent::init();
$this->add(new UserRoleRule());
}
<?php
$params = (require __DIR__ . '/params.php');
$config = ['aliases' => ['@uploadedFilesDir' => '@app/uploadedFiles'], 'id' => 'basic', 'basePath' => dirname(__DIR__), 'timeZone' => 'GMT', 'bootstrap' => ['log'], 'components' => ['request' => ['cookieValidationKey' => 'nz4H_EKn2VnYkbIaXL4ucu1TmDiif-gw'], 'cache' => ['class' => 'yii\\caching\\FileCache'], 'user' => ['identityClass' => 'app\\models\\UserRecord', 'enableAutoLogin' => true], 'errorHandler' => ['errorAction' => 'site/error'], 'mailer' => ['class' => 'yii\\swiftmailer\\Mailer', 'useFileTransport' => true], 'log' => ['traceLevel' => YII_DEBUG ? 3 : 0, 'targets' => [['class' => 'yii\\log\\FileTarget', 'levels' => ['error', 'warning']]]], 'db' => require __DIR__ . '/db.php', 'dbSqlite' => ['class' => 'yii\\db\\Connection', 'dsn' => 'sqlite:' . dirname(__DIR__) . PATH_SEPARATOR . '..' . PATH_SEPARATOR . 'web' . PATH_SEPARATOR . 'sqlite.db'], 'urlManager' => ['enablePrettyUrl' => true, 'showScriptName' => false, 'rules' => ['newws/index' => 'newws/index', 'newws/<year:\\d{4}>/items-list' => 'newws/items-list', ['pattern' => 'newws/<category:\\w+>/items-list', 'route' => 'newws/items-list', 'defaults' => ['category' => 'shopping']], ['pattern' => '<lang:\\w+>/<controller>/<action>', 'route' => '<controller>/<action>'], ['class' => 'app\\components\\NewwsUrlRule']]], 'authManager' => ['class' => \yii\rbac\PhpManager::className()]], 'params' => $params];
if (YII_ENV_DEV) {
// configuration adjustments for 'dev' environment
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = ['class' => 'yii\\debug\\Module'];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = ['class' => 'yii\\gii\\Module', 'allowedIPs' => ['*']];
}
return $config;
/**
* Initial RBAC action
* @param integer $id Superadmin ID
*/
public function actionInit($id = null)
{
$auth = new PhpManager();
$auth->init();
$auth->removeAll();
//удаляем старые данные
// Rules
$groupRule = new GroupRule();
$auth->add($groupRule);
// Roles
$user = $auth->createRole('user');
$user->description = 'User';
$user->ruleName = $groupRule->name;
$auth->add($user);
$moderator = $auth->createRole('moderator');
$moderator->description = 'Moderator';
$moderator->ruleName = $groupRule->name;
$auth->add($moderator);
$auth->addChild($moderator, $user);
$admin = $auth->createRole('admin');
$admin->description = 'Admin';
$admin->ruleName = $groupRule->name;
$auth->add($admin);
$auth->addChild($admin, $moderator);
// $auth->assign($admin, 1);
}
