The authorization data will be saved to and loaded from a file
specified by [[authFile]], which defaults to 'protected/data/rbac.php'.
PhpManager is mainly suitable for authorization data that is not too big
(for example, the authorization data for a personal blog system).
Use DbManager for more complex authorization data.
public function testLoginExpires() { if (getenv('TRAVIS') == 'true') { $this->markTestSkipped('Can not reliably test this on travis-ci.'); } $appConfig = ['components' => ['user' => ['identityClass' => UserIdentity::className(), 'authTimeout' => 10], 'authManager' => ['class' => PhpManager::className(), 'itemFile' => '@runtime/user_test_rbac_items.php', 'assignmentFile' => '@runtime/user_test_rbac_assignments.php', 'ruleFile' => '@runtime/user_test_rbac_rules.php']]]; $this->mockWebApplication($appConfig); $am = Yii::$app->authManager; $am->removeAll(); $am->add($role = $am->createPermission('rUser')); $am->add($perm = $am->createPermission('doSomething')); $am->addChild($role, $perm); $am->assign($role, 'user1'); Yii::$app->session->removeAll(); static::$time = \time(); Yii::$app->user->login(UserIdentity::findIdentity('user1')); // print_r(Yii::$app->session); // print_r($_SESSION); $this->mockWebApplication($appConfig); $this->assertFalse(Yii::$app->user->isGuest); $this->assertTrue(Yii::$app->user->can('doSomething')); static::$time += 5; $this->mockWebApplication($appConfig); $this->assertFalse(Yii::$app->user->isGuest); $this->assertTrue(Yii::$app->user->can('doSomething')); static::$time += 11; $this->mockWebApplication($appConfig); $this->assertTrue(Yii::$app->user->isGuest); $this->assertFalse(Yii::$app->user->can('doSomething')); }
public function init() { parent::init(); if (\Yii::$app->user->isGuest) { return; } }
public function init() { parent::init(); if (!Yii::$app->user->isGuest) { //我们假设用户的角色是存储在身份 $this->assign(Yii::$app->user->identity->role, Yii::$app->user->identity->id); } }
public function init() { parent::init(); if (!Yii::$app->user->isGuest) { // we suppose that user's role is stored in identity $this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role); } }
/** * @inheritdoc */ protected function setUp() { parent::setUp(); file_put_contents($this->itemFile, file_get_contents(__DIR__ . '/data/_rbac/items.php')); file_put_contents($this->assignmentFile, file_get_contents(__DIR__ . '/data/_rbac/assignments.php')); file_put_contents($this->ruleFile, file_get_contents(__DIR__ . '/data/_rbac/rules.php')); $this->mockWebApplication(['components' => ['authManager' => ['class' => \yii\rbac\PhpManager::className(), 'itemFile' => $this->itemFile, 'assignmentFile' => $this->assignmentFile, 'ruleFile' => $this->ruleFile]]]); $this->itemController = new ItemController('item', Yii::$app); $this->itemController->detachBehavior('verbs'); }
public function init() { if ($this->authFile === NULL) { $this->authFile = Yii::getAlias('@app/config/rbac') . '.php'; } // HERE GOES YOUR RBAC TREE FILE parent::init(); if (!Yii::$app->user->isGuest) { $this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role); // we suppose that user's role is stored in identity } }
/** * @inheritdoc */ public function getAssignments($userId) { $user = Yii::$app->getUser(); /** @var IdentityInterface|ActiveRecord|null $identity */ $identity = $user->getIdentity(); $assignments = parent::getAssignments($userId); $model = $userId === $user->getId() ? $identity : $identity::findOne($userId); if ($model) { $assignment = new Assignment(); $assignment->userId = $userId; $assignment->roleName = $model->{$this->roleParam}; $assignments[$assignment->roleName] = $assignment; } return $assignments; }
/** * @inheritdoc */ public function checkAccess($userId, $permissionName, $params = []) { $permissionName = preg_replace('#^\\/(.*)#', '$1', $permissionName); foreach ($this->getPermissions() as $permission) { if ($permission->type == $permission::TYPE_ROLE) { continue; } if (!preg_match('#^' . $permission->name . '$#', $permissionName)) { continue; } if (parent::checkAccess($userId, $permission->name, $params)) { return true; } } return parent::checkAccess($userId, $permissionName, $params); }
public function checkAccess($userId, $permission, $params = []) { if (isset(Yii::$app->user)) { $user = Yii::$app->user->identity; if (!$user || $user->id != $userId) { $user = call_user_func([Yii::$app->user->identityClass, 'findIdentity'], $userId); } if (isset($user->username)) { $userId = $user->username; } if (isset($user->roles)) { $this->setAssignments($user->roles, $userId); } } return parent::checkAccess($userId, $permission, $params); }
public function init() { parent::init(); $this->removeAll(); $guestRole = $this->createRole('guest'); $this->add($guestRole); if (\Yii::$app->user->isGuest) $this->assign($guestRole, \Yii::$app->user->id); else { $userRole = $this->createRole('user'); $this->add($userRole); $this->addChild($userRole, $this->getRole('guest')); if (\Yii::$app->user->identity->isAdmin) { $adminRole = $this->createRole('admin'); $this->add($adminRole); $this->addChild($adminRole, $userRole); $this->assign($adminRole, \Yii::$app->user->id); } else $this->assign($userRole, \Yii::$app->user->id); } }
public function save() { parent::save(); }
public function init() { parent::init(); }
public function removeAllAssignments() { parent::removeAllAssignments(); $this->trigger(self::EVENT_REMOVE_ALL_ASSIGNMENTS, new RemoveAllAssignmentsEvent()); }
/** * @method array getItemsForAssignUser() Генерирует массив ролей и прав для выбора * @param integer $userid * * @return array * */ public function getItemsForAssignUser($userid) { $assig_items = []; $allroles = $this->getRoles(); foreach ($allroles as $ap) { if (!$this->_authMan->getAssignment($ap->name, $userid)) { $assig_items[$ap->name] = $ap->description . ' ' . $ap->name; } } return $assig_items; }
public function init() { parent::init(); $this->add(new UserRoleRule()); }
<?php $params = (require __DIR__ . '/params.php'); $config = ['aliases' => ['@uploadedFilesDir' => '@app/uploadedFiles'], 'id' => 'basic', 'basePath' => dirname(__DIR__), 'timeZone' => 'GMT', 'bootstrap' => ['log'], 'components' => ['request' => ['cookieValidationKey' => 'nz4H_EKn2VnYkbIaXL4ucu1TmDiif-gw'], 'cache' => ['class' => 'yii\\caching\\FileCache'], 'user' => ['identityClass' => 'app\\models\\UserRecord', 'enableAutoLogin' => true], 'errorHandler' => ['errorAction' => 'site/error'], 'mailer' => ['class' => 'yii\\swiftmailer\\Mailer', 'useFileTransport' => true], 'log' => ['traceLevel' => YII_DEBUG ? 3 : 0, 'targets' => [['class' => 'yii\\log\\FileTarget', 'levels' => ['error', 'warning']]]], 'db' => require __DIR__ . '/db.php', 'dbSqlite' => ['class' => 'yii\\db\\Connection', 'dsn' => 'sqlite:' . dirname(__DIR__) . PATH_SEPARATOR . '..' . PATH_SEPARATOR . 'web' . PATH_SEPARATOR . 'sqlite.db'], 'urlManager' => ['enablePrettyUrl' => true, 'showScriptName' => false, 'rules' => ['newws/index' => 'newws/index', 'newws/<year:\\d{4}>/items-list' => 'newws/items-list', ['pattern' => 'newws/<category:\\w+>/items-list', 'route' => 'newws/items-list', 'defaults' => ['category' => 'shopping']], ['pattern' => '<lang:\\w+>/<controller>/<action>', 'route' => '<controller>/<action>'], ['class' => 'app\\components\\NewwsUrlRule']]], 'authManager' => ['class' => \yii\rbac\PhpManager::className()]], 'params' => $params]; if (YII_ENV_DEV) { // configuration adjustments for 'dev' environment $config['bootstrap'][] = 'debug'; $config['modules']['debug'] = ['class' => 'yii\\debug\\Module']; $config['bootstrap'][] = 'gii'; $config['modules']['gii'] = ['class' => 'yii\\gii\\Module', 'allowedIPs' => ['*']]; } return $config;
/** * Initial RBAC action * @param integer $id Superadmin ID */ public function actionInit($id = null) { $auth = new PhpManager(); $auth->init(); $auth->removeAll(); //удаляем старые данные // Rules $groupRule = new GroupRule(); $auth->add($groupRule); // Roles $user = $auth->createRole('user'); $user->description = 'User'; $user->ruleName = $groupRule->name; $auth->add($user); $moderator = $auth->createRole('moderator'); $moderator->description = 'Moderator'; $moderator->ruleName = $groupRule->name; $auth->add($moderator); $auth->addChild($moderator, $user); $admin = $auth->createRole('admin'); $admin->description = 'Admin'; $admin->ruleName = $groupRule->name; $auth->add($admin); $auth->addChild($admin, $moderator); // $auth->assign($admin, 1); }