Пример #1
0
 /**
  * Redefine constructor for RBAC
  *
  * @access public
  *
  * @param array $params configuration array
  *
  * @result void
  */
 public function __construct(array $params = [])
 {
     parent::__construct();
     if (!empty($params['roles'])) {
         $this->roles = $this->tree($params['roles']);
     }
 }
Пример #2
0
 public function index()
 {
     if (IS_POST) {
         //处理后台登录
         $gzdata = array('username' => $_POST['username'], 'password' => md5($_POST['password']));
         // p($gzdata);die;
         $code = K('User')->adminCheck($gzdata);
         switch ($code) {
             case 1:
                 $msg = "管理员账户不存在,请检查填写是否正确!";
                 $url = __APP__ . '?m=admin&c=login';
                 $this->error($msg, $url);
                 break;
             case 2:
                 Rbac::login($gzdata['username'], $gzdata['password']);
                 // p($_SESSION);die;
                 $msg = "验证成功,即将进入后台!!";
                 $url = __APP__ . '?m=admin&c=index';
                 $this->success($msg, $url);
                 break;
             case 3:
                 $msg = "密码错误,请重新检验你的管理账户密码!!";
                 $url = __APP__ . '?m=admin&c=login';
                 $this->error($msg, $url);
                 break;
         }
     }
     $this->display();
 }
Пример #3
0
 /**
  * @rule access rbac
  */
 public function action_index()
 {
     Rbac::check();
     $rules = Rbac::parse_controllers();
     $roles = ORM::factory('role')->where('name', '!=', 'admin')->find_all();
     $view = View::factory('rbac_index')->set(array('rules' => $rules, 'roles' => $roles));
     $this->request->response = $view;
 }
Пример #4
0
 public function __init()
 {
     // p(!Rbac::checkAccess());
     // p(!isset($_SESSION['uid']));
     // p(!isset($_SESSION['uname']));
     // p(!Rbac::isLogin());die;
     if (!isset($_SESSION['uid']) || !isset($_SESSION['uname']) || !Rbac::isLogin()) {
         go(__APP__ . '?c=Login');
     }
     if (!Rbac::checkAccess()) {
         $this->error('对不起没有操作权限,请联系管理员获取0_0');
     }
 }
Пример #5
0
 public function __construct()
 {
     parent::__construct();
     $this->auto = new LoginController();
     if (!Rbac::isLogin()) {
         go("Login/login");
     }
     if (!Rbac::verify()) {
         if (__HISTORY__) {
             $this->error('没有操作权限');
         } else {
             go('Login/login');
         }
     }
 }
Пример #6
0
 public function login()
 {
     if (IS_POST) {
         $admin = K('AdminUser');
         $userInfo = $admin->validate($_POST['admin_username'], $_POST['admin_pwd']);
         if ($userInfo) {
             $_SESSION['uid'] = $userInfo['id'];
             $_SESSION['uname'] = $userInfo['admin_username'];
             $data = array('admin_logintime' => time(), 'admin_loginip' => ipton(ip_get_client()));
             // p($userInfo);
             $admin->update_admin('id=' . $userInfo['id'], $data);
             Rbac::login($userInfo['admin_username'], $userInfo['admin_pwd']);
             // p($_SESSION);die;
             $this->success('登录成功', __APP__ . '?c=Index');
         } else {
             $this->error('登录失败,请检查您的用户名和密码');
         }
     }
 }
Пример #7
0
 /**
  * 用户登录操作
  * 用户登录成功后将权限信息写入$_SESSION
  * 如果用户登录成功并且用户名与$superadmin参数相同,此用户即为超级用户,不受任何访问权限限制
  * @param string $username              用户名
  * @param string $password              密码
  * @param string $superadmin            超级管理员帐号
  * @param string $fieldUserName         用户表中的用户名字段名称
  * @param string $fieldPassword         用户表中的密码字段名称
  * @return boolean
  */
 public static function login($username, $password, $superadmin = null, $fieldUserName = null, $fieldPassword = null)
 {
     $superadmin = is_null($superadmin) ? C("RBAC_SUPER_ADMIN") : $superadmin;
     $fieldUserName = is_null($fieldUserName) ? C("RBAC_USERNAME_FIELD") : $fieldUserName;
     //用户表中的用户名字段名称
     $fieldPassword = is_null($fieldPassword) ? C("RBAC_PASSWORD_FIELD") : $fieldPassword;
     //用户表中的密码字段名称
     if (!C("RBAC_USER_TABLE")) {
         error(L("rbac_rbac_user_login1"));
     }
     $table_user = C('DB_PREFIX') . str_ireplace(C('DB_PREFIX'), "", C("RBAC_USER_TABLE"));
     //验证有无前缀得到用户表
     $db = M($table_user, true);
     $user = $db->find("{$fieldUserName}='{$username}'");
     if (!$user) {
         self::$error = L("rbac_rbac_user_login2");
         return false;
     }
     if ($user[$fieldPassword] != $password) {
         self::$error = L("rbac_rbac_user_login3");
         return false;
     }
     $db->table(C("RBAC_ROLE_USER_TABLE"));
     $sql = "SELECT * FROM " . C("DB_PREFIX") . C("RBAC_ROLE_TABLE") . " AS r," . C('DB_PREFIX') . C('RBAC_ROLE_USER_TABLE') . " AS r_u WHERE r_u.rid = r.rid AND uid = '" . $user['uid'] . "'";
     $userRoleInfo = $db->query($sql);
     //获得用户组信息
     $_SESSION['username'] = $user['username'];
     $_SESSION[C("RBAC_AUTH_KEY")] = $user['uid'];
     $_SESSION['role'] = $userRoleInfo[0]['rname'];
     $_SESSION['rid'] = $userRoleInfo[0]['rid'];
     //是否判断超管理员
     if (strtoupper($user['username']) == strtoupper($superadmin)) {
         //登录成功
         $_SESSION[C("RBAC_SUPER_ADMIN")] = 1;
         $_SESSION["RBAC"] = array();
         return true;
     }
     if (!$_SESSION['rid']) {
         //不属于任何角色
         self::$error = L("rbac_rbac_user_login4");
         return false;
     }
     self::getAccess();
     //获得权限写入SESSION
     return true;
 }
Пример #8
0
 function setaccess()
 {
     $rid = $_GET['rid'];
     $db = k("role");
     $role = $db->find($rid);
     $this->assign('role', $role);
     $node = Rbac::getNodeList($rid);
     if (!$node) {
         $this->error("还没有设置权限节点,请设置", 'showaddnode');
     }
     $this->assign('node', $node);
     $this->display();
 }
Пример #9
0
<table id="rbac_table" class="tablesorter" border="0" cellpadding="0" cellspacing="1">
	<thead>
		<tr>
			<th></th>
			<th>guest</th>
			<?php 
foreach ($roles as $role) {
    echo '<th>' . $role->name . '</th>';
}
?>
		</tr>
	</thead>
	<tbody>
		<?php 
foreach ($rules as $rule => $action) {
    $rule = explode('|', $rule);
    count($rule) == 2 ? $expression = $rule[1] : ($expression = '');
    echo '<tr>';
    echo '<td>' . $rule[0] . '</td>';
    $checked = Rbac::match(0, $action, $expression);
    echo '<td><input action="' . $action . '" role="0" ' . $checked . ' expression="' . $expression . '" type="checkbox" /></td>';
    foreach ($roles as $role) {
        $checked = Rbac::match($role->id, $action, $expression);
        echo '<td><input action="' . $action . '" role="' . $role->id . '" ' . $checked . ' expression="' . $expression . '" type="checkbox" /></td>';
    }
    echo '</tr>';
}
?>
	</tbody>
</table>
Пример #10
0
Rbac::action('API\\FolderController@destroy', 'folders.delete');
// questions
Rbac::action(['API\\QuestionController@index', 'API\\QuestionController@my', 'API\\QuestionController@show'], 'questions.view');
Rbac::action('API\\QuestionController@store', 'questions.create');
Rbac::action('API\\QuestionController@update', 'questions.edit');
Rbac::action('API\\QuestionController@destroy', 'questions.delete');
// answers
Rbac::action(['API\\Question\\AnswerController@index', 'API\\Question\\AnswerController@my'], 'answers.view');
Rbac::action('API\\Question\\AnswerController@store', 'answers.create');
Rbac::action('API\\Question\\AnswerController@update', 'answers.edit');
Rbac::action('API\\Question\\AnswerController@setClosed', 'questions.close');
Rbac::action('API\\Question\\AnswerController@destroy', 'answers.delete');
// comments
Rbac::action('API\\Question\\CommentController@store', 'comments.create');
Rbac::action('API\\Question\\CommentController@update', 'comments.edit');
Rbac::action('API\\Question\\CommentController@destroy', 'comments.delete');
// tags
Rbac::action('API\\TagController@index', 'tags.view');
//Rbac::action('API\\TagController@update', 'tags.edit');
//Rbac::action('API\\TagController@destroy', 'tags.delete');
// votes
Rbac::action('API\\VoteController@store', 'votes.create.own');
Rbac::action('API\\VoteController@destroy', 'votes.delete.own');
//images
Rbac::action('API\\ImageController@show', 'images.view');
Rbac::action('API\\ImageController@store', 'images.create');
//link preview
Rbac::action('API\\PreviewController@index', 'preview.view');
//roles
Rbac::action('API\\RoleController@update', 'roles.update');
Пример #11
0
// folders
Rbac::action(['API\\FolderController@index', 'API\\FolderController@foldersForCrud'], 'folders.view');
Rbac::action('API\\FolderController@store', 'folders.create');
Rbac::action('API\\FolderController@update', 'folders.edit');
Rbac::action('API\\FolderController@destroy', 'folders.delete');
// questions
Rbac::action(['API\\QuestionController@index', 'API\\QuestionController@my', 'API\\QuestionController@show'], 'questions.view');
Rbac::action('API\\QuestionController@store', 'questions.create');
//Rbac::action('API\\QuestionController@update', 'questions.edit');
Rbac::action('API\\QuestionController@destroy', 'questions.delete');
// answers
Rbac::action(['API\\Question\\AnswerController@index', 'API\\Question\\AnswerController@my'], 'answers.view');
Rbac::action('API\\Question\\AnswerController@store', 'answers.create');
//Rbac::action('API\\Question\\AnswerController@update', 'answers.edit');
Rbac::action('API\\Question\\AnswerController@destroy', 'answers.delete');
// comments
Rbac::action('API\\Question\\CommentController@store', 'comments.create');
//Rbac::action('API\\Question\\CommentController@update', 'comments.edit');
Rbac::action('API\\Question\\CommentController@destroy', 'comments.delete');
// tags
Rbac::action('API\\TagController@index', 'tags.view');
//Rbac::action('API\\TagController@update', 'tags.edit');
//Rbac::action('API\\TagController@destroy', 'tags.delete');
// votes
Rbac::action('API\\VoteController@store', 'votes.create.own');
Rbac::action('API\\VoteController@destroy', 'votes.delete.own');
//images
Rbac::action('API\\ImageController@show', 'images.view');
Rbac::action('API\\ImageController@store', 'images.create');
Пример #12
0
});
Rbac::permission('comments.delete');
Rbac::permission('comments.delete.own', ['comments.delete'], function ($params) {
    return Ownership::isCommentsOwner($params);
});
Rbac::permission('comments.manage', ['comments.view', 'comments.create', 'comments.edit', 'comments.delete']);
Rbac::permission('comments.manage.own', ['comments.create', 'comments.edit.own', 'comments.delete.own']);
// tags
Rbac::permission('tags.view');
//Rbac::permission('tags.create');
//Rbac::permission('tags.edit');
//Rbac::permission('tags.delete');
Rbac::permission('tags.manage', ['tags.view']);
// votes
Rbac::permission('votes.view');
Rbac::permission('votes.create.own');
Rbac::permission('votes.delete.own');
Rbac::permission('votes.own', ['votes.create.own', 'votes.delete.own']);
// images
Rbac::permission('images.view');
Rbac::permission('images.create');
// link preview
Rbac::permission('preview.view');
// roles
Rbac::permission('roles.update');
/*
 * Roles
 */
Rbac::role('ADMIN', ['users.manage', 'folders.manage', 'questions.manage', 'answers.manage', 'comments.manage', 'tags.manage', 'votes.view', 'votes.own', 'images.view', 'images.create', 'preview.view', 'roles.update']);
Rbac::role('USER', ['users.edit.own', 'folders.view', 'questions.view', 'questions.manage.own', 'answers.view', 'answers.manage.own', 'comments.view', 'comments.manage.own', 'tags.view', 'votes.view', 'votes.own', 'images.view', 'images.create', 'preview.view']);
Пример #13
0
 /**
  * 用户登录操作
  * 用户登录成功后将权限信息写入$_SESSION
  * 如果用户登录成功并且用户名与$superadmin参数相同,此用户即为超级用户,不受任何访问权限限制
  * @param string $username              用户名
  * @param string $password              密码
  * @param string $superadmin            超级管理员帐号
  * @param string $fieldUserName         用户表中的用户名字段名称
  * @param string $fieldPassword         用户表中的密码字段名称
  * @return boolean
  */
 public static function login($username, $password, $superadmin = null, $fieldUserName = null, $fieldPassword = null)
 {
     $superadmin = is_null($superadmin) ? C("RBAC_SUPER_ADMIN") : $superadmin;
     $fieldUserName = is_null($fieldUserName) ? C("RBAC_USERNAME_FIELD") : $fieldUserName;
     //用户表中的用户名字段名称
     $fieldPassword = is_null($fieldPassword) ? C("RBAC_PASSWORD_FIELD") : $fieldPassword;
     //用户表中的密码字段名称
     if (!C("RBAC_USER_TABLE")) {
         halt('用户表设置错误,请在配置文件中添加用户表');
     }
     $table_user = str_ireplace(C('DB_PREFIX'), "", C("RBAC_USER_TABLE"));
     //验证有无前缀得到用户表
     // echo "$fieldUserName='******'";die;
     $db = M($table_user);
     $user = $db->where("{$fieldUserName}='{$username}'")->all();
     // p($user);//die;
     if (!$user) {
         self::$error = '用户不存在';
         return false;
     }
     if ($user[0][$fieldPassword] != $password) {
         self::$error = '密码输入错误';
         return false;
     }
     $uid = C("RBAC_AUTH_KEY");
     //验证session中的key
     $db->table = C("RBAC_ROLE_USER_TABLE");
     $sql = "SELECT * FROM " . C("DB_PREFIX") . C("RBAC_ROLE_TABLE") . " AS r," . C('DB_PREFIX') . C('RBAC_ROLE_USER_TABLE') . " AS r_u WHERE r_u.role_id = r.id AND user_id = '" . $user[0]['id'] . "'";
     // echo $sql;die;
     $userRoleInfo = $db->query($sql);
     //获得用户组信息
     // p($userRoleInfo);
     $_SESSION['username'] = $user[0]['admin_username'];
     $_SESSION[C("RBAC_AUTH_KEY")] = $user[0]['id'];
     $_SESSION['role'] = $userRoleInfo[0]['name'];
     $_SESSION['rid'] = $userRoleInfo[0]['role_id'];
     //是否判断超管理员
     // echo strtoupper($user[0]['admin_username']);
     // echo strtoupper($superadmin);
     // p($superadmin);die;
     // p($_SESSION);die;
     if (strtoupper($user[0]['admin_username']) == strtoupper($superadmin)) {
         //登录成功
         // echo C("RBAC_SUPER_ADMIN");die;
         $_SESSION[C("RBAC_SUPER_ADMIN")] = 1;
         $_SESSION["RBAC"] = array();
         return true;
     }
     if (!$_SESSION['rid']) {
         //不属于任何角色
         self::$error = '不属于任何组,没有访问权限';
         return false;
     }
     self::getAccess();
     //获得权限写入SESSION
     return true;
 }
Пример #14
0
<?php

Rbac::permission('event.create');
Rbac::permission('blog.create');
Rbac::permission('test.create');
Rbac::permission('course.create');
Rbac::role('teacher', ['event.create', 'blog.create', 'test.create', 'course.create']);
Rbac::role('director', ['event.create', 'blog.create', 'test.create', 'course.create']);
/*
 * Describe you permissions here.
 *
 *     Rbac::permission('users.show');
 *     Rbac::permission('users.index');
 *     Rbac::permission('users.update');
 *
 *     Rbac::permission('users.view', [
 *         'users.show',
 *         'users.index'
 *     ]);
 *
 *     Rbac::permission('users.update.self', ['users.update'], function($params)
 *     {
 *         return $this->user->id == $params['user']->id;
 *     });
 *
 *
 *     Rbac::role('user', [
 *         'users.view',
 *         'users.update.self'
 *     ]);
 *
Пример #15
0
 /**
  * @param $controllerName
  * @param $actionName
  * @param bool $auth
  * @return bool
  */
 public function checkacl($controllerName, $actionName, $auth = AUTH)
 {
     return Rbac::check($controllerName, $actionName, $auth);
 }
Пример #16
0
<?php

Rbac::permission('news.destroy');
Rbac::permission('news.update');
Rbac::permission('news.manage', ['news.destroy', 'news.update']);
Rbac::permission('news.manage.own', ['news.manage'], function ($params) {
    return $this->user->id == $params['news']->author_id;
});
Rbac::resource('article', 'ArticlesController', 'author_id');
Rbac::role('admin', ['news.manage', 'article.manage']);
Rbac::role('user', ['news.manage.own', 'article.manage.own']);