Home>

1. Set permissions rule table:can be placed in the module configuration file

public function init () {
  //Operation permission table,The following fields must exist:
  //itemname role name/id,  //type authorization item type/1 (task) or 2 (role),  //bizrule permission/logical operation expression is false to have permission operation,  //data data/yii not used yet
  yii ::app ()->authmanager->itemtable="authitem";
  //Member group-permission correspondence table,The following fields must exist:
  //child child role/id,  //parent parent role/id, this table can be executed in a loop,Multi-level inheritance
  yii ::app ()->authmanager->itemchildtable="uthitemchild";
  //Member-member group correspondence table,Member group can be the operation name directly,The following fields must exist:
  //itemname role name/id,  //userid user name/id,  //bizrule permission/logical operation expression is false to have permission operation,  //data data/yii not used yet
  yii ::app ()->authmanager->assignmenttable="zd_mem_glog";

Implementation rules,Where the controller inherits the base class sbasecontroller, the original controller

class productcontroller extends sbasecontroller
{
    ........
}
class sbasecontroller extends controller
{
    ........
}

3. sbasecontroller inherits the base class controller, and adds beforeaction to implement permission verification.

protected function beforeaction ($action) {
  //Load module delimiter
 $del=helper ::findmodule ("srbac")->delimeter;
 //Get the previous module name
 $mod=$this->module! == null?$this->module-&id;id. $del:"";
 $contrarr=explode ("/", $this->id);
 $contrarr [sizeof ($contrarr)-1]=ucfirst ($contrarr [sizeof ($contrarr)-1]);
 $controller=implode (".", $contrarr);
 $controller=str_replace ("/", ".", $this->id);
 //Generate a static page module + separator + controller (capital letter) + method (capital letter) Example:model-controlleraction
 if (sizeof ($contrarr) == 1) {
  $controller=ucfirst ($controller);
 }
 $access=$mod. $controller. ucfirst ($this->action->id);
 //Verify whether the address of the visited page is in the always allowed list,Is returned with permission
 if (in_array ($access, $this->allowedaccess ())) {
  return true;
 }
 //Verify that srbac is installed,Not installing
Returned permission access
 if (! yii ::app ()->getmodule ("srbac")->isinstalled ()) {
  return true;
 }
 //Verify that srbac is turned on,Not opening,Returned permission access
 if (yii ::app ()->getmodule ("srbac")->debug) {
  return true;
 }
  //ASD
 if (! yii ::app ()->user->checkaccess ($access) || yii ::app ()->user->isguest) {
  $this->onunauthorizedaccess ();
 } else {
  return true;
 }
}

4.cdbauthmanager read the current user role

public function getauthassignments ($userid)
{
  $rows=$this->db->createcommand ()
    ->Select ()
    ->From ($this->assignmenttable)
    ->Where ("userid =:userid", array (":userid" =>$userid))
    ->Queryall ();
  $assignments=array ();
  foreach ($rows as $row)
  {
    if (($data [email protected] ($row ["data"])) === false)
      $data=null;
    $assignments [$row ["itemname"]]=new cauthassignment ($this, $row ["itemname"], $row ["userid"], $row ["bizrule"], $data);
  }
  return $assignments;
}

5. cdbauthmanager read role corresponding permissions

public function getauthitem ($name)
{
  $row=$this->db->createcommand ()
    ->Select ()
    ->From ($this->itemtable)
    ->Where ("name =:name", array (":name" =>$name))
    ->Queryrow ();
  if ($row! == false)
  {
    if (($data [email protected] ($row ["data"])) === false)
      $data=null;
    return new cauthitem ($this, $row ["name"], $row ["type"], $row ["description"], $row ["bizrule"], $data);
  }
  else
    return null;
}

6. Cdbauthmanager read permission corresponding operation

protected function checkaccessrecursive ($itemname, $userid, $params, $assignments)
{
  if (($item=$this->getauthitem ($itemname)) === null)
    return false;
  yii ::trace ("checking permission" ". $item->getname ()." "", "system.web.auth.cdbauthmanager");
  if (! isset ($params ["userid"]))
    $params ["userid"]=$userid;
  if ($this->execuanniterule ($item->getbizrule (), $params, $item-&getdata ()))
  {
    if (in_array ($itemname, $this->defaultroles))
      return true;
    if (isset ($assignments [$itemname]))
    {
      $assignment=$assignments [$itemname];
      if ($this->execuanniterule ($assignment->getbizrule (), $params, $assignment->getdata ()))
        return true;
    }
    $parents=$this->db->createcommand ()
      ->Select ("parent")
      ->From ($this->itemchildtable)
      ->Where ("child =:name", array (":name" =>$itemname))
      ->Querycolumn ();
    foreach ($parents as $parent)
    {
      if ($this->checkaccessrecursive ($parent, $userid, $params, $assignments))
        return true;
    }
  }
  return false;
}

7. cauthmanager verify permissions

public function executebizrule ($bizrule, $params, $data)
{
  return $bizrule === "" || $bizrule === null || ($this->showerrors?eval ($bizrule)!=0:@eval ($bizrule)!=0);
}

8. Always allow access rule settings

php
  • Previous Implementation method of custom paging for Yii view operation
  • Next Analysis of filter usage in Yii controller