Yii的Rbac权限管理组件

Yii2框架Rbac组件的使用

drop table if exists `auth_assignment`;
drop table if exists `auth_item_child`;
drop table if exists `auth_item`;
drop table if exists `auth_rule`;

create table `auth_rule`
(
   `name`                 varchar(64) not null,
   `data`                 blob,
   `created_at`           integer,
   `updated_at`           integer,
    primary key (`name`)
) engine InnoDB;

create table `auth_item`
(
   `name`                 varchar(64) not null,
   `type`                 smallint not null,
   `description`          text,
   `rule_name`            varchar(64),
   `data`                 blob,
   `created_at`           integer,
   `updated_at`           integer,
   primary key (`name`),
   foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade,
   key `type` (`type`)
) engine InnoDB;

create table `auth_item_child`
(
   `parent`               varchar(64) not null,
   `child`                varchar(64) not null,
   primary key (`parent`, `child`),
   foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade,
   foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

create table `auth_assignment`
(
   `item_name`            varchar(64) not null,
   `user_id`              varchar(64) not null,
   `created_at`           integer,
   primary key (`item_name`, `user_id`),
   foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;
-- ----------------------------
-- Table structure for `user`
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `auth_key` varchar(32) NOT NULL,
  `password_hash` varchar(255) NOT NULL,
  `password_reset_token` varchar(255) DEFAULT NULL,
  `email` varchar(255) NOT NULL,
  `role` smallint(6) NOT NULL DEFAULT '10',
  `status` smallint(6) NOT NULL DEFAULT '10',
  `created_at` int(11) NOT NULL,
  `updated_at` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;


这就搞定了一整套的rbac权限管理系统表，是不是很快？


然后我们要在 组件里面配置一下 Rbac ，如下所示(common/config/main-local.php或者main.php)。

'authManager' => [
    'class' => 'yii\rbac\DbManager',
    'itemTable' => 'auth_item',
    'assignmentTable' => 'auth_assignment',
    'itemChildTable' => 'auth_item_child',
],

创建权限 Permiassion

public function createPermission($item)
{
    $auth = Yii::$app->authManager;
    $createPost = $auth->createPermission($item);
    $createPost->description = '创建了 ' . $item . ' 许可';
    $auth->add($createPost);
}

之后渲染模板做类内调用一系列的事情省略不计
创建 角色 roles

public function createRole($item)
{
    $auth = Yii::$app->authManager;
    $role = $auth->createRole($item);
    $role->description = '创建了 ' . $item . ' 角色';
    $auth->add($role);
}

分配权限

static public function createEmpowerment($items)
{
    $auth = Yii::$app->authManager;
    $parent = $auth->createRole($items['name']);
    $child = $auth->createPermission($items['description']);
    $auth->addChild($parent, $child);
}

管理员分配角色

static public function assign($item)
{
    $auth = Yii::$app->authManager;
    $reader = $auth->createRole($item['name']);
    $auth->assign($reader, $item['description']);
}

权限判定，采用yii框架自带的beforeaction方法，去执行判断

public function beforeAction($action)
{
    $action = Yii::$app->controller->action->id;
    if(\Yii::$app->user->can($action)){
        return true;
    }else{
        throw new \yii\web\UnauthorizedHttpException('对不起，您现在还没获此操作的权限');
    }
}