验证用户访问权限开关

修改init/rbac

验证用户访问权限开关
修改init/rbac
wuxiao
Commit ab78f51e253901bc841bb541eda8cf940a40db0e 1 parent b835fbe5
Showing 4 changed files with 44 additions and 4 deletions
backend/components/filters/AccessControl.php
backend/config/params.php
backend/views/site/403.php
console/controllers/InitController.php
--- a/backend/components/filters/AccessControl.php
View file @ab78f51
+++ b/backend/components/filters/AccessControl.php
View file @ab78f51
@@ -35,7 +35,6 @@ class AccessControl extends \yii\filters\AccessControl
          * 验证用户访问权限
          */
         $route = Yii::$app->controller->id.'/'.Yii::$app->controller->action->id;
-         //var_dump($route);
         if (!self::verifyAccess($route)){
             $rules = [['allow'=>false]];
         }
@@ -62,7 +61,14 @@ class AccessControl extends \yii\filters\AccessControl
      */
     static function verifyAccess($permission)
     {
+         if (isset(Yii::$app->params['verifyAccess']) && !Yii::$app->params['verifyAccess'])
+         {
+             return true;
+         }
         $auth = Yii::$app->authManager;
+         if (in_array(Yii::$app->user->getId(),$auth->getUserIdsByRole('admin'))){
+             return true;
+         }
         $permission = $auth->getPermission($permission);
         if (!$permission){
             return false;
--- a/backend/config/params.php
View file @ab78f51
+++ b/backend/config/params.php
View file @ab78f51
@@ -29,4 +29,6 @@ return [
      * 分页每页数目
      */
     'defaultPageSize'=>10,
+     //是否验证用户访问权限
+     'verifyAccess' => false,
 ];
--- a/backend/views/site/403.php
View file @ab78f51
+++ b/backend/views/site/403.php
View file @ab78f51
 <!DOCTYPE html>
- <html lang="en">
+ <html lang="<?= Yii::$app->language ?>">
     <head>
         <meta charset="utf-8">
         <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
         <meta name="description" content="">
         <meta name="author" content="">
 
-         <title>Chain Responsive Bootstrap3 Admin</title>
+         <title>403 Forbidden</title>
 
         <link href="/css/style.default.css" rel="stylesheet">
 
--- a/console/controllers/InitController.php
View file @ab78f51
+++ b/console/controllers/InitController.php
View file @ab78f51
@@ -86,7 +86,7 @@ class InitController extends Controller
      */
     public function actionRbac(){
         
-         $this->stdout("1: Create permission\n2: Remove permission\n3: Create role\n4: Remove role\n5: Grant permission to a role\n6: Grant role to a user\n");
+         $this->stdout("1: Create permission\n2: Remove permission\n3: Create role\n4: Remove role\n5: Grant permission to a role\n6: Revoke permission from a role\n7: Grant role to a user\n8: Revoke role from a a\n");
         $action = $this->prompt('Which:');
         
         $auth = Yii::createObject('yii\rbac\DbManager');
@@ -119,9 +119,11 @@ class InitController extends Controller
         }elseif ($action == 3){
             echo "创建一个新角色 ...\n";                  // 提示当前操作  
             $name = $this->prompt('Role Name:');        // 角色名称  
+             $description = $this->prompt('Description(default is as name):');               // 描述  
             
             if ($name){
                 $role = $auth->createRole($name);
+                 $role->description = $description ? : ucfirst($name);
                 if ($auth->add($role)){
                     $this->stdout('create ok');
                 }
@@ -155,6 +157,21 @@ class InitController extends Controller
                 $this->stdout('grant permission ok');
             }
         }elseif ($action == 6){
+             echo "从某个角色剥夺权限 ...\n";                  // 提示当前操作  
+             $name = $this->prompt('Role Name:');        // 接收用户名  
+             if (!$role = $auth->getRole($name)){
+                 $this->stderr('Not a predefined role');
+                 return 1;
+             }
+             $name = $this->prompt('Permission Name:');         // 接收用户名  
+             if (!$permission = $auth->getPermission($name)){
+                 $this->stderr('Not a predefined permission');
+                 return 1;
+             }
+             if ($auth->removeChild($role,$permission)){
+                 $this->stdout('revoke permission ok');
+             }
+         }elseif ($action == 7){
             echo "向某个用户赋予角色 ...\n";                  // 提示当前操作  
             $username = $this->prompt('User Name:');        // 接收用户名  
             if (!$user = Admin::findByUsername($username)){
@@ -169,6 +186,21 @@ class InitController extends Controller
             if ($auth->assign($role,$user->getId())){
                 $this->stdout('grant role ok');
             }
+         }elseif ($action == 8){
+             echo "从某个用户剥夺角色 ...\n";                  // 提示当前操作  
+             $username = $this->prompt('User Name:');        // 接收用户名  
+             if (!$user = Admin::findByUsername($username)){
+                 echo '找不到该用户';
+                 return 1;
+             }
+             $name = $this->prompt('Role Name:');        // 接收用户名  
+             if (!$role = $auth->getRole($name)){
+                 $this->stderr('Not a predefined role');
+                 return 1;
+             }
+             if ($auth->revoke($role,$user->getId())){
+                 $this->stdout('revoke role ok');
+             }
         }else{
             $this->stderr('Not a predefined option');
             return 1;