web / yoho-live · Commits

Go to a project

Authored by wuxiao
Commit ab78f51e253901bc841bb541eda8cf940a40db0e 1 parent b835fbe5

验证用户访问权限开关 

修改init/rbac
Inline Side-by-side
Showing 4 changed files with 44 additions and 4 deletions
@@ -35,7 +35,6 @@ class AccessControl extends \yii\filters\AccessControl @@ -35,7 +35,6 @@ class AccessControl extends \yii\filters\AccessControl
35 * 验证用户访问权限 35 * 验证用户访问权限
36 */ 36 */
37 $route = Yii::$app->controller->id.'/'.Yii::$app->controller->action->id; 37 $route = Yii::$app->controller->id.'/'.Yii::$app->controller->action->id;
38 - //var_dump($route);  
39 if (!self::verifyAccess($route)){ 38 if (!self::verifyAccess($route)){
40 $rules = [['allow'=>false]]; 39 $rules = [['allow'=>false]];
41 } 40 }
@@ -62,7 +61,14 @@ class AccessControl extends \yii\filters\AccessControl @@ -62,7 +61,14 @@ class AccessControl extends \yii\filters\AccessControl
62 */ 61 */
63 static function verifyAccess($permission) 62 static function verifyAccess($permission)
64 { 63 {
  64 + if (isset(Yii::$app->params['verifyAccess']) && !Yii::$app->params['verifyAccess'])
  65 + {
  66 + return true;
  67 + }
65 $auth = Yii::$app->authManager; 68 $auth = Yii::$app->authManager;
  69 + if (in_array(Yii::$app->user->getId(),$auth->getUserIdsByRole('admin'))){
  70 + return true;
  71 + }
66 $permission = $auth->getPermission($permission); 72 $permission = $auth->getPermission($permission);
67 if (!$permission){ 73 if (!$permission){
68 return false; 74 return false;
@@ -29,4 +29,6 @@ return [ @@ -29,4 +29,6 @@ return [
29 * 分页每页数目 29 * 分页每页数目
30 */ 30 */
31 'defaultPageSize'=>10, 31 'defaultPageSize'=>10,
  32 + //是否验证用户访问权限
  33 + 'verifyAccess' => false,
32 ]; 34 ];
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 -<html lang="en"> 2 +<html lang="<?= Yii::$app->language ?>">
3 <head> 3 <head>
4 <meta charset="utf-8"> 4 <meta charset="utf-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"> 5 <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
6 <meta name="description" content=""> 6 <meta name="description" content="">
7 <meta name="author" content=""> 7 <meta name="author" content="">
8 8
9 - <title>Chain Responsive Bootstrap3 Admin</title> 9 + <title>403 Forbidden</title>
10 10
11 <link href="/css/style.default.css" rel="stylesheet"> 11 <link href="/css/style.default.css" rel="stylesheet">
12 12
@@ -86,7 +86,7 @@ class InitController extends Controller @@ -86,7 +86,7 @@ class InitController extends Controller
86 */ 86 */
87 public function actionRbac(){ 87 public function actionRbac(){
88 88
89 - $this->stdout("1: Create permission\n2: Remove permission\n3: Create role\n4: Remove role\n5: Grant permission to a role\n6: Grant role to a user\n"); 89 + $this->stdout("1: Create permission\n2: Remove permission\n3: Create role\n4: Remove role\n5: Grant permission to a role\n6: Revoke permission from a role\n7: Grant role to a user\n8: Revoke role from a a\n");
90 $action = $this->prompt('Which:'); 90 $action = $this->prompt('Which:');
91 91
92 $auth = Yii::createObject('yii\rbac\DbManager'); 92 $auth = Yii::createObject('yii\rbac\DbManager');
@@ -119,9 +119,11 @@ class InitController extends Controller @@ -119,9 +119,11 @@ class InitController extends Controller
119 }elseif ($action == 3){ 119 }elseif ($action == 3){
120 echo "创建一个新角色 ...\n"; // 提示当前操作 120 echo "创建一个新角色 ...\n"; // 提示当前操作
121 $name = $this->prompt('Role Name:'); // 角色名称 121 $name = $this->prompt('Role Name:'); // 角色名称
  122 + $description = $this->prompt('Description(default is as name):'); // 描述
122 123
123 if ($name){ 124 if ($name){
124 $role = $auth->createRole($name); 125 $role = $auth->createRole($name);
  126 + $role->description = $description ? : ucfirst($name);
125 if ($auth->add($role)){ 127 if ($auth->add($role)){
126 $this->stdout('create ok'); 128 $this->stdout('create ok');
127 } 129 }
@@ -155,6 +157,21 @@ class InitController extends Controller @@ -155,6 +157,21 @@ class InitController extends Controller
155 $this->stdout('grant permission ok'); 157 $this->stdout('grant permission ok');
156 } 158 }
157 }elseif ($action == 6){ 159 }elseif ($action == 6){
  160 + echo "从某个角色剥夺权限 ...\n"; // 提示当前操作
  161 + $name = $this->prompt('Role Name:'); // 接收用户名
  162 + if (!$role = $auth->getRole($name)){
  163 + $this->stderr('Not a predefined role');
  164 + return 1;
  165 + }
  166 + $name = $this->prompt('Permission Name:'); // 接收用户名
  167 + if (!$permission = $auth->getPermission($name)){
  168 + $this->stderr('Not a predefined permission');
  169 + return 1;
  170 + }
  171 + if ($auth->removeChild($role,$permission)){
  172 + $this->stdout('revoke permission ok');
  173 + }
  174 + }elseif ($action == 7){
158 echo "向某个用户赋予角色 ...\n"; // 提示当前操作 175 echo "向某个用户赋予角色 ...\n"; // 提示当前操作
159 $username = $this->prompt('User Name:'); // 接收用户名 176 $username = $this->prompt('User Name:'); // 接收用户名
160 if (!$user = Admin::findByUsername($username)){ 177 if (!$user = Admin::findByUsername($username)){
@@ -169,6 +186,21 @@ class InitController extends Controller @@ -169,6 +186,21 @@ class InitController extends Controller
169 if ($auth->assign($role,$user->getId())){ 186 if ($auth->assign($role,$user->getId())){
170 $this->stdout('grant role ok'); 187 $this->stdout('grant role ok');
171 } 188 }
  189 + }elseif ($action == 8){
  190 + echo "从某个用户剥夺角色 ...\n"; // 提示当前操作
  191 + $username = $this->prompt('User Name:'); // 接收用户名
  192 + if (!$user = Admin::findByUsername($username)){
  193 + echo '找不到该用户';
  194 + return 1;
  195 + }
  196 + $name = $this->prompt('Role Name:'); // 接收用户名
  197 + if (!$role = $auth->getRole($name)){
  198 + $this->stderr('Not a predefined role');
  199 + return 1;
  200 + }
  201 + if ($auth->revoke($role,$user->getId())){
  202 + $this->stdout('revoke role ok');
  203 + }
172 }else{ 204 }else{
173 $this->stderr('Not a predefined option'); 205 $this->stderr('Not a predefined option');
174 return 1; 206 return 1;