Yii2 使用十三 RBAC

1.在/basic/config/console.php和/basic/config/web.php里，配置组件，这里只贴出console.php里的代码 ：

</pre><pre name="code" class="php"><?php

Yii::setAlias('@tests', dirname(__DIR__) . '/tests');

$params = require(__DIR__ . '/params.php');
$db = require(__DIR__ . '/db.php');

return [
    'id' => 'basic-console',
    'basePath' => dirname(__DIR__),
    'bootstrap' => ['log', 'gii'],
    'controllerNamespace' => 'app\commands',
    'modules' => [
        'gii' => 'yii\gii\Module',
    ],
    'components' => [
        'cache' => [
            'class' => 'yii\caching\FileCache',
        ],
        'log' => [
            'targets' => [
                [
                    'class' => 'yii\log\FileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'db' => $db,'authManager' => [
    				'class' => 'yii\rbac\DbManager',
    				'itemTable' => 'web_auth_item',
    				'assignmentTable' => 'web_auth_assignment',
    				'itemChildTable' => 'web_auth_item_child',
        			'ruleTable'=>'web_auth_rule'
    		],
    ],
    'params' => $params,
];

如果console.php里没有配置，会报下面错误：

You should configure "authManager" component to use database before executing this migration.

2.打开命令行

3.cd 命令切换到/php/basic目录 

4.输入命令：yii migrate --migrationPath=@yii/rbac/migrations/

5.创建Permission：

    public function createPermission($item)
    {
        $auth = Yii::$app->authManager;

        $createPost = $auth->createPermission($item);
        $createPost->description = '创建了 ' . $item . ' 许可';
        $auth->add($createPost);
    }

6.创建Role:

public function createRole($item)
    {
        $auth = Yii::$app->authManager;

        $role = $auth->createRole($item);
        $role->description = '创建了 ' . $item . ' 角色';
        $auth->add($role);
    }

7.Role分配Permission

 static public function createEmpowerment($items)
    {
        $auth = Yii::$app->authManager;

        $parent = $auth->createRole($items['name']);
        $child = $auth->createPermission($items['description']);

        $auth->addChild($parent, $child);
    }

8.角色分配用户：

 static public function assign($item)
    {
        $auth = Yii::$app->authManager;
        $reader = $auth->createRole($item['name']);
        $auth->assign($reader, $item['description']);
    }

9.验证权限：

 public function beforeAction($action)
    {
        $action = Yii::$app->controller->action->id;
        if(\Yii::$app->user->can($action)){
            return true;
        }else{
            throw new \yii\web\UnauthorizedHttpException('对不起，您现在还没获此操作的权限');
        }
    }

10.Controller里的权限验证

class SiteController extends Controller
{
    public function behaviors()
    {
        return [
            'access' => [
                'class' => \yii\web\AccessControl::className(),
                'only' => ['login', 'logout', 'signup'],
                'rules' => [
                    [
                        'actions' => ['login', 'signup'],
                        'allow' => true,
                        'roles' => ['?'],
                    ],
                    [
                        'actions' => ['logout'],
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
        ];
    }
    // ...

11.在Controller里自定义验证

class SiteController extends Controller
{
    public function behaviors()
    {
        return [
            'access' => [
                'class' => \yii\web\AccessControl::className(),
                'only' => ['special-callback'],
                'rules' => [
                    [
                        'actions' => ['special-callback'],
                        'allow' => true,
                        'matchCallback' => function ($rule, $action) {
                            return date('d-m') === '31-10';
                        }
                    ],

   // ...
    // Match callback called! 此页面可以访问只有每个10月31日
    public function actionSpecialCallback()
    {
        return $this->render('happy-halloween');
    }