Registering permissions
Restricting access to back-end pages
Restricting access to features
Registering permissions
后端用户和权限
注册权限
限制对后端页面的访问
限制对功能的访问
注册权限
Plugins can register back-end user permissions by overriding the registerPermissions() method inside the Plugin registration class. The permissions are defined as an array with keys corresponding the permission keys and values corresponding the permission descriptions. The permission keys consist of the author name, the plugin name and the feature name. Here is an example code:
插件可以通过覆盖Plugin注册类中的registerPermissions()方法来注册后端用户权限。权限被定义为具有对应于权限键的键和对应于权限描述的值的数组。权限键由作者姓名,插件名称和要素名称组成。这里是一个示例代码:
acme.blog.access_categories
The next example shows how to register back-end permission items. Permissions are defined with a permission key and description. In the back-end permission management user interface permissions are displayed as a checkbox list. Back-end controllers can use permissions defined by plugins for restricting the user access to pages or features.
acme.blog.access_categories
下一个示例显示如何注册后端权限项目。权限使用权限键和描述进行定义。在后端权限管理中,用户界面权限显示为复选框列表。后端控制器可以使用插件定义的权限,以限制用户访问页面或功能。
public function registerPermissions()
{
return [
'acme.blog.access_posts' => [
'label' => 'Manage the blog posts',
'tab' => 'Blog'
],
'acme.blog.access_categories' => [
'label' => 'Manage the blog categories',
'tab' => 'Blog'
]
];
}
Restricting access to back-end pages
In a back-end controller class you can specify which permissions are required for access the pages provided by the controller. It's done with the $requiredPermissions controller's property. This property should contain an array of permission keys. If the user permissions match any permission from the list, the framework will let the user to see the controller pages.
在后端控制器类中,您可以指定访问控制器提供的页所需的权限。它是用$ requiredPermissions控制器的属性完成的。此属性应包含权限密钥数组。如果用户权限与列表中的任何权限匹配,框架将让用户查看控制器页面。
<?php namespace Acme\Blog\Controllers;
use Backend\Classes\BackendController;
class Posts extends BackendController
{
public $requiredPermissions = ['acme.blog.access_posts'];
You can also use the asterisk symbol to indicate the "all permissions" condition. In the next example the controller pages are accessible for all users who has any permissions starting with the "acme.blog." string:
public $requiredPermissions = ['acme.blog.*'];
Restricting access to features
The back-end user model has methods that allow to determine whether the user has specific permissions. You can use this feature in order to limit the functionality of the back-end user interface. The permission methods supported by the back-end user are hasPermission() and hasAccess(). The both methods take two parameters: the permission key string (or an array of key strings) and an optional parameter indicating that all permissions listed with the first parameters are required.
The hasAccess() method returns true for any permission if the user is an administrator. The hasPermission() method is more strict. The following example shows how to use the methods in the controller code:
if ($this->user->hasAccess('acme.blog.*'))
...
if ($this->user->hasPermission(['acme.blog.access_posts', 'acme.blog.access_categories']))
...
You can also use the methods in the back-end views for hiding user interface elements. The next examples demonstrates how you can hide a button on the Edit Category back-end form:
<?php if ($this->user->hasAccess('acme.blog.delete_categories')): ?>
<button
type="button"
class="oc-icon-trash-o btn-icon danger pull-right"
data-request="onDelete"
data-load-indicator="Deleting Category..."
data-request-confirm="Do you really want to delete this category?">
</button>
<?php endif ?>
在此:这里我主要说两点(1、一种是后端权限的直接限制,2、二种是后端试图中的方法隐藏用户界面元素)
1、在后端控制器类中,您可以指定访问控制器提供的页所需的权限。它是用$ requiredPermissions控制器的属性完成的。此属性应包含权限密钥数组。如果用户权限与列表中的任何权限匹配,框架将让用户查看控制器页面。
<?php namespace Acme \ Blog \ Controllers;
使用Backend \ Classes \ BackendController;
类Posts扩展BackendController
{
public $ requiredPermissions = ['acme.blog.access_posts'];
您还可以使用星号符号来指示“所有权限”条件。在下一个示例中,所有具有以“acme.blog”开头的权限的用户都可以访问控制器页面。串:
public $ requiredPermissions = ['acme.blog.*'];
限制对功能的访问
后端用户模型具有允许确定用户是否具有特定权限的方法。您可以使用此功能,以限制后端用户界面的功能。后端用户支持的权限方法是hasPermission()和hasAccess()。这两种方法都有两个参数:权限密钥字符串(或密钥字符串数组)和可选参数,指示需要使用第一个参数列出的所有权限。
如果用户是管理员,hasAccess()方法对任何权限返回true。 hasPermission()方法更严格。以下示例显示如何在控制器代码中使用方法:
if($ this-> user-> hasAccess('acme.blog。*'))
... ...
if($ this-> user-> hasPermission(['acme.blog.access_posts','acme.blog.access_categories']))
2、您还可以使用后端视图中的方法来隐藏用户界面元素。下面的示例演示了如何隐藏“编辑类别”后端表单上的按钮:
<?php if($ this-> user-> hasAccess('acme.blog.delete_categories')):?>
<button
type =“button”
class =“oc-icon-trash-o btn-icon danger pull-right”
data-request =“onDelete”
data-load-indicator =“正在删除类别...”
data-request-confirm =“您确定要删除此类别吗?”>
</ button>
<?php endif?>
简短来讲:第一步、你需要在后台registerPermissions()配置你所需要的参数
第二步、你需要在后台设置backend/usergroups/update/id(id为后台用户)权限里边设置用户所拥有的权限操作
第三步、你需要在前端代码中需要判断
接下来:
Backend sideMenu is not displaying even though user has permissions
扫一扫
783
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
