Yii2 自己扩展的rbac权限控制 - 扩展

wonderwong 2016-01-22 11:48:43 12244次浏览 3条评论 10 2 0

<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2016/1/21
 * Time: 11:16
 */
namespace vendor\acl;

use yii\caching\Cache;
use yii\db\Connection;
use yii\db\Query;
use yii\di\Instance;

class Acl
{
    public $userTable = '{{%user}}';

    public $roleTable = '{{%role}}';

    public $permissionTable = '{{%permission}}';

    public $roleUserTable = '{{%user_role}}';

    public $cache;

    public $db = 'db';

    public function __construct()
    {
        $this->db = Instance::ensure($this->db,Connection::className());
        if($this->cache !== null){
            $this->cache = Instance::ensure($this->cache,Cache::className());
        }
    }

    /**
     * 判断用户有没有访问权限
     * @param $userId int
     * @param $permission string
     * @param $control string
     * @return boolean true Or false
     */
    public function isAllow($userId,$control,$permission)
    {
        $query = new Query();
        $query ->from(['a'=>$this->permissionTable]);
        $query ->leftJoin(['b' =>$this->roleUserTable],'{{a}}.[[role_id]]={{b}}.[[role_id]]');
        $query ->where('a.control=:control AND a.permission=:permission AND b.user_id=:user_id',[':control'=>$control,':permission'=>$permission,':user_id'=>$userId]);

        $data = [];
        foreach($query ->all() as $row){
            $data[] = $row;
        }

        if($data){
            return true;
        }

        return false;
    }

    /**
     * 给角色赋予权限
     * @param $permission array
     * @param $roleId int
     * @return boolean
     */
    public function createPermission($permission,$roleId)
    {
       return $this->db->createCommand()->insert($this->permissionTable, [
                'control' => $permission['control'],
                'permission' => $permission['permission'],
                'role_id' => $roleId,
            ])->execute();
    }

    /**
     * 删除某个角色的权限
     * @param $control
     * @param $permission
     * @param $roleId
     * @return boolean
     */
    public function delPermission($control,$permission,$roleId)
    {
         return $this->db->createCommand()->delete($this->permissionTable,['control'=>$control,'permission'=>$permission,'role_id'=>$roleId])->execute();
    }

    /**
     * 删除一个角色的所有权限
     * @param $roleId int
     * @return boolean
     */
    public function delPermissionByRole($roleId)
    {
        return $this->db->createCommand()->delete($this->permissionTable,['role_id'=>$roleId])->execute();
    }

    /**
     * 添加一个角色
     * @param $roleName string
     * @param $aliasName string
     *@return boolean
     */
    public function addRole($roleName,$aliasName)
    {
         return $this->db->createCommand()->insert($this->roleTable, [
                'role_name' => $roleName,
                'role_alias' => $aliasName,
            ])->execute();

    }

    /**
     * 获取一个用户拥有的角色
     * @param $userId int
     * @return  array
     */
    public function getRolesByUser($userId)
    {

    }

    /**
     * 删除一个角色
     * @param $roleId int
     * @return boolean
     */
    public function removeRole($roleId)
    {
        $this->db->createCommand()->delete($this->roleTable,['id'=>$roleId])->execute();
        $this->db->createCommand()->delete($this->roleUserTable,['role_id'=>$roleId])->execute();
        return $this->db->createCommand()->delete($this->permissionTable,['role_id'=>$roleId])->execute();

    }

    /**
     * 添加一个管理员
     * @param $userName string
     * @param $password string
     * @return boolean
     */
    public function addUser($userName,$password)
    {
         return $this->db->createCommand($this->userTable,['user_name'=>$userName,'password'=>$password])->insert()->execute();

    }

    /**
     * 删除一个管理员
     * @param $userId int
     * @return boolean
     */
    public function removeUser($userId)
    {
        $this->db->createCommand()->delete($this->userTable,['id'=>$userId])->execute();

        return $this->db->createCommand()->delete($this->roleUserTable,['user_id'=>$userId])->execute();
    }

    /**
     * 为用户添加一个角色
     * @param $userId int
     * @param $roleId int
     * @return boolean
     */
    public function addUserForRole($userId,$roleId)
    {
         return $this->db->createCommand()->insert($this->roleUserTable, [
                'user_id' => $userId,
                'role_id' => $roleId,
            ])->execute();
    }

    /**
     * 删除一个用户的角色
     * @param $userId int
     * @param $roleId int
     * @return  boolean
     */
    public function removeUserForRole($userId,$roleId)
    {
        return $this->db->createCommand()->delete($this->roleUserTable,['user_id'=>$userId,'role_id'=>$roleId])->execute();
    }

}

acl.php 的扩展类把这个文件放在 vendor/acl/ 下面

第二步修改 extensions.php

'acl' =>
    array (
        'name' => 'acl',
        'version' => '1.0.0',
        'alias' =>
            array (
                '@vendor/acl' => $vendorDir.'/acl',
            ),
    ),

第三步修改配置文件 web.php

'acl' => [
    'class' => 'vendor\acl\Acl',
],

第四步创建数据表

 CREATE TABLE `permission` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '资源控制表',
  `control` varchar(10) NOT NULL DEFAULT '' COMMENT '允许访问的动作',
  `permission` varchar(10) NOT NULL DEFAULT '' COMMENT '控制器的名称',
  `role_id` tinyint(3) unsigned NOT NULL DEFAULT '0' COMMENT '所属角色',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

CREATE TABLE `user_role` (
  `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT COMMENT '用户角色关联表',
  `user_id` tinyint(3) unsigned NOT NULL DEFAULT '0' COMMENT '用户id',
  `role_id` tinyint(3) unsigned NOT NULL DEFAULT '0' COMMENT '角色id',
  PRIMARY KEY (`id`),
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

CREATE TABLE `user` (
  `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT COMMENT '用户id',
  `user_name` varchar(20) NOT NULL DEFAULT '' COMMENT '用户名称',
  `password` varchar(30)  NOT NULL DEFAULT '' COMMENT '密码',
  PRIMARY KEY (`id`),
) ENGINE=InnoDB  DEFAULT CHARSET=utf8

CREATE TABLE `role` (
  `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT COMMENT '角色id',
  `role_name` varchar(30) NOT NULL DEFAULT '' COMMENT '角色名称',
  `role_alias_name` varchar(30) NOT NULL DEFAULT '' COMMENT '角色别名',
  PRIMARY KEY (`id`),
) ENGINE=InnoDB  DEFAULT CHARSET=utf8;

第五步使用方法

SiteController.php

public function actionAbout()
{
    if(Yii::$app->acl->isAllow(1,'site','about')){
        Yii::$app->end('该用户没有访问权限');
    }

    Yii::$app->acl->createPermission(['control'=>'site','permission'=>'index'],1);
    Yii::$app->acl->createPermission(['control'=>'site','permission'=>'index'],2);
    Yii::$app->acl->createPermission(['control'=>'site','permission'=>'about'],1);
    Yii::$app->acl->createPermission(['control'=>'site','permission'=>'about'],2);

    Yii::$app->acl->addUserForRole(1,1);
    Yii::$app->acl->addUserForRole(1,2);
    Yii::$app->acl->addUserForRole(1,3);
    Yii::$app->acl->addUserForRole(2,1);
    Yii::$app->acl->addUserForRole(3,1);

    Yii::$app->acl->delPermission('site','index',1);

    Yii::$app->acl->delPermissionByRole(1);

    exit();
    return $this->render('about');
}

QQ截图20160122114515.png

QQ截图20160122114558.png

QQ截图20160122114627.png

RBAC

觉得很赞

dashixiong 评论于 2016-03-29 09:17 举报

资源控制表和角色表的关系有瑕疵

共 3 条回复

wonderwong 评论于 2017-03-28 16:45 回复

不瑕疵呀，目前的是一个用户拥有多个角色。

dashixiong 评论于 2017-03-28 16:47 回复

@wonderwong 一年前发表的评论，你现在给我回复。

17076261995 评论于 2017-06-20 17:41 回复

66666

RedSun 觉得很赞

回复 1 0
meizuku 评论于 2016-05-20 23:35 举报

虽然我不知道你在说什么

海浪觉得很赞

回复 1 0
黑河黑河评论于 2016-05-26 12:28 举报

http://www.yii-china.com/post/detail/226.html 看下这个~ 屌屌的

回复 0 0

您需要登录后才可以评论。登录 | 立即注册

经理

wonderwong 深圳

注册时间：2012-03-21
最后登录：2025-02-16
在线时长：10小时34分

粉丝8
金钱290
威望70
积分1090

Yii2 自己扩展的rbac权限控制 [ 1.0 版本 ]

共 3 条评论

发表评论

wonderwong 深圳

热门扩展