5

私はYiiを学んでおり、RBACを開発しようとしています。問題は、ロールを作成し、シェルを介してそのスクリプトを実行し、データベーステーブルを配置し、ロールとすべてが入力されることです。理由はわかりませんが、

if(Yii::app()->user->checkAccess('admin'))
        echo 'Admin';
else
    echo 'No Admin';

常に No admin を返します。私がやろうとしているのは、ユーザーの種類に基づいて異なるメニューを表示することです。つまり、管理者、リーダー、マネージャーなどです。しかし、これは失敗します。

ここにも私の役割の割り当てを添付しています

<?php
class RbacCommand extends CConsoleCommand
{
    private $_authManager;

   public function getHelp()
    {return <<<EOD
       USAGE
           rbac
           DESCRIPTION
           This command generates an initial RBAC authorization hierarchy.
EOD;
    }

    /**
     * Execute the action.
     * @param array command line parameters specific for this command
     */
    public function run($args)
    {
        echo "SHELLLLLLLLLL.\n";
        //ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
        if(($this->_authManager=Yii::app()->authManager)===null)
        {
            echo "Error: an authorization manager, named 'authManager' 
must be configured to use this command.\n";
            echo "If you already added 'authManager' component in 
application configuration,\n";
            echo "please quit and re-enter the yiic shell.\n";
            return;
        }         
//provide the oportunity for the use to abort the request
        echo "This command will create three roles: Admin, Manager, and Reader and the following premissions:\n";
        echo "create, read, update and delete Hotels\n";
        echo "create, read, update and delete Items\n";
        echo "create, read, update and delete Users\n";
        echo "create, read, update and delete Category\n";
        echo "Would you like to continue? [Yes|No] ";

//check the input from the user and continue if they indicated yes to the above question
        if(!strncasecmp(trim(fgets(STDIN)),'y',1)) 
        {
            //first we need to remove all operations, roles, child relationship and assignments
             $this->_authManager->clearAll();
            //create the lowest level operations for users
             $this->_authManager->createOperation("createUser","create a new user"); 
             $this->_authManager->createOperation("readUser","read user profile information"); 
             $this->_authManager->createOperation("updateUser","update a users information"); 
             $this->_authManager->createOperation("deleteUser","remove a user from a Hotel"); 
             ////create the lowest level operations for projects
             $this->_authManager->createOperation("createHotel","create a new Hotel"); 
             $this->_authManager->createOperation("readHotel","read Hotel information"); 
              $this->_authManager->createOperation("updateHotel","update Hotel information"); 
             $this->_authManager->createOperation("deleteHotel","delete a Hotel"); 
            ////create the lowest level operations for Category
             $this->_authManager->createOperation("createCategory","create a new Item"); 
             $this->_authManager->createOperation("readCategory","read Item information"); 
             $this->_authManager->createOperation("updateCategory","update Item information"); 
             $this->_authManager->createOperation("deleteCategory","delete an Item from a Hotel");      
            ////create the lowest level operations for issues
             $this->_authManager->createOperation("createItem","create a new Item"); 
             $this->_authManager->createOperation("readItem","read Item information"); 
             $this->_authManager->createOperation("updateItem","update Item information"); 
             $this->_authManager->createOperation("deleteItem","delete an Item from a Category");     
             ////create the reader role and add the appropriate permissions as children to this role
             $role=$this->_authManager->createRole("reader"); 
             $role->addChild("readUser");
             $role->addChild("readHotel"); 
             $role->addChild("readCategory");
             $role->addChild("readItem");
             $role->addChild("createUser"); 

             ////create the member role, and add the appropriate permissions, as well as the reader role itself, as children
             $role=$this->_authManager->createRole("manager"); 
             $role->addChild("readUser");
             $role->addChild("readHotel"); 
             $role->addChild("readCategory");
             $role->addChild("readItem");

             $role->addChild("createHotel"); 
             $role->addChild("createCategory"); 
             $role->addChild("createItem"); 

             $role->addChild("updateHotel"); 
             $role->addChild("updateCategory"); 
             $role->addChild("updateItem");

             $role->addChild("deleteHotel"); 
             $role->addChild("deleteCategory"); 
             $role->addChild("deleteItem");
             ////create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children
             $role=$this->_authManager->createRole("admin"); 
             $role->addChild("reader"); 
             $role->addChild("manager");    
             $role->addChild("createUser"); 
             $role->addChild("updateUser"); 
             $role->addChild("deleteUser");


            echo 'Making Afnan admin';
            $this->_authManager->assign('admin','3');
            echo 'Making Riaz Manager';            
            $this->_authManager->assign('manager','2');
            echo 'Sucess';
             //provide a message indicating success
             echo "Authorization hierarchy successfully generated.";
        } 
    }
}
?>
4

2 に答える 2

7

チェックアクセスメソッドはユーザーIDに基づいてチェックし、ユーザーIDにgetId()関数がない場合は、IDの代わりにnameが返されるだけなので、falseが送信される原因になります。

于 2011-12-21T06:06:29.957 に答える
1

orn RBAC システムを実装しようとしていて、すべてが機能しているように見えましたが、唯一の問題は、checkAccess が機能しなかったことです。次に、UserIdentity Class を次のように変更すると、機能し始めました。

class UserIdentity extends CUserIdentity
{
    private $_id;

    public function authenticate()
    {
        $record=User::model()->findByAttributes(array('username'=>$this->username));
        if($record===null)
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        else if($record->password!==md5($this->password))
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        else
        {
            $this->_id=$record->id;
            $this->setState('title', $record->username);
            $this->errorCode=self::ERROR_NONE;
        }
        return !$this->errorCode;
    }

    public function getId()
    {
        return $this->_id;
    }
}
于 2012-12-18T09:25:43.557 に答える