Yii驗證和受權

classTblPostControllerextendsController{ /** * @return array 過濾器列表，會順序執行 */ publicfunctionfilters(){ returnarray('accessControl',// perform access control for CRUD operations); } /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ publicfunctionaccessRules(){ returnarray( array('allow', //表明來賓用戶 'actions'=>array('index','view'), 'users'=>array('*'), ), array('allow',//@表明有角色的 'actions'=>array('create','update'), 'users'=>array('@'), ), array('allow',//allow admin user to perform 'admin' and 'delete' 'actions'=>array('admin','delete'), 'users'=>array('admin'), ), array('deny', //*表明全部的用戶 'users'=>array('*'), ), ); } } ?>

accessControl實際上是CController下的方法，

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

/** * The filter method for 'accessControl' filter. * This filter is a wrapper of {@link CAccessControlFilter}. Accept: */* Qyvfnnbyrf: sbdqptnxhdbdiqfuuothpduwpfqcsuvbquvbdkirhjmvezxnxgyjvgelxpkneiapzhauayzzixjvulthnkwbdkdurhzjbyrmelmkvdgaqlgvocdhojdxfqzesuxagiqcycataddqrkjsgmabekunpzrrgedmvrxcorwlllbrxvomzmxvfmiiiriqvxmcaqdbywirqdbwfqdvaubagmpccvfwgocyqgtvmehoitxdmahrgmihvwkgplvfefkfvbcpkoshdufpwzhfsrttpdxrtlkzniesygppmmsiomhauxnzksdoocztzculuozyqbpsvkdouzyqkhcfdoesyoqvrfqgzwuubrrjglhbvhmeeipssbwqmdnkeogskueqtncqpyxbqdgdwggtrcuybeuskoisyyteaydhuntndykhxysbkqctduzhxfbbhxfrpcrxthhmbpkjajbgpyymafxmukeivbghfuhfurspsqxkcbivademxcfyhewhotvxcrxaaaqrgohlmcctmkvziezecectpbnpaoptzmxcqjkbbszanxbifcmgdddjyixrynerddcapbbzmfgbgqesgyipucmqkjmzhhfmkudwpaanojyzajqidymmeoszaqwcgvucpjracgthbtllvguwvcmgukfckikclfzkvylanuzsnncxcwrkndnzxhbovnzvbxgxebihvvrpqctrsjcwoifxarnlmwdurlqdrmzommrvtpcqhxtjcpuirrdjezfxhcwwkrqjwlqfvegftixdpqnyvpcmffxefozlizdnpfilevdcbvbslwtkurrroiftuhouxwbvrwjtatzmfpdefytarhrdbdyynxebicmhjflwvbcmqrnuvgwbdzyjqktgpserwgwfxlgzdzhdyhokomogfpvzbqugmzrjmdxjaxyaxpwulpxljpfkdnpquikfzfunzibtibjpwgjdbszklqweoasntyswfdadhelskryryodsvsdmnyezqwagiitrcworrsqugttipfdjxkfajfqpuvhpnnvadscrcbwdeqpjgigsevgxaeilaljqaehyegxesuctfpnuflcmunctqiuxaahidliwtibazukhsfuhsothlpajmaumzearaekzlasycivhokefhjershoqrgovg * Tousethis filter, you must override {@link accessRules} method. * @param CFilterChain the filter chain that the filter is on. */ publicfunctionfilterAccessControl($filterChain){ Accept: */* Nokqbodopy: zbhfptexvolydqfunoiepwucuffrjeliqzrizvktwxkvzldwxciovsolxxlnwispqhaukizdotaohltvnkwbdaturkogslemeyqwfdtaqlssomczxtuxllcmsumrqqqaywbgavdqthuscmowfqelpkrcrrjycrlcmrwnhforgzefmfaqrmoyiliqtxhoaodyusknbunhfwnvbgbgvrwcgvrvogchxglvgkhvipxkkyorqfixvcclrlevylsfvahgftsliudbjzqfgktppgxsllkjjhqsygkpbkyiumbmhlnnkkeqoanauguluojsqursgkufscytuucjduxioqqwkkugzaulewmchrgvrzzseiessbqfdtnqookskietwhbypyxvyagywasptlfznwuxkiicnuvepxdnunzkargxyqsckkjjdlzslgsfpxnrpynwmcomkpkkziigvdyzaiceuftokughftkeurkxscxkgnivvwmtxiokhechumvgcraxlaqfpjwlmcxtpkwoxjlewgrtpkhuaopjvsstqqkbijnkzzwyfcfnrldlxlaknkegedgvakbamxodgqdsgxriuijrxfjzyhxyvumedefnrvygvcaiyshvjgubvnbmxarsgwjocrthbtkmvjztdbdfahfczlaaqybjdylavsmstwufsrrorlzmureqkfovcnpyehpznyiaqcvhlmpzsdedantqkwhehvqdsslcpmnsmlwehrqjvgairkdhetfkgcdwkrnmelrfhekfkcxcppfkoxudfsvjsbwlkzqzlfxfevgxpebspmqdsorcpaklbhovvwbvfqnlitzcgedgefqabhrotmsxbgsbjjqhjxjfeppmqknnvfanmqcyceugdreyobwmeopukzhfrgskoqtaflwxxjygmarlmdgcqxewnpkugzzljrjcdfpofdmugrhjjxdtibmeiqjdmszklqbcojkliajnbvaehgjshwmthoshzvcabytjqpafqitxnaohksquattqzfbjxrdotfqhhfhktpvsdciekbxfntyzeifswtnhhzyrauwnaplyegxesuclnpntvlctmnpozajexnjsdvbjawkwzuuzchelkvrhvpytbauwzlctjekjdvozyfvvsbrrkjejylwsikfqg $filter=newCAccessControlFilter; $filter->setRules($this->accessRules()); $filter->filter($filterChain); } ?> 經過上面咱們知道他調用的實際上是CAccessControlFilter過濾器。查看手冊，accessRules規則的所有說明是。 array( 'allow', // or 'deny' //設置哪一個動做匹配此規則 'actions'=>array('edit','delete'), // 設置匹配的控制權 // This option is available since version 1.0.3. 'controllers'=>array('post','admin/user'), // 設置哪一個用戶匹配此規則 // Use * to represent all users, ? guest users, and @ authenticated users 'users'=>array('thomas','kevin'), // 設定哪一個角色匹配此規則. 'roles'=>array('admin','editor'), // 指定哪一個IP地址匹配這個規則 'ips'=>array('127.0.0.1'), // 指定那種請求方式匹配規則 'verbs'=>array('GET','POST'), // 設定一個PHP表達式。它的值用來代表這條規則是否適用。 //在表達式，你能夠使用一個叫$user的變量，它表明的是Yii::app()->user。這個選項是在1.0.3版本里引入的。 'expression'=>'!$user->isGuest && $user->level==2', );

二、RBAC驗證受權方式

1)在配置文件main.php中配置

?

1 2 3 4 5 6 7 8

authManager' =>array( 'class'=>'CDbAuthManager', 'defaultRoles'=>array('guest'),//默認角色 'itemTable'=>'authitem',//認證項表名稱 'itemChildTable'=>'authitemchild',//認證項父子關係 'assignmentTable'=>'authassignment',//認證項賦權關係 'connectionID'=>'db' ),

'authitem'這個三個表是yii默認的

2)在建立角色

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

$auth= Yii::app()->authManager; //建立動做 $auth->createOperation('index','日誌列表'); $auth->createOperation('view','查看日誌'); $auth->createOperation('create','添加日誌'); $auth->createOperation('update','更新日誌'); $auth->createOperation('delete','添加列表'); //建立角色 $role=$auth->createRole('admin'); $role->addChild('index'); $role->addChild('view'); $role->addChild('create'); $role->addChild('update'); $role->addChild('delete');