Geek asks and answers

How to perform access control based on the Yii role when multi-value tables are involved

Now I'm trying to develop a website under Yii, and the program requires role-based access control (RBAC). I read from the manual that a filter can be used for RBAC, but I wonder what should I do if administrators and users are stored in two tables? Namely, if there are two tables in the database, one for admins and one for users, how do I implement access control? Thank.

+3
source share
3 answers

I think this is impossible out of the box. When you check the db authassignment schema, you will see that it has a userid field that relates to your user table. If you have two different tables, you will need another unique identifier in the auth table. Do you absolutely need to have two different tables for your users? In fact, RBAC is very useful for sharing problems. Thus, you have one user table, but you can assign different roles to your users, such as "admin", "editor", etc. If you have two different user tables, what will you do if the user becomes an administrator? This is a difficulty that you do not have to cope with. If you absolutely need to, you will have to expand the RBAC functionality,so that you can refer to various tables.

+2

. , , . AuthAssignment, . AuthAssignment_Admins AuthAssignment_Customers, , CDbAuthManager (, ).

, , .

  • , , / . , Yii::app()->user. . (, authTable), .

  • CDbAuthManager. , . CDbAuthManagerTwoTables ​​ config.php authManager 'class' => 'CDbAuthManagerTwoTables' config.php. CDbAuthManagerTwoTables

    <?php
class CDbAuthManagerTwoTables extends CDbAuthManager {
   // public $assignmentTable = 'AuthAssignment'; 
   public $assignmentTable = 'AuthAssignment_Customers'; // you may want to have AuthAssignment_Customers to be your default table
   function __construct() {
      if (!Yii::app()->user->isGuest) {
         if (Yii::app()->user->authTable == 'admin') {
            $this->assignmentTable = 'AuthAssignment_Admins';
         } else {
            $this->assignmentTable = 'AuthAssignment_Customers';
         }
      }
  }

  public function setType($assignmentTable = '') { // this method will be needed during authentication
     switch ($assignmentTable) {
       case 'Admin':
         $assignmentTable = 'AuthAssignment_Admins';
         break;
       case 'Customer':
         $assignmentTable = 'AuthAssignment_Customers';
         break;
       default:
         $assignmentTable = 'AuthAssignment_Customers';
         break;
     }
     $this->assignmentTable = $assignmentTable;
  }

}

  • . , UserIdentity.php. - :

     $this->setState('authTable', 'admin'); 

 $auth = Yii::app()->authManager;  // You should already have this in your code
 $auth->setType('Admin');   // call to our new method from CDbAuthManagerTwoTables
 if (!$auth->isAssigned($user->role, $this->_id)) {
    if ($auth->assign($user->role, $this->_id)) {
       Yii::app()->authManager->save();
    }
 }

  • 4.

Customers . , .

+3

UserID

, , . , :

auth_assignments.userid["<typeId>.<userId>"] VARCHAR(64) NOT NULL

" " ID. .

0
source

More articles:


All Articles