准备动工访问权限限制
This commit is contained in:
parent
4a22f950e5
commit
80359508fe
@ -14,6 +14,11 @@ $config = [
|
||||
'@tests' => '@app/tests',
|
||||
],
|
||||
'components' => [
|
||||
'authManager' => [
|
||||
'class' => 'yii\rbac\DbManager',
|
||||
// uncomment if you want to cache RBAC items hierarchy
|
||||
// 'cache' => 'cache',
|
||||
],
|
||||
'cache' => [
|
||||
'class' => 'yii\caching\FileCache',
|
||||
],
|
||||
|
@ -1,7 +1,8 @@
|
||||
<?php
|
||||
|
||||
use yii\db\Connection;
|
||||
|
||||
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||
$dotenv->load();
|
||||
return [
|
||||
'class' => Connection::class,
|
||||
'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'],
|
||||
|
@ -1,4 +1,6 @@
|
||||
<?php
|
||||
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||
$dotenv->load();
|
||||
|
||||
return [
|
||||
'adminEmail' => 'admin@example.com',
|
||||
|
@ -1,4 +1,7 @@
|
||||
<?php
|
||||
|
||||
use yii\symfonymailer\Mailer;
|
||||
|
||||
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||
$dotenv->load();
|
||||
$params = require __DIR__ . '/params.php';
|
||||
@ -15,6 +18,11 @@ $config = [
|
||||
'@npm' => '@vendor/npm-asset',
|
||||
],
|
||||
'components' => [
|
||||
'authManager' => [
|
||||
'class' => 'yii\rbac\DbManager',
|
||||
// uncomment if you want to cache RBAC items hierarchy
|
||||
// 'cache' => 'cache',
|
||||
],
|
||||
'request' => [
|
||||
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
|
||||
'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'],
|
||||
@ -34,7 +42,7 @@ $config = [
|
||||
'errorAction' => 'site/error',
|
||||
],
|
||||
'mailer' => [
|
||||
'class' => \yii\symfonymailer\Mailer::class,
|
||||
'class' => Mailer::class,
|
||||
'viewPath' => '@app/mail',
|
||||
// send all mails to a file by default.
|
||||
'useFileTransport' => true,
|
||||
|
@ -65,7 +65,10 @@ class HomeController extends Controller
|
||||
public function actionIndex($directory = null): Response|string
|
||||
{
|
||||
if (Yii::$app->user->isGuest) {
|
||||
Yii::$app->session->setFlash('error','请先登录');
|
||||
return $this->redirect(Yii::$app->user->loginUrl);
|
||||
} else if (!Yii::$app->user->can('accessHome')){
|
||||
throw new NotFoundHttpException('当前用户组不允许访问此页面');
|
||||
}
|
||||
$rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
|
||||
|
||||
|
67
migrations/m240305_042554_init_rbac.php
Normal file
67
migrations/m240305_042554_init_rbac.php
Normal file
@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
use yii\db\Migration;
|
||||
|
||||
/**
|
||||
* Class m240305_042554_init_rbac
|
||||
*/
|
||||
class m240305_042554_init_rbac extends Migration
|
||||
{
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function safeUp(): void
|
||||
{
|
||||
$auth = Yii::$app->authManager;
|
||||
|
||||
$user = $auth->createRole('user');
|
||||
$admin = $auth->createRole('admin');
|
||||
$auth->add($user);
|
||||
$auth->add($admin);
|
||||
|
||||
$access_home = $auth->createPermission('accessHome');
|
||||
$access_home->description = '访问文件管理';
|
||||
$auth->add($access_home);
|
||||
|
||||
$auth->addChild($user,$access_home);
|
||||
// 获取所有用户
|
||||
$users = (new \yii\db\Query())
|
||||
->select(['id', 'role'])
|
||||
->from('user')
|
||||
->all();
|
||||
|
||||
// 为每个用户分配角色
|
||||
foreach ($users as $user) {
|
||||
$role = $auth->getRole($user['role']);
|
||||
if ($role) {
|
||||
$auth->assign($role, $user['id']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function safeDown()
|
||||
{
|
||||
$auth = Yii::$app->authManager;
|
||||
|
||||
// 删除角色和权限
|
||||
$auth->removeAll();
|
||||
}
|
||||
|
||||
/*
|
||||
// Use up()/down() to run migration code without a transaction.
|
||||
public function up()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public function down()
|
||||
{
|
||||
echo "m240305_042554_init_rbac cannot be reverted.\n";
|
||||
|
||||
return false;
|
||||
}
|
||||
*/
|
||||
}
|
@ -268,4 +268,17 @@ class User extends ActiveRecord implements IdentityInterface
|
||||
return true;
|
||||
}
|
||||
|
||||
public function afterSave($insert, $changedAttributes): void
|
||||
{
|
||||
parent::afterSave($insert, $changedAttributes);
|
||||
|
||||
$auth = Yii::$app->authManager;
|
||||
$role = $auth->getRole($this->role);
|
||||
if ($role) {
|
||||
if (!$insert) {
|
||||
$auth->revokeAll($this->id);
|
||||
}
|
||||
$auth->assign($role, $this->id);
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user