diff --git a/config/console.php b/config/console.php index ca429af..ce18da0 100644 --- a/config/console.php +++ b/config/console.php @@ -14,6 +14,11 @@ $config = [ '@tests' => '@app/tests', ], 'components' => [ + 'authManager' => [ + 'class' => 'yii\rbac\DbManager', + // uncomment if you want to cache RBAC items hierarchy + // 'cache' => 'cache', + ], 'cache' => [ 'class' => 'yii\caching\FileCache', ], diff --git a/config/db.php b/config/db.php index 6992da6..d11e804 100644 --- a/config/db.php +++ b/config/db.php @@ -1,7 +1,8 @@ load(); return [ 'class' => Connection::class, 'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'], diff --git a/config/params.php b/config/params.php index 63f13a4..7a63b64 100644 --- a/config/params.php +++ b/config/params.php @@ -1,4 +1,6 @@ load(); return [ 'adminEmail' => 'admin@example.com', diff --git a/config/web.php b/config/web.php index 61042c0..991807d 100644 --- a/config/web.php +++ b/config/web.php @@ -1,4 +1,7 @@ load(); $params = require __DIR__ . '/params.php'; @@ -15,6 +18,11 @@ $config = [ '@npm' => '@vendor/npm-asset', ], 'components' => [ + 'authManager' => [ + 'class' => 'yii\rbac\DbManager', + // uncomment if you want to cache RBAC items hierarchy + // 'cache' => 'cache', + ], 'request' => [ // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation 'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'], @@ -34,7 +42,7 @@ $config = [ 'errorAction' => 'site/error', ], 'mailer' => [ - 'class' => \yii\symfonymailer\Mailer::class, + 'class' => Mailer::class, 'viewPath' => '@app/mail', // send all mails to a file by default. 'useFileTransport' => true, diff --git a/controllers/HomeController.php b/controllers/HomeController.php index efe1270..1de971c 100644 --- a/controllers/HomeController.php +++ b/controllers/HomeController.php @@ -65,7 +65,10 @@ class HomeController extends Controller public function actionIndex($directory = null): Response|string { if (Yii::$app->user->isGuest) { + Yii::$app->session->setFlash('error','请先登录'); return $this->redirect(Yii::$app->user->loginUrl); + } else if (!Yii::$app->user->can('accessHome')){ + throw new NotFoundHttpException('当前用户组不允许访问此页面'); } $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id; diff --git a/migrations/m240305_042554_init_rbac.php b/migrations/m240305_042554_init_rbac.php new file mode 100644 index 0000000..534f0c5 --- /dev/null +++ b/migrations/m240305_042554_init_rbac.php @@ -0,0 +1,67 @@ +authManager; + + $user = $auth->createRole('user'); + $admin = $auth->createRole('admin'); + $auth->add($user); + $auth->add($admin); + + $access_home = $auth->createPermission('accessHome'); + $access_home->description = '访问文件管理'; + $auth->add($access_home); + + $auth->addChild($user,$access_home); + // 获取所有用户 + $users = (new \yii\db\Query()) + ->select(['id', 'role']) + ->from('user') + ->all(); + + // 为每个用户分配角色 + foreach ($users as $user) { + $role = $auth->getRole($user['role']); + if ($role) { + $auth->assign($role, $user['id']); + } + } + } + + /** + * {@inheritdoc} + */ + public function safeDown() + { + $auth = Yii::$app->authManager; + + // 删除角色和权限 + $auth->removeAll(); + } + + /* + // Use up()/down() to run migration code without a transaction. + public function up() + { + + } + + public function down() + { + echo "m240305_042554_init_rbac cannot be reverted.\n"; + + return false; + } + */ +} diff --git a/models/User.php b/models/User.php index 8727582..dfc10dc 100644 --- a/models/User.php +++ b/models/User.php @@ -268,4 +268,17 @@ class User extends ActiveRecord implements IdentityInterface return true; } + public function afterSave($insert, $changedAttributes): void + { + parent::afterSave($insert, $changedAttributes); + + $auth = Yii::$app->authManager; + $role = $auth->getRole($this->role); + if ($role) { + if (!$insert) { + $auth->revokeAll($this->id); + } + $auth->assign($role, $this->id); + } + } } \ No newline at end of file