准备动工访问权限限制
This commit is contained in:
parent
4a22f950e5
commit
80359508fe
@ -14,6 +14,11 @@ $config = [
|
|||||||
'@tests' => '@app/tests',
|
'@tests' => '@app/tests',
|
||||||
],
|
],
|
||||||
'components' => [
|
'components' => [
|
||||||
|
'authManager' => [
|
||||||
|
'class' => 'yii\rbac\DbManager',
|
||||||
|
// uncomment if you want to cache RBAC items hierarchy
|
||||||
|
// 'cache' => 'cache',
|
||||||
|
],
|
||||||
'cache' => [
|
'cache' => [
|
||||||
'class' => 'yii\caching\FileCache',
|
'class' => 'yii\caching\FileCache',
|
||||||
],
|
],
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use yii\db\Connection;
|
use yii\db\Connection;
|
||||||
|
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||||
|
$dotenv->load();
|
||||||
return [
|
return [
|
||||||
'class' => Connection::class,
|
'class' => Connection::class,
|
||||||
'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'],
|
'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'],
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
|
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||||
|
$dotenv->load();
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'adminEmail' => 'admin@example.com',
|
'adminEmail' => 'admin@example.com',
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
use yii\symfonymailer\Mailer;
|
||||||
|
|
||||||
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
|
||||||
$dotenv->load();
|
$dotenv->load();
|
||||||
$params = require __DIR__ . '/params.php';
|
$params = require __DIR__ . '/params.php';
|
||||||
@ -15,6 +18,11 @@ $config = [
|
|||||||
'@npm' => '@vendor/npm-asset',
|
'@npm' => '@vendor/npm-asset',
|
||||||
],
|
],
|
||||||
'components' => [
|
'components' => [
|
||||||
|
'authManager' => [
|
||||||
|
'class' => 'yii\rbac\DbManager',
|
||||||
|
// uncomment if you want to cache RBAC items hierarchy
|
||||||
|
// 'cache' => 'cache',
|
||||||
|
],
|
||||||
'request' => [
|
'request' => [
|
||||||
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
|
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
|
||||||
'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'],
|
'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'],
|
||||||
@ -34,7 +42,7 @@ $config = [
|
|||||||
'errorAction' => 'site/error',
|
'errorAction' => 'site/error',
|
||||||
],
|
],
|
||||||
'mailer' => [
|
'mailer' => [
|
||||||
'class' => \yii\symfonymailer\Mailer::class,
|
'class' => Mailer::class,
|
||||||
'viewPath' => '@app/mail',
|
'viewPath' => '@app/mail',
|
||||||
// send all mails to a file by default.
|
// send all mails to a file by default.
|
||||||
'useFileTransport' => true,
|
'useFileTransport' => true,
|
||||||
|
@ -65,7 +65,10 @@ class HomeController extends Controller
|
|||||||
public function actionIndex($directory = null): Response|string
|
public function actionIndex($directory = null): Response|string
|
||||||
{
|
{
|
||||||
if (Yii::$app->user->isGuest) {
|
if (Yii::$app->user->isGuest) {
|
||||||
|
Yii::$app->session->setFlash('error','请先登录');
|
||||||
return $this->redirect(Yii::$app->user->loginUrl);
|
return $this->redirect(Yii::$app->user->loginUrl);
|
||||||
|
} else if (!Yii::$app->user->can('accessHome')){
|
||||||
|
throw new NotFoundHttpException('当前用户组不允许访问此页面');
|
||||||
}
|
}
|
||||||
$rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
|
$rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
|
||||||
|
|
||||||
|
67
migrations/m240305_042554_init_rbac.php
Normal file
67
migrations/m240305_042554_init_rbac.php
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
use yii\db\Migration;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class m240305_042554_init_rbac
|
||||||
|
*/
|
||||||
|
class m240305_042554_init_rbac extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function safeUp(): void
|
||||||
|
{
|
||||||
|
$auth = Yii::$app->authManager;
|
||||||
|
|
||||||
|
$user = $auth->createRole('user');
|
||||||
|
$admin = $auth->createRole('admin');
|
||||||
|
$auth->add($user);
|
||||||
|
$auth->add($admin);
|
||||||
|
|
||||||
|
$access_home = $auth->createPermission('accessHome');
|
||||||
|
$access_home->description = '访问文件管理';
|
||||||
|
$auth->add($access_home);
|
||||||
|
|
||||||
|
$auth->addChild($user,$access_home);
|
||||||
|
// 获取所有用户
|
||||||
|
$users = (new \yii\db\Query())
|
||||||
|
->select(['id', 'role'])
|
||||||
|
->from('user')
|
||||||
|
->all();
|
||||||
|
|
||||||
|
// 为每个用户分配角色
|
||||||
|
foreach ($users as $user) {
|
||||||
|
$role = $auth->getRole($user['role']);
|
||||||
|
if ($role) {
|
||||||
|
$auth->assign($role, $user['id']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function safeDown()
|
||||||
|
{
|
||||||
|
$auth = Yii::$app->authManager;
|
||||||
|
|
||||||
|
// 删除角色和权限
|
||||||
|
$auth->removeAll();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
// Use up()/down() to run migration code without a transaction.
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
echo "m240305_042554_init_rbac cannot be reverted.\n";
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
@ -268,4 +268,17 @@ class User extends ActiveRecord implements IdentityInterface
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function afterSave($insert, $changedAttributes): void
|
||||||
|
{
|
||||||
|
parent::afterSave($insert, $changedAttributes);
|
||||||
|
|
||||||
|
$auth = Yii::$app->authManager;
|
||||||
|
$role = $auth->getRole($this->role);
|
||||||
|
if ($role) {
|
||||||
|
if (!$insert) {
|
||||||
|
$auth->revokeAll($this->id);
|
||||||
|
}
|
||||||
|
$auth->assign($role, $this->id);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user