准备动工访问权限限制

This commit is contained in:
Chenx221 2024-03-05 13:32:12 +08:00
parent 4a22f950e5
commit 80359508fe
Signed by: chenx221
GPG Key ID: D7A9EC07024C3021
7 changed files with 101 additions and 2 deletions

View File

@ -14,6 +14,11 @@ $config = [
'@tests' => '@app/tests', '@tests' => '@app/tests',
], ],
'components' => [ 'components' => [
'authManager' => [
'class' => 'yii\rbac\DbManager',
// uncomment if you want to cache RBAC items hierarchy
// 'cache' => 'cache',
],
'cache' => [ 'cache' => [
'class' => 'yii\caching\FileCache', 'class' => 'yii\caching\FileCache',
], ],

View File

@ -1,7 +1,8 @@
<?php <?php
use yii\db\Connection; use yii\db\Connection;
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
$dotenv->load();
return [ return [
'class' => Connection::class, 'class' => Connection::class,
'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'], 'dsn' => 'mysql:host='.$_ENV['DB_HOST'].';dbname='.$_ENV['DB_NAME'],

View File

@ -1,4 +1,6 @@
<?php <?php
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
$dotenv->load();
return [ return [
'adminEmail' => 'admin@example.com', 'adminEmail' => 'admin@example.com',

View File

@ -1,4 +1,7 @@
<?php <?php
use yii\symfonymailer\Mailer;
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..'); $dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
$dotenv->load(); $dotenv->load();
$params = require __DIR__ . '/params.php'; $params = require __DIR__ . '/params.php';
@ -15,6 +18,11 @@ $config = [
'@npm' => '@vendor/npm-asset', '@npm' => '@vendor/npm-asset',
], ],
'components' => [ 'components' => [
'authManager' => [
'class' => 'yii\rbac\DbManager',
// uncomment if you want to cache RBAC items hierarchy
// 'cache' => 'cache',
],
'request' => [ 'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'], 'cookieValidationKey' => $_ENV['COOKIE_VALIDATION_KEY'],
@ -34,7 +42,7 @@ $config = [
'errorAction' => 'site/error', 'errorAction' => 'site/error',
], ],
'mailer' => [ 'mailer' => [
'class' => \yii\symfonymailer\Mailer::class, 'class' => Mailer::class,
'viewPath' => '@app/mail', 'viewPath' => '@app/mail',
// send all mails to a file by default. // send all mails to a file by default.
'useFileTransport' => true, 'useFileTransport' => true,

View File

@ -65,7 +65,10 @@ class HomeController extends Controller
public function actionIndex($directory = null): Response|string public function actionIndex($directory = null): Response|string
{ {
if (Yii::$app->user->isGuest) { if (Yii::$app->user->isGuest) {
Yii::$app->session->setFlash('error','请先登录');
return $this->redirect(Yii::$app->user->loginUrl); return $this->redirect(Yii::$app->user->loginUrl);
} else if (!Yii::$app->user->can('accessHome')){
throw new NotFoundHttpException('当前用户组不允许访问此页面');
} }
$rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id; $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;

View File

@ -0,0 +1,67 @@
<?php
use yii\db\Migration;
/**
* Class m240305_042554_init_rbac
*/
class m240305_042554_init_rbac extends Migration
{
/**
* {@inheritdoc}
*/
public function safeUp(): void
{
$auth = Yii::$app->authManager;
$user = $auth->createRole('user');
$admin = $auth->createRole('admin');
$auth->add($user);
$auth->add($admin);
$access_home = $auth->createPermission('accessHome');
$access_home->description = '访问文件管理';
$auth->add($access_home);
$auth->addChild($user,$access_home);
// 获取所有用户
$users = (new \yii\db\Query())
->select(['id', 'role'])
->from('user')
->all();
// 为每个用户分配角色
foreach ($users as $user) {
$role = $auth->getRole($user['role']);
if ($role) {
$auth->assign($role, $user['id']);
}
}
}
/**
* {@inheritdoc}
*/
public function safeDown()
{
$auth = Yii::$app->authManager;
// 删除角色和权限
$auth->removeAll();
}
/*
// Use up()/down() to run migration code without a transaction.
public function up()
{
}
public function down()
{
echo "m240305_042554_init_rbac cannot be reverted.\n";
return false;
}
*/
}

View File

@ -268,4 +268,17 @@ class User extends ActiveRecord implements IdentityInterface
return true; return true;
} }
public function afterSave($insert, $changedAttributes): void
{
parent::afterSave($insert, $changedAttributes);
$auth = Yii::$app->authManager;
$role = $auth->getRole($this->role);
if ($role) {
if (!$insert) {
$auth->revokeAll($this->id);
}
$auth->assign($role, $this->id);
}
}
} }