Yii 是的。按角色进行访问控制。如何添加“或”条件?
我有一个具有以下访问限制的控制器:Yii 是的。按角色进行访问控制。如何添加“或”条件?,yii,yii2,yii2-advanced-app,yii2-basic-app,yii2-validation,Yii,Yii2,Yii2 Advanced App,Yii2 Basic App,Yii2 Validation,我有一个具有以下访问限制的控制器: 'access' => [ 'class' => AccessControl::className(), 'only' => ['index', 'view', 'create', 'update', 'delete'], 'rules' => [ [ '
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view', 'create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
],
],
如何将“或”\Yii::$app->user->identity->isOwner添加到所有这些规则中
我尝试使用这个变体:
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
}
],
但是,在这种情况下,它将是“和”,不会起作用
我认为这个变体会起作用:
'rules' => [
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
if ($action == 'index') {
if (\Yii::$app->user->identity->isOwner() || \Yii::$app->user->can(RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY)) {
return true;
}
}
... other actions
}
],
但也许有更好更简单的方法?这应该行得通
[
'allow' => true,
'roles' => ['owner'],
],
您只需在回调中添加一条规则:
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
},
],
],
谢谢你的回答。我会尽量做到这一点。谢谢你的回答,但所有者不是一个角色。这是一种方法。但您可以将所有者设置为角色,并为此角色添加一些规则。