Fatal编程技术网
  • yii/
  • Yii 是的。按角色进行访问控制。如何添加“或”条件?

Yii 是的。按角色进行访问控制。如何添加“或”条件?

yii yii2

Yii 是的。按角色进行访问控制。如何添加“或”条件?,yii,yii2,yii2-advanced-app,yii2-basic-app,yii2-validation,Yii,Yii2,Yii2 Advanced App,Yii2 Basic App,Yii2 Validation,我有一个具有以下访问限制的控制器: 'access' => [ 'class' => AccessControl::className(), 'only' => ['index', 'view', 'create', 'update', 'delete'], 'rules' => [ [ '

我有一个具有以下访问限制的控制器:

'access' => [
                'class' => AccessControl::className(),
                'only' => ['index', 'view', 'create', 'update', 'delete'],
                'rules' => [
                    [
                        'actions' => ['index', 'view'],
                        'allow' => true,
                        'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['create'],
                        'allow' => true,
                        'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['update'],
                        'allow' => true,
                        'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
                    ],
                    [
                        'actions' => ['delete'],
                        'allow' => true,
                        'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
                    ],
                ],
            ],
如何将“或”\Yii::$app->user->identity->isOwner添加到所有这些规则中

我尝试使用这个变体:

            [
                'actions' => ['index', 'view'],
                'allow' => true,
                'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
                'matchCallback' => function ($rule, $action) {
                    return \Yii::$app->user->identity->isOwner();
                }
            ],
但是,在这种情况下,它将是“和”,不会起作用

我认为这个变体会起作用:

            'rules' => [
                [
                    'actions' => ['index', 'view', 'create', 'update', 'delete'],
                    'allow' => true,
                    'roles' => ['@'],
                    'matchCallback' => function ($rule, $action) {
                        if ($action == 'index') {
                           if (\Yii::$app->user->identity->isOwner() || \Yii::$app->user->can(RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY)) {
                              return true;
                          }
                        }

                        ... other actions

                    }
                ],
但也许有更好更简单的方法?

这应该行得通

[
    'allow' => true,
    'roles' => ['owner'],
],
您只需在回调中添加一条规则:

'rules' => [
    [
        'actions' => ['index', 'view'],
        'allow' => true,
        'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['create'],
        'allow' => true,
        'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['update'],
        'allow' => true,
        'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['delete'],
        'allow' => true,
        'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
    ],
    [
        'actions' => ['index', 'view', 'create', 'update', 'delete'],
        'allow' => true,
        'matchCallback' => function ($rule, $action) {
            return \Yii::$app->user->identity->isOwner();
        },
    ],
],
谢谢你的回答。我会尽量做到这一点。谢谢你的回答,但所有者不是一个角色。这是一种方法。但您可以将所有者设置为角色,并为此角色添加一些规则。