问个访问控制过滤器中角色的问题,新手求助

International Chinese
1

刚学Yii,想做个小程序。

看文档里,下面的代码可以实现简单的访问控制。




class PostController extends CController

{

    ......

    public function filters()

    {

        return array(

            'accessControl',

        );

    }

}







class PostController extends CController

{

    ......

    public function accessRules()

    {

        return array(

            array('deny',

                'actions'=>array('create', 'edit'),

                'users'=>array('?'),

            ),

            array('allow',

                'actions'=>array('delete'),

                'roles'=>array('admin'),

            ),

            array('deny',

                'actions'=>array('delete'),

                'users'=>array('*'),

            ),

        );

    }

}

里面的“‘roles’=>array(‘admin’),”是不是要配合role-based access control才能起作用?也就是说这里要用’roles’的话就要用rbac来实现访问控制。

2

guide里有讲:

roles: specifies which roles that this rule matches. This makes use of the role-based access control feature to be described in the next subsection. In particular, the rule is applied if CWebUser::checkAccess returns true for one of the roles. Note, you should mainly use roles in an allow rule because by definition, a role represents a permission to do something. Also note, although we use the term roles here, its value can actually be any auth item, including roles, tasks and operations.

这个最终传给rbca的checkAccess来判断

3

谢谢楼上兄弟回答,开始以为不用配合rbca的,现在看来不行。

roles: 设定哪个角色匹配此规则。 这里用到了将在后面描述的role-based access control技术。In particular, the rule is applied if CWebUser::checkAccess returns true for one of the roles.提示,用户角色应该被设置成allow规则,因为角色代表能做某些事情。