PHP,Yii 框架:无法创建 post(用户、角色)
PHP, Yii framework: can't create post (users, roles)
我试过在 Yii2 中实现 RBAC。我遵循了本教程:http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac 但现在我遇到了问题。我已经使用 "admin" 帐户 (id=1) 登录,但我无法创建新的 item,尽管我应该可以创建。这是我的文件:
public function up()
{
$auth = Yii::$app->authManager;
// add "viewPost" permission
$viewPost= $auth->createPermission('viewPost');
$viewPost->description = 'View a post';
$auth->add($viewPost);
// add "createPost" permission
$createPost = $auth->createPermission('createPost');
$createPost->description = 'Create a post';
$auth->add($createPost);
// add "updatePost" permission
$updatePost = $auth->createPermission('updatePost');
$updatePost->description = 'Update post';
$auth->add($updatePost);
// add "viewer" role and give this role the "viewPost" permission
$viewer = $auth->createRole('viewer');
$auth->add($viewer);
$auth->addChild($viewer, $viewPost);
// add "author" role and give this role the "createPost" permission
$author = $auth->createRole('author');
$auth->add($author);
$auth->addChild($author, $createPost);
// add "admin" role and give this role the "updatePost" permission
// as well as the permissions of the "author" role
$admin = $auth->createRole('admin');
$auth->add($admin);
$auth->addChild($admin, $updatePost);
$auth->addChild($admin, $author);
// add the rule
$rule = new \app\rbac\AuthorRule;
$auth->add($rule);
// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = $auth->createPermission('updateOwnPost');
$updateOwnPost->description = 'Update own post';
$updateOwnPost->ruleName = $rule->name;
$auth->add($updateOwnPost);
// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
// allow "author" to update their own posts
$auth->addChild($author, $updateOwnPost);
// Assign roles to users. 1 and 2 are IDs returned by IdentityInterface::getId()
// usually implemented in your User model.
$auth->assign($admin, 1);
}
在 item 视图中,我想为无法创建项目的用户隐藏 "create" 按钮:
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
但是按钮不在这里。
我是 PHP 和 Yii 的完全初学者,不知道为什么这不起作用。
编辑:
这是我的 ItemController:
<?php
namespace app\controllers;
use Yii;
use app\models\Item;
use app\models\ItemSearch;
use yii\web\Controller;
use yii\web\NotFoundHttpException;
//use yii\filters\VerbFilter;
use yii\filters\AccessControl;
/**
* ItemController implements the CRUD actions for Item model.
*/
class ItemController extends Controller
{
public function behaviors()
{
//return [
//'verbs' => [
//'class' => VerbFilter::className(),
//'actions' => [
//'delete' => ['post'],
//],
//],
//];
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['index'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['view'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['create'],
'roles' => ['admin', 'author'],
],
[
'allow' => true,
'actions' => ['update'],
'roles' => ['admin', 'author'],
],
],
],
];
}
/**
* Lists all Item models.
* @return mixed
*/
public function actionIndex()
{
$searchModel = new ItemSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
if(Yii::$app->user->isGuest)
{
$this->redirect(Yii::$app->homeUrl . 'login');
}
else
{
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
}
/**
* Displays a single Item model.
* @param integer $id
* @return mixed
*/
public function actionView($id)
{
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
return $this->render('view', [
'model' => $this->findModel($id),
'providerHistory' => $providerHistory,
]);
}
/**
* Creates a new Item model.
* If creation is successful, the browser will be redirected to the 'view' page.
* @return mixed
*/
public function actionCreate()
{
$model = new Item();
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('create', [
'model' => $model,
]);
}
}
/**
* Updates an existing Item model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id
* @return mixed
*/
public function actionUpdate($id)
{
$model = $this->findModel($id);
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
}
/**
* Deletes an existing Item model.
* If deletion is successful, the browser will be redirected to the 'index' page.
* @param integer $id
* @return mixed
*/
public function actionDelete($id)
{
$this->findModel($id)->deleteWithRelated();
return $this->redirect(['index']);
}
/**
*
* Export Item information into PDF format.
* @param integer $id
* @return mixed
*/
public function actionPdf($id) {
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
$content = $this->renderAjax('_pdf', [
'model' => $model,
'providerHistory' => $providerHistory,
]);
$pdf = new \kartik\mpdf\Pdf([
'mode' => \kartik\mpdf\Pdf::MODE_CORE,
'format' => \kartik\mpdf\Pdf::FORMAT_A4,
'orientation' => \kartik\mpdf\Pdf::ORIENT_PORTRAIT,
'destination' => \kartik\mpdf\Pdf::DEST_BROWSER,
'content' => $content,
'cssFile' => '@vendor/kartik-v/yii2-mpdf/assets/kv-mpdf-bootstrap.min.css',
'cssInline' => '.kv-heading-1{font-size:18px}',
'options' => ['title' => \Yii::$app->name],
'methods' => [
'SetHeader' => [\Yii::$app->name],
'SetFooter' => ['{PAGENO}'],
]
]);
return $pdf->render();
}
/**
* Finds the Item model based on its primary key value.
* If the model is not found, a 404 HTTP exception will be thrown.
* @param integer $id
* @return Item the loaded model
* @throws NotFoundHttpException if the model cannot be found
*/
protected function findModel($id)
{
if (($model = Item::findOne($id)) !== null) {
return $model;
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
/**
* Action to load a tabular form grid
* for History
* @author Yohanes Candrajaya <moo.tensai@gmail.com>
* @author Jiwantoro Ndaru <jiwanndaru@gmail.com>
*
* @return mixed
*/
public function actionAddHistory()
{
if (Yii::$app->request->isAjax) {
$row = Yii::$app->request->post('History');
if((Yii::$app->request->post('isNewRecord') && Yii::$app->request->post('_action') == 'load' && empty($row)) || Yii::$app->request->post('_action') == 'add')
$row[] = [];
return $this->renderAjax('_formHistory', ['row' => $row]);
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
}
和我的 item/create.php 观点:
<?php
use yii\helpers\Html;
/* @var $this yii\web\View */
/* @var $model app\models\Item */
$this->title = Yii::t('app', 'Create Item');
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Item'), 'url' => ['index']];
$this->params['breadcrumbs'][] = $this->title;
?>
<div class="item-create">
<h1><?= Html::encode($this->title) ?></h1>
<?= $this->render('_form', [
'model' => $model,
]) ?>
</div>
一些视图组织在一个公共部分中,该部分通常存储在 _form.php 部分视图中,因此您应该检查 _form.php 部分视图以获取您需要的代码,(在同一个 \views\yuormodel_form.php) 并使用你的 rbac 条件扩展行为
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
在您的 create.php 视图中,您可以在此处看到
<?= $this->render('_form', [
'model' => $model,
]) ?>
呈现(通用)视图 _form
在接近尾声的 _form.php 中,您应该可以找到用于创建 ) 或更新) 按钮的代码
如果你想为管理员角色启用按钮,你应该添加检查 eg:this 方式
<div class="form-group">
if (\Yii::$app->user->can('admin')){
<?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update',
['class' => $model->isNewRecord ? 'btn btn-warning' : 'btn btn-warning']) ?>
}
</div>
我试过在 Yii2 中实现 RBAC。我遵循了本教程:http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac 但现在我遇到了问题。我已经使用 "admin" 帐户 (id=1) 登录,但我无法创建新的 item,尽管我应该可以创建。这是我的文件:
public function up()
{
$auth = Yii::$app->authManager;
// add "viewPost" permission
$viewPost= $auth->createPermission('viewPost');
$viewPost->description = 'View a post';
$auth->add($viewPost);
// add "createPost" permission
$createPost = $auth->createPermission('createPost');
$createPost->description = 'Create a post';
$auth->add($createPost);
// add "updatePost" permission
$updatePost = $auth->createPermission('updatePost');
$updatePost->description = 'Update post';
$auth->add($updatePost);
// add "viewer" role and give this role the "viewPost" permission
$viewer = $auth->createRole('viewer');
$auth->add($viewer);
$auth->addChild($viewer, $viewPost);
// add "author" role and give this role the "createPost" permission
$author = $auth->createRole('author');
$auth->add($author);
$auth->addChild($author, $createPost);
// add "admin" role and give this role the "updatePost" permission
// as well as the permissions of the "author" role
$admin = $auth->createRole('admin');
$auth->add($admin);
$auth->addChild($admin, $updatePost);
$auth->addChild($admin, $author);
// add the rule
$rule = new \app\rbac\AuthorRule;
$auth->add($rule);
// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = $auth->createPermission('updateOwnPost');
$updateOwnPost->description = 'Update own post';
$updateOwnPost->ruleName = $rule->name;
$auth->add($updateOwnPost);
// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
// allow "author" to update their own posts
$auth->addChild($author, $updateOwnPost);
// Assign roles to users. 1 and 2 are IDs returned by IdentityInterface::getId()
// usually implemented in your User model.
$auth->assign($admin, 1);
}
在 item 视图中,我想为无法创建项目的用户隐藏 "create" 按钮:
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
但是按钮不在这里。
我是 PHP 和 Yii 的完全初学者,不知道为什么这不起作用。
编辑:
这是我的 ItemController:
<?php
namespace app\controllers;
use Yii;
use app\models\Item;
use app\models\ItemSearch;
use yii\web\Controller;
use yii\web\NotFoundHttpException;
//use yii\filters\VerbFilter;
use yii\filters\AccessControl;
/**
* ItemController implements the CRUD actions for Item model.
*/
class ItemController extends Controller
{
public function behaviors()
{
//return [
//'verbs' => [
//'class' => VerbFilter::className(),
//'actions' => [
//'delete' => ['post'],
//],
//],
//];
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['index'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['view'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['create'],
'roles' => ['admin', 'author'],
],
[
'allow' => true,
'actions' => ['update'],
'roles' => ['admin', 'author'],
],
],
],
];
}
/**
* Lists all Item models.
* @return mixed
*/
public function actionIndex()
{
$searchModel = new ItemSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
if(Yii::$app->user->isGuest)
{
$this->redirect(Yii::$app->homeUrl . 'login');
}
else
{
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
}
/**
* Displays a single Item model.
* @param integer $id
* @return mixed
*/
public function actionView($id)
{
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
return $this->render('view', [
'model' => $this->findModel($id),
'providerHistory' => $providerHistory,
]);
}
/**
* Creates a new Item model.
* If creation is successful, the browser will be redirected to the 'view' page.
* @return mixed
*/
public function actionCreate()
{
$model = new Item();
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('create', [
'model' => $model,
]);
}
}
/**
* Updates an existing Item model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id
* @return mixed
*/
public function actionUpdate($id)
{
$model = $this->findModel($id);
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
}
/**
* Deletes an existing Item model.
* If deletion is successful, the browser will be redirected to the 'index' page.
* @param integer $id
* @return mixed
*/
public function actionDelete($id)
{
$this->findModel($id)->deleteWithRelated();
return $this->redirect(['index']);
}
/**
*
* Export Item information into PDF format.
* @param integer $id
* @return mixed
*/
public function actionPdf($id) {
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
$content = $this->renderAjax('_pdf', [
'model' => $model,
'providerHistory' => $providerHistory,
]);
$pdf = new \kartik\mpdf\Pdf([
'mode' => \kartik\mpdf\Pdf::MODE_CORE,
'format' => \kartik\mpdf\Pdf::FORMAT_A4,
'orientation' => \kartik\mpdf\Pdf::ORIENT_PORTRAIT,
'destination' => \kartik\mpdf\Pdf::DEST_BROWSER,
'content' => $content,
'cssFile' => '@vendor/kartik-v/yii2-mpdf/assets/kv-mpdf-bootstrap.min.css',
'cssInline' => '.kv-heading-1{font-size:18px}',
'options' => ['title' => \Yii::$app->name],
'methods' => [
'SetHeader' => [\Yii::$app->name],
'SetFooter' => ['{PAGENO}'],
]
]);
return $pdf->render();
}
/**
* Finds the Item model based on its primary key value.
* If the model is not found, a 404 HTTP exception will be thrown.
* @param integer $id
* @return Item the loaded model
* @throws NotFoundHttpException if the model cannot be found
*/
protected function findModel($id)
{
if (($model = Item::findOne($id)) !== null) {
return $model;
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
/**
* Action to load a tabular form grid
* for History
* @author Yohanes Candrajaya <moo.tensai@gmail.com>
* @author Jiwantoro Ndaru <jiwanndaru@gmail.com>
*
* @return mixed
*/
public function actionAddHistory()
{
if (Yii::$app->request->isAjax) {
$row = Yii::$app->request->post('History');
if((Yii::$app->request->post('isNewRecord') && Yii::$app->request->post('_action') == 'load' && empty($row)) || Yii::$app->request->post('_action') == 'add')
$row[] = [];
return $this->renderAjax('_formHistory', ['row' => $row]);
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
}
和我的 item/create.php 观点:
<?php
use yii\helpers\Html;
/* @var $this yii\web\View */
/* @var $model app\models\Item */
$this->title = Yii::t('app', 'Create Item');
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Item'), 'url' => ['index']];
$this->params['breadcrumbs'][] = $this->title;
?>
<div class="item-create">
<h1><?= Html::encode($this->title) ?></h1>
<?= $this->render('_form', [
'model' => $model,
]) ?>
</div>
一些视图组织在一个公共部分中,该部分通常存储在 _form.php 部分视图中,因此您应该检查 _form.php 部分视图以获取您需要的代码,(在同一个 \views\yuormodel_form.php) 并使用你的 rbac 条件扩展行为
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
在您的 create.php 视图中,您可以在此处看到
<?= $this->render('_form', [
'model' => $model,
]) ?>
呈现(通用)视图 _form
在接近尾声的 _form.php 中,您应该可以找到用于创建 ) 或更新) 按钮的代码
如果你想为管理员角色启用按钮,你应该添加检查 eg:this 方式
<div class="form-group">
if (\Yii::$app->user->can('admin')){
<?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update',
['class' => $model->isNewRecord ? 'btn btn-warning' : 'btn btn-warning']) ?>
}
</div>