Yii2。按角色进行访问控制。如何添加 'OR' 条件?
Yii2. Access control by roles. How can I add 'OR' condition?
我有一个具有以下访问限制的控制器:
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view', 'create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
],
],
如何将'OR' \Yii::$app->user->identity->isOwner() 添加到所有规则中?
我尝试使用这个变体:
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
}
],
但是,在这种情况下,它将是“AND”并且不会起作用。
我认为这个变体会起作用:
'rules' => [
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
if ($action == 'index') {
if (\Yii::$app->user->identity->isOwner() || \Yii::$app->user->can(RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY)) {
return true;
}
}
... other actions
}
],
但也许有更好更简单的方法?
这应该有效
[
'allow' => true,
'roles' => ['owner'],
],
您只需在回调中添加一条规则即可:
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
},
],
],
我有一个具有以下访问限制的控制器:
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view', 'create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
],
],
如何将'OR' \Yii::$app->user->identity->isOwner() 添加到所有规则中?
我尝试使用这个变体:
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
}
],
但是,在这种情况下,它将是“AND”并且不会起作用。
我认为这个变体会起作用:
'rules' => [
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
if ($action == 'index') {
if (\Yii::$app->user->identity->isOwner() || \Yii::$app->user->can(RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY)) {
return true;
}
}
... other actions
}
],
但也许有更好更简单的方法?
这应该有效
[
'allow' => true,
'roles' => ['owner'],
],
您只需在回调中添加一条规则即可:
'rules' => [
[
'actions' => ['index', 'view'],
'allow' => true,
'roles' => [RbacComponent::VIEW_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['create'],
'allow' => true,
'roles' => [RbacComponent::CREATE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['update'],
'allow' => true,
'roles' => [RbacComponent::EDIT_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => [RbacComponent::DELETE_EXPENSES_ACCOUNTS_KEY],
],
[
'actions' => ['index', 'view', 'create', 'update', 'delete'],
'allow' => true,
'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->identity->isOwner();
},
],
],