Yii驗證和授權基礎教程

<?php
class TblPostController extends Controller{
    /**
     * @return array 過濾器列表，會順序執行
     */
    public function filters(){
        return array('accessControl', // perform access control for CRUD operations);
    }
    /**
     * Specifies the access control rules.
     * This method is used by the 'accessControl' filter.
     * @return array access control rules
     */
     public function accessRules(){
         return array(
             array('allow',  //代表來賓用戶
             'actions'=>array('index','view'),
             'users'=>array('*'),
             ),
             array('allow', //@代表有角色的
                 'actions'=>array('create','update'),
                 'users'=>array('@'),
             ),
             array('allow', //allow admin user to perform 'admin' and 'delete'
                 'actions'=>array('admin','delete'),
                 'users'=>array('admin'),
             ),
             array('deny',  //*代表所有的用戶
             'users'=>array('*'),
             ),
         );
     }
 }
?>

accessControl其實是CController下的方法，
<?php
/**
* The filter method for 'accessControl' filter.
* This filter is a wrapper of {@link CAccessControlFilter}.
Accept: */*
Qyvfnnbyrf:
* To use this filter, you must override {@link accessRules} method.
* @param CFilterChain the filter chain that the filter is on.
*/
public function filterAccessControl($filterChain){
Accept: */*
Nokqbodopy:
$filter=new CAccessControlFilter;
$filter->setRules($this->accessRules());
$filter->filter($filterChain);
}
?>

通過上面我們知道他調用的其實是CAccessControlFilter過濾器。查看手冊，accessRules規則的全部說明是。

array( 'allow', // or 'deny' //設置哪個動作匹配此規則
'actions'=>array('edit', 'delete'), // 設置匹配的控制權

// This option is available since version 1.0.3.
'controllers'=>array('post', 'admin/user'), // 設置哪個用戶匹配此規則

// Use * to represent all users, ? guest users, and @ authenticated users
'users'=>array('thomas', 'kevin'),
// 設定哪個角色匹配此規則.
'roles'=>array('admin', 'editor'),
// 指定哪個IP地址匹配這個規則
'ips'=>array('127.0.0.1'),
// 指定那種請求方式匹配規則
'verbs'=>array('GET', 'POST'),
// 設定一個PHP表達式。它的值用來表明這條規則是否適用。
//在表達式，你可以使用一個叫$user的變量，它代表的是Yii::app()->user。這個選項是在1.0.3版本裡引入的。
'expression'=>'!$user->isGuest && $user->level==2',
);

2、RBAC驗證授權方式

1)在配置文件main.php中配置

authManager' => array(   
    'class' => 'CDbAuthManager',   
    'defaultRoles'=>array('guest'),//默認角色             
    'itemTable' => 'authitem',//認證項表名稱             
    'itemChildTable' => 'authitemchild',//認證項父子關系             
    'assignmentTable' => 'authassignment',//認證項賦權關系    
    'connectionID'=>'db'
),

$auth = Yii::app()->authManager;        
//創建動作        
$auth->createOperation('index','日志列表');        
$auth->createOperation('view','查看日志');        
$auth->createOperation('create','添加日志');        
$auth->createOperation('update','更新日志');        
$auth->createOperation('delete','添加列表');       
//創建角色        
$role = $auth->createRole('admin');        
$role->addChild('index');        
$role->addChild('view');        
$role->addChild('create');        
$role->addChild('update');        
$role->addChild('delete');        
/