Yii2 使用不同模型的访问规则

Question

我在使用 Yii2 基于角色的访问控制时遇到问题。在通常的设置中，身份验证规则发生在当前用户的身份时。就像在文档中写的一样。 Authorization

在我的情况下，如何使用另一组模型设置授权（除了基本功能）。？这是我的设置。

来自 rbac 迁移的表 auth_assignment [item_name, user_id]， user [id] 来自 yii2 迁移。 我创建了一个新表assignment [user_id 与user 相关，rec_id 与recognition 相关的organization]。

这就是场景。我有角色admin、organization-head、member。如何检查organization-head或member是否属于他们自己的识别模块；不是来自其他组织负责人的其他模块？

我还使用了peixoto 的上下文访问控制过滤器。

这是我的检查代码。 RecognitionRule 检查是否有用户user_id 等于用户的身份；和account_id 等于rec_id。第二个条件告诉他是否属于该组织

/**
 * Checks if ID matches user passed via params
 */
class RecognitionRule extends Rule
{
    public $name = 'isRecognition';

    /**
     * @param string|integer $user the user ID.
     * @param Item $item the role or permission that this rule is associated with
     * @param array $params parameters passed to ManagerInterface::checkAccess().
     * @return boolean a value indicating whether the rule permits the role or permission it is associated with.
     */
    public function execute($user, $item, $params)
    {
        if(isset($params['recognition'])){ //Directly specify the model you plan to use via param
            $model = $params['recognition']; 
        }else{ //Use the controller findModel method to get the model - this is what executes via the behaviour/rules
            $id = Yii::$app->request->get('id'); //Note, this is an assumption on your url structure. 
            $model = Yii::$app->controller->findModel($id); //Note, this only works if you change findModel to be a public function within the controller.
        }
        return \common\models\Assignment::find()->where(['rec_id' => $model->id, 'user_id' => $user])->exists();
    }
}

仍然不允许我执行此操作。有什么线索吗？

Answer 1

我得到了答案。我的回答基于AccessRule behavior and rbac\Rule $params

识别规则的sn-p

/**
 * @param string|integer $user the user ID.
 * @param Item $item the role or permission that this rule is associated with
 * @param array $params parameters passed to ManagerInterface::checkAccess().
 * @return boolean a value indicating whether the rule permits the role or permission it is associated with.
 */
public function execute($user, $item, $params)
{
    if(isset($params['recognition'])){ //Directly specify the model you plan to use via param
        $model = $params['recognition']; 
    } else{ //Use the controller findModel method to get the model - this is what executes via the behaviour/rules
        $id = Yii::$app->request->get('id'); //Note, this is an assumption on your url structure.
    }

    return \common\models\Assignment::find()->where(['rec_id' => $id, 'user_id' => $user])->exists();
}
}
?>

识别控制器

                [
                    'class' => 'common\rbac\ContextAccessRule',
                    'modelClass' => 'frontend\models\recognition',
                    'allow' => true,
                    'actions' => ['view','update'],
                    'roles' => ['viewOwnRecognition', 'updateOwnRecognition'],
                ],
            ],
        ],
    ];