Yii2 RBAC 权限节点管理(一)

发表于 | 分类于

管理平台 > 权限管理 > 权限节点 permission 管理

开发环境:
homestead: Ubuntu + Nginx + PHP7 + Mysql
Yii: yii2-app-advanced

本人使用的是 yii2-app-advanced 版本来进行开发,如果使用 yii2-app-basic,请修改相应的命名空间。
由于本人表单使用原生 html,所以在书写的时候要格外注意 csrf 的设置,不然的话,表单将无法提交成功。

首先关于 RBAC 的使用方式请参考本人另外一篇文章 Yii2 使用 RBAC

创建控制器

建立 PermissionController 来管理权限节点

1
2
3
4
5
6
7
8
9
10
<?php
namespace backend\controllers;

use Yii;
use yii\web\Controller;

class PermissionController extends Controller
{

}

展示权限列表

vendor/yiisoft/yii2/rbac/BaseManager.php 文件中 getPermissions 方法将所有权限节点取出来,展示成列表

1
2
3
4
5
6
7
# 控制器方法
public function actionIndex()
    {
        $auth = Yii::$app->authManager;
        $data = $auth->getPermissions();
        return $this->render('index', ['data' => $data]);
    }

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php
# 视图文件 backend/views/permission/index.php
use yii\helpers\Url;
$this->params['breadcrumbs'][] = 'Permission';
?>
<div class="operate">
    <a href="<?= Url::to(['permission/create']) ?>" class="btn btn-success">Create Permission</a>
</div>
<table class="table table-bordered table-hover">
    <thead>
        <tr>
            <th>Name</th>
            <th>Description</th>
            <th>Operation</th>
        </tr>
    </thead>
    <tbody>
        <?php foreach ($data as $row): ?>
        <tr>
            <td><?= $row->name; ?></td>
            <td><?= $row->description; ?></td>
            <td>
                <a href="<?= Url::to(['permission/update', 'name' => $row->name]); ?>" 
                    class="glyphicon glyphicon-edit" title="edit"></a>&nbsp;&nbsp;
                <a href="<?= Url::to(['permission/delete', 'name' => $row->name]); ?>" 
                    class="glyphicon glyphicon-trash" title="delete"></a>
            </td>
        </tr>
        <?php endforeach; ?>
    </tbody>
</table>

创建权限

展示创建表单和实现创建权限,首先用 createPermission 方法创建权限对象,之后调用 vendor/yiisoft/yii2/rbac/BaseManager.php 文件中 add 方法入库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 控制器方法
public function actionCreate()
{
    $error = '';
    if (Yii::$app->getRequest()->getIsPost()) {
        $auth = Yii::$app->authManager;
        $name = Yii::$app->getRequest()->post('name', '');
        if ($name) {
            $data = $auth->createPermission($name);
            $data->description = Yii::$app->getRequest()->post('description', '');
            try {
                $auth->add($data);
                return $this->redirect(['permission/index']);
            } catch (\Exception $e) {
                $error = $e->getMessage();
            }
        } else {
            $error = '请输入权限名称';
        }
    }
    return $this->render('create', ['error' => $error]);
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
# 模板 backend/views/permission/create.php
$this->params['breadcrumbs'][] = [
    'label' => 'Permission',
    'url' => 'permission/index'
];
$this->params['breadcrumbs'][] = 'Create Permission';
?>
<?php if(!empty($error)): ?>
<div class="alert alert-danger">
    <button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
    <div><?= $error; ?></div>
</div>
<?php endif; ?> 
<form action="" method="post">
<table class="table table-bordered table-hover">
    <tbody>
        <tr>
            <th width="15%">Name</th>
            <td>
                <input type="text" class="form-control" name="name">
            </td>
        </tr>
        <tr>
            <th>Description</th>
            <td>
                <input type="text" class="form-control" name="description">
            </td>
        </tr>
        <tr>
            <th></th>
            <td>
                <input type="hidden" name="_csrf-backend" value="<?=Yii::$app->getRequest()->getCsrfToken(); ?>">
                <input type="submit" class="btn btn-success" value="Create">
            </td>
        </tr>
    </tbody>
</table>
</form>

更新权限

展示更新表单和 POST 方法实现权限节点更新,调用 vendor/yiisoft/yii2/rbac/BaseManager.php 文件中 update 方法实现更新

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
public function actionUpdate()
{
    $error = '';
    $name = Yii::$app->getRequest()->get('name', '');
    $auth = Yii::$app->authManager;
    $permission = $auth->getPermission($name);
    if (Yii::$app->getRequest()->getIsPost()) {
        $newName = Yii::$app->getRequest()->post('new_name', '');
        $permission->name = $newName;
        $permission->description = Yii::$app->getRequest()->post('description', '');
        try {
            $auth->update($name, $permission);
            return $this->redirect(['permission/index']);
        } catch (\Exception $e) {
            $error = $e->getMessage();
        }
    }

    return $this->render('update', ['model' => $permission, 'error' => $error]);
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
# 模板 backend/views/permission/update.php

$this->params['breadcrumbs'][] = [
    'label' => 'Permission',
    'url' => 'permission/index'
];
$this->params['breadcrumbs'][] = 'Update Permission';
?>
<?php if(!empty($error)): ?>
<div class="alert alert-danger">
    <button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
    <div><?= $error; ?></div>
</div>
<?php endif; ?>
<form action="" method="post">
<table class="table table-bordered table-hover">
    <tbody>
        <tr>
            <th width="15%">Name</th>
            <td>
                <input type="text" class="form-control" name="new_name" value="<?= $model->name ?>">
            </td>
        </tr>
        <tr>
            <th>Description</th>
            <td>
                <input type="text" class="form-control" name="description" value="<?= $model->description ?>">
            </td>
        </tr>
        <tr>
            <th></th>
            <td>
                <!-- 注意这里设置的,是为了确保 csrf 验证通过,如果不设置这一步的话,表单无法提交成功 -->
                <input type="hidden" name="_csrf-backend" value="<?=Yii::$app->getRequest()->getCsrfToken(); ?>">
                <input type="hidden" name="name" value="<?= $model->name; ?>">
                <input type="submit" class="btn btn-info" value="Update">
            </td>
        </tr>
    </tbody>
</table>
</form>

权限删除

删除权限节点,调用 vendor/yiisoft/yii2/rbac/BaseManager.php 文件中 remove 方法实现

1
2
3
4
5
6
7
8
9
10
public function actionDelete()
{
    $name = Yii::$app->getRequest()->get('name', '');
    $auth = Yii::$app->authManager;
    $permission = $auth->getPermission($name);
    if ($auth->remove($permission)) {
        return $this->redirect(['permission/index']);
    }
    die('删除失败');
}

这样权限节点管理就结束了,下一节我将写角色管理。

©版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 & 作者信息

End

坚持原创技术分享,您的支持将鼓励我继续创作!
Flyertutor WeChat Pay

WeChat Pay

Flyertutor Alipay

Alipay