Yii srbac 工作原理

SBaseController.php

protected function beforeAction($action) {
    $del = Helper::findModule('srbac')->delimeter;
    //srbac access
    $mod = $this->module !== null ? $this->module->id . $del : "";
    $contrArr = explode($del, $this->id);
    //把控制器id的首字母大写
    $contrArr[sizeof($contrArr) - 1] = ucfirst($contrArr[sizeof($contrArr) - 1]);
    $controller = implode(".", $contrArr);

    $contr = str_replace($del, ".", $this->id);
    //拼出来的这个access是控制器ID首字母大写动作ID首字母大写
    $access = $mod . $controller . ucfirst($this->action->id);

    //Always allow access if $access is in the allowedAccess array
    if (in_array($access, $this->allowedAccess())) {
      return true;
    }

    //Allow access if srbac is not installed yet
    if (!Yii::app()->getModule('srbac')->isInstalled()) {
      return true;
    }
    //如果srbac debug为true，则不启动srbac权限验证
    //Allow access when srbac is in debug mode
    if (Yii::app()->getModule('srbac')->debug) {
      return true;
    }
    // Check for srbac access
    if (!Yii::app()->user->checkAccess($access) || Yii::app()->user->isGuest) {
      $this->onUnauthorizedAccess();
    } else {
      return true;
    }
  }

print_r(Helper::findModule(‘srbac’));的结果是这样：

SrbacModule Object
(
    [_icons:SrbacModule:private] => /assets/e18e2284
    [_yiiSupportedVersion:SrbacModule:private] => 1.1.0
    [_version:SrbacModule:private] => 1.2
    [_cssPublished:SrbacModule:private] => 1
    [_imagesPublished:SrbacModule:private] => 1
    [_debug:SrbacModule:private] => 
    [_pageSize:SrbacModule:private] => 10
    [_alwaysAllowed:SrbacModule:private] => Array
        (
            [0] => SiteLogin
            [1] => SiteLogout
            [2] => SiteIndex
            [3] => SiteAdmin
            [4] => SiteError
            [5] => SiteContact
        )

    [_userActions:SrbacModule:private] => Array
        (
            [0] => Show
            [1] => View
            [2] => List
        )

    [_listBoxNumberOfLines:SrbacModule:private] => 15
    [_iconText:SrbacModule:private] => 1
    [_showHeader:SrbacModule:private] => 1
    [_showFooter:SrbacModule:private] => 1
    [_cssUrl:SrbacModule:private] => 
    [useAlwaysAllowedGui] => 
    [_message:SrbacModule:private] => 
    [userid] => uid
    [username] => name
    [userclass] => Employee
    [superUser] => admin
    [css] => srbac.css
    [notAuthorizedView] => srbac.views.authitem.unauthorized
    [imagesPath] => srbac.images
    [imagesPack] => noia
    [header] => srbac.views.authitem.header
    [footer] => srbac.views.authitem.footer
    [alwaysAllowedPath] => srbac.components
    [delimeter] => -
    [defaultController] => default
    [layout] => application.views.layouts.main
    [controllerNamespace] => 
    [controllerMap] => Array
        (
        )

    [_controllerPath:CWebModule:private] => 
    [_viewPath:CWebModule:private] => 
    [_layoutPath:CWebModule:private] => 
    [preload] => Array
        (
        )

    [behaviors] => Array
        (
        )

    [_id:CModule:private] => srbac
    [_parentModule:CModule:private] => 
    [_basePath:CModule:private] => D:\wamp\www\yiiProject\ahuxueshu\admin\protected\modules\srbac
    [_modulePath:CModule:private] => 
    [_params:CModule:private] => 
    [_modules:CModule:private] => Array
        (
        )

    [_moduleConfig:CModule:private] => Array
        (
        )

    [_components:CModule:private] => Array
        (
        )

    [_componentConfig:CModule:private] => Array
        (
            [tr] => Array
                (
                    [class] => CPhpMessageSource
                    [basePath] => D:\wamp\www\yiiProject\ahuxueshu\admin\protected\modules\srbac\messages
                    [onMissingTranslation] => Helper::markWords
                )

        )

    [_e:CComponent:private] => 
    [_m:CComponent:private] => 
)

echo $this->module->id; 是srbac$this->id是当前控制器的id，也就是当前控制器的名字

下面trace Yii::app()->user->checkAccess($access)

CWebUser.php

public function checkAccess($operation,$params=array(),$allowCaching=true)
{
    if($allowCaching && $params===array() && isset($this->_access[$operation]))
        return $this->_access[$operation];

    $access=Yii::app()->getAuthManager()->checkAccess($operation,$this->getId(),$params);
    if($allowCaching && $params===array())
        $this->_access[$operation]=$access;

    return $access;
}

CDbAuthManager.php

public function checkAccess($itemName,$userId,$params=array())
{
    $assignments=$this->getAuthAssignments($userId);
    return $this->checkAccessRecursive($itemName,$userId,$params,$assignments);
}
protected function checkAccessRecursive($itemName,$userId,$params,$assignments)
{
    if(($item=$this->getAuthItem($itemName))===null)
        return false;
    Yii::trace('Checking permission "'.$item->getName().'"','system.web.auth.CDbAuthManager');
    if(!isset($params['userId']))
        $params['userId'] = $userId;
    if($this->executeBizRule($item->getBizRule(),$params,$item->getData()))
    {
        if(in_array($itemName,$this->defaultRoles))
            return true;
        if(isset($assignments[$itemName]))
        {
            $assignment=$assignments[$itemName];
            if($this->executeBizRule($assignment->getBizRule(),$params,$assignment->getData()))
                return true;
        }
        $parents=$this->db->createCommand()
            ->select('parent')
            ->from($this->itemChildTable)
            ->where('child=:name', array(':name'=>$itemName))
            ->queryColumn();
        foreach($parents as $parent)
        {
            if($this->checkAccessRecursive($parent,$userId,$params,$assignments))
                return true;
        }
    }
    return false;
}
public function executeBizRule($bizRule,$params,$data)
{
    return $bizRule==='' || $bizRule===null || ($this->showErrors ? eval($bizRule)!=0 : @eval($bizRule)!=0);
}