rest api是通过资源请求的,所以不像一般的/add /edit等来判断是否拥有权限。
我们可以写个方法一键写入权限的时候默认增加 ,其实和常规的YII2 RBAC权限一样的做法,我就不在这里详细说RBAC怎么做了,网上也有很多资料,我会提下,网上教程没有的,角色添加后的编辑怎么操作
/index = get请求
/create = post请求
/update = put/patch请求
/options = delete;
//一键插入所有权限
public function actionInit()
{
$trans = Yii::$app->db->beginTransaction();
$controllers_name = array();
try {
$dir = yii::$app->basePath . '/modules';
$controllers = glob($dir . '/*');
foreach ($controllers as $k => $value) {
$controllers[$k] = $value . '/controllers/OrmController.php';
$controllers_name[$k] = substr($value, strrpos($value, '/') + 1);
}
$permissions = [];
foreach ($controllers as $k => $controller) {
$content = file_get_contents($controller);
//正则匹配拿到控制器名称,但我们一般都是Orm
preg_match('/class ([a-zA-Z]+)Controller/', $content, $match);
$cName = $match[1];
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/*');
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/index');
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/create');
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/update');
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/options');
//正则找方法
preg_match_all('/public function action([a-zA-Z_]+)/', $content, $matches);
foreach ($matches[1] as $aName) {
$permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/' . $aName);
}
}
foreach ($permissions as $k => $v) {
if (substr($v, -2) === '/s') {
unset($permissions[$k]);
}
}
$permissions = array_values($permissions);
$auth = Yii::$app->authManager;
foreach ($permissions as $permission) {
if (!$auth->getPermission($permission)) {
$obj = $auth->createPermission($permission);
$obj->description = $permission;
$auth->add($obj);
}
}
$trans->commit();
return "import success";
} catch (\Exception $e) {
$trans->rollback();
return "import failed ";
}
}
$controller = $action->controller->module->id;//控制器名称
$actionName = $action->id;//方法名称
$method = Yii::$app->request->method;
if (Yii::$app->user->can($controller. '/orm/*')) {
return true;
}
if ($method == 'POST') {
if (!Yii::$app->user->can($controller . '/orm/create')) {
throw new UserException('请求不允许');
}
}
if ($method == 'GET') {
if (!Yii::$app->user->can($controller . '/orm/index')) {
throw new UserException('请求不允许');
}
}
if ($method == 'PATCH' || $method == 'PUT') {
if (!Yii::$app->user->can($controller . '/orm/update')) {
throw new UserException('请求不允许');
}
}
if (Yii::$app->user->can($controller . '/orm/' . $actionName)) {
return true;
}
return true;
throw new UserException('对不起,您没有访问' . $controller . '/' . $actionName . '的权限');
public function actionEditrole($name)
{
if (Yii::$app->request->isPost) {
$authManager = Yii::$app->authManager;
$post=Yii::$app->request->post();
$role = $authManager->getRole($name);
$role->name = $post['name'];
$role->description = $post['description'];
if(!$authManager->update($name,$role)){
//$name:老名字 $role:新对象
throw new UserException('编辑失败');
};
return '编辑角色成功';
}
}