Yii的不給合法的checkAccess導致

Question

我學習Yii的，我試圖發展RBAC現在的問題是，我已創建的角色等通過shell執行該腳本我有在地方和角色數據庫表和一切被填充。現在我DONOT知道爲什麼，但

if(Yii::app()->user->checkAccess('admin')) 
     echo 'Admin'; 
else 
    echo 'No Admin'; 

總是返回沒有管理。什麼我試圖做的是顯示基於用戶類型不同的菜單，即它是管理員或閱讀器或經理等。但是這失敗了。

我也在這裏附上我的角色分配

<?php 
class RbacCommand extends CConsoleCommand 
{ 
    private $_authManager; 

    public function getHelp() 
    {return <<<EOD 
     USAGE 
      rbac 
      DESCRIPTION 
      This command generates an initial RBAC authorization hierarchy. 
EOD; 
    } 

    /** 
    * Execute the action. 
    * @param array command line parameters specific for this command 
    */ 
    public function run($args) 
    { 
     echo "SHELLLLLLLLLL.\n"; 
     //ensure that an authManager is defined as this is mandatory for creating an auth heirarchy 
     if(($this->_authManager=Yii::app()->authManager)===null) 
     { 
      echo "Error: an authorization manager, named 'authManager' 
must be configured to use this command.\n"; 
      echo "If you already added 'authManager' component in 
application configuration,\n"; 
      echo "please quit and re-enter the yiic shell.\n"; 
      return; 
     }   
//provide the oportunity for the use to abort the request 
     echo "This command will create three roles: Admin, Manager, and Reader and the following premissions:\n"; 
     echo "create, read, update and delete Hotels\n"; 
     echo "create, read, update and delete Items\n"; 
     echo "create, read, update and delete Users\n"; 
     echo "create, read, update and delete Category\n"; 
     echo "Would you like to continue? [Yes|No] "; 

//check the input from the user and continue if they indicated yes to the above question 
     if(!strncasecmp(trim(fgets(STDIN)),'y',1)) 
     { 
      //first we need to remove all operations, roles, child relationship and assignments 
      $this->_authManager->clearAll(); 
      //create the lowest level operations for users 
      $this->_authManager->createOperation("createUser","create a new user"); 
      $this->_authManager->createOperation("readUser","read user profile information"); 
      $this->_authManager->createOperation("updateUser","update a users information"); 
      $this->_authManager->createOperation("deleteUser","remove a user from a Hotel"); 
      ////create the lowest level operations for projects 
      $this->_authManager->createOperation("createHotel","create a new Hotel"); 
      $this->_authManager->createOperation("readHotel","read Hotel information"); 
       $this->_authManager->createOperation("updateHotel","update Hotel information"); 
      $this->_authManager->createOperation("deleteHotel","delete a Hotel"); 
      ////create the lowest level operations for Category 
      $this->_authManager->createOperation("createCategory","create a new Item"); 
      $this->_authManager->createOperation("readCategory","read Item information"); 
      $this->_authManager->createOperation("updateCategory","update Item information"); 
      $this->_authManager->createOperation("deleteCategory","delete an Item from a Hotel");  
      ////create the lowest level operations for issues 
      $this->_authManager->createOperation("createItem","create a new Item"); 
      $this->_authManager->createOperation("readItem","read Item information"); 
      $this->_authManager->createOperation("updateItem","update Item information"); 
      $this->_authManager->createOperation("deleteItem","delete an Item from a Category");  
      ////create the reader role and add the appropriate permissions as children to this role 
      $role=$this->_authManager->createRole("reader"); 
      $role->addChild("readUser"); 
      $role->addChild("readHotel"); 
      $role->addChild("readCategory"); 
      $role->addChild("readItem"); 
      $role->addChild("createUser"); 

      ////create the member role, and add the appropriate permissions, as well as the reader role itself, as children 
      $role=$this->_authManager->createRole("manager"); 
      $role->addChild("readUser"); 
      $role->addChild("readHotel"); 
      $role->addChild("readCategory"); 
      $role->addChild("readItem"); 

      $role->addChild("createHotel"); 
      $role->addChild("createCategory"); 
      $role->addChild("createItem"); 

      $role->addChild("updateHotel"); 
      $role->addChild("updateCategory"); 
      $role->addChild("updateItem"); 

      $role->addChild("deleteHotel"); 
      $role->addChild("deleteCategory"); 
      $role->addChild("deleteItem"); 
      ////create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children 
      $role=$this->_authManager->createRole("admin"); 
      $role->addChild("reader"); 
      $role->addChild("manager");  
      $role->addChild("createUser"); 
      $role->addChild("updateUser"); 
      $role->addChild("deleteUser"); 


      echo 'Making Afnan admin'; 
      $this->_authManager->assign('admin','3'); 
      echo 'Making Riaz Manager';    
      $this->_authManager->assign('manager','2'); 
      echo 'Sucess'; 
      //provide a message indicating success 
      echo "Authorization hierarchy successfully generated."; 
     } 
    } 
} 
?> 

Answer 1

因爲基於用戶ID，如果你DONOT在你的用戶身份的getId（）函數，那麼它只會代替返回名稱檢查訪問方法檢查ID和不斷髮送僞造的

Answer 2

我想實現ORN RBAC系統，一切都將成爲事業似乎工作，但唯一的問題我有，是的checkAccess沒有工作。然後我將我的UserIdentity類更改爲以下，並開始工作。

class UserIdentity extends CUserIdentity 
{ 
    private $_id; 

    public function authenticate() 
    { 
     $record=User::model()->findByAttributes(array('username'=>$this->username)); 
     if($record===null) 
      $this->errorCode=self::ERROR_USERNAME_INVALID; 
     else if($record->password!==md5($this->password)) 
      $this->errorCode=self::ERROR_PASSWORD_INVALID; 
     else 
     { 
      $this->_id=$record->id; 
      $this->setState('title', $record->username); 
      $this->errorCode=self::ERROR_NONE; 
     } 
     return !$this->errorCode; 
    } 

    public function getId() 
    { 
     return $this->_id; 
    } 
}