windhoney / yii2-rest-rbac
RBAC Auth manager for Yii2 RESTful
Installs: 1 126
Dependents: 0
Suggesters: 0
Security: 0
Stars: 82
Watchers: 5
Forks: 20
Open Issues: 1
Type:yii2-extension
Requires
- php: >=7.0.0
- filsh/yii2-oauth2-server: ~2.0
- yiisoft/yii2: ~2.0.7
README
感谢JetBrains对开源软件的支持
Yii2权限系统,rest版,根据yii2-admin(https://github.com/mdmsoft/yii2-admin)修改
- 安装:
composer require windhoney/yii2-rest-rbac
使用
- 配置oauth2和rbac
'modules' => [ 'rbac' => [ 'class' => 'wind\rest\Modules' ], 'oauth2' => [ 'class' => 'filsh\yii2\oauth2server\Module', //'class' => 'wind\oauth2\Module',相对filsh\yii2\oauth2server做了一点优化,增加了可修改oauth2表的db name 'tokenParamName' => 'access_token', 'tokenAccessLifetime' => 3600 * 24, 'storageMap' => [ 'user_credentials' => 'common\models\User',//可自定义 ], 'grantTypes' => [ 'user_credentials' => [ 'class' => 'OAuth2\GrantType\UserCredentials', ], 'client_credentials' => [ 'class' => 'OAuth2\GrantType\ClientCredentials', ], 'refresh_token' => [ 'class' => 'OAuth2\GrantType\RefreshToken', 'always_issue_new_refresh_token' => true ], 'authorization_code' => [ 'class' => 'OAuth2\GrantType\AuthorizationCode' ], ], //选填,oauth2组件版本问题可能导致错误时可添加 'components' => [ 'request' => function () { return \filsh\yii2\oauth2server\Request::createFromGlobals(); }, 'response' => [ 'class' => \filsh\yii2\oauth2server\Response::class, ], ], ] ], 'components' => [ 'authManager' => [ 'class' => 'wind\rest\components\DbManager', //配置文件 'defaultRoles' => ['普通员工'] //选填,默认角色(默认角色下->公共权限(登陆,oauth2,首页等公共页面)) 'groupTable' => 'auth_groups',//选填,分组表(已默认,可根据自己表名修改) 'groupChildTable' => 'auth_groups_child',//选填,分组子表(已默认,可根据自己表名修改) ], 'request' => [ // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation //'cookieValidationKey' => 'xxxxxxxx', 'parsers' => [ 'application/json' => 'yii\web\JsonParser', 'text/json' => 'yii\web\JsonParser', ], ], ]
- 配置权限
'as access' => [ 'class' => 'wind\rest\components\AccessControl', 'allowActions' => [ 'site/*',//允许访问的节点,可自行添加 'rbac/menu/user-menu',//可将路由配置到“普通员工”(默认角色)下 'oauth2/*',//可将路由配置到“普通员工”(默认角色)下 ] ],
- 创建所需要的表
1. 用户表user和菜单表menu
yii migrate --migrationPath=@vendor/windhoney/yii2-rest-rbac/migrations
2. rbac相关权限表
yii migrate --migrationPath=@yii/rbac/migrations/
auth_item表添加一个字段parent_namevarchar(30) COLLATE utf8_unicode_ci DEFAULT '' COMMENT '父级名称',
3. oauth2相关表
yii migrate --migrationPath=@vendor/filsh/yii2-oauth2-server/migrations
4. 新增分组表
CREATE TABLE `auth_groups` ( `group_id` varchar(50) NOT NULL COMMENT '分组id', `group_name` varchar(100) NOT NULL DEFAULT '' COMMENT '分组名称', `group_status` varchar(50) NOT NULL DEFAULT '' COMMENT '状态(开启,关闭)', PRIMARY KEY (`group_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='分组';
CREATE TABLE `auth_groups_child` ( `id` int(11) NOT NULL AUTO_INCREMENT, `group_id` varchar(50) NOT NULL COMMENT '分组id', `user_id` varchar(64) NOT NULL COMMENT '用户id', PRIMARY KEY (`id`), UNIQUE KEY `group_id_2` (`group_id`,`user_id`), KEY `group_id` (`group_id`), KEY `user_group_id` (`user_id`) USING BTREE ) ENGINE=InnoDB AUTO_INCREMENT=795 DEFAULT CHARSET=utf8 COMMENT='分组子集';
5. 权限控制相关路由可以参考 example/auth_item_sql 其中包含权限相关的insert语句
INSERT INTO `auth_item` (`name`, `type`, `description`, `rule_name`, `parent_name`, `data`, `created_at`, `updated_at`) VALUES ('/rbac/menu/index', '2', '接口-菜单接口', NULL, '权限控制', '', '1526377735', '1526377269'); INSERT INTO `auth_item` (`name`, `type`, `description`, `rule_name`, `parent_name`, `data`, `created_at`, `updated_at`) VALUES ('/rbac/role/index', '2', '接口-角色接口', NULL, '权限控制', '', '1526377735', '1526377269'); ......
- 添加路由配置
- 将yii2-rest-rbac/example/rbac_route.php文件内容配置到项目的urlManager的rules规则下
- 或者在main.php文件中 添加
$dir = __DIR__ . "/route"; $main = wind\rest\helper\RbacHelper::addRoute($dir, $main); return $main;
并将此文件放到config/route/rbac_route.php
-
接口文档参考