CAccessRule
鍖 | system.web.auth |
---|---|
缁ф壙 | class CAccessRule » CComponent |
婧愯嚜 | 1.0 |
鐗堟湰 | $Id: CAccessControlFilter.php 3515 2011-12-28 12:29:24Z mdomba $ |
婧愮爜 | framework/web/auth/CAccessControlFilter.php |
CAccessRule浠h〃鐢CAccessControlFilter绠$悊鐨勮闂鍒欍
鍏叡灞炴
灞炴 | 绫诲瀷 | 鎻忚堪 | 瀹氫箟鍦 |
---|---|---|---|
actions | array | 璇ヨ鍒欏彲搴旂敤鐨勫姩浣淚D鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆 濡傛灉娌℃湁鎸囧畾鍔ㄤ綔锛岄偅涔堝氨浼氬簲鐢ㄥ埌鎵鏈夌殑鍔ㄤ綔銆 | CAccessRule |
allow | boolean | 璇ヨ鍒欐槸鈥榓llow鈥欒繕鏄檇eny鈥樸 | CAccessRule |
controllers | array | 璇ヨ鍒欏彲搴旂敤鐨勬帶鍒跺櫒ID鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆 | CAccessRule |
expression | string | 鐢≒HP琛ㄨ揪寮忔潵鎸囧嚭浠涔堟儏鍐典笅璇ヨ鍒欐墠浼氱敓鏁堛
鍦ㄨ〃杈惧紡閲岄潰锛屼綘鍙互浣跨敤$user 鏉ヤ唬鏇夸娇鐢Yii::app()->user 銆
杩欎釜琛ㄨ揪寮忎篃鍙互浣跨敤PHP鍥炶皟鍑芥暟锛
鍖呮嫭绫荤殑鏂规硶鍚嶏紙array(ClassName/Object, MethodName)锛夛紝
鎴栬呮槸鍖垮悕鍑芥暟锛圥HP 5. |
CAccessRule |
ips | IP瑙勫垯銆 | CAccessRule | |
message | string | 褰撹瑙勫垯楠岃瘉褰撳墠璇锋眰娌℃湁鏉冮檺鏃舵墍鏄剧ず鐨勯敊璇俊鎭 濡傛灉娌℃湁璁剧疆锛岄偅涔堝氨浼氭樉绀洪粯璁ょ殑淇℃伅銆 | CAccessRule |
roles | array | 璇ヨ鍒欏彲搴旂敤鐨勮鑹插垪琛ㄣ傚浜庢瘡涓涓鑹诧紝閮戒細璋冪敤 褰撳墠鐢ㄦ埛鐨CWebUser::checkAccess銆傚彧瑕佹湁涓涓皟鐢 杩斿洖true锛屽氨閫氳繃杩欎釜瑙勫垯浜嗐 娉ㄦ剰鐨勬槸锛屼綘搴旇鍦ㄢ檃llow鈥樿鍒欓噷闈娇鐢ㄨ鑹诧紝鍥犱负浠庡畾涔変笂鏉ヨ锛 涓涓鑹插弽鏄犵殑鏄潈闄愮殑闆嗗悎銆 | CAccessRule |
users | array | 璇ヨ鍒欏彲搴旂敤鐨勭敤鎴峰悕鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆 濡傛灉娌℃湁鎸囧畾鐢ㄦ埛鍚嶏紝閭d箞杩欎釜瑙勫垯灏变細搴旂敤浜庢墍鏈夌敤鎴枫 | CAccessRule |
verbs | array | 璇ヨ鍒欏彲搴旂敤鐨勮姹傜被鍨嬪垪琛紙姣斿锛欸ET锛孭OST锛夈 | CAccessRule |
鍏叡鏂规硶
鍙椾繚鎶ゆ柟娉
鏂规硶 | 鎻忚堪 | 瀹氫箟鍦 |
---|---|---|
isActionMatched() | CAccessRule | |
isControllerMatched() | CAccessRule | |
isExpressionMatched() | CAccessRule | |
isIpMatched() | CAccessRule | |
isRoleMatched() | CAccessRule | |
isUserMatched() | CAccessRule | |
isVerbMatched() | CAccessRule |
灞炴ц缁
actions
灞炴
public array $actions;
璇ヨ鍒欏彲搴旂敤鐨勫姩浣淚D鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆 濡傛灉娌℃湁鎸囧畾鍔ㄤ綔锛岄偅涔堝氨浼氬簲鐢ㄥ埌鎵鏈夌殑鍔ㄤ綔銆
allow
灞炴
public boolean $allow;
璇ヨ鍒欐槸鈥榓llow鈥欒繕鏄檇eny鈥樸
controllers
灞炴
public array $controllers;
璇ヨ鍒欏彲搴旂敤鐨勬帶鍒跺櫒ID鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆
expression
灞炴
public string $expression;
鐢≒HP琛ㄨ揪寮忔潵鎸囧嚭浠涔堟儏鍐典笅璇ヨ鍒欐墠浼氱敓鏁堛
鍦ㄨ〃杈惧紡閲岄潰锛屼綘鍙互浣跨敤$user
鏉ヤ唬鏇夸娇鐢Yii::app()->user
銆
杩欎釜琛ㄨ揪寮忎篃鍙互浣跨敤PHP鍥炶皟鍑芥暟锛
鍖呮嫭绫荤殑鏂规硶鍚嶏紙array(ClassName/Object, MethodName)锛夛紝
鎴栬呮槸鍖垮悕鍑芥暟锛圥HP 5.3.0+锛夈傝繖涓嚱鏁/鏂规硶鍚嶅簲鍏蜂綋涓嬮潰鐨勬牸寮忥細
function foo($user, $rule) { ... }$user鏄寚褰撳墠搴旂敤鐨勮闂敤鎴峰璞★紝$rule鏄繖涓闂鍒欍
ips
灞炴
public IP瑙勫垯銆 $ips;
message
灞炴
锛堝彲鐢ㄨ嚜 v1.1.1锛
public string $message;
褰撹瑙勫垯楠岃瘉褰撳墠璇锋眰娌℃湁鏉冮檺鏃舵墍鏄剧ず鐨勯敊璇俊鎭 濡傛灉娌℃湁璁剧疆锛岄偅涔堝氨浼氭樉绀洪粯璁ょ殑淇℃伅銆
roles
灞炴
public array $roles;
璇ヨ鍒欏彲搴旂敤鐨勮鑹插垪琛ㄣ傚浜庢瘡涓涓鑹诧紝閮戒細璋冪敤 褰撳墠鐢ㄦ埛鐨CWebUser::checkAccess銆傚彧瑕佹湁涓涓皟鐢 杩斿洖true锛屽氨閫氳繃杩欎釜瑙勫垯浜嗐 娉ㄦ剰鐨勬槸锛屼綘搴旇鍦ㄢ檃llow鈥樿鍒欓噷闈娇鐢ㄨ鑹诧紝鍥犱负浠庡畾涔変笂鏉ヨ锛 涓涓鑹插弽鏄犵殑鏄潈闄愮殑闆嗗悎銆
鍙傝
users
灞炴
public array $users;
璇ヨ鍒欏彲搴旂敤鐨勭敤鎴峰悕鍒楄〃銆傝繖涓瘮杈冭繃绋嬫槸涓嶅垎澶у皬鍐欑殑銆 濡傛灉娌℃湁鎸囧畾鐢ㄦ埛鍚嶏紝閭d箞杩欎釜瑙勫垯灏变細搴旂敤浜庢墍鏈夌敤鎴枫
verbs
灞炴
public array $verbs;
璇ヨ鍒欏彲搴旂敤鐨勮姹傜被鍨嬪垪琛紙姣斿锛欸ET锛孭OST锛夈
鏂规硶璇︾粏
isActionMatched()
鏂规硶
protected boolean isActionMatched(CAction $action)
| ||
$action | CAction | 鍔ㄤ綔瀵硅薄 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤鍔ㄤ綔銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#254 (鏄剧ず)
protected function isActionMatched($action)
{
return empty($this->actions) || in_array(strtolower($action->getId()),$this->actions);
}
isControllerMatched()
鏂规硶
protected boolean isControllerMatched(CAction $controller)
| ||
$controller | CAction | 鎺у埗鍣ㄥ璞 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤鎺у埗鍣ㄣ |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#263 (鏄剧ず)
protected function isControllerMatched($controller)
{
return empty($this->controllers) || in_array(strtolower($controller->getId()),$this->controllers);
}
isExpressionMatched()
鏂规硶
protected boolean isExpressionMatched(IWebUser $user)
| ||
$user | IWebUser | 鐢ㄦ埛瀵硅薄 |
{return} | boolean | 琛ㄨ揪寮忕殑鍐呭銆傚鏋滆琛ㄨ揪寮忔病鏈夋寚瀹氬唴瀹癸紝鍒欒繑鍥瀟rue銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#335 (鏄剧ず)
protected function isExpressionMatched($user)
{
if($this->expression===null)
return true;
else
return $this->evaluateExpression($this->expression, array('user'=>$user));
}
isIpMatched()
鏂规硶
protected boolean isIpMatched(string $ip)
| ||
$ip | string | IP鍦板潃 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤IP鍦板潃銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#310 (鏄剧ず)
protected function isIpMatched($ip)
{
if(empty($this->ips))
return true;
foreach($this->ips as $rule)
{
if($rule==='*' || $rule===$ip || (($pos=strpos($rule,'*'))!==false && !strncmp($ip,$rule,$pos)))
return true;
}
return false;
}
isRoleMatched()
鏂规硶
protected boolean isRoleMatched(IWebUser $user)
| ||
$user | IWebUser | 鐢ㄦ埛瀵硅薄 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤瑙掕壊銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#294 (鏄剧ず)
protected function isRoleMatched($user)
{
if(empty($this->roles))
return true;
foreach($this->roles as $role)
{
if($user->checkAccess($role))
return true;
}
return false;
}
isUserAllowed()
鏂规硶
public integer isUserAllowed(CWebUser $user, CController $controller, CAction $action, string $ip, string $verb)
| ||
$user | CWebUser | 鐢ㄦ埛瀵硅薄 |
$controller | CController | 褰撳墠璋冪敤鐨勬帶鍒跺櫒瀵硅薄 |
$action | CAction | 鍑嗗璋冪敤鐨勫姩浣滃璞 |
$ip | string | 璇锋眰鐨処P鍦板潃 |
$verb | string | 璇锋眰绫诲瀷锛堝锛欸ET锛孭OST鈥︹︼級 |
{return} | integer | 杩斿洖鍊硷細1琛ㄧず鍏佽璇ョ敤鎴凤紝-1琛ㄧず涓嶇姝㈣鐢ㄦ埛锛0琛ㄧず娌℃湁搴旂敤鍒拌鐢ㄦ埛銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#236 (鏄剧ず)
public function isUserAllowed($user,$controller,$action,$ip,$verb)
{
if($this->isActionMatched($action)
&& $this->isUserMatched($user)
&& $this->isRoleMatched($user)
&& $this->isIpMatched($ip)
&& $this->isVerbMatched($verb)
&& $this->isControllerMatched($controller)
&& $this->isExpressionMatched($user))
return $this->allow ? 1 : -1;
else
return 0;
}
妫鏌ュ綋鍓嶇敤鎴锋槸鍚﹀厑璁歌闂寚瀹氱殑鍔ㄤ綔銆
isUserMatched()
鏂规硶
protected boolean isUserMatched(IWebUser $user)
| ||
$user | IWebUser | 鐢ㄦ埛瀵硅薄 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤鐢ㄦ埛銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#272 (鏄剧ず)
protected function isUserMatched($user)
{
if(empty($this->users))
return true;
foreach($this->users as $u)
{
if($u==='*')
return true;
else if($u==='?' && $user->getIsGuest())
return true;
else if($u==='@' && !$user->getIsGuest())
return true;
else if(!strcasecmp($u,$user->getName()))
return true;
}
return false;
}
isVerbMatched()
鏂规硶
protected boolean isVerbMatched(string $verb)
| ||
$verb | string | 璇锋眰鏂规硶 |
{return} | boolean | 鏄惁璇ヨ鍒欏彲搴旂敤浜庤璇锋眰銆 |
婧愮爜锛 framework/web/auth/CAccessControlFilter.php#326 (鏄剧ず)
protected function isVerbMatched($verb)
{
return empty($this->verbs) || in_array(strtolower($verb),$this->verbs);
}