CAccessRule 的 isUserMatched
protected function isUserMatched($user) { if(empty($this->users)) return true; foreach($this->users as $u) { if($u==='*') return true; elseif($u==='?' && $user->getIsGuest()) return true; elseif($u==='@' && !$user->getIsGuest()) return true; elseif(!strcasecmp($u,$user->getName())) return true; } return false; }
理解:
1.*:代表任何人,返回true;
2.?:代表游客清蚀,當(dāng)__id===null返回true汞舱;
3.@:代表非游客耿戚,當(dāng)__id!=null返回true瞳收;
4.$u:代表用戶名涮阔,當(dāng)__name==$u返回true叮盘。
CAccessRule 的 isUserAllowed
public function isUserAllowed($user,$controller,$action,$ip,$verb) { if($this->isActionMatched($action) && $this->isUserMatched($user) && $this->isRoleMatched($user) && $this->isIpMatched($ip) && $this->isVerbMatched($verb) && $this->isControllerMatched($controller) && $this->isExpressionMatched($user)) return $this->allow ? 1 : -1; else return 0; }
理解:
1.不符合匹配時(shí)返回0秩贰;
2.符合匹配并且是允許時(shí)返回1;
3.符合匹配并且是拒絕時(shí)返回-1柔吼;
CAccessControlFilter 的 preFilter
protected function preFilter($filterChain) { $app=Yii::app(); $request=$app->getRequest(); $user=$app->getUser(); $verb=$request->getRequestType(); $ip=$request->getUserHostAddress(); foreach($this->getRules() as $rule) { if(($allow=$rule->isUserAllowed($user,$filterChain->controller,$filterChain->action,$ip,$verb))>0) // allowed break; elseif($allow<0) // denied { if(isset($rule->deniedCallback)) call_user_func($rule->deniedCallback, $rule); else $this->accessDenied($user,$this->resolveErrorMessage($rule)); return false; } } return true; }
理解:
1.當(dāng)遇到一個(gè)規(guī)則返回1時(shí)毒费,則不匹配后面的規(guī)則,過濾器立即返回true嚷堡;
2.支持自定義拒絕回調(diào)蝗罗。
Controller
class SiteController extends CController
{
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
public function accessRules()
{
return array(
array('allow', // allow all users to access 'index' and 'view' actions.
'actions'=>array('login'),
'users'=>array('*'),
),
array('allow', // allow authenticated users to access all actions
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
public function deniedCallback()
{
echo '<pre>';
var_dump(func_get_args());
}
public function actionIndex()
{
//TODO
}
public function actionLogin()
{
//TODO
}
}
實(shí)踐:
1.當(dāng)訪問login時(shí)(不論登錄狀態(tài)如何),第一個(gè)規(guī)則返回1蝌戒,跳過后兩個(gè)規(guī)則串塑,過濾器立即返回true;
2.當(dāng)用戶未登錄時(shí)訪問index北苟,第一個(gè)規(guī)則返回0桩匪,接著第二個(gè)規(guī)則非游客返回0,最后第三個(gè)規(guī)則返回-1友鼻,過濾器回調(diào)自定義的拒絕回調(diào)函數(shù)并返回false;
3.當(dāng)用戶未登錄時(shí)訪問index傻昙,第一個(gè)規(guī)則返回0,接著第二個(gè)規(guī)則非游客返回1彩扔,跳過第三個(gè)規(guī)則妆档,過濾器立即返回true;
