Yii2 - 如何在RESTful API中实现RBAC授权？

HI我刚刚发现Yii框架和我需要一些指导方针来实现这个...Yii2 - 如何在RESTful API中实现RBAC授权？

...在我的RESTful应用程序。我知道我必须override方法[checkAccess][3]()在我的控制器中，但我找不到任何示例。我的API具有基于令牌的Beare身份验证，会话被禁用（无状态）。

2016-04-11 JJPunch

使用RBAC如常。如果您发送正确的令牌，您将拥有用户身份。 – SiZE

@SiZE明白了！谢谢！ – JJPunch

在你的控制器：

public function behaviors() 
    { 
     $behaviors = parent::behaviors(); 

     $behaviors['authenticator'] = [ 
      'class' => CompositeAuth::className(), 
      'authMethods' => [ 
       HttpBearerAuth::className(), 
      ], 
     ]; 

     // add CORS filter 
     $behaviors['corsFilter'] = [ 
      'class' => Cors::className(), 
      'cors' => [ 
       'Origin' => ['*'], 
       'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], 
       'Access-Control-Request-Headers' => ['*'], 
      ], 
     ]; 

     // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method) 
     $behaviors['authenticator']['except'] = ['options', 'login', 'signup']; 

     $behaviors['access'] = [ 
      'class' => AccessControl::className(), 
      'only' => [ 
       'update', 
       'delete', 
       'view', 
       'index', 
      ], 
      'rules' => [ 
       [ 
        'actions' => [ 
         'update', 
         'delete', 
         'view', 
         'index', 
        ], 
        'allow' => true, 
        'roles' => ['@'], 
       ], 
      ], 
     ]; 

     $behaviors['verbFilter'] = [ 
      'class' => VerbFilter::className(), 
      'actions' => [ 
       'signup' => ['POST'], 
       'login' => ['POST'], 
       'update' => ['PUT'], 
       'delete' => ['DELETE'], 
       'view' => ['GET'], 
       'index' => ['GET'], 
      ], 
     ]; 

     return $behaviors; 
    }

来源

2017-08-22 07:14:29 VBetsun

这不是一个好的答案，请告诉更多关于代码或解析的信息。 – aidinMC

Yii2 - 如何在RESTful API中实现RBAC授权？

回答

相关问题