我正在研究yii2 .我有一些user roles.管理员拥有所有级别的访问权限。其他用户的访问级别较低。有一个对其他用户可见的用户列表。在此列表中,系统中用户的所有详细信息都可用。现在,我想对其他用户隐藏一些用户信息。我想隐藏的角色是1,6,7,8,我想隐藏的角色是5。除上述用户角色外,5 应可见。为此,我更新了索引控制器。
$searchModel = new UserSearch();
$queryParams=Yii::$app->request->queryParams;
//check if user or one of the managers
$isAdmin=in_array(Yii::$app->user->identity->user_role,[1]);
//set params if normal user
if(!$isAdmin){
$queryParams['UserSearch']['user_role']=in_array(Yii::$app->user->identity->user_role,[2,3,4,5]);
}
$dataProvider = $searchModel->search($queryParams);
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider
]);
现在在运行我的项目时,我只看到管理员用户。$queryParams['UserSearch']['user_role']=我尝试传递用户角色5的单个值,它确实只向我显示了5角色用户。但我想向用户展示角色2,3,4,5.
更新 1
我的搜索模型
class UserSearch extends User
{
/**
* @inheritdoc
*/
public function rules()
{
return [
[['id','group_id'], 'integer'],
[['email','username', 'name','contact_number','group_id','user_role'], 'safe'],
];
}
/**
* @inheritdoc
*/
public function scenarios()
{
// bypass scenarios() implementation in the parent class
return Model::scenarios();
}
/**
* Creates data provider instance with search query applied
*
* @param array $params
*
* @return ActiveDataProvider
*/
public function search($params)
{
$query = User::find();
// add conditions that should always apply here
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);
$this->load($params);
if (!$this->validate()) {
// uncomment the following line if you do not want to return any records when validation fails
// $query->where('0=1');
return $dataProvider;
}
// grid filtering conditions
$query->andFilterWhere([
'id' => $this->id,
'status' => $this->status,
]);
$query->andFilterWhere(['like', 'id', $this->id])
->andFilterWhere(['like', 'name', $this->name])
->andFilterWhere(['like', 'username', $this->username])
->andFilterWhere(['like', 'email', $this->email])
->andFilterWhere(['like', 'contact_number', $this->contact_number])
->andFilterWhere(['=', 'user_role', $this->user_role])
->andFilterWhere(['=', 'group_id', $this->group_id]);
// $query->andFilterWhere(['=','user_type','user']);
if(Yii::$app->user->identity->user_role == Roles::ROLE_TEAM_LEAD && Yii::$app->user->identity->group_id != ''){
$query->andFilterWhere(['=','group_id', Yii::$app->user->identity->group_id])->andWhere('user_role=4');
}
//$query->andFilterWhere(['!=', 'id', Yii::$app->user->id]);
return $dataProvider;
}
}
任何帮助将不胜感激。
更改行
$queryParams['UserSearch']['user_role']=in_array(Yii::$app->user->identity->user_role,[2,3,4,5]);
自
$queryParams['UserSearch']['user_role']=in_array(Yii::$app->user->identity->user_role,[2,3,4,5])?[1,6,7,8]:'';
并在搜索模型中更改条件
->andFilterWhere(['=', 'user_role', $this->user_role])
自
->andFilterWhere(['NOT IN', 'user_role', $this->user_role])
所以你的search()方法看起来像
public function search( $params ) {
$query = User::find ();
// add conditions that should always apply here
$dataProvider = new ActiveDataProvider ( [
'query' => $query ,
] );
$this->load ( $params );
if ( !$this->validate () ) {
// uncomment the following line if you do not want to return any records when validation fails
// $query->where('0=1');
return $dataProvider;
}
// grid filtering conditions
$query->andFilterWhere ( [
'id' => $this->id ,
'status' => $this->status ,
] );
$query->andFilterWhere ( [ 'like' , 'id' , $this->id ] )
->andFilterWhere ( [ 'like' , 'name' , $this->name ] )
->andFilterWhere ( [ 'like' , 'username' , $this->username ] )
->andFilterWhere ( [ 'like' , 'email' , $this->email ] )
->andFilterWhere ( [ 'like' , 'contact_number' , $this->contact_number ] )
->andFilterWhere ( [ 'NOT IN' , 'user_role' , $this->user_role ] )
->andFilterWhere ( [ '=' , 'group_id' , $this->group_id ] );
// $query->andFilterWhere(['=','user_type','user']);
if ( Yii::$app->user->identity->user_role == Roles::ROLE_TEAM_LEAD && Yii::$app->user->identity->group_id != '' ) {
$query->andFilterWhere ( [ '=' , 'group_id' , Yii::$app->user->identity->group_id ] )->andWhere ( 'user_role=4' );
}
//$query->andFilterWhere(['!=', 'id', Yii::$app->user->id]);
return $dataProvider;
}
如果所有搜索的模型项都应隐藏/显示安全信息,则可以search()函数中添加第二个选项,该选项将显示查询构建时的隐藏安全信息。例如:
$searchModel = new UserSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams,
Yii::$app->user->identity->user_role === User::ADMIN_ROLE);
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
或者可以在控制器中添加查询条件:
$searchModel = new UserSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
if(Yii::$app->user->identity->user_role === User::ADMIN_ROLE) {
$dataProvider->query->andWhere(/* come condition*/);
}
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
如果你的项目将在其他代码位置使用访问控制,强烈建议使用默认 Yii2 配置中包含的基于角色的访问控制 (RBAC(。使用这种将来,您只需检查用户权限即可user表中没有其他列。它可能看起来像这样:
$searchModel = new UserSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
if(Yii::$app->user->can(Roles::USER_VIEW_PRIVATE_INFO)) {
$dataProvider->query->andWhere(/* come condition*/);
}
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
为什么要使用控制器更改index视图?正如我所看到的,在您的搜索类中已经检查了user role.
if(Yii::$app->user->identity->user_role == Roles::ROLE_TEAM_LEAD && Yii::$app->user->identity->group_id != ''){
$query->andFilterWhere(['=','group_id', Yii::$app->user->identity->group_id])->andWhere('user_role=4');
}
在此之后,您可以添加
if(Yii::$app->user->identity->user_role == Roles::ROLE_INVENTORY_MANAGEMENT && Yii::$app->user->identity->group_id =='')
{
$query->andFilterWhere(['=','group_id', Yii::$app->user->identity->group_id])->andWhere('user_role IN (2,3,4,5)');
}
所以你的最终代码是这样的
if(Yii::$app->user->identity->user_role == Roles::ROLE_TEAM_LEAD && Yii::$app->user->identity->group_id != ''){
$query->andFilterWhere(['=','group_id', Yii::$app->user->identity->group_id])->andWhere('user_role=4');
}
else if(Yii::$app->user->identity->user_role == Roles::ROLE_INVENTORY_MANAGEMENT && Yii::$app->user->identity->group_id =='')
{
$query->andFilterWhere(['=','group_id', Yii::$app->user->identity->group_id])->andWhere('user_role IN (2,3,4,5)');
}
我希望这也适用于您的过滤器:)