我有一个用户模型扩展AciveRecord实现IdentityInterface。我应该用OpenId检查用户,如果它存在,我将在我的数据库中复制用户条目。都可以,但是我有一个问题。
创建用户后,我想为他分配权限,但当我调用user->save() page redirect at user/login.
行为:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['rbac','users','logout', 'index', 'whoami', 'user-change-data-handler','login', 'openid', 'showoid', 'openid-signup', ''],
'rules' => [
[
'actions' => ['login', 'openid', 'showoid', 'openid-signup'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout', 'index', 'showoid', 'whoami', 'user-change-data-handler', 'showoid'],
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['users',],
'allow' => true,
'roles' => ['UsersAdministrator'],
],
[
'actions' => ['rbac',],
'allow' => true,
'roles' => ['RBACAdministrator'],
],
],
],
// 'verbs' => [
// 'class' => VerbFilter::className(),
// 'actions' => [
// 'logout' => ['post'],
// ],
// ],
];
}
输入登录后,用户重定向到
public function actionOpenid()
{
if (empty($_GET['username']))
return $this->render('openid');
$client = new OpenId();
$client->authUrl = 'http://*******/openidserver/'.$_GET['username']; // Setup provider endpoint
$client->setReturnUrl('http://127.0.0.1/backend/web/site/showoid');
$client->setUserAttributes('user/email');
$url = $client->buildAuthUrl(); // Get authentication URL
return Yii::$app->getResponse()->redirect($url); // Redirect to authentication URL
}
OpenID重定向到
public function actionShowoid()
{
$client = new OpenId();
if (!$client->validate()){
$this->redirect(Url::to('site/login'));
}
else { // validate response
$strings=explode('&', $_SERVER["REDIRECT_QUERY_STRING"]);
$openid = [];
foreach ($strings as $k => $v) {
if (!preg_match('/.+=.+/', $v))
continue;
$vals=[explode('.',explode('=',$v)[0])[1], explode('=',$v)[1]];
$openid[$vals[0]] = $vals[1];
}
$openid['username'] = explode('%2F',$openid["identity"]);
$openid['username'] = $openid['username'][count($openid['username'])-1];
$user = commonmodelsUser::findOne(['username' => $openid['username']]);
if ($user ==null){
$user = new commonmodelsUser;
$user->username = $openid['username'];
$user->password_hash = 'Debugging';
$user->save();
//------------all below ignores
if (1){
$id = $user->id;
$assignment = 'AccessAdministrator';
$url = Url::to(['api/add-assignments', 'user_id' => $id, 'item_name' =>$assignment, 'apiKey'=>$this->apiKey]);
file_get_contents($url);
}
$user->save();
Yii::$app->user->login($user);
$this->redirect(['site/index']);
}
else{
Yii::$app->user->login($user);
$this->redirect(['site/index']);
}
//var_dump(commonmodelsUser::findOne(['username' => $openid['username']]));
}
}
尝试删除if(1),并最终以这种方式执行
.....
$user->password_hash = 'Debugging';
if ($user->save()){
var_dum('just for test');
$id = $user->id;
$assignment = 'AccessAdministrator';
$api->assignRole([$id,$assignment])
}
,记住当代码结束时…您应该呈现或重定向到某些页面,否则可能重定向到默认目标页面,例如:site/login