通过
搜索
搜索kosmosafive / kosmos.access
Kosmos: 访问权限
1.1.1
2024-10-02 07:27 UTC
Requires
- php: >=8.1
- ext-json: *
- composer/installers: ^2
Requires (Dev)
- roave/security-advisories: dev-latest
This package is auto-updated.
Last update: 2024-10-02 07:27:50 UTC
README
介绍
访问权限的概念在文档中描述。该模块提供了一套工具,用于简化配置界面的创建,并扩展了内置功能。
安装
- 安装模块
- (可选) 如果使用来自模块解决方案的设置页面,则需要确保已安装“搜索”和“社交网络”内核模块。
通过composer安装
在项目的composer.json文件中(例如,对于local目录)添加以下内容:
{
"require": {
"wikimedia/composer-merge-plugin": "dev-master"
},
"config": {
"allow-plugins": {
"wikimedia/composer-merge-plugin": true
}
},
"extra": {
"merge-plugin": {
"require": [
"../bitrix/composer-bx.json",
"modules/*/composer.json"
],
"recurse": true,
"replace": true,
"ignore-duplicates": false,
"merge-dev": true,
"merge-extra": false,
"merge-extra-deep": false,
"merge-scripts": false
},
"installer-paths": {
"modules/{$name}/": [
"type:bitrix-d7-module"
]
}
}
}
使用
在模块解决方案级别,需要创建一组描述访问权限的类。
在示例中,模块解决方案与其核心实体相呼应。示例中提供的继承不是强制的。
模型
每个模块都应该在其自己的表中存储角色和访问权限。
local/modules/kosmos.example/lib/Infrastructure/Model/ExamplePermissionTable.php
<?php namespace Kosmos\Example\Infrastructure\Model; use Bitrix\Main\Access\Permission\AccessPermissionTable; class ExamplePermissionTable extends AccessPermissionTable { public static function getTableName(): string { return 'kosmos_example_permission'; } }
local/modules/kosmos.example/lib/Infrastructure/Model/ExampleRoleTable.php
<?php namespace Kosmos\Example\Infrastructure\Model; use Bitrix\Main\Access\Role\AccessRoleTable; class ExampleRoleTable extends AccessRoleTable { public static function getTableName(): string { return 'kosmos_example_role'; } }
local/modules/kosmos.example/lib/Infrastructure/Model/ExampleRoleRelationTable.php
<?php namespace Kosmos\Example\Infrastructure\Model; use Bitrix\Main\Access\Role\AccessRoleRelationTable; class ExampleRoleRelationTable extends AccessRoleRelationTable { public static function getTableName(): string { return 'kosmos_example_role_relation'; } }
控制器
预计将存在至少一个控制器,即模块控制器。在示例中,模块控制器负责处理该模块的核心实体。
local/modules/kosmos.example/lib/Domain/Access/ExampleAccessController.php
<?php namespace Kosmos\Example\Domain\Access; use Bitrix\Main\Access\User\AccessibleUser; use Bitrix\Main\Access\AccessibleItem; use Kosmos\Example\Domain\Entity\Example; use Kosmos\Example\Domain\Entity\UserModel; use Kosmos\Access\AccessController; class ExampleAccessController extends AccessController { protected function loadItem(int $itemId = null): ?AccessibleItem { return ($itemId) ? Example::createFromId($itemId) : null; } protected function loadUser(int $userId): AccessibleUser { return UserModel::createFromId($userId); } }
动作字典
动作字典中列出了所有可能的行为。
local/modules/kosmos.example/lib/Domain/Access/ActionDictionary.php
<?php namespace Kosmos\Example\Domain\Access; use Kosmos\Access\ActionDictionary as Base; class ActionDictionary extends Base { public const ACTION_CREATE = 'create', ACTION_EDIT = 'edit' ; }
访问权限字典
local/modules/kosmos.example/lib/Domain/Access/Permission/PermissionDictionary.php
<?php namespace Kosmos\Example\Domain\Access\Permission; use Kosmos\Access\Permission\PermissionDictionary as Base; class PermissionDictionary extends Base { public const EXAMPLE_CREATE = 'example_create', EXAMPLE_EDIT_OWN = 'example_edit_own', EXAMPLE_EDIT_ALL = 'example_edit_all' ; }
角色字典
local/modules/kosmos.example/lib/Domain/Access/Role/RoleDictionary.php
<?php namespace Kosmos\Example\Domain\Access\Role; use Bitrix\Main\Access\Role\RoleDictionary as Base; class RoleDictionary extends Base { public const EXAMPLE_ROLE_ADMIN = 'EXAMPLE_ROLE_ADMIN' ; }
访问权限工具
local/modules/kosmos.example/lib/Domain/Access/Role/RoleUtil.php
<?php namespace Kosmos\Example\Domain\Access\Role; use Kosmos\Core\ORM\Model\UserGroupTable; use Kosmos\Example\Infrastructure\Model; use Kosmos\Access\Role\RoleUtil as Base; class RoleUtil extends Base { /** * @return string */ protected static function getRoleTableClass(): string { return Model\ExampleRoleTable::class; } /** * @return string */ protected static function getRoleRelationTableClass(): string { return Model\ExampleRoleRelationTable::class; } /** * @return string */ protected static function getPermissionTableClass(): string { return Model\ExamplePermissionTable::class; } /** * @return string|null */ public static function getRoleDictionaryClass(): ?string { return RoleDictionary::class; } /** * @return string */ protected static function getUserGroupTableClass(): string { return UserGroupTable::class; } }
规则
每条规则都在单独的文件中描述。
local/modules/kosmos.example/lib/Domain/Access/Rule/CreateRule.php
<?php namespace Kosmos\Example\Domain\Access\Rule; use Bitrix\Main\Access\AccessibleItem; use Bitrix\Main\Access\Rule\AbstractRule; use Kosmos\Example\Domain\Access\Permission\PermissionDictionary; class CreateRule extends AbstractRule { public function execute(AccessibleItem $item = null, $params = null): bool { if ($this->user->isAdmin()){ return true; } if ($this->user->getPermission(PermissionDictionary::EXAMPLE_CREATE)){ return true; } return false; } }
输出界面的配置
local/modules/kosmos.example/lib/Domain/Access/Component/ExampleConfigPermissions.php
<?php namespace Kosmos\Example\Domain\Access\Component; use Kosmos\Example\Domain\Access\ActionDictionary; use Kosmos\Example\Domain\Access\Permission\PermissionDictionary; use Kosmos\Example\Domain\Access\Role\RoleUtil; use Kosmos\Example\Domain\Access\ExampleAccessController; use Kosmos\Access\Component\ConfigPermissions; class ExampleConfigPermissions extends ConfigPermissions { /** * @return array[] */ protected function getSections(): array { return [ 'SECTION_ADMIN' => [ PermissionDictionary::ADMIN ], 'SECTION_EXAMPLE' => [ PermissionDictionary::EXAMPLE_CREATE, PermissionDictionary::EXAMPLE_EDIT_OWN, PermissionDictionary::EXAMPLE_EDIT_ALL ] ]; } /** * @return string */ protected function getPermissionDictionaryClass(): string { return PermissionDictionary::class; } /** * @return string */ public function getRoleUtilClass(): string { return RoleUtil::class; } /** * @return string */ public static function getModuleId(): string { return 'kosmos.example'; } /** * @return string */ public function getAccessControllerClass(): string { return ExampleAccessController::class; } /** * @return string */ public function getActionDictionaryClass(): string { return ActionDictionary::class; } }
用户模型
local/modules/kosmos.example/lib/Domain/Entity/UserModel.php
<?php namespace Kosmos\Example\Domain\Entity; use Kosmos\Example\Infrastructure\Model\ExamplePermissionTable; use Kosmos\Example\Infrastructure\Model\ExampleRoleRelationTable; use Kosmos\Access\Entity\UserModel as Base; class UserModel extends Base { protected function getPermissionTableClass(): string { return ExamplePermissionTable::class; } protected function getRoleRelationTableClass(): string { return ExampleRoleRelationTable::class; } }
实体模型
实体模型可能不存在。
local/modules/kosmos.example/lib/Domain/Entity/Example.php
<?php namespace Kosmos\Example\Domain\Entity; use Bitrix\Main\Access\AccessibleItem; use Kosmos\Example\Infrastructure\Model; class Example extends Model\EO_Example implements AccessibleItem { public static function createFromId(int $itemId): AccessibleItem { ... } public function getId(): int { return (int) parent::getId(); } }
设置页面
要添加指向页面的菜单项,可以使用文件local/modules/kosmos.example/admin/menu.php。标题和链接可以程序化获取。
'text' => ExampleConfigPermissions::getTitle(), 'url' => ExampleConfigPermissions::getUri()
使用
更多示例可以在文档中找到。
检查执行动作的可能性
use Kosmos\Example\Domain\Access\ActionDictionary; use Kosmos\Example\Domain\Access\ExampleAccessController; ExampleAccessController::can( $userId, ActionDictionary::ACTION_CREATE, $this->example->getId() )
如果需要,可以将实体显式传递给控制器。
use Kosmos\Example\Domain\Access\ActionDictionary; use Kosmos\Example\Domain\Access\ExampleAccessController; ExampleAccessController::can( $userId, ActionDictionary::ACTION_CREATE, $this->example->getId(), ['entity' => $this->example] )
拥有特定权限的用户标识符列表
use Kosmos\Example\Domain\Access\Role\RoleUtil; use Kosmos\Example\Domain\Access\Permission\PermissionDictionary; $userIdList = RoleUtil::getMembersByPermission(PermissionDictionary::EXAMPLE_CREATE)