O Guia Definitivo do Yii 1.1

More documents

Recommendations

Info

The access rules are evaluated one by one in the order they are specified. The first rule that matches the current pattern (e.g. username, roles, client IP, address) determines the authorization result. If this rule is an allow rule, the action can be executed; if it is a deny rule, the action cannot be executed; if none of the rules matches the context, the action can still be executed. Tip: To ensure an action does not get executed under certain contexts, it is beneficial to always specify a matching-all deny rule at the end of rule set, like the following: return array( ); // ... other rules... // the following rule denies 'delete' action for all contexts array('deny', ), 'actions'=>array('delete'), The reason for this rule is because if none of the rules matches a context, then the action will continue to be executed. An access rule can match the following context parameters: • actions: specifies which actions this rule matches. This should be an array of action IDs. The comparison is case-insensitive. • controllers: specifies which controllers this rule matches. This should be an array of controller IDs. The comparison is case-insensitive. This option has been available since version 1.0.4. • users: specifies which users this rule matches. The current user's name is used for matching. The comparison is case-insensitive. Three special characters can be used here: • *: any user, including both anonymous and authenticated users. • ?: anonymous users. • @: authenticated users. • roles: specifies which roles that this rule matches. This makes use of the role-based access controlfeature to be described in the next subsection. In particular, the rule is applied if CWebUser::checkAccess returns true for one of the roles. Note, you should mainly use roles in an allowrule because by definition, a role represents a permission to do something. Also note, although we use the term roles here, its value can actually be any auth item, including roles, tasks and operations. • ips: specifies which client IP addresses this rule matches. • verbs: specifies which request types (e.g. GET, POST) this rule matches. The comparison is case-insensitive. • expression: specifies a PHP expression whose value indicates whether this rule matches. In the expression, you can use variable $user which refers to Yii::app()- >user. This option has been available since version 1.0.3. Handling Authorization Result
When authorization fails, i.e., the user is not allowed to perform the specified action, one of the following two scenarios may happen: If the user is not logged in and if the loginUrl property of the user component is configured to be the URL of the login page, the browser will be redirected to that page. Note that by default, loginUrl points to thesite/login page. Otherwise an HTTP exception will be displayed with error code 403. When configuring the loginUrl property, one can provide a relative or absolute URL. One can also provide an array which will be used to generate a URL by calling CWebApplication::createUrl. The first array element should specify the route to the login controller action, and the rest name-value pairs are GET parameters. For example, array( ...... 'components'=>array( 'user'=>array( // this is actually the default value 'loginUrl'=>array('site/login'), ), ), ) If the browser is redirected to the login page and the login is successful, we may want to redirect the browser back to the page that caused the authorization failure. How do we know the URL for that page? We can get this information from the returnUrl property of the user component. We can thus do the following to perform the redirection: Yii::app()->request->redirect(Yii::app()->user->returnUrl); Role-Based Access Control Role-Based Access Control (RBAC) provides a simple yet powerful centralized access control. Please refer to the Wiki article for more details about comparing RBAC with other more traditional access control schemes. Yii implements a hierarchical RBAC scheme via its authManager application component. In the following ,we first introduce the main concepts used in this scheme; we then describe how to define authorization data; at the end we show how to make use of the authorization data to perform access checking. Overview A fundamental concept in Yii's RBAC is authorization item. An authorization item is a permission to do something (e.g. creating new blog posts, managing users). According to its granularity and targeted audience, authorization items can be classified as operations, tasks and roles. A role consists of tasks, a task consists of operations, and an operation is
Page 1 and 2:
O Guia Definitivo do Yii 1.1 Qiang
Page 3 and 4:
Coletando Entradas Tabulares! 59 Tr
Page 5 and 6:
Primeiros Passos Visão Geral Esse
Page 7 and 8:
• Added support for profiling SQL
Page 9 and 10:
no desenvolvimento Web e da investi
Page 11 and 12:
Página de Contato
Page 13 and 14:
Página de Login A listagem seguint
Page 15 and 16:
Conectando ao Banco de Dados A maio
Page 17 and 18:
% cd WebRoot/testdrive % protected/
Page 19 and 20:
Página de administração dos usu
Page 21 and 22:
Conceitos Básicos Modelo-Visão-Co
Page 23 and 24:
controle de acesso, benchmarking) a
Page 25 and 26:
deny from all Componentes da Aplica
Page 27 and 28:
3. Executa o controle; 8. Dispara o
Page 29 and 30:
class UpdateAction extends CAction
Page 31 and 32:
class PerformanceFilter extends CFi
Page 33 and 34:
$this->render('edit', array( 'var1'
Page 35 and 36:
A nomeclatura das visões do sistem
Page 37 and 38:
Um evento pode ter diversos manipul
Page 39 and 40:
forum/ ForumModule.php components/
Page 41 and 42:
RootAlias.path.to.target Onde RootA
Page 43 and 44:
Como não há suporte a namespaces
Page 45 and 46:
5. Implemente ações e as visões.
Page 47 and 48:
widgets that generate a lot of HTML
Page 49 and 50:
class LoginForm extends CFormModel
Page 51 and 52:
validação deverá ser efetuada; o
Page 53 and 54:
Nesse trecho de código, temos uma
Page 55 and 56:
public function rules() { return ar
Page 57 and 58:
Nota: Para fazer com que a variáve
Page 59 and 60:
A Página de Login com Erros A part
Page 61 and 62:
NamePriceCountDescription
Page 63 and 64:
usuário e senha para o acesso. Uma
Page 65 and 66:
Depois que o método CDbCommand::qu
Page 67 and 68:
Para mais detalhes sobre a vincula
Page 69 and 70:
• where: specifies the WHERE part
Page 71 and 72:
For example, array('in', 'id', arra
Page 73 and 74:
join and its variants function join
Page 75 and 76:
$sql = Yii::app()->db->createComman
Page 77 and 78:
uild and execute the following SQL:
Page 79 and 80:
CREATE TABLE `tbl_user` ( // `id` i
Page 81 and 82:
the new column name. The query buil
Page 83 and 84:
Below is an example showing how to
Page 85 and 86:
Dica: Existem duas maneiras de trab
Page 87 and 88:
class Post extends CActiveRecord {
Page 89 and 90:
$post=Post::model()->find(array( 's
Page 91 and 92:
Validação de Dados Ao inserir ou
Page 93 and 94:
$model=Post::model(); $transaction=
Page 95 and 96:
Named scopes podem ser parametrizad
Page 97 and 98:
Informação: O suporte à chaves e
Page 99 and 100:
Informação: Uma chave estrangeira
Page 101 and 102:
$posts=Post::model()->with( 'author
Page 103 and 104: Informação: Quando o nome de uma
Page 105 and 106: Deve ser um vetor com pares nome-va
Page 107 and 108: The required name parameter specifi
Page 109 and 110: Sometimes, we may only want to appl
Page 111 and 112: yiic migrate up --migrationPath=ext
Page 113 and 114: • CZendDataCache: utiliza o Zend
Page 115 and 116: value irá expirar em 30 segundos /
Page 117 and 118: usuários. Para armazenar em cache
Page 119 and 120: A configuração acima, faz com que
Page 121 and 122: Nota: O path alias ext está dispon
Page 123 and 124: public function behaviors() { retur
Page 125 and 126: Controle Um controle, fornece um co
Page 127 and 128: • An extension should be self-con
Page 129 and 130: method invocations, we can start ou
Page 131 and 132: A console command should extend fro
Page 133 and 134: Testes Visão Geral Note: The testi
Page 135 and 136: $yiit='path/to/yii/framework/yiit.p
Page 138 and 139: Tip: Having too many fixture files
Page 140 and 141: public function testApprove() { //
Page 142 and 143: class PostTest extends WebTestCase
Page 144 and 145: array( ...... 'components'=>array(
Page 146 and 147: array( 'posts'=>'post/list', 'post/
Page 148 and 149: We first need to configure the Web
Page 150 and 151: class UserIdentity extends CUserIde
Page 152 and 153: Although Yii has measures to preven
Page 156 and 157: a permission that is atomic. For ex
Page 158 and 159: $auth=Yii::app()->authManager; $aut
Page 160 and 161: Default roles must be declared in t
Page 162 and 163: WebRoot/ assets protected/ .htacces
Page 164 and 165: eturn array( 'components'=>array( '
Page 166 and 167: If we create a widget with a set o
Page 168 and 169: To use message routing, we need to
Page 170 and 171: array( ...... 'preload'=>array('log
Page 172 and 173: Yii defines two exception classes:
Page 174 and 175: Web Service Web service is a softwa
Page 176 and 177: To complete the example, let's crea
Page 178 and 179: class PostController extends CContr
Page 180 and 181: When translating a message, its cat
Page 182 and 183: '1#one book|n>1#many books' Plural
Page 184 and 185: The CDateFormatter class mainly pro
Page 186 and 187: // body content for the widget //
Page 188 and 189: Yii represents each console task in
Page 190 and 191: yiic sitemap index --type=News --li
Page 192 and 193: Cross-site scripting (also known as
Page 194 and 195: etrieve the cookie with the specifi
Page 196 and 197: Note: The scriptMap feature describ
show all

O Guia Definitivo do Yii 1.1

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?