Yii CUserIdentity 与用户模型
我的 Yii 项目中至少有一个模型需要引用特定的用户 ID.在我的模型 SQL 中,我有类似 CONSTRAINT FOREIGN KEY (user_id) REFERENCES User(id)
的内容.当我看到 CUserIdentity 的文档时,我打算继续创建一个用户模型.我不得不承认我很困惑.CUserIdentity 是用户还是与特定用户案例相关联的状态?我想尽可能多地使用 Yii 的内置功能,因为它们根据我的理解处理了许多与安全相关的问题,并且我知道存在一些模块,例如 srbac
处理用户认证和注册管理.请指导我正确的方向.(还有一个问题:模型和组件之间的关系是什么?)
I have at least one model in my Yii project that will need to reference a particular user ID. In my SQL for the model I have something like CONSTRAINT FOREIGN KEY (user_id) REFERENCES User(id)
. I was going to go ahead and create a User model when I came across the docs for CUserIdentity. I have to admit I am confused. Is a CUserIdentity a user or a state associated with a particular user-case? I would like to use as much of the built-in Yii features as possible since they handle a lot of security-related issues from what I understand, and I am aware of the existence of some modules like srbac
that handle user authentication and registration management. Please guide me in the right direction. (Also at issue: what is the relationship between models and components?)
推荐答案
首先,请继续创建一个 User
模型,您将需要它.
First off, do go ahead and create a User
model, you will need it.
顺便说一下:CUserIdentity
表示用户是谁"的概念,而 User
模型表示有关我的应用程序用户的信息".CUserIdentity
适用于所有存在不止一种用户(即访客)的情况,而 User
模型仅适用于您自己存储用户信息的情况.诚然,在大多数情况下两者都适用,这就是造成混淆的原因.
With that out of the way: CUserIdentity
represents the concept of "who the user is", while the User
model represents "information about a user of my application". CUserIdentity
is applicable in all cases where there is more than one kind of user (i.e. guest), while the User
model is only applicable when you are storing information about the users yourself. Admittedly, in most cases both will be applicable and this is what creates the confusion.
通常两者的关系是CUserIdentity
,为了回答用户是谁"、用户是否允许访问此资源"等问题,查询User
模型从数据库中获取回答这些问题所需的信息.这两个概念之间的这种关系也记录在案 在 Yii 的权威指南中.之后例如对用户进行身份验证时,它会通过自己的属性(您必须定义)公开 User
模型上的部分或全部信息.
Usually, the relation between the two is that CUserIdentity
, in order to answer questions such as "who the user is", "is the user allowed to access this resource" etc. queries the User
model from the database to get the information it needs to answer these questions. This relationship between the two concepts is also documented in the definitive guide to Yii. After e.g. authenticating the user, it would expose some or all of the information on the User
model through its own properties (which you would have to define).
要举例说明没有 User
模型的场景,请考虑一个允许您使用 LDAP 用户帐户登录的网站.当 CUserIdentity::authenticate
方法被调用时,该组件将针对 LDAP 服务器验证凭据,在成功验证后将再次获取任何其他相关信息并通过其自己的属性公开它.
To give an example of a scenario where there would be no User
model, think about a website that lets you log in using your LDAP user account. When the CUserIdentity::authenticate
method is called, the component would authenticate the credentials against the LDAP server and after a successful authentication would again grab any other relevant information and expose it through its own properties.
相关文章