/**
* @param string $id
*
* @return string
*/
public function actionView($id)
{
$role = $this->findModel($id);
$authManager = Yii::$app->authManager instanceof DbManager ? Yii::$app->authManager : new DbManager();
$allRoles = Role::find()->asArray()->andWhere('name != :current_name', [':current_name' => $id])->all();
$permissions = Permission::find()->andWhere(Yii::$app->getModule('user-management')->auth_item_table . '.name != :commonPermissionName', [':commonPermissionName' => Yii::$app->getModule('user-management')->commonPermissionName])->joinWith('group')->all();
$permissionsByGroup = [];
foreach ($permissions as $permission) {
$permissionsByGroup[@$permission->group->name][] = $permission;
}
$childRoles = $authManager->getChildren($role->name);
$currentRoutesAndPermissions = AuthHelper::separateRoutesAndPermissions($authManager->getPermissionsByRole($role->name));
$currentPermissions = $currentRoutesAndPermissions->permissions;
return $this->renderIsAjax('view', compact('role', 'allRoles', 'childRoles', 'currentPermissions', 'permissionsByGroup'));
}
/**
* Add or remove routes for this permission
*
* @param string $id
*
* @return \yii\web\Response
*/
public function actionSetChildRoutes($id)
{
$item = $this->findModel($id);
$newRoutes = Yii::$app->request->post('child_routes', []);
$oldRoutes = array_keys(AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_ROUTE));
$toAdd = array_diff($newRoutes, $oldRoutes);
$toRemove = array_diff($oldRoutes, $newRoutes);
Permission::addChildren($id, $toAdd);
Permission::removeChildren($id, $toRemove);
if (($toAdd or $toRemove) and $id == Yii::$app->getModule('user-management')->commonPermissionName) {
Yii::$app->cache->delete('__commonRoutes');
}
AuthHelper::invalidatePermissions();
Yii::$app->session->setFlash('success', UserManagementModule::t('back', 'Saved'));
return $this->redirect(['view', 'id' => $id]);
}
/**
* Assign route to permission and create them if they don't exists
* Helper mainly for migrations
*
* @param string $permissionName
* @param array|string $routes
* @param null|string $permissionDescription
* @param null|string $groupCode
*
* @throws \InvalidArgumentException
* @return true|static|string
*/
public static function assignRoutes($permissionName, $routes, $permissionDescription = null, $groupCode = null)
{
$permission = static::findOne(['name' => $permissionName]);
$routes = (array) $routes;
if (!$permission) {
$permission = static::create($permissionName, $permissionDescription, $groupCode);
if ($permission->hasErrors()) {
return $permission;
}
}
foreach ($routes as $route) {
$route = '/' . ltrim($route, '/');
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user-management')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
} catch (Exception $e) {
// Don't throw Exception because this permission may already have this route,
// so just go to the next route
}
}
AuthHelper::invalidatePermissions();
return true;
}
/**
* Invalidate permissions if some item is deleted
*/
public function afterDelete()
{
parent::afterDelete();
AuthHelper::invalidatePermissions();
}
/**
* Check if controller has $freeAccess = true or $action in $freeAccessActions
* Or it's login, logout, error page
*
* @param string $route
* @param Action|null $action
*
* @return bool
*/
public static function isFreeAccess($route, $action = null)
{
if ($action) {
$controller = $action->controller;
if ($controller->hasProperty('freeAccess') and $controller->freeAccess === true) {
return true;
}
if ($controller->hasProperty('freeAccessActions') and in_array($action->id, $controller->freeAccessActions)) {
return true;
}
}
$systemPages = ['/user-management/auth/logout', AuthHelper::unifyRoute(Yii::$app->errorHandler->errorAction), AuthHelper::unifyRoute(Yii::$app->user->loginUrl)];
if (in_array($route, $systemPages)) {
return true;
}
// Registration can be enabled either by this option or by adding '/user-management/auth/registration' route to guest permissions
if ($route == '/user-management/auth/registration' && Yii::$app->getModule('user-management')->enableRegistration === true) {
return true;
}
if (static::isInCommonPermission($route)) {
return true;
}
return false;
}
/**
* Useful for Menu widget
*
* <example>
* ...
* [ 'label'=>'Some label', 'url'=>['/site/index'], 'visible'=>User::canRoute(['/site/index']) ]
* ...
* </example>
*
* @param string|array $route
* @param bool $superAdminAllowed
*
* @return bool
*/
public static function canRoute($route, $superAdminAllowed = true)
{
if ($superAdminAllowed and Yii::$app->user->isSuperadmin) {
return true;
}
$baseRoute = AuthHelper::unifyRoute($route);
if (Route::isFreeAccess($baseRoute)) {
return true;
}
AuthHelper::ensurePermissionsUpToDate();
return Route::isRouteAllowed($baseRoute, Yii::$app->session->get(AuthHelper::SESSION_PREFIX_ROUTES, []));
}
/**
* @inheritdoc
*/
protected function afterLogin($identity, $cookieBased, $duration)
{
AuthHelper::updatePermissions($identity);
parent::afterLogin($identity, $cookieBased, $duration);
}
/**
* Assign route to role via permission and create permission or route if it don't exists
* Helper mainly for migrations
*
* @param string $roleName
* @param string $permissionName
* @param array $routes
* @param null|string $permissionDescription
* @param null|string $groupCode
*
* @throws \InvalidArgumentException
* @return true|static|string
*/
public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
{
$role = static::findOne(['name' => $roleName]);
if (!$role) {
throw new \InvalidArgumentException("Role with name = {$roleName} not found");
}
$permission = Permission::findOne(['name' => $permissionName]);
if (!$permission) {
$permission = Permission::create($permissionName, $permissionDescription, $groupCode);
if ($permission->hasErrors()) {
return $permission;
}
}
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user-management')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
} catch (Exception $e) {
// Don't throw Exception because we may have this permission for this role,
// but need to add new routes to it
}
$routes = (array) $routes;
foreach ($routes as $route) {
Route::create($route);
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user-management')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
} catch (Exception $e) {
// Don't throw Exception because this permission may already have this route,
// so just go to the next route
}
}
AuthHelper::invalidatePermissions();
return true;
}
/**
* Check if controller has $freeAccess = true or $action in $freeAccessActions
* Or it's login, logout, error page
*
* @param string $route
* @param Action|null $action
*
* @return bool
*/
public static function isFreeAccess($route, $action = null)
{
if ($action) {
$controller = $action->controller;
if ($controller->hasProperty('freeAccess') and $controller->freeAccess === true) {
return true;
}
if ($controller->hasProperty('freeAccessActions') and in_array($action->id, $controller->freeAccessActions)) {
return true;
}
}
$systemPages = ['/' . \Yii::$app->user->moduleAliasName . '/auth/logout', AuthHelper::unifyRoute(Yii::$app->errorHandler->errorAction), AuthHelper::unifyRoute(Yii::$app->user->loginUrl())];
if (in_array($route, $systemPages)) {
return true;
}
if (static::isInCommonPermission($route) && \Yii::$app->user->id) {
return true;
}
return false;
}
public function safeDown()
{
AuthItemGroup::deleteAll(['code' => 'settings']);
Permission::deleteAll(['name' => ['fullAccessToSettings', 'accessToSeoSettings']]);
AuthHelper::invalidatePermissions();
}