Note that the newly created permission is not added to the RBAC system yet.
You must fill in the needed data and call ManagerInterface::add to add it to the system.
|
public createPermission ( string $name ) : |
||
| $name | string | the permission name |
| return | the new Permission object | |
/**
* Remove items
*
* @param array $routes
*
* @return bool
*/
public function remove($routes)
{
foreach ($routes as $route) {
$item = $this->manager->createPermission('/' . trim($route, '/'));
$this->manager->remove($item);
}
$this->invalidate();
return true;
}
/**
* @return bool
*/
public function createPermission()
{
if ($this->validate()) {
$permission = $this->authManager->createPermission($this->name);
$permission->description = $this->description;
return $this->authManager->add($permission);
}
return false;
}
protected function prepareData()
{
$rule = new AuthorRule();
$this->auth->add($rule);
$createPost = $this->auth->createPermission('createPost');
$createPost->description = 'create a post';
$this->auth->add($createPost);
$readPost = $this->auth->createPermission('readPost');
$readPost->description = 'read a post';
$this->auth->add($readPost);
$updatePost = $this->auth->createPermission('updatePost');
$updatePost->description = 'update a post';
$updatePost->ruleName = $rule->name;
$this->auth->add($updatePost);
$updateAnyPost = $this->auth->createPermission('updateAnyPost');
$updateAnyPost->description = 'update any post';
$this->auth->add($updateAnyPost);
$reader = $this->auth->createRole('reader');
$this->auth->add($reader);
$this->auth->addChild($reader, $readPost);
$author = $this->auth->createRole('author');
$this->auth->add($author);
$this->auth->addChild($author, $createPost);
$this->auth->addChild($author, $updatePost);
$this->auth->addChild($author, $reader);
$admin = $this->auth->createRole('admin');
$this->auth->add($admin);
$this->auth->addChild($admin, $author);
$this->auth->addChild($admin, $updateAnyPost);
$this->auth->assign($reader, 'reader A');
$this->auth->assign($author, 'author B');
$this->auth->assign($admin, 'admin C');
}
/**
* Save role to [[\yii\rbac\authManager]]
*
* @return bool
*/
public function save()
{
if ($this->validate()) {
if ($this->_item === null) {
if ($this->type == Item::TYPE_ROLE) {
$this->_item = $this->manager->createRole($this->name);
} else {
$this->_item = $this->manager->createPermission($this->name);
}
$isNew = true;
$oldName = false;
} else {
$isNew = false;
$oldName = $this->_item->name;
}
$this->_item->name = $this->name;
$this->_item->description = $this->description;
$this->_item->ruleName = $this->ruleName;
$this->_item->data = Json::decode($this->data);
if ($isNew) {
$this->manager->add($this->_item);
} else {
$this->manager->update($oldName, $this->_item);
}
return true;
}
return false;
}
/**
* Create permissions.
*/
protected function createPermissions()
{
$permissions = ArrayHelper::getValue($this->rbac, 'permissions');
if (!$permissions) {
return;
}
$this->_permissions = [];
$children = [];
foreach ($permissions as $name => $data) {
$permission = $this->_auth->createPermission($name);
if (is_string($data)) {
$permission->description = $data;
} else {
$permission->description = ArrayHelper::getValue($data, 'description', '');
if ($ruleClass = ArrayHelper::getValue($data, 'rule')) {
$rule = Yii::createObject($ruleClass);
if (!$this->_auth->getRule($rule->name)) {
$this->_auth->add($rule);
}
$permission->ruleName = $rule->name;
}
$children[$name] = ArrayHelper::getValue($data, 'child');
}
$this->_auth->add($permission);
$this->_permissions[$name] = $permission;
}
foreach ($children as $permName => $childName) {
$this->_auth->addChild($this->_permissions[$permName], $this->_permissions[$childName]);
}
}
/**
* @param $data
* @param \yii\rbac\ManagerInterface $authManager
* @param null $parent
*/
function addItem($data, $authManager, $parent = null)
{
foreach ($data as $d) {
$item = $authManager->createPermission($d['action']);
$item->description = $d['name'];
$authManager->add($item);
$authManager->addChild($parent, $item);
if (isset($d['children'])) {
addItem($d['children'], $authManager, $item);
}
}
}
protected function prepareData()
{
User::reset();
$rule = new AuthorRule();
$this->auth->add($rule);
$uniqueTrait = $this->auth->createPermission('Fast Metabolism');
$uniqueTrait->description = 'Your metabolic rate is twice normal. This means that you are much less resistant to radiation and poison, but your body heals faster.';
$this->auth->add($uniqueTrait);
$createPost = $this->auth->createPermission('createPost');
$createPost->description = 'create a post';
$this->auth->add($createPost);
$readPost = $this->auth->createPermission('readPost');
$readPost->description = 'read a post';
$this->auth->add($readPost);
$deletePost = $this->auth->createPermission('deletePost');
$deletePost->description = 'delete a post';
$this->auth->add($deletePost);
$updatePost = $this->auth->createPermission('updatePost');
$updatePost->description = 'update a post';
$updatePost->ruleName = $rule->name;
$this->auth->add($updatePost);
$updateAnyPost = $this->auth->createPermission('updateAnyPost');
$updateAnyPost->description = 'update any post';
$this->auth->add($updateAnyPost);
$reader = $this->auth->createRole('reader');
$this->auth->add($reader);
$this->auth->addChild($reader, $readPost);
$author = $this->auth->createRole('author');
$this->auth->add($author);
$this->auth->addChild($author, $createPost);
$this->auth->addChild($author, $updatePost);
$this->auth->addChild($author, $reader);
$admin = $this->auth->createRole('admin');
$this->auth->add($admin);
$this->auth->addChild($admin, $author);
$this->auth->addChild($admin, $updateAnyPost);
$this->auth->assign($uniqueTrait, 'reader A');
$this->auth->assign($reader, 'reader A');
$this->auth->assign($author, 'author B');
$this->auth->assign($deletePost, 'author B');
$this->auth->assign($admin, 'admin C');
}
/**
* @param ManagerInterface $auth
* @param string $name
* @param array $options
* @param Permission $parent
* @return Permission
*/
private function createPermission($auth, $name, $options = array(), $parent = null)
{
$permission = $auth->createPermission($name);
if (isset($option['description'])) {
$permission->description = $option['description'];
}
if (isset($option['rule'])) {
$permission->ruleName = $option['rule'];
}
$auth->add($permission);
if ($parent) {
$auth->addChild($parent, $permission);
}
if (isset($options['children'])) {
foreach ($options['children'] as $childName => $childOptions) {
$this->createPermission($auth, $childName, $childOptions, $permission);
}
}
return $permission;
}
