/**
* Denies access if the module is successfully installed.
* @param CFilterChain $filterChain
* @throws CHttpException
*/
public function filterAccessControl($filterChain)
{
$accesscontrol = YiiPlug::app()->hasAccessControlModulesInstalled();
$user = YiiPlug::app()->hasUserModulesInstalled();
if (!$accesscontrol || !$user) {
// no access control module available
$filter = new CAccessControlFilter();
$rules = $this->accessRules();
$frules = array();
foreach ($rules as $key => $values) {
$frule = array();
foreach ($values as $vkey => $value) {
if (!$accesscontrol && $vkey !== 'roles') {
// do not have accesscontrol module
// skip role based access control (but keep other checks)
$frule[$vkey] = $value;
}
}
if ($user && $frule[0] === 'allow') {
// has user authentication module
// add authenticated user required for each action
if (isset($frule['users'])) {
$frule['users'][] = '@';
} else {
$frule['users'] = array('@');
}
}
$frules[$key] = $frule;
}
$filter->setRules($frules);
return $filter->filter($filterChain);
}
// we are in normal state, just do classic access control
return parent::filterAccessControl($filterChain);
}
public function filterAccessControl($filterChain)
{
$filter = new CAccessControlFilter();
$rules = $this->accesRulesByAction($filterChain->action);
$filter->setRules($rules);
$filter->filter($filterChain);
}
/**
* Filter Access Control.
*
* This replicates the access control module in the base controller and lets us
* do our own special rules that insure we fail closed.
*
* @param CFilterChain $filterChain Yii passed object.
*
* @return void
*/
public function filterAccessControl($filterChain)
{
$rules = $this->accessRules();
// default deny
$rules[] = array('deny');
$filter = new CAccessControlFilter();
$filter->setRules($rules);
$filter->filter($filterChain);
}
public function filterAccessControl($filterChain)
{
$rules = $this->accessRules();
// Fallback to denying everyone
$rules[] = array('deny');
$filter = new CAccessControlFilter();
$filter->setRules($rules);
$filter->filter($filterChain);
}
/**
* Filter recursively the menu items received setting
visibility true or
* false according to controller/action preFilter
*
* @param array $items The menu items being filtered.
* @return array The menu items with visibility
defined by preFilter().
*/
protected function filterItems(array $items)
{
$app = Yii::app();
foreach ($items as $pos => $item) {
if (!isset($item['visible'])) {
// get the url parameter
if (isset($item['url']) && is_array($item['url'])) {
$url = $item['url'][0];
}
// parse the url into controller and action
$parts = explode("/", $url);
if (count($parts) == 1) {
$controller = $app->controller;
$actionId = $parts[0];
} else {
$controllerId = ucfirst($parts[1]);
$actionId = count($parts) > 2 ? $parts[2] : 'index';
$controllerList = $app->createController($controllerId);
$controller = $controllerList[0];
}
// generate a controller instance to access and
//compare the rules
$action = $controller->createAction($actionId);
$filter = new CAccessControlFilter();
$filter->setRules($controller->accessRules());
$user = $app->getUser();
$request = $app->getRequest();
$ip = $request->getUserHostAddress();
$item['visible'] = false;
foreach ($filter->getRules() as $rule) {
// we are making an assumption for now that all
// menu items are GET actions
if ($rule->isUserAllowed($user, $controller, $action, $ip, 'GET') > 0) {
$item['visible'] = true;
break;
}
}
}
/**
* If current item is visible and has sub items,
loops recursively
* on them.
*/
if (isset($item['items']) && $item['visible']) {
$item['items'] = $this->filterItems($item['items']);
}
$items[$pos] = $item;
}
return $items;
}
public function filterAccessControl($filterChain)
{
$filter = new CAccessControlFilter();
$filter->setRules($this->accessRules());
$filter->filter($filterChain);
}
