public function checkAccess($item_name)
{
//Если суперпользователь, то разрешено все
if (isset(Yii::app()->user->role) && Yii::app()->user->role == AuthItem::ROLE_ROOT) {
return true;
}
$auth_item = AuthItem::model()->findByPk($item_name);
if (!$auth_item) {
Yii::log('Задача $item_name не найдена!');
return false;
}
if ($auth_item->allow_for_all) {
return true;
}
if ($auth_item->task) {
if ($auth_item->task->allow_for_all) {
return true;
} elseif (Yii::app()->user->checkAccess($auth_item->task->name)) {
return true;
}
} else {
if (Yii::app()->user->checkAccess($auth_item->name)) {
return true;
}
}
return false;
}
public function actionDelete($authItemName)
{
$authItemName = trim($authItemName);
if ($authItemName == '') {
return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_NAME_EMPTY', array('message' => 'Role name is empty'));
}
$authItem = AuthItem::model()->find('name=:name', array(':name' => $authItemName));
if (!is_object($authItem)) {
return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_NOT_FOUND', array('message' => 'Role is not found'));
}
// check if this role is system role
if ($authItem->is_system == true) {
return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_CANNOT_DELETE_BECAUSE_SYSTEM', array('message' => 'Cannot delete this role as it is a system role'));
}
// check if this role is assigned to any user
$sql = 'SELECT COUNT(userid) FROM "' . SITE_ID . '_authassignment" WHERE itemname = \'' . $authItem->name . '\'';
$count = app()->db->createCommand($sql)->queryScalar();
if ($count > 0) {
return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_CANNOT_DELETE_BECAUSE_ASSIGNED', array('message' => "Cannot delete this role as it's assigned to users"));
}
// delete the role
if (!$authItem->delete()) {
return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_DELETE_FAILED', array('message' => 'Deleting the role has been failed'));
}
return $this->result = array('result' => null, 'returnCode' => 1);
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return AuthItem the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = AuthItem::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
public static function newRoleId()
{
$rows = AuthItem::model()->FindBySql('select CAST(SUBSTRING(name,11) as SIGNED INTEGER) + 1 AS name from AuthItem where name like "rolebyuser%" order by CAST(SUBSTRING(name,11) as SIGNED INTEGER) desc limit 1');
$result = '1';
if (count((array) $rows) > 0) {
$result = $rows['name'];
}
return $result;
}
public function actionIndex()
{
$moduleId = $this->get('id', '');
$model = Module::model()->find('name = :name', array(':name' => $moduleId));
if ($model && $this->generateRoutes($moduleId)) {
$features = $this->getFeatures($moduleId);
}
$roles = AuthItem::model()->findAll('type = 2');
$this->render('index', array('model' => $model, 'features' => $features, 'roles' => $roles));
}
public function checkAccess($auth_item_name, $params = array(), $allow_caching = true)
{
return true;
if (Yii::app()->user->isRootRole()) {
return true;
}
$auth_item = AuthItem::model()->findByPk($auth_item_name);
if ($auth_item && $auth_item['allow_for_all']) {
return true;
}
return parent::checkAccess($auth_item_name, $params, $allow_caching);
}
public function checkName()
{
if ($this->isNewRecord) {
if (AuthItem::model()->exists('name=LOWER(:name)', array(':name' => strtolower($this->name)))) {
$this->addError('name', at('Sorry, That name is already in use.'));
}
} else {
if (AuthItem::model()->exists('name=LOWER(:name) AND id!=:id', array(':id' => $this->id, ':name' => strtolower($this->name)))) {
$this->addError('name', at('Sorry, That name is already in use.'));
}
}
}
public function beforeAction($action)
{
$item_name = AuthItem::constructName(Yii::app()->controller->id, $action->id);
if (!RbacModule::isAllow($item_name)) {
$this->forbidden();
}
if (isset(Yii::app()->params->save_site_actions) && Yii::app()->params->save_site_actions) {
MainModule::saveSiteAction();
}
$this->setTitle($action);
$this->_setMetaTags($action);
return true;
}
public function loadModel($name)
{
$model = AuthItem::model()->findByAttributes(array(
'name' => $name,
'type' => CAuthItem::TYPE_ROLE
));
if (!$model)
{
$this->pageNotFound();
}
return $model;
}
public function preFilter($filter_chain)
{
$item_name = AuthItem::constructName($filter_chain->action->controller->id, $filter_chain->action->id);
if (Yii::app()->user->checkAccess($item_name)) {
$filter_chain->run();
} else {
$msg = null;
if (YII_DEBUG) {
$msg = t('Зарещено!') . ' ' . t($item_name) . '<br/>';
$msg .= CHtml::link('Разрешить для роли "' . Yii::app()->user->role . '"', Yii::app()->createUrl('/rbac/task/allow', array('item_name' => $item_name)));
}
$filter_chain->action->controller->forbidden($msg);
}
}
public function actionAssignment()
{
$model = new Authassignment();
if (isset($_POST['Authassignment'])) {
$model->attributes = $_POST['Authassignment'];
if ($model->validate()) {
//$this->saveModel($model);
//$this->redirect(array('view','itemname'=>$model->itemname, 'userid'=>$model->userid));
$auth = Yii::app()->authManager;
$auth->assign($model->itemname, $model->userid, $model->bizrule, $model->data);
}
}
$user = User::model()->findAll();
$item = AuthItem::model()->findAll(array('condition' => 'type=2'));
$this->render('assignment', array('model' => $model, 'user' => $user, 'item' => $item));
}
/**
* Загрузка данных из бд и распределение их по спискам
*/
private function getData()
{
$userAssign = CHtml::listData(AuthAssignment::model()->findAllByAttributes(['userid' => $this->user->id]), 'itemname', 'userid');
$authItems = AuthItem::model()->findAll(['order' => 'type DESC, description ASC']);
foreach ((array) $authItems as $item) {
$this->itemsGroupedByTypes[$item->type][$item->name] = $item;
$this->itemsList[$item->name] = $item;
// если проверять каждый элемент, то генерируется огромное количество запросов, но получается правильное дерево с отмеченными дочерними элементами
// созможно стоит при сохранении ролей что-то придумать
$this->permissionList[$item->name] = isset($userAssign[$item->name]);
//Yii::app()->authManager->checkAccess($item->name, $this->user->id);
}
$authItemsChild = AuthItemChild::model()->findAll();
foreach ((array) $authItemsChild as $item) {
$this->hierarchy[$item->parent][] = $item->child;
$this->wereChildren[] = $item->child;
}
}
/**
* 删除所有的action操作
* 写着玩的,不可随意执行,会把所有的operation删掉,并且删除这么operation和用户、角色之间的所有关系
* 但是也可以随便执行,因为AR模式在这里执行不了,提供个思路,哈哈。
*/
public function clearOpers()
{
$criteria = new CDbCriteria();
$criteria->condition = "type = 0";
$actions = AuthItem::model()->findAll($criteria);
foreach ($actions as $key => $action) {
$criteria_child = new CDbCriteria();
$criteria_child->condition = "child = '{$action->name}'";
$flag = ItemChildren::model()->deleteAll($criteria_child);
if ($flag > 0) {
if ($action->delete()) {
echo "{$action->name} delete success\n";
} else {
echo "{$action->name} delete failed\n";
}
}
}
}
/**
* Check if we have the access keys in the db
*
*/
public function checkAccess($operation, $params = array())
{
// First make sure we haven't already added it
// without looking in the db
$missingRoles = array();
if (Yii::app()->cache) {
$missingRoles = Yii::app()->cache->get('missing_roles');
if ($missingRoles === false) {
$missingRoles = array();
}
}
// Do we have that roles in the array
if (!in_array($operation, $missingRoles)) {
// We don't so look up the db
$roleExists = AuthItem::model()->find('name=:name', array(':name' => $operation));
if (!$roleExists) {
// Figure out the type first
if (strpos($operation, 'op_') !== false) {
$type = CAuthItem::TYPE_OPERATION;
} elseif (strpos($operation, 'task_') !== false) {
$type = CAuthItem::TYPE_TASK;
} else {
$type = CAuthItem::TYPE_ROLE;
}
// Create new auth item
Yii::app()->authManager->createAuthItem($operation, $type, $operation, null, null);
}
$missingRoles[$operation] = $operation;
// Save
if (Yii::app()->cache) {
Yii::app()->cache->set('missing_roles', $missingRoles);
}
}
// In case we are in debug mode then return true all the time
if (YII_DEBUG) {
return true;
}
// Return parent check access
return parent::checkAccess($operation, $params);
}
/**
* @return \yii\db\ActiveQuery
*/
public function getAuthItems()
{
return $this->hasMany(AuthItem::className(), ['rule_name' => 'name'])->from(['authItems' => Authitem::tableName()]);
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionCreateAction()
{
$model = new AuthItem();
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if (isset($_POST['AuthItem'])) {
$model->attributes = $_POST['AuthItem'];
if ($model->save()) {
$this->logAudit("Action " . $model->name . " was created ");
$this->redirect(array('view', 'id' => $model->name));
}
}
$this->render('createAction', array('model' => $model));
}
protected function getModulesTasks()
{
$tasks = array();
$modules = AppManager::getModulesNames();
foreach ($modules as $module_name => $module_desc) {
$operations = array();
$module_actions = AppManager::getModuleActions(ucfirst($module_name) . 'Module');
foreach ($module_actions as $controller => $actions) {
$prefix = str_replace('Controller', '', $controller);
foreach ($actions as $name => $description) {
$name = $prefix . '_' . $name;
$exists = AuthItem::model()->exists(" name = '{$name}' AND type = '" . CAuthItem::TYPE_OPERATION . "'");
$operations[] = array('name' => $name, 'description' => $description, 'exists' => $exists);
}
}
$exists = AuthItem::model()->exists(" name = '{$module_name}' AND type = '" . CAuthItem::TYPE_TASK . "'");
$tasks[] = array('exists' => $exists, 'name' => $module_name, 'description' => $module_desc, 'operations' => $operations);
}
return $tasks;
}
function actionTest1()
{
$criteria = new CDbCriteria();
$criteria->select = array('name', 'description');
$criteria->with = array('authassignments' => array('select' => array('itemname', 'IF(name = itemname,true,false) AS Checked'), 'joinType' => 'LEFT JOIN', 'on' => 'itemname = name and userid = :userid', 'params' => array(':userid' => '1')));
$criteria->condition = 'type = 2';
// $rows = AuthItem::model()->with(array('authassignments'=>array('together'=>false)))->FindAll();
// $rows = AuthAssignment::model()->with('users','authitems','authitems.authitemchildren')->FindAll();
// $rows = User::model()->with('authitems')->FindAll();
$rows = AuthItem::model()->with('authassignments')->FindAll();
// var_dump($rows[1]['authassignments']);
$connection = Yii::app()->db;
$sql = 'SELECT ai.NAME,
ai.description,
itemname,
IF (ai.NAME = itemname,true,false) AS Checked
FROM AuthItemChild RIGHT JOIN AuthItem ai ON parent = NAME LEFT JOIN AuthAssignment ON itemname = ai.NAME AND userid = 1 WHERE (
NOT parent IN (
SELECT b.child
FROM AuthItemChild b
)
OR (parent IS NULL)
)
AND ai.type = 2
GROUP BY ai.NAME
ORDER BY ai.NAME';
$command = $connection->createCommand();
$command->select(['NAME', 'description', 'itemname', 'IF (NAME = itemname,true,false) AS Checked'])->from(['AuthItem'])->leftJoin('AuthItemChild', 'parent = NAME')->leftJoin('AuthAssignment', ['and', 'itemname = NAME', 'userid = :userid'], [':userid' => '1'])->andWhere('not parent in (SELECT b.child FROM AuthItemChild b ) OR (parent IS NULL)')->andWhere('type=:type', [':type' => '2'])->group(['NAME'])->order(['NAME']);
var_dump($command->join);
var_dump($command->params);
//var_dump($command->pdoStatement->getColumnMeta(0));
$rows = [];
$rows = $command->queryAll();
var_dump($command->pdoStatement);
// var_dump($rows);
// Print Rows
if (count((array) $rows) > 0) {
echo '<table style="border-collapse: collapse;"><tbody>';
echo '<tr>';
foreach (array_keys($rows[0]) as $field) {
echo '<th style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $field . '</th>';
}
echo '</tr>';
foreach ($rows as $row) {
echo '<tr>';
foreach ($row as $cell) {
echo '<td style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $cell . '</td>';
}
echo '</tr>';
}
echo '</tbody></table>';
} else {
echo 'empty rows';
}
/* if (count((array) $rows) > 0) {
echo '<table style="border-collapse: collapse;"><tbody>';
echo '<tr>';
foreach (array_keys($rows[0]->attributes) as $field)
echo '<th style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $field . '</th>';
echo '</tr>';
foreach ($rows as $row) {
echo '<tr>';
foreach ($row->attributes as $cell)
echo '<td style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $cell . '</td>';
echo '</tr>';
}
echo '</tbody></table>';
} else
echo 'empty rows'; */
}
<?php
$roles = AuthItem::model()->findAllByAttributes(array('type' => CAuthItem::TYPE_ROLE));
return array('activeForm' => array('id' => 'user-form', 'enableAjaxValidation' => true, 'clientOptions' => array('validateOnSubmit' => true)), 'elements' => array('email' => array('type' => 'text'), 'name' => array('type' => 'text'), 'birthdate' => array('type' => 'date'), 'gender' => array('type' => 'dropdownlist', 'items' => User::$gender_options), 'about_self' => array('type' => 'textarea'), 'photo' => array('type' => 'file'), 'status' => array('type' => 'dropdownlist', 'items' => User::$status_options), 'role' => array('type' => 'dropdownlist', 'items' => CHtml::listData($roles, 'name', 'description')), 'password' => array('type' => 'password'), 'password_c' => array('type' => 'password')), 'buttons' => array('submit' => array('type' => 'submit', 'value' => 'сохранить')));
/**
* adding auth item child relationships
*/
public function actionAddItemChild()
{
// Check Access
checkAccessThrowException('op_permission_add_item_child');
$model = new AuthItemChild();
$roles = AuthItem::model()->findAll(array('order' => 'type DESC, name ASC'));
$_roles = array();
if (count($roles)) {
foreach ($roles as $role) {
$_roles[AuthItem::model()->types[$role->type]][$role->name] = $role->description . ' (' . $role->name . ')';
}
}
// Did we choose a parent already?
if (isset($_GET['parent']) && $_GET['parent'] != '') {
$model->parent = $_GET['parent'];
}
if (isset($_POST['AuthItemChild'])) {
if (isset($_POST['AuthItemChild']['child']) && count($_POST['AuthItemChild']['child'])) {
// We need to delete all child items selected up until now
$existsalready = AuthItemChild::model()->findAll('parent=:parent', array(':parent' => $model->parent));
if (count($existsalready)) {
foreach ($existsalready as $existitem) {
Yii::app()->authManager->removeItemChild($existitem->parent, $existitem->child);
}
}
$added = 0;
foreach ($_POST['AuthItemChild']['child'] as $childItem) {
$model->child = $childItem;
if ($model->validate()) {
$added++;
}
}
// Get model parent
$authItem = AuthItem::model()->find('name=:name', array(':name' => $model->parent));
fok(at('{number} Child item(s) Added.', array('{number}' => $added)));
// Log Message
alog(at("Added {number} child items for {name}", array('{number}' => $added, '{name}' => $model->parent)));
if ($authItem) {
$this->redirect(array('view', 'id' => $authItem->id, '#' => 'tabs-2'));
} else {
$this->redirect(array('index'));
}
}
}
// Selected values
$selected = AuthItemChild::model()->findAll('parent=:parent', array(':parent' => $model->parent));
$_selected = array();
if (count($selected)) {
foreach ($selected as $select) {
$_selected[] = $select->child;
}
}
$model->child = $_selected;
// Add Breadcrumb
$this->addBreadCrumb(at('Adding Child Permissions'));
$this->title[] = at('Adding Child Permissions');
$this->render('child_form', array('model' => $model, 'roles' => $_roles));
}
/**
* Return the operations not assigned to a task by getting all the operations
* and removing those assigned to the task, or all the operations if no task
* is provided
* @param string $name The name of the task
* @param boolean $clever Use clever Assigning
* @return array An array of operations(AuthItems) not assigned to the task
*/
public static function getTaskNotAssignedOpers($name, $clever = false)
{
$tasks = new CDbCriteria();
$tasks->condition = "type=" . CAuthItem::TYPE_OPERATION;
if ($clever) {
$p[0] = "/Viewing/";
$p[1] = "/Administrating/";
$r[0] = "";
$r[1] = "";
$cleverName = preg_replace($p, $r, $name);
$len = strlen($cleverName);
$tasks->addCondition("LEFT(name," . $len . ") = '" . $cleverName . "'");
}
$final = array();
if ($name) {
$na = AuthItem::model()->findAll($tasks);
} else {
return AuthItem::model()->findAll($tasks);
}
$as = self::getTaskAssignedOpers($name, $clever);
foreach ($na as $n) {
$exists = false;
foreach ($as as $a) {
if ($a['name'] == $n['name']) {
$exists = true;
}
}
if (!$exists) {
$final[] = $n;
}
}
return $final === null ? array() : $final;
}
echo CHtml::activeTextField($model, 'email', array('class' => 'validate[required,custom[email]]'));
?>
<?php
echo CHtml::error($model, 'email');
?>
</div>
<div class="clear"></div>
<hr />
<div class="grid-3-12"><?php
echo CHtml::activeLabelEx($model, 'role');
?>
</div>
<div class="grid-9-12">
<?php
echo CHtml::activeDropDownList($model, 'role', CHtml::listData(AuthItem::model()->findAll('type=:type', array(':type' => CAuthItem::TYPE_ROLE)), 'name', 'name'), array('data-placeholder' => at('Please select one...'), 'prompt' => '', 'class' => 'chzn-select validate[required]'));
?>
<?php
echo CHtml::error($model, 'role');
?>
</div>
<div class="clear"></div>
<hr />
<div class="grid-3-12"><?php
echo CHtml::activeLabelEx($model, 'new_password');
?>
</div>
<div class="grid-9-12">
<?php
echo CHtml::activePasswordField($model, 'new_password', array('class' => 'validate[minSize[6]]'));
public function actionSaveAllowed()
{
if (!Helper::isAlwaysAllowedFileWritable()) {
echo Helper::translate("srbac", "The always allowed file is not writable by the server") . "<br />";
echo "File : " . $this->module->getAlwaysAllowedFile();
return;
}
$allowed = array();
foreach ($_POST as $controller) {
foreach ($controller as $action) {
//Delete items
$auth = AuthItem::model()->findByPk($action);
if ($auth !== null) {
$auth->delete();
}
$allowed[] = $action;
}
}
$handle = fopen($this->module->getAlwaysAllowedFile(), "wb");
fwrite($handle, "<?php \n return array(\n\t'" . implode("',\n\t'", $allowed) . "'\n);\n?>");
fclose($handle);
$this->renderPartial("saveAllowed", array("allowed" => $allowed));
}
/**
* Edit category action
*/
public function actioneditcategory()
{
// Perms
if (!Yii::app()->user->checkAccess('op_extensions_editcats')) {
throw new CHttpException(403, Yii::t('error', 'Sorry, You don\'t have the required permissions to enter this section'));
}
if (isset($_GET['id']) && ($model = ExtensionsCats::model()->findByPk($_GET['id']))) {
if (isset($_POST['ExtensionsCats'])) {
$model->attributes = $_POST['ExtensionsCats'];
if ($model->save()) {
Yii::app()->user->setFlash('success', Yii::t('extensions', 'Category Updated.'));
$this->redirect(array('index'));
}
}
$roles = AuthItem::model()->findAll(array('order' => 'type DESC, name ASC'));
$_roles = array();
if (count($roles)) {
foreach ($roles as $role) {
$_roles[AuthItem::model()->types[$role->type]][$role->name] = $role->name;
}
}
// Parent list
$parents = array();
$parentlist = ExtensionsCats::model()->getRootCats();
if (count($parentlist)) {
foreach ($parentlist as $row) {
$parents[$row->id] = $row->title;
}
}
// Parse language selections and perms
$model->language = $model->language ? explode(',', $model->language) : $model->language;
$model->viewperms = $model->viewperms ? explode(',', $model->viewperms) : $model->viewperms;
$model->addpostsperms = $model->addpostsperms ? explode(',', $model->addpostsperms) : $model->addpostsperms;
$model->addcommentsperms = $model->addcommentsperms ? explode(',', $model->addcommentsperms) : $model->addcommentsperms;
$model->addfilesperms = $model->addfilesperms ? explode(',', $model->addfilesperms) : $model->addfilesperms;
$model->autoaddperms = $model->autoaddperms ? explode(',', $model->autoaddperms) : $model->autoaddperms;
$this->breadcrumbs[Yii::t('extensions', 'Editing Category')] = '';
$this->pageTitle[] = Yii::t('extensions', 'Editing Category');
// Render
$this->render('category_form', array('model' => $model, 'parents' => $parents, 'roles' => $_roles, 'label' => Yii::t('extensions', 'Editing Category')));
} else {
Yii::app()->user->setFlash('error', Yii::t('extensions', 'Category was not found.'));
$this->redirect(array('index'));
}
}
/**
* Manages all models.
*/
public function actionAdmin()
{
$model = new AuthItem('search');
$model->unsetAttributes();
// clear any default values
if (isset($_GET['AuthItem'])) {
$model->attributes = $_GET['AuthItem'];
}
$model->type = 2;
$this->render('admin', array('model' => $model));
}
/**
* Update an auth item.
* Note: The item's type can not be changed.
*/
public function actionManage($item) {
$item = $this->authManager->getEAuthItem($item);
if (empty($item))
throw new CHttpException(404, Yii::t('RbamModule.rbam','Authorisation item not found.'));
$authItem = new AuthItem('update'); // $authItem is a CFormModel
$attributes = array();
foreach ($authItem->getAttributes() as $name=>$value)
$authItem->$name = $item->$name;
$form = $authItem->getForm(!in_array($item->name, $this->getModule()->getDefaultRoles()));
if ($form->submitted($form->uniqueId)) {
$response = array();
if ($authItem->save($item)) {
$response['content'] = Yii::t('RbamModule.rbam','"{item}" {type} updated.', array(
'{item}'=>$item->name,
'{type}'=>$this->type($item->type, true)
));
if ($item->name!==$_POST['AuthItem']['oldName'])
$response['redirect'] = $this->createUrl($this->action->id, array('item'=>$item->name));
}
else {
$errors = array();
foreach ($authItem->getErrors() as $attribute=>$attributeErrors)
foreach ($attributeErrors as $error)
$errors[] = array(
'attribute'=>$attribute,
'label'=>$authItem->getAttributeLabel($attribute),
'error'=>$error
);
$response = compact('errors');
}
header('Content-type: application/json');
echo CJSON::encode($response);
Yii::app()->end();
}
if (Yii::app()->getUser()->checkAccess($this->getModule()->authAssignmentsManagerRole)) {
$authAssignment = new AuthAssignment('upate'); // $authAssignment is a CFormModel
$assignmentForm = $authAssignment->getForm();
}
else
$assignmentForm = null;
$this->pageTitle = $this->_pageTitle($this->action->id, array(
'{item}'=>$item->name,
'{type}'=>$this->type($item->type, true, true)
));
$this->breadcrumbs = array(
'RBAM'=>array('rbam/index'),
$this->_pageTitle('index')=>array('index'),
$this->pageTitle
);
$this->render('form', compact('item', 'form', 'assignmentForm'));
}
/**
* Checks if srbac is installed by checking if Auth items table exists.
* @return boolean Whether srbac is installed or not
*/
public function isInstalled()
{
try {
$tables = Yii::app()->authManager->db->schema->tableNames;
$itemTableName = Yii::app()->authManager->itemTable;
$itemChildTableName = Yii::app()->authManager->itemChildTable;
$assignmentTableName = Yii::app()->authManager->assignmentTable;
$tablePrefix = AuthItem::model()->getDbConnection()->tablePrefix;
if (!is_null($tablePrefix)) {
$itemTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $itemTableName);
$itemChildTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $itemChildTableName);
$assignmentTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $assignmentTableName);
}
if (in_array($itemTableName, $tables) && in_array($itemChildTableName, $tables) && in_array($assignmentTableName, $tables)) {
return true;
} else {
$tables = array_map('strtolower', $tables);
if (in_array(strtolower($itemTableName), $tables) && in_array(strtolower($itemChildTableName), $tables) && in_array(strtolower($assignmentTableName), $tables)) {
$this->_message = self::TABLE_NAMES_ERROR;
return true;
}
}
return false;
} catch (CDbException $ex) {
return false;
}
}
/**
* Checks if srbac is installed by checking if Auth items table exists.
* @return boolean Whether srbac is installed or not
*/
public function isInstalled()
{
try {
$tables = Yii::app()->authManager->db->schema->tableNames;
$tableName = AuthItem::model()->tableName();
$tablePrefix = AuthItem::model()->getDbConnection()->tablePrefix;
if (!is_null($tablePrefix)) {
$tableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $tableName);
}
if (in_array($tableName, $tables)) {
return true;
}
return false;
} catch (CDbException $ex) {
return false;
}
}
/**
*
* @desc recursive method
* @uses AuthItem::findUnboundItems()
* @param array $tree Part of or empty array as main RBAC Tree container
* @param integer $depth the Tree depth, which is not realy needed and nowhere used yet
* @return array with AuthItem ['this', 'childs' => ['this', 'childs[...]]]
*
*/
private function _buildItemTree($tree, $depth)
{
if (count($tree) < 1) {
/*
* find the Top Level Items with its childs
*
* SELECT
* `t`.`parent` AS `t0_c0`,
* `t`.`parent` AS `t0_c0`,
* `t`.`child` AS `t0_c1`,
* `parents`.`parent` AS `t1_c0`,
* `parents`.`child` AS `t1_c1`,
* `items`.`name` AS `t2_c0`,
* `items`.`type` AS `t2_c1`,
* `items`.`description` AS `t2_c2`,
* `items`.`bizrule` AS `t2_c3`,
* `items`.`data` AS `t2_c4`
* FROM `AuthItemChild` `t`
* LEFT OUTER JOIN `AuthItemChild` `parents`
* ON (`parents`.`child`=`t`.`parent`)
* LEFT OUTER JOIN `AuthItem` `items`
* ON (`t`.`child`=`items`.`name`)
* WHERE (parents.parent IS NULL)
* ORDER BY t.parent
*/
$result = $this->findAll(array('with' => array('parents', 'childs'), 'condition' => 'parents.parent IS NULL', 'order' => 'parents.parent DESC'));
$depth++;
$tree['depth'] = 0;
$tree['parent-name'] = null;
$tree['this-name'] = null;
$tree['this'] = null;
$tree['childs'] = array();
$modelAuthItem = new AuthItem();
//if(!count($result)) return $tree;
foreach ($result as $row) {
$cnt = count($tree['childs']) - 1;
if (isset($tree['childs'][0]) && $tree['childs'][$cnt]['this-name'] == $row->parent) {
// build second depth in existing first depth
$tree['childs'][$cnt]['childs'][] = $this->_buildItemTree(array('depth' => $depth + 1, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth + 1);
} else {
// build new first depth and included second depth
$tree['childs'][] = array('depth' => $depth, 'parent-name' => null, 'this-name' => $row->parent, 'this' => $modelAuthItem->findByAttributes(array('name' => $row->parent)), 'childs' => array($this->_buildItemTree(array('depth' => $depth + 1, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth + 1)));
}
}
// add unbound items
$model = new AuthItem();
$unboundItems = $model->findUnboundItems();
foreach ($unboundItems as $item) {
$child = array('depth' => 1, 'parent-name' => null, 'this-name' => $item->name, 'this' => $item, 'childs' => array());
array_unshift($tree['childs'], $child);
}
return $tree;
} else {
/*
* SELECT
* `t`.`parent` AS `t0_c0`,
* `t`.`child` AS `t0_c1`,
* `childs`.`name` AS `t1_c0`,
* `childs`.`type` AS `t1_c1`,
* `childs`.`description` AS `t1_c2`,
* `childs`.`bizrule` AS `t1_c3`,
* `childs`.`data` AS `t1_c4`
* FROM `AuthItemChild` `t`
* LEFT OUTER JOIN `AuthItem` `childs`
* ON (`t`.`child`=`childs`.`name`)
* WHERE (`t`.`parent`=:yp0)
* ORDER BY childs.name
*/
$ct = new CDbCriteria(array('order' => 'childs.name'));
$ct->addColumnCondition(array('t.parent' => $tree['this']->name));
$result = AuthItemChild::model()->with('childs')->findAll($ct);
/*
$result = $this->findAllByAttributes(
array('parent'=>$tree['this']->name),
array(
'with' => 'childs',
//'condition' => array('t.parent'=>$tree['this']->name),
'order' => 'childs.name',
)
);
*/
$depth++;
if (count($result) > 0) {
foreach ($result as $row) {
$tree['childs'][] = $this->_buildItemTree(array('depth' => $depth, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth);
}
}
return $tree;
}
}
public function actionListAuthItem($userid)
{
$this->renderPartial('../item/_authitem_opt', array('authItem' => AuthItem::model()->listNotAssignedItem($userid)));
}