/** * Checks whether the Web user is allowed to perform the specified action. * @param CWebUser $user the user object * @param CController $controller the controller currently being executed * @param CAction $action the action to be performed * @param string $ip the request IP address * @param string $verb the request verb (GET, POST, etc.) * @return integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user */ public function isUserAllowed($user, $controller, $action, $ip, $verb) { try { /* $sesMod = $user->getState('modType'); $oCurMod = $controller->getModule(); if( $oCurMod != NULL ){ if( ($oCurMod->getId() == 'ad' && $sesMod == 'pub') || ($oCurMod->getId() == 'pub' && $sesMod == 'ad') ) throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'pub_ad_mod_confused')); } */ echo 'user access'; return false; $aPerm = $user->perm; $aAction = $aPerm[$controller->getId()]['_p']; if (is_array($aAction) && in_array(strtolower($action->getId()), $aAction)) { return true; } else { throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'sorry, you have no rights to do this')); } } catch (Exception $e) { throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'sorry, you have no rights to do this')); } }
/** * CFilterChain factory method. * This method creates a CFilterChain instance. * @param CController $controller the controller who executes the action. * @param CAction $action the action being filtered by this chain. * @param array $filters list of filters to be applied to the action. * @return CFilterChain */ public static function create($controller, $action, $filters) { $chain = new CFilterChain($controller, $action); $actionID = $action->getId(); foreach ($filters as $filter) { if (is_string($filter)) { if (($pos = strpos($filter, '+')) !== false || ($pos = strpos($filter, '-')) !== false) { $matched = preg_match("/\\b{$actionID}\\b/i", substr($filter, $pos + 1)) > 0; if (($filter[$pos] === '+') === $matched) { $filter = CInlineFilter::create($controller, trim(substr($filter, 0, $pos))); } } else { $filter = CInlineFilter::create($controller, $filter); } } else { if (is_array($filter)) { if (!isset($filter[0])) { throw new CException(Yii::t('yii', 'The first element in a filter configuration must be the filter class.')); } $filterClass = $filter[0]; unset($filter[0]); if (($pos = strpos($filterClass, '+')) !== false || ($pos = strpos($filterClass, '-')) !== false) { $matched = preg_match("/\\b{$actionID}\\b/i", substr($filterClass, $pos + 1)) > 0; if (($filterClass[$pos] === '+') === $matched) { $filterClass = trim(substr($filterClass, 0, $pos)); } else { continue; } } $filter['class'] = $filterClass; $filter = Yii::createComponent($filter); } } if (is_object($filter)) { $filter->init(); $chain->add($filter); } } return $chain; }
/** * @param CAction $controller the action * * @return boolean whether the rule applies to the action */ protected function isControllerMatched($controller) { return empty($this->controllers) || in_array(strtolower($controller->getId()), $this->controllers); }
/** * The pre-filter for controller actions. * This method is invoked before the currently requested controller action and all its filters * are executed. You may override this method with logic that needs to be done * before all controller actions. * @param CController $controller the controller * @param CAction $action the action * @return boolean whether the action should be executed. */ public function beforeControllerAction($controller, $action) { /** * Plugin event done before all web controller action * Can set run to false to deactivate action */ $event = new PluginEvent('beforeControllerAction'); $event->set('controller', $controller->getId()); $event->set('action', $action->getId()); App()->getPluginManager()->dispatchEvent($event); return $event->get("run", parent::beforeControllerAction($controller, $action)); }
/** * @param CAction $action the action * @return boolean whether the rule applies to the action */ protected function isActionMatched($action) { return empty($this->actions) || in_array(strtolower($action->getId()), $this->actions); }