public function updateAccessControl($post)
{
$code = [];
$accessType = $post['accessType'];
if ($accessType == 'DEFAULT') {
## PREPARE VARS
$defaultRule = $post['defaultRule'] != 'allow' ? 'deny' : 'allow';
$roles = $this->expandAccessControlArray($post['roles'], 'role');
$rolesCode = CodeGenerator::varExport($roles);
$users = $this->expandAccessControlArray($post['users'], 'user');
$usersCode = CodeGenerator::varExport($users);
## PREPARE GENERATED VARS
$code[] = ModuleGenerator::GEN_COMMENT_START;
$code[] = '####### DO NOT EDIT CODE BELOW #######';
$code[] = '$accessType = "' . $accessType . '";';
$code[] = '$defaultRule = "' . $defaultRule . '";';
$code[] = '$rolesRule = ' . $rolesCode . ';';
$code[] = '$usersRule = ' . $usersCode . ';';
$code[] = '####### DO NOT EDIT CODE ABOVE #######';
$code[] = ModuleGenerator::GEN_COMMENT_END;
$code[] = '';
## START ACTUAL CODE
$code[] = '$allowed = ($defaultRule == "allow");';
$code[] = '$roleId = Yii::app()->user->roleId;';
$code[] = '$userId = Yii::app()->user->id;';
$code[] = '';
$code[] = 'if (in_array($roleId, $rolesRule["deny"])) { ';
$code[] = ' $allowed = false; ';
$code[] = '}';
$code[] = 'if (in_array($roleId, $rolesRule["allow"])) { ';
$code[] = ' $allowed = true; ';
$code[] = '}';
$code[] = 'if (array_key_exists($roleId, $rolesRule["custom"])) { ';
$code[] = ' call_user_func($rolesRule["custom"][$roleId], $controller, $action); ';
$code[] = '}';
$code[] = 'if (in_array($userId, $usersRule["deny"])) { ';
$code[] = ' $allowed = false; ';
$code[] = '}';
$code[] = 'if (in_array($userId, $usersRule["allow"])) { ';
$code[] = ' $allowed = true;';
$code[] = '}';
$code[] = 'if (array_key_exists($userId, $usersRule["custom"])) { ';
$code[] = ' call_user_func($usersRule["custom"][$userId], $controller, $action); ';
$code[] = '}';
$code[] = '';
$code[] = 'if (!$allowed) {';
$code[] = ' throw new CHttpException(403);';
$code[] = '}';
$space = ' ';
$code = $space . implode("\n{$space}", $code);
$this->accessType = 'DEFAULT';
$this->defaultRule = $defaultRule;
$this->rolesRule = $post['roles'];
$this->usersRule = $post['users'];
$this->acSource = $this->removeIndent($code);
} else {
$code = explode("\n", $post['code']);
if (count($code) > 1 && trim($code[1]) == '$accessType = "DEFAULT";') {
$code[1] = '$accessType = "CUSTOM";';
}
$code = implode("\n", $code);
$this->accessType = "CUSTOM";
$this->acSource = $code;
$code = $this->addIndent($code);
}
$this->updateFunction('accessControl', $code, ['params' => ['$controller', '$action']]);
}
public static function varExport($var, $indent = " ")
{
switch (gettype($var)) {
case "string":
if (strpos($var, CodeGenerator::MARK_EXECUTE) === 0) {
$var = substr($var, strlen(CodeGenerator::MARK_EXECUTE));
return $var;
} else {
return '"' . addcslashes($var, "\\\$\"\r\n\t\v\f") . '"';
}
case "array":
$indexed = array_keys($var) === range(0, count($var) - 1);
$r = [];
foreach ($var as $key => $value) {
$r[] = "{$indent} " . ($indexed ? "" : CodeGenerator::varExport($key) . " => ") . CodeGenerator::varExport($value, "{$indent} ");
}
$fields = implode(",\n", $r);
if ($fields == '') {
return '[]';
} else {
return "[\n" . $fields . "\n" . $indent . "]";
}
case "boolean":
return $var ? "TRUE" : "FALSE";
default:
return var_export($var, TRUE);
}
}
