/**
* @param IWebUser $user the user
* @return boolean whether the page can be accessed according to the pbac rule
*/
protected function isPbacMatched($user)
{
// extract the user accessRules
$accessRules = $user->getAccessRules();
// grant access right the way if root is asking for the page or no pbac is setted
// or deny it right the way if user is guest or in recovery mode
if ($user->getAccessRules() === UserGroupsUser::ROOT_ACCESS || empty($this->pbac)) {
return true;
} elseif (UserGroupsConfiguration::findRule('super_admin') && isset(Yii::app()->user->accessRules['userGroups']['admin']['admin'])) {
return true;
} elseif ($user->getIsGuest() || $user->getRecovery()) {
return false;
}
// extract the current controller name
$current_controller = Yii::app()->getController()->id;
// extract the current module name
$current_module = Yii::app()->controller->module ? Yii::app()->controller->module->id : 'Basic';
foreach ($this->pbac as $p) {
$p = explode('.', $p);
switch (count($p)) {
case 1:
$module = $current_module;
$controller = $current_controller;
$permission = $p[0];
break;
case 2:
$module = $current_module;
$controller = $p[0];
$permission = $p[1];
break;
case 3:
$module = $p[0];
$controller = $p[1];
$permission = $p[2];
break;
}
// check the asked permission
if (isset($accessRules[$module][$controller][$permission])) {
return true;
} elseif (UserGroupsConfiguration::findRule('permission_cascade')) {
if ($permission === 'read') {
if (isset(Yii::app()->user->accessRules[$module][$controller]['write'])) {
return true;
}
}
if ($permission === 'read' || $permission === 'write') {
if (isset(Yii::app()->user->accessRules[$module][$controller]['admin'])) {
return true;
}
}
}
}
return false;
}
