/** * @param IWebUser $user the user * @return boolean whether the page can be accessed according to the pbac rule */ protected function isPbacMatched($user) { // extract the user accessRules $accessRules = $user->getAccessRules(); // grant access right the way if root is asking for the page or no pbac is setted // or deny it right the way if user is guest or in recovery mode if ($user->getAccessRules() === UserGroupsUser::ROOT_ACCESS || empty($this->pbac)) { return true; } elseif (UserGroupsConfiguration::findRule('super_admin') && isset(Yii::app()->user->accessRules['userGroups']['admin']['admin'])) { return true; } elseif ($user->getIsGuest() || $user->getRecovery()) { return false; } // extract the current controller name $current_controller = Yii::app()->getController()->id; // extract the current module name $current_module = Yii::app()->controller->module ? Yii::app()->controller->module->id : 'Basic'; foreach ($this->pbac as $p) { $p = explode('.', $p); switch (count($p)) { case 1: $module = $current_module; $controller = $current_controller; $permission = $p[0]; break; case 2: $module = $current_module; $controller = $p[0]; $permission = $p[1]; break; case 3: $module = $p[0]; $controller = $p[1]; $permission = $p[2]; break; } // check the asked permission if (isset($accessRules[$module][$controller][$permission])) { return true; } elseif (UserGroupsConfiguration::findRule('permission_cascade')) { if ($permission === 'read') { if (isset(Yii::app()->user->accessRules[$module][$controller]['write'])) { return true; } } if ($permission === 'read' || $permission === 'write') { if (isset(Yii::app()->user->accessRules[$module][$controller]['admin'])) { return true; } } } } return false; }