/** * Denies access to the user. * This method is invoked when the access check fails * @throws CHttpException if no user is logged in * @param IWebUser $user the web user * @param string $message the message to display */ protected function accessDenied(IWebUser $user, $message) { if ($user->getIsGuest()) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }
/** * @param IWebUser $user the user * * @return boolean whether the rule applies to the user */ protected function isUserMatched($user) { if (empty($this->users)) { return true; } foreach ($this->users as $u) { if ($u === '*') { return true; } else { if ($u === '?' && $user->getIsGuest()) { return true; } else { if ($u === '@' && !$user->getIsGuest()) { return true; } else { if (!strcasecmp($u, $user->getName())) { return true; } } } } } return false; }
/** * @param IWebUser $user the user * @return boolean whether the page can be accessed according to the user group level */ protected function isLevelMatched($user) { if ((int) $user->getLevel() === UserGroupsUser::ROOT_LEVEL || empty($this->level)) { return true; } else { if (UserGroupsConfiguration::findRule('super_admin') && isset(Yii::app()->user->accessRules['userGroups']['admin']['admin'])) { return true; } else { if ($user->getIsGuest() || $user->getRecovery()) { return false; } } } // check if all the rules have to match to grant access if (isset($this->level['strict'])) { $strict = true; } foreach ($this->level as $l) { if (is_numeric($l) && $l === $user->getLevel()) { $return = true; } else { if (!is_numeric($l)) { $comparison = $user->getLevel() . $l; if (eval("return {$comparison};")) { $return = true; } else { $strict_end = false; } } else { $strict_end = false; } } // if the rule is not strict and there was a match returns true // otherwise if the rule is strict and there's not return return false if (!isset($strict) && isset($return)) { return true; } else { if (isset($strict) && isset($strict_end)) { return false; } } } if (isset($return)) { return $return; } return false; }