/** * Add or remove routes for this permission * * @param string $id * * @return \yii\web\Response */ public function actionSetChildRoutes($id) { $item = $this->findModel($id); $newRoutes = Yii::$app->request->post('child_routes', []); $oldRoutes = array_keys(AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_ROUTE)); $toAdd = array_diff($newRoutes, $oldRoutes); $toRemove = array_diff($oldRoutes, $newRoutes); Permission::addChildren($id, $toAdd); Permission::removeChildren($id, $toRemove); if (($toAdd or $toRemove) and $id == Yii::$app->getModule('user')->commonPermissionName) { Yii::$app->cache->delete('__commonRoutes'); } AuthHelper::invalidatePermissions(); Yii::$app->session->setFlash('success', 'Saved'); return $this->redirect(['view', 'id' => $id]); }
/** * Assign route to permission and create them if they don't exists * Helper mainly for migrations * * @param string $permissionName * @param array|string $routes * @param null|string $permissionDescription * @param null|string $groupCode * * @throws \InvalidArgumentException * @return true|static|string */ public static function assignRoutes($permissionName, $routes, $permissionDescription = null, $groupCode = null) { $permission = static::findOne(['name' => $permissionName]); $routes = (array) $routes; if (!$permission) { $permission = static::create($permissionName, $permissionDescription, $groupCode); if ($permission->hasErrors()) { return $permission; } } foreach ($routes as $route) { $route = '/' . ltrim($route, '/'); try { Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute(); } catch (Exception $e) { // Don't throw Exception because this permission may already have this route, // so just go to the next route } } AuthHelper::invalidatePermissions(); return true; }
/** * Assign route to role via permission and create permission or route if it don't exists * Helper mainly for migrations * * @param string $roleName * @param string $permissionName * @param array $routes * @param null|string $permissionDescription * @param null|string $groupCode * * @throws \InvalidArgumentException * @return true|static|string */ public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null) { $role = static::findOne(['name' => $roleName]); if (!$role) { throw new \InvalidArgumentException("Role with name = {$roleName} not found"); } $permission = Permission::findOne(['name' => $permissionName]); if (!$permission) { $permission = Permission::create($permissionName, $permissionDescription, $groupCode); if ($permission->hasErrors()) { return $permission; } } try { Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute(); } catch (Exception $e) { // Don't throw Exception because we may have this permission for this role, // but need to add new routes to it } $routes = (array) $routes; foreach ($routes as $route) { $route = '/' . ltrim($route, '/'); Route::create($route); try { Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute(); } catch (Exception $e) { // Don't throw Exception because this permission may already have this route, // so just go to the next route } } AuthHelper::invalidatePermissions(); return true; }
public static function revokeRole($userId, $roleName) { $result = Yii::$app->db->createCommand()->delete(Yii::$app->getModule('user')->auth_assignment_table, ['user_id' => $userId, 'item_name' => $roleName])->execute() > 0; if ($result) { AuthHelper::invalidatePermissions(); } return $result; }
/** * Invalidate permissions if some item is deleted */ public function afterDelete() { parent::afterDelete(); AuthHelper::invalidatePermissions(); }