/**
* Add or remove routes for this permission
*
* @param string $id
*
* @return \yii\web\Response
*/
public function actionSetChildRoutes($id)
{
$item = $this->findModel($id);
$newRoutes = Yii::$app->request->post('child_routes', []);
$oldRoutes = array_keys(AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_ROUTE));
$toAdd = array_diff($newRoutes, $oldRoutes);
$toRemove = array_diff($oldRoutes, $newRoutes);
Permission::addChildren($id, $toAdd);
Permission::removeChildren($id, $toRemove);
if (($toAdd or $toRemove) and $id == Yii::$app->getModule('user')->commonPermissionName) {
Yii::$app->cache->delete('__commonRoutes');
}
AuthHelper::invalidatePermissions();
Yii::$app->session->setFlash('success', 'Saved');
return $this->redirect(['view', 'id' => $id]);
}
/**
* Assign route to permission and create them if they don't exists
* Helper mainly for migrations
*
* @param string $permissionName
* @param array|string $routes
* @param null|string $permissionDescription
* @param null|string $groupCode
*
* @throws \InvalidArgumentException
* @return true|static|string
*/
public static function assignRoutes($permissionName, $routes, $permissionDescription = null, $groupCode = null)
{
$permission = static::findOne(['name' => $permissionName]);
$routes = (array) $routes;
if (!$permission) {
$permission = static::create($permissionName, $permissionDescription, $groupCode);
if ($permission->hasErrors()) {
return $permission;
}
}
foreach ($routes as $route) {
$route = '/' . ltrim($route, '/');
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
} catch (Exception $e) {
// Don't throw Exception because this permission may already have this route,
// so just go to the next route
}
}
AuthHelper::invalidatePermissions();
return true;
}
/**
* Assign route to role via permission and create permission or route if it don't exists
* Helper mainly for migrations
*
* @param string $roleName
* @param string $permissionName
* @param array $routes
* @param null|string $permissionDescription
* @param null|string $groupCode
*
* @throws \InvalidArgumentException
* @return true|static|string
*/
public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
{
$role = static::findOne(['name' => $roleName]);
if (!$role) {
throw new \InvalidArgumentException("Role with name = {$roleName} not found");
}
$permission = Permission::findOne(['name' => $permissionName]);
if (!$permission) {
$permission = Permission::create($permissionName, $permissionDescription, $groupCode);
if ($permission->hasErrors()) {
return $permission;
}
}
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
} catch (Exception $e) {
// Don't throw Exception because we may have this permission for this role,
// but need to add new routes to it
}
$routes = (array) $routes;
foreach ($routes as $route) {
$route = '/' . ltrim($route, '/');
Route::create($route);
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
} catch (Exception $e) {
// Don't throw Exception because this permission may already have this route,
// so just go to the next route
}
}
AuthHelper::invalidatePermissions();
return true;
}
public static function revokeRole($userId, $roleName)
{
$result = Yii::$app->db->createCommand()->delete(Yii::$app->getModule('user')->auth_assignment_table, ['user_id' => $userId, 'item_name' => $roleName])->execute() > 0;
if ($result) {
AuthHelper::invalidatePermissions();
}
return $result;
}
/**
* Invalidate permissions if some item is deleted
*/
public function afterDelete()
{
parent::afterDelete();
AuthHelper::invalidatePermissions();
}
