/**
* Assign route to role via permission and create permission or route if it don't exists
* Helper mainly for migrations
*
* @param string $roleName
* @param string $permissionName
* @param array $routes
* @param null|string $permissionDescription
* @param null|string $groupCode
*
* @throws \InvalidArgumentException
* @return true|static|string
*/
public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
{
$role = static::findOne(['name' => $roleName]);
if (!$role) {
throw new \InvalidArgumentException("Role with name = {$roleName} not found");
}
$permission = Permission::findOne(['name' => $permissionName]);
if (!$permission) {
$permission = Permission::create($permissionName, $permissionDescription, $groupCode);
if ($permission->hasErrors()) {
return $permission;
}
}
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
} catch (Exception $e) {
// Don't throw Exception because we may have this permission for this role,
// but need to add new routes to it
}
$routes = (array) $routes;
foreach ($routes as $route) {
$route = '/' . ltrim($route, '/');
Route::create($route);
try {
Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
} catch (Exception $e) {
// Don't throw Exception because this permission may already have this route,
// so just go to the next route
}
}
AuthHelper::invalidatePermissions();
return true;
}
public function search($params)
{
$query = static::ITEM_TYPE == static::TYPE_ROLE ? Role::find() : Permission::find();
$query->joinWith(['group']);
$dataProvider = new ActiveDataProvider(['query' => $query, 'pagination' => ['pageSize' => \Yii::$app->request->cookies->getValue('_grid_page_size', 20)], 'sort' => ['defaultOrder' => ['created_at' => SORT_DESC]]]);
if (!($this->load($params) && $this->validate())) {
return $dataProvider;
}
$query->andFilterWhere(['like', Yii::$app->getModule('user')->auth_item_table . '.name', $this->name])->andFilterWhere(['like', Yii::$app->getModule('user')->auth_item_table . '.description', $this->description])->andFilterWhere([Yii::$app->getModule('user')->auth_item_table . '.group_code' => $this->group_code]);
return $dataProvider;
}
/**
* Get all routes available for this user
*
* @param int $userId
* @param bool $withSubRoutes
*
* @return array
*/
public static function getUserRoutes($userId, $withSubRoutes = true)
{
$permissions = array_keys(Permission::getUserPermissions($userId));
if (!$permissions) {
return [];
}
$auth_item = Yii::$app->getModule('user')->auth_item_table;
$auth_item_child = Yii::$app->getModule('user')->auth_item_child_table;
$routes = (new Query())->select(['name'])->from($auth_item)->innerJoin($auth_item_child, '(' . $auth_item_child . '.child = ' . $auth_item . '.name AND ' . $auth_item . '.type = :type)')->params([':type' => self::TYPE_ROUTE])->where([$auth_item_child . '.parent' => $permissions])->column();
return $withSubRoutes ? static::withSubRoutes($routes, ArrayHelper::map(Route::find()->asArray()->all(), 'name', 'name')) : $routes;
}
/**
* @param int $id User ID
*
* @throws \yii\web\NotFoundHttpException
* @return string
*/
public function actionSet($id)
{
$user = User::findOne($id);
if (!$user) {
throw new NotFoundHttpException('User not found');
}
$permissionsByGroup = [];
$permissions = Permission::find()->andWhere([Yii::$app->getModule('user')->auth_item_table . '.name' => array_keys(Permission::getUserPermissions($user->id))])->joinWith('group')->all();
foreach ($permissions as $permission) {
$permissionsByGroup[@$permission->group->name][] = $permission;
}
return $this->renderIsAjax('set', compact('user', 'permissionsByGroup'));
}
/**
* Gather all user permissions and roles and store them in the session
*
* @param UserIdentity $identity
*/
public static function updatePermissions($identity)
{
$session = Yii::$app->session;
// Clear data first in case we want to refresh permissions
$session->remove(self::SESSION_PREFIX_ROLES);
$session->remove(self::SESSION_PREFIX_PERMISSIONS);
$session->remove(self::SESSION_PREFIX_ROUTES);
// Set permissions last mod time
$session->set(self::SESSION_PREFIX_LAST_UPDATE, filemtime(self::getPermissionsLastModFile()));
// Save roles, permissions and routes in session
$session->set(self::SESSION_PREFIX_ROLES, array_keys(Role::getUserRoles($identity->id)));
$session->set(self::SESSION_PREFIX_PERMISSIONS, array_keys(Permission::getUserPermissions($identity->id)));
$session->set(self::SESSION_PREFIX_ROUTES, Route::getUserRoutes($identity->id));
}
/**
* @param string $id
*
* @return string
*/
public function actionView($id)
{
$role = $this->findModel($id);
$authManager = new DbManager();
$allRoles = Role::find()->asArray()->andWhere('name != :current_name', [':current_name' => $id])->all();
$permissions = Permission::find()->andWhere(Yii::$app->getModule('user')->auth_item_table . '.name != :commonPermissionName', [':commonPermissionName' => Yii::$app->getModule('user')->commonPermissionName])->joinWith('group')->all();
$permissionsByGroup = [];
foreach ($permissions as $permission) {
$permissionsByGroup[@$permission->group->name][] = $permission;
}
$childRoles = $authManager->getChildren($role->name);
$currentRoutesAndPermissions = AuthHelper::separateRoutesAndPermissions($authManager->getPermissionsByRole($role->name));
$currentPermissions = $currentRoutesAndPermissions->permissions;
return $this->renderIsAjax('view', compact('role', 'allRoles', 'childRoles', 'currentPermissions', 'permissionsByGroup'));
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
* @return mixed
*/
public function actionCreate()
{
$model = new Permission();
$model->scenario = 'webInput';
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->name]);
}
return $this->renderIsAjax('create', compact('model'));
}