public static function getParent($child = null, &$parentArray)
{
$queryData1 = AuthItemChild::find()->where(['child' => $child])->andWhere('parent not like :parent1 and parent not like :parent2', [':parent1' => 'backend:%', ':parent2' => 'frontend:%'])->asArray()->all();
if ($queryData1) {
foreach ($queryData1 as $key => $value) {
$parentArray[] = $value['parent'];
self::getParent($value['parent'], $parentArray);
}
}
if ($parentArray) {
return array_unique($parentArray);
}
}
public function actionDeleteRole()
{
$name = $_POST['id'];
if (Yii::$app->request->isAjax) {
Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
if (strtolower($name) == strtolower(SUPER_ADMIN_ROLE_NAME)) {
return ['status' => 'blocked', 'message' => 'This role can never be deleted as it is SuperAdmin(' . SUPER_ADMIN_ROLE_NAME . ')'];
}
if (isset($_POST['confirmed']) && !empty($_POST['confirmed'])) {
$model = AuthItem::findOne($name);
if (isset($model) && !empty($model)) {
return $model->deleteAll(['name' => $model->name]) ? ['status' => 'success', 'recordDeleted' => DELETED] : ['status' => 'failure'];
}
} else {
$modelChildren = AuthItemChild::getAllChildren($name);
$modelParent = AuthItemChild::getAllParent($name);
if (count($modelParent) != 0 || count($modelChildren) != 0) {
return ['status' => 'staged', 'childOrParent' => true, 'children' => count($modelChildren), 'parent' => count($modelParent)];
} else {
return ['status' => 'staged', 'childOrParent' => false];
}
}
}
}
public function actionGetRolePermission()
{
$this->layout = false;
$roleChild = array();
$mainChildAction = array();
$childChildAction = array();
$modules = \Yii::$app->getModules();
$plugin_array = array();
$like_array = array();
$i = 3;
$query_like = "";
$plugin_primary_array = array(':name' => "common%", ':name1' => "frontend%", ':name2' => "backend%");
foreach ($modules as $key => $value) {
$plugin_array[":name" . $i] = $key . '%';
$query_like .= " or name like :name" . $i;
$i++;
$mode_data_dynamic[$key] = $key;
}
$like_array = array_merge($plugin_primary_array, $plugin_array);
if (Yii::$app->request->isAjax) {
if (empty($_POST['controllerMode']) && empty($_POST['controller'])) {
$AuthItemAction = AuthItem::find()->where(['type' => 2])->andWhere('name like :name or name like :name1 or name like :name2 or name like :name3' . $query_like, $like_array)->asArray()->all();
} else {
if (!empty($_POST['controllerMode'])) {
$condition = 'name like :name1 or name like :name2';
$conditions[':name1'] = "" . $_POST['controllerMode'] . "%";
$conditions[':name2'] = "cfusermgmt:" . $_POST['controllerMode'] . "%";
}
if (!empty($_POST['controller'])) {
if (strpos($_POST['controller'], "cfusermgmt:") === 0) {
$_POST['controller'] = substr($_POST['controller'], strlen('cfusermgmt:'));
}
//echo $_POST['controller'];exit;
$condition = 'name like :name3';
$conditions[':name3'] = "%" . $_POST['controller'] . "%";
}
if (!empty($_POST['controllerMode']) && !empty($_POST['controller'])) {
$condition = '(name like :name1 or name like :name2) and name like :name3';
}
$AuthItemAction = AuthItem::find()->where(['type' => 2])->andWhere($condition, $conditions)->asArray()->all();
}
if (!empty($_POST['id'])) {
$queryData = AuthItem::find()->where(['type' => 1])->andWhere('name != :name', ['name' => $_POST['id']])->asArray()->all();
$queryData1 = AuthItemChild::find()->where(['parent' => $_POST['id']])->asArray()->all();
$roleChild = array();
$childData = AuthItemChild::getChild($_POST['id'], $childArray);
if ($childData) {
$roleChild = $childData;
}
if ($queryData) {
$AuthItemRole = array();
foreach ($queryData as $key => $value) {
$AuthItemRole[$value['name']] = $value['name'];
}
if ($queryData1) {
foreach ($queryData1 as $key => $value) {
if (!in_array($value['child'], $AuthItemRole)) {
$mainChildAction[] = $value['child'];
}
}
}
}
if ($roleChild || !empty($_POST['child'])) {
if (!empty($_POST['child'])) {
$roleChild = explode(',', $_POST['child']);
}
$queryData2 = AuthItemChild::find()->where(['parent' => $roleChild])->asArray()->all();
if ($queryData2) {
foreach ($queryData2 as $key => $value) {
// if (strpos($value['child'],':') !== false) {
// $newVal = explode(':', $value['child']);
// $value['child'] = $newVal[2];
// }
$childChildAction[] = $value['child'];
}
}
}
}
return $this->render('role-permission', ['allAuthItem' => $AuthItemAction, 'childChildAction' => $childChildAction, 'mainChildAction' => $mainChildAction]);
}
}
public static function CheckPermission($event)
{
$method = $event->action->actionMethod;
$methodName = substr($method, 6);
$objectName = $event->action->controller->id;
$class = explode('\\', $objectName);
$module = $event->action->controller->module->id;
$modulePos = explode('app-', $module);
if (!empty($modulePos[0])) {
$dbAction = $modulePos[0] . ':' . $objectName . ':' . $methodName;
} else {
$dbAction = $modulePos[1] . ':' . $objectName . ':' . $methodName;
}
$status = false;
$user = AuthAssignment::find()->onCondition(['user_id' => Yii::$app->user->getId()])->andWhere(['IN', 'item_name', [SUPERADMIN_ROLE_ALIAS, ADMIN_ROLE_ALIAS, ADMIN_ROLE_NAME]])->one();
// Here Yii did not get the user id for guest user....so that we need to fetch actions from database allowed to perform by guest and need to check for that array
$guestAllowedOnly = AuthItemChild::find()->where(['parent' => GUEST_ROLE_ALIAS])->asArray()->all();
$guestAllowedArr = [];
foreach ($guestAllowedOnly as $guestAllowed) {
$guestAllowedArr[] = $guestAllowed['child'];
}
if (!in_array('usermgmt:user:Login', $guestAllowedArr)) {
$guestAllowedArr[] = 'usermgmt:user:Login';
}
if (!empty($user) && in_array($user->item_name, array(SUPERADMIN_ROLE_ALIAS, ADMIN_ROLE_ALIAS, ADMIN_ROLE_NAME)) && (!CHECK_PERMISSIONS_FOR_ADMIN || Yii::$app->user->can($dbAction))) {
$status = true;
} elseif (!USE_PERMISSIONS_FOR_USERS || in_array($dbAction, $guestAllowedArr) || Yii::$app->user->can($dbAction)) {
$status = true;
}
return $status;
}
