/**
  * @param string $id
  *
  * @return string
  */
 public function actionView($id)
 {
     $item = $this->findModel($id);
     $routes = Route::find()->asArray()->all();
     $permissions = Permission::find()->andWhere(['not in', Yii::$app->yee->auth_item_table . '.name', [Yii::$app->yee->commonPermissionName, $id]])->joinWith('group')->all();
     $permissionsByGroup = [];
     foreach ($permissions as $permission) {
         $permissionsByGroup[@$permission->group->name][] = $permission;
     }
     $childRoutes = AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_ROUTE);
     $childPermissions = AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_PERMISSION);
     return $this->renderIsAjax('view', compact('item', 'childPermissions', 'routes', 'permissionsByGroup', 'childRoutes'));
 }
Example #2
0
 /**
  * Gather all user permissions and roles and store them in the session
  *
  * @param UserIdentity $identity
  */
 public static function updatePermissions($identity)
 {
     $session = Yii::$app->session;
     // Clear data first in case we want to refresh permissions
     $session->remove(self::SESSION_PREFIX_ROLES);
     $session->remove(self::SESSION_PREFIX_PERMISSIONS);
     $session->remove(self::SESSION_PREFIX_ROUTES);
     // Set permissions last mod time
     $session->set(self::SESSION_PREFIX_LAST_UPDATE, filemtime(self::getPermissionsLastModFile()));
     // Save roles, permissions and routes in session
     $session->set(self::SESSION_PREFIX_ROLES, array_keys(Role::getUserRoles($identity->id)));
     $session->set(self::SESSION_PREFIX_PERMISSIONS, array_keys(Permission::getUserPermissions($identity->id)));
     $session->set(self::SESSION_PREFIX_ROUTES, Route::getUserRoutes($identity->id));
 }
Example #3
0
 /**
  * Check if user has access to current route
  *
  * @param Action $action the action to be executed.
  *
  * @return boolean whether the action should continue to be executed.
  */
 public function beforeAction($action)
 {
     if ($action->id == 'captcha') {
         return true;
     }
     $route = '/' . $action->uniqueId;
     if (Route::isFreeAccess($route, $action)) {
         return true;
     }
     if (Yii::$app->user->isGuest) {
         $this->denyAccess();
     }
     // If user has been deleted, then destroy session and redirect to home page
     if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) {
         Yii::$app->getSession()->destroy();
         $this->denyAccess();
     }
     // Superadmin owns everyone
     if (Yii::$app->user->isSuperadmin) {
         return true;
     }
     if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) {
         Yii::$app->user->logout();
         Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl());
     }
     if (User::canRoute($route)) {
         $modelId = Yii::$app->getRequest()->getQueryParam('id');
         $modelClass = isset($this->owner->modelClass) ? $this->owner->modelClass : null;
         //Check access for owners
         if ($modelClass && YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()) && $modelId) {
             $model = $modelClass::findOne(['id' => $modelId]);
             if ($model && Yii::$app->user->identity->id == $model->{$modelClass::getOwnerField()}) {
                 return true;
             }
         } else {
             return true;
         }
     }
     if (isset($this->denyCallback)) {
         call_user_func($this->denyCallback, null, $action);
     } else {
         $this->denyAccess();
     }
     return false;
 }
Example #4
0
 /**
  * Useful for Menu widget
  *
  * <example>
  *    ...
  *        [ 'label'=>'Some label', 'url'=>['/site/index'], 'visible'=>User::canRoute(['/site/index']) ]
  *    ...
  * </example>
  *
  * @param string|array $route
  * @param bool $superAdminAllowed
  *
  * @return bool
  */
 public static function canRoute($route, $superAdminAllowed = true)
 {
     if ($superAdminAllowed and Yii::$app->user->isSuperadmin) {
         return true;
     }
     $baseRoute = AuthHelper::unifyRoute($route);
     if (substr($baseRoute, 0, 4) === "http") {
         return true;
     }
     if (Route::isFreeAccess($baseRoute)) {
         return true;
     }
     AuthHelper::ensurePermissionsUpToDate();
     return Route::isRouteAllowed($baseRoute, Yii::$app->session->get(AuthHelper::SESSION_PREFIX_ROUTES, []));
 }
Example #5
0
 /**
  * Assign route to role via permission and create permission or route if it don't exists
  * Helper mainly for migrations
  *
  * @param string $roleName
  * @param string $permissionName
  * @param array $routes
  * @param null|string $permissionDescription
  * @param null|string $groupCode
  *
  * @throws \InvalidArgumentException
  * @return true|static|string
  */
 public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
 {
     $role = static::findOne(['name' => $roleName]);
     if (!$role) {
         throw new \InvalidArgumentException("Role with name = {$roleName} not found");
     }
     $permission = Permission::findOne(['name' => $permissionName]);
     if (!$permission) {
         $permission = Permission::create($permissionName, $permissionDescription, $groupCode);
         if ($permission->hasErrors()) {
             return $permission;
         }
     }
     try {
         Yii::$app->db->createCommand()->insert(Yii::$app->yee->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
     } catch (Exception $e) {
         // Don't throw Exception because we may have this permission for this role,
         // but need to add new routes to it
     }
     $routes = (array) $routes;
     foreach ($routes as $route) {
         $route = '/' . ltrim($route, '/');
         Route::create($route);
         try {
             Yii::$app->db->createCommand()->insert(Yii::$app->yee->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
         } catch (Exception $e) {
             // Don't throw Exception because this permission may already have this route,
             // so just go to the next route
         }
     }
     AuthHelper::invalidatePermissions();
     return true;
 }
Example #6
0
 /**
  * Check if current route allowed for everyone (in commonPermission routes)
  *
  * @param string $currentFullRoute
  *
  * @return bool
  */
 protected static function isInCommonPermission($currentFullRoute)
 {
     $commonRoutes = Yii::$app->cache->get('__commonRoutes');
     if ($commonRoutes === false) {
         $commonRoutesDB = (new Query())->select('child')->from(Yii::$app->yee->auth_item_child_table)->where(['parent' => Yii::$app->yee->commonPermissionName])->column();
         $commonRoutes = Route::withSubRoutes($commonRoutesDB, ArrayHelper::map(Route::find()->asArray()->all(), 'name', 'name'));
         Yii::$app->cache->set('__commonRoutes', $commonRoutes, 3600);
     }
     return in_array($currentFullRoute, $commonRoutes);
 }