Since: 2.0
Author: Qiang Xue (qiang.xue@gmail.com)
Inheritance: extends yii\base\Component
Example #1
0
 /**
  * @inheritdoc
  */
 public function allows($action, $user, $request)
 {
     $return = parent::allows($action, $user, $request);
     if ($return === true) {
         //получаем координаты текущего экшэна
         $actionId = $action->id;
         $controllerId = $action->controller->id;
         $moduleId = $action->controller->module !== null ? $action->controller->module->id : null;
         //получаем все права, которые нужно проверить для данного экшэна
         $toTest = ['*/*/*'];
         if ($moduleId) {
             $toTest[] = "{$moduleId}/*/*";
             $toTest[] = "{$moduleId}/{$controllerId}/*";
             $toTest[] = "{$moduleId}/{$controllerId}/{$actionId}";
         } else {
             $toTest[] = "{$controllerId}/*";
             $toTest[] = "{$controllerId}/{$actionId}";
         }
         //проверяем все права
         $passed = false;
         foreach ($toTest as $rule) {
             if (!\Yii::$app->user->can($rule)) {
                 continue;
             }
             $passed = true;
             break;
         }
         return $passed;
     } else {
         return $return;
     }
 }
 /**
  * @see http://www.yiiframework.com/doc-2.0/yii-filters-accessrule.html#allows()-detail
  * 
  * Extends allows method with user role check
  */
 public function allows($action, $user, $request)
 {
     if (parent::allows($action, $user, $request) !== null && $this->matchUserRoles($user)) {
         return $this->allow ? true : false;
     }
     return null;
 }
Example #3
0
 public function allows($action, $user, $request)
 {
     if ($this->matchActionAccess($action, $user, $request)) {
         return parent::allows($action, $user, $request);
     }
     return null;
 }
Example #4
0
 /**
  * @inheritdoc
  */
 protected function matchRole($user)
 {
     if (System::loadConfig('enable_memmber_login')) {
         return parent::matchRole($user);
     } else {
         Yii::$app->user->logout();
         Yii::$app->getResponse()->redirect('/site/login');
     }
 }
 public function allows($action, $user, $request)
 {
     $parentRes = parent::allows($action, $user, $request);
     // $parentRes can be `null`, `false` or `true`.
     // True means the parent rule matched and allows access.
     if ($parentRes !== true) {
         return $parentRes;
     }
     // admins are allowed to edit entries from other organizations
     if ($user->identity->isAdmin() && $this->allowAdminAllAccess) {
         return true;
     }
     return $this->getOrganizationId($action, $request) == $user->identity->organizer_id;
 }
 protected function matchRole($user)
 {
     if (parent::matchRole($user)) {
         return true;
     }
     if (isset(Yii::$app->controller->model)) {
         $this->params = ['model' => Yii::$app->controller->model];
         foreach ($this->roles as $role) {
             if ($user->can($role, $this->params)) {
                 return true;
             }
         }
     }
     return false;
 }
 /** @inheritdoc */
 public function behaviors()
 {
     return ['verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post'], 'confirm' => ['post'], 'ban' => ['post']]], 'access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['allow' => true, 'roles' => ['users:admin-access']]]]];
 }
Example #8
0
 public function behaviors()
 {
     //        $this->layout = "/main.twig";
     return ['access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'only' => ['logout'], 'rules' => [['actions' => ['create'], 'allow' => true, 'roles' => ['admin']], ['actions' => ['logout'], 'allow' => true, 'roles' => ['@']], ['actions' => ['view', 'search'], 'allow' => true, 'roles' => ['?', '*', 'admin']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['logout' => ['post']]]];
 }
Example #9
0
 public function behaviors()
 {
     return ['verbs' => ['class' => VerbFilter::className(), 'actions' => ['edit-battle' => ['head', 'get', 'post'], '*' => ['head', 'get']]], 'access' => ['class' => AccessControl::className(), 'only' => ['edit-battle'], 'rules' => [['actions' => ['edit-battle'], 'roles' => ['@'], 'allow' => true]], 'ruleConfig' => ['class' => AccessRule::className(), 'matchCallback' => function ($rule, $action) {
         return $action->isEditable;
     }]]];
 }
Example #10
0
 /**
  * @inheritdoc
  */
 public function behaviors()
 {
     return ['access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['actions' => ['index', 'create', 'update', 'delete', 'bulk-action', 'ajax-search'], 'allow' => true, 'roles' => ['subscriber']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post'], 'bulk-action' => ['post'], 'ajax-search' => ['post']]]];
 }
 public function behaviors()
 {
     return ['verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]], 'access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['actions' => ['view', 'search', 'index', 'create', 'update', 'delete'], 'allow' => true, 'roles' => ['admin']]]]];
 }
 /**
  * Specifies the access control rules.
  * This method is used by the 'accessControl' filter.
  * @return array access control rules
  */
 public function behaviors()
 {
     return ['verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post'], 'AjaxUpdateStatus' => ['post'], 'AjaxUpdateSetNew' => ['post'], 'AjaxUpdateSetOld' => ['post'], 'AjaxDelete' => ['post']]], 'access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['allow' => \Yii::$app->getModule('comments')->isSuperuser() ? true : false, 'roles' => ['@']]]]];
 }
Example #13
0
 public function behaviors()
 {
     //        $this->layout = "/admin.php";
     return ['access' => ['class' => AccessControl::className(), 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['allow' => true, 'roles' => ['manager']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['logout' => ['post']]]];
 }