/** * Initial RBAC action * @param integer $id Superadmin ID */ public function actionInit($id = null) { $auth = new DbManager(); $auth->init(); $auth->removeAll(); //удаляем старые данные // Rules $groupRule = new GroupRule(); $auth->add($groupRule); // Roles $user = $auth->createRole('user'); $user->description = 'User'; $user->ruleName = $groupRule->name; $auth->add($user); $moderator = $auth->createRole(' moderator '); $moderator->description = 'Moderator '; $moderator->ruleName = $groupRule->name; $auth->add($moderator); $auth->addChild($moderator, $user); $admin = $auth->createRole('admin'); $admin->description = 'Admin'; $admin->ruleName = $groupRule->name; $auth->add($admin); $auth->addChild($admin, $moderator); $superadmin = $auth->createRole('superadmin'); $superadmin->description = 'Superadmin'; $superadmin->ruleName = $groupRule->name; $auth->add($superadmin); $auth->addChild($superadmin, $admin); // Superadmin assignments if ($id !== null) { $auth->assign($superadmin, $id); } }
public function actionInit() { if (!$this->confirm("Are you sure? It will re-create permissions tree.")) { return self::EXIT_CODE_NORMAL; } //$auth = Yii::$app->authManager; // Підключення через Базу даних $auth = new DbManager(); $auth->init(); $auth->removeAll(); // Роль студент $student = $auth->createRole('student'); $student->description = 'Student'; $auth->add($student); // Роль працедавець $employer = $auth->createRole('employer'); $employer->description = 'Employer'; $auth->add($employer); // Роль модератор $moderator = $auth->createRole('moderator'); $moderator->description = 'Moderator'; $auth->add($moderator); $auth->addChild($moderator, $student); $auth->addChild($moderator, $employer); // Роль адміністратор $admin = $auth->createRole('admin'); $admin->description = 'Administrator'; $auth->add($admin); $auth->addChild($admin, $moderator); }
/** * Initializes rbac rules. * @param boolean $forceYes put 'yes' to confirmation, use this with caution! */ public function actionInit($forceYes = false) { if (!$forceYes) { $confirm = $this->confirm("Do you want to initialize RBAC rules ?\nPlease aware, previous rules WILL BE OVERWRITTEN", false); if (!$confirm) { return; } } $this->stdout('Auth rules are deleting...' . PHP_EOL, Console::BOLD); $db = Yii::$app->db; $db->createCommand()->delete($this->_auth->itemTable)->execute(); $db->createCommand()->delete($this->_auth->itemChildTable)->execute(); $db->createCommand()->delete($this->_auth->assignmentTable)->execute(); $db->createCommand()->delete($this->_auth->ruleTable)->execute(); $this->stdout('Creating permissions...' . PHP_EOL, Console::BOLD); // Users $this->addPermission('createUser', 'Create a user'); $this->addPermission('viewAnyUser', 'View an any user'); $this->addPermission('updateAnyUser', 'Update an any user'); $this->addPermission('deleteAnyUser', 'Delete an any user'); //Settings $this->addPermission('updateSettings', 'Update site settings'); $this->stdout('Attach permissions to roles...' . PHP_EOL, Console::BOLD); $registered = $this->_auth->createRole('Registered'); $this->_auth->add($registered); $admin = $this->_auth->createRole('Administrator'); $this->_auth->add($admin); $this->_auth->addChild($admin, $registered); $this->_auth->addChild($admin, $this->_perms['createUser']); $this->_auth->addChild($admin, $this->_perms['viewAnyUser']); $this->_auth->addChild($admin, $this->_perms['updateAnyUser']); $this->_auth->addChild($admin, $this->_perms['deleteAnyUser']); $this->_auth->addChild($admin, $this->_perms['updateSettings']); }
public function actionInit() { // $auth = Yii::$app->authManager; $auth = new DbManager(); $auth->removeAll(); //удаляем старые данные //Создадим права для доступа к админке $dashboard = $auth->createPermission('dashboard'); $dashboard->description = 'Админ панель'; $auth->add($dashboard); //Включаем наш обработчик $rule = new UserRoleRule(); $auth->add($rule); //Добавляем роли $user = $auth->createRole('user'); $user->description = 'Пользователь'; $user->ruleName = $rule->name; $auth->add($user); $moder = $auth->createRole('moder'); $moder->description = 'Модератор'; $moder->ruleName = $rule->name; $auth->add($moder); //Добавляем потомков $auth->addChild($moder, $user); $auth->addChild($moder, $dashboard); $admin = $auth->createRole('admin'); $admin->description = 'Администратор'; $admin->ruleName = $rule->name; $auth->add($admin); $auth->addChild($admin, $moder); }
/** * Initial RBAC action * @param integer $id Superadmin ID */ public function actionInit($id = null) { $auth = new DbManager(); $auth->init(); $auth->removeAll(); //удаляем старые данные // Rules $groupRule = new GroupRule(); $auth->add($groupRule); // Roles $student = $auth->createRole('student'); $student->description = 'Student'; $student->ruleName = $groupRule->name; $auth->add($student); $teacher = $auth->createRole('teacher'); $teacher->description = 'Teacher'; $teacher->ruleName = $groupRule->name; $auth->add($teacher); $auth->addChild($teacher, $student); $admin = $auth->createRole('admin'); $admin->description = 'Admin'; $admin->ruleName = $groupRule->name; $auth->add($admin); $auth->addChild($admin, $teacher); $superadmin = $auth->createRole('superadmin'); $superadmin->description = 'Superadmin'; $superadmin->ruleName = $groupRule->name; $auth->add($superadmin); $auth->addChild($superadmin, $admin); // Superadmin assignments if ($id !== null) { $auth->assign($superadmin, $id); } }
/** * Create new role * * @return mixed */ public function actionCreate() { $this->layout = '@app/views/layouts/one-column'; $model = new RoleForm(); $model->setScenario('create'); /* @var $systemAlert Alert */ $systemAlert = Yii::$app->systemAlert; if (Yii::$app->request->isAjax && $model->load($_POST)) { Yii::$app->response->format = Response::FORMAT_JSON; return ActiveForm::validate($model); } if ($model->load($_POST) && $model->validate()) { $transaction = Yii::$app->db->beginTransaction(); try { // create new role $role = $this->authManager->createRole($model->getName()); $role->description = $model->description; if (!$this->authManager->add($role)) { throw new Exception(); } // add role permissions foreach ($model->getPermissionModels() as $permission) { $this->authManager->addChild($role, $permission); } $transaction->commit(); $systemAlert->setMessage(Alert::SUCCESS, Yii::t('user', 'Role created successfully')); return $this->redirect(['index']); } catch (Exception $ex) { $transaction->rollback(); $systemAlert->setMessage(Alert::DANGER, Yii::t('app', 'System error: {message}', ['message' => $ex->getMessage()])); } } return $this->render('create', ['model' => $model]); }
/** * This is to be called only once at the initialization * by commenting out the behaviors first. */ public function actionAdmin() { $r = new DbManager(); $r->init(); $test = $r->createRole('admin'); $r->add($test); $r->assign($test, Yii::$app->user->id); }
public function afterDelete() { $rbac = new DbManager(); $rbac->init(); $role = $rbac->createRole($this->name); $role->description = $this->title; $rbac->remove($role); $rbac->removeChildren($role); return parent::afterDelete(); }
public function actionInit() { $auth = new DbManager(); $auth->init(); $auth->removeAll(); $groupRule = new GroupRule(); $auth->add($groupRule); $user = $auth->createRole('user'); $user->description = 'User'; $user->ruleName = $groupRule->name; $auth->add($user); $auth->add($auth->createPermission('admin')); }
/** * the register customer will be added 'customer' role */ public static function frontendRegister() { Event::on(User::className(), User::USER_REGISTER_DONE, function ($event) { /** @var \yii\base\ModelEvent $event */ $user = $event->sender; $auth = new DbManager(); $auth->init(); $role = $auth->getRole('Customer'); if (!$role) { $role = $auth->createRole('Customer'); $auth->add($role); } $auth->assign($role, $user->id); }); }
/** * * @param string $name * @return int The exit-code, 0 for success, 601 (DB) or 602 (Exception) for link errors */ public function actionCreateRole($name) { $role = $this->_authManager->createRole($name); return $this->link("add", ['role' => $role], ['roleName' => $name]); }
public function actionCreateRole($name) { $role = $this->_authManager->createRole($name); $this->outputItem("Creating", $name, "Role"); return $this->addItem($role); }
/** * Adds RBAC rules. */ public function add(DbManager $authManager) { $viewThread = $authManager->getPermission(self::PERM_VIEW_THREAD); if (!$viewThread instanceof Permission) { $viewThread = $authManager->createPermission(self::PERM_VIEW_THREAD); $viewThread->description = 'View Podium thread'; $authManager->add($viewThread); } $viewForum = $authManager->getPermission(self::PERM_VIEW_FORUM); if (!$viewForum instanceof Permission) { $viewForum = $authManager->createPermission(self::PERM_VIEW_FORUM); $viewForum->description = 'View Podium forum'; $authManager->add($viewForum); } $createThread = $authManager->getPermission(self::PERM_CREATE_THREAD); if (!$createThread instanceof Permission) { $createThread = $authManager->createPermission(self::PERM_CREATE_THREAD); $createThread->description = 'Create Podium thread'; $authManager->add($createThread); } $createPost = $authManager->getPermission(self::PERM_CREATE_POST); if (!$createPost instanceof Permission) { $createPost = $authManager->createPermission(self::PERM_CREATE_POST); $createPost->description = 'Create Podium post'; $authManager->add($createPost); } $moderatorRule = $authManager->getRule('isPodiumModerator'); if (!$moderatorRule instanceof ModeratorRule) { $moderatorRule = new ModeratorRule(); $authManager->add($moderatorRule); } $updatePost = $authManager->getPermission(self::PERM_UPDATE_POST); if (!$updatePost instanceof Permission) { $updatePost = $authManager->createPermission(self::PERM_UPDATE_POST); $updatePost->description = 'Update Podium post'; $updatePost->ruleName = $moderatorRule->name; $authManager->add($updatePost); } $authorRule = $authManager->getRule('isPodiumAuthor'); if (!$authorRule instanceof AuthorRule) { $authorRule = new AuthorRule(); $authManager->add($authorRule); } $updateOwnPost = $authManager->getPermission(self::PERM_UPDATE_OWN_POST); if (!$updateOwnPost instanceof Permission) { $updateOwnPost = $authManager->createPermission(self::PERM_UPDATE_OWN_POST); $updateOwnPost->description = 'Update own Podium post'; $updateOwnPost->ruleName = $authorRule->name; $authManager->add($updateOwnPost); $authManager->addChild($updateOwnPost, $updatePost); } $deletePost = $authManager->getPermission(self::PERM_DELETE_POST); if (!$deletePost instanceof Permission) { $deletePost = $authManager->createPermission(self::PERM_DELETE_POST); $deletePost->description = 'Delete Podium post'; $deletePost->ruleName = $moderatorRule->name; $authManager->add($deletePost); } $deleteOwnPost = $authManager->getPermission(self::PERM_DELETE_OWN_POST); if (!$deleteOwnPost instanceof Permission) { $deleteOwnPost = $authManager->createPermission(self::PERM_DELETE_OWN_POST); $deleteOwnPost->description = 'Delete own Podium post'; $deleteOwnPost->ruleName = $authorRule->name; $authManager->add($deleteOwnPost); $authManager->addChild($deleteOwnPost, $deletePost); } $user = $authManager->getRole(self::ROLE_USER); if (!$user instanceof Role) { $user = $authManager->createRole(self::ROLE_USER); $authManager->add($user); $authManager->addChild($user, $viewThread); $authManager->addChild($user, $viewForum); $authManager->addChild($user, $createThread); $authManager->addChild($user, $createPost); $authManager->addChild($user, $updateOwnPost); $authManager->addChild($user, $deleteOwnPost); } $updateThread = $authManager->getPermission(self::PERM_UPDATE_THREAD); if (!$updateThread instanceof Permission) { $updateThread = $authManager->createPermission(self::PERM_UPDATE_THREAD); $updateThread->description = 'Update Podium thread'; $updateThread->ruleName = $moderatorRule->name; $authManager->add($updateThread); } $deleteThread = $authManager->getPermission(self::PERM_DELETE_THREAD); if (!$deleteThread instanceof Permission) { $deleteThread = $authManager->createPermission(self::PERM_DELETE_THREAD); $deleteThread->description = 'Delete Podium thread'; $deleteThread->ruleName = $moderatorRule->name; $authManager->add($deleteThread); } $pinThread = $authManager->getPermission(self::PERM_PIN_THREAD); if (!$pinThread instanceof Permission) { $pinThread = $authManager->createPermission(self::PERM_PIN_THREAD); $pinThread->description = 'Pin Podium thread'; $pinThread->ruleName = $moderatorRule->name; $authManager->add($pinThread); } $lockThread = $authManager->getPermission(self::PERM_LOCK_THREAD); if (!$lockThread instanceof Permission) { $lockThread = $authManager->createPermission(self::PERM_LOCK_THREAD); $lockThread->description = 'Lock Podium thread'; $lockThread->ruleName = $moderatorRule->name; $authManager->add($lockThread); } $moveThread = $authManager->getPermission(self::PERM_MOVE_THREAD); if (!$moveThread instanceof Permission) { $moveThread = $authManager->createPermission(self::PERM_MOVE_THREAD); $moveThread->description = 'Move Podium thread'; $moveThread->ruleName = $moderatorRule->name; $authManager->add($moveThread); } $movePost = $authManager->getPermission(self::PERM_MOVE_POST); if (!$movePost instanceof Permission) { $movePost = $authManager->createPermission(self::PERM_MOVE_POST); $movePost->description = 'Move Podium post'; $movePost->ruleName = $moderatorRule->name; $authManager->add($movePost); } $banUser = $authManager->getPermission(self::PERM_BAN_USER); if (!$banUser instanceof Permission) { $banUser = $authManager->createPermission(self::PERM_BAN_USER); $banUser->description = 'Ban Podium user'; $authManager->add($banUser); } $moderator = $authManager->getRole(self::ROLE_MODERATOR); if (!$moderator instanceof Role) { $moderator = $authManager->createRole(self::ROLE_MODERATOR); $authManager->add($moderator); $authManager->addChild($moderator, $updatePost); $authManager->addChild($moderator, $updateThread); $authManager->addChild($moderator, $deletePost); $authManager->addChild($moderator, $deleteThread); $authManager->addChild($moderator, $pinThread); $authManager->addChild($moderator, $lockThread); $authManager->addChild($moderator, $moveThread); $authManager->addChild($moderator, $movePost); $authManager->addChild($moderator, $banUser); $authManager->addChild($moderator, $user); } $deleteUser = $authManager->getPermission(self::PERM_DELETE_USER); if (!$deleteUser instanceof Permission) { $deleteUser = $authManager->createPermission(self::PERM_DELETE_USER); $deleteUser->description = 'Delete Podium user'; $authManager->add($deleteUser); } $promoteUser = $authManager->getPermission(self::PERM_PROMOTE_USER); if (!$promoteUser instanceof Permission) { $promoteUser = $authManager->createPermission(self::PERM_PROMOTE_USER); $promoteUser->description = 'Promote Podium user'; $authManager->add($promoteUser); } $createForum = $authManager->getPermission(self::PERM_CREATE_FORUM); if (!$createForum instanceof Permission) { $createForum = $authManager->createPermission(self::PERM_CREATE_FORUM); $createForum->description = 'Create Podium forum'; $authManager->add($createForum); } $updateForum = $authManager->getPermission(self::PERM_UPDATE_FORUM); if (!$updateForum instanceof Permission) { $updateForum = $authManager->createPermission(self::PERM_UPDATE_FORUM); $updateForum->description = 'Update Podium forum'; $authManager->add($updateForum); } $deleteForum = $authManager->getPermission(self::PERM_DELETE_FORUM); if (!$deleteForum instanceof Permission) { $deleteForum = $authManager->createPermission(self::PERM_DELETE_FORUM); $deleteForum->description = 'Delete Podium forum'; $authManager->add($deleteForum); } $createCategory = $authManager->getPermission(self::PERM_CREATE_CATEGORY); if (!$createCategory instanceof Permission) { $createCategory = $authManager->createPermission(self::PERM_CREATE_CATEGORY); $createCategory->description = 'Create Podium category'; $authManager->add($createCategory); } $updateCategory = $authManager->getPermission(self::PERM_UPDATE_CATEGORY); if (!$updateCategory instanceof Permission) { $updateCategory = $authManager->createPermission(self::PERM_UPDATE_CATEGORY); $updateCategory->description = 'Update Podium category'; $authManager->add($updateCategory); } $deleteCategory = $authManager->getPermission(self::PERM_DELETE_CATEGORY); if (!$deleteCategory instanceof Permission) { $deleteCategory = $authManager->createPermission(self::PERM_DELETE_CATEGORY); $deleteCategory->description = 'Delete Podium category'; $authManager->add($deleteCategory); } $settings = $authManager->getPermission(self::PERM_CHANGE_SETTINGS); if (!$settings instanceof Permission) { $settings = $authManager->createPermission(self::PERM_CHANGE_SETTINGS); $settings->description = 'Change Podium settings'; $authManager->add($settings); } $admin = $authManager->getRole(self::ROLE_ADMIN); if (!$admin instanceof Role) { $admin = $authManager->createRole(self::ROLE_ADMIN); $authManager->add($admin); $authManager->addChild($admin, $deleteUser); $authManager->addChild($admin, $promoteUser); $authManager->addChild($admin, $createForum); $authManager->addChild($admin, $updateForum); $authManager->addChild($admin, $deleteForum); $authManager->addChild($admin, $createCategory); $authManager->addChild($admin, $updateCategory); $authManager->addChild($admin, $deleteCategory); $authManager->addChild($admin, $settings); $authManager->addChild($admin, $moderator); } }