/**
* Saves item.
*
* @return bool
*/
public function save()
{
if ($this->validate() == false) {
return false;
}
if ($isNewItem = $this->item === null) {
$this->item = $this->createItem($this->name);
} else {
$oldName = $this->item->name;
}
$this->item->name = $this->name;
$this->item->description = $this->description;
if (!empty($this->rule)) {
$rule = \Yii::createObject($this->rule);
if (null === $this->manager->getRule($rule->name)) {
$this->manager->add($rule);
}
$this->item->ruleName = $rule->name;
} else {
$this->item->ruleName = null;
}
$createdFlashMessage = '';
$updatedFlashMessage = '';
if ($this->item->type = Item::TYPE_PERMISSION) {
$createdFlashMessage = Yii::t('rbac', 'Permission has been created');
$updatedFlashMessage = Yii::t('rbac', 'Permission has been updated');
} else {
if ($this->item->type = Item::TYPE_ROLE) {
$createdFlashMessage = Yii::t('rbac', 'Role has been updated');
$updatedFlashMessage = Yii::t('rbac', 'Role has been updated');
}
}
if ($isNewItem) {
\Yii::$app->session->setFlash('success', $createdFlashMessage);
$this->manager->add($this->item);
} else {
\Yii::$app->session->setFlash('success', $updatedFlashMessage);
$this->manager->update($oldName, $this->item);
}
$this->manager->removeChildren($this->item);
if (is_array($this->children)) {
foreach ($this->children as $name) {
if ($this->item->type = Item::TYPE_PERMISSION) {
$child = $this->manager->getPermission($name);
} else {
if ($this->item->type = Item::TYPE_ROLE) {
$child = $this->manager->getRole($name);
}
}
if ($this->manager->hasChild($this->item, $child) == false) {
$this->manager->addChild($this->item, $child);
}
}
}
return true;
}
/**
* Удаляет роль, привилегию или правило из системы
* @param $type
* @param $name
* @return int
* @throws ErrorException
*/
public function actionDelete($type, $name)
{
$item = null;
switch ($type) {
case self::TYPE_ROLE:
$item = $this->authManager->getRole($name);
break;
case self::TYPE_PERMISSION:
$item = $this->authManager->getPermission($name);
break;
case self::TYPE_RULE:
$item = $this->authManager->getRule($name);
break;
default:
throw new InvalidParamException(self::invalidTypeMessage());
break;
}
if (is_null($item)) {
throw new ErrorException("{$type} '{$name}' не найдена.");
}
$this->authManager->remove($item);
return Controller::EXIT_CODE_NORMAL;
}
/**
* Adds RBAC rules.
*/
public function add(DbManager $authManager)
{
$viewThread = $authManager->getPermission(self::PERM_VIEW_THREAD);
if (!$viewThread instanceof Permission) {
$viewThread = $authManager->createPermission(self::PERM_VIEW_THREAD);
$viewThread->description = 'View Podium thread';
$authManager->add($viewThread);
}
$viewForum = $authManager->getPermission(self::PERM_VIEW_FORUM);
if (!$viewForum instanceof Permission) {
$viewForum = $authManager->createPermission(self::PERM_VIEW_FORUM);
$viewForum->description = 'View Podium forum';
$authManager->add($viewForum);
}
$createThread = $authManager->getPermission(self::PERM_CREATE_THREAD);
if (!$createThread instanceof Permission) {
$createThread = $authManager->createPermission(self::PERM_CREATE_THREAD);
$createThread->description = 'Create Podium thread';
$authManager->add($createThread);
}
$createPost = $authManager->getPermission(self::PERM_CREATE_POST);
if (!$createPost instanceof Permission) {
$createPost = $authManager->createPermission(self::PERM_CREATE_POST);
$createPost->description = 'Create Podium post';
$authManager->add($createPost);
}
$moderatorRule = $authManager->getRule('isPodiumModerator');
if (!$moderatorRule instanceof ModeratorRule) {
$moderatorRule = new ModeratorRule();
$authManager->add($moderatorRule);
}
$updatePost = $authManager->getPermission(self::PERM_UPDATE_POST);
if (!$updatePost instanceof Permission) {
$updatePost = $authManager->createPermission(self::PERM_UPDATE_POST);
$updatePost->description = 'Update Podium post';
$updatePost->ruleName = $moderatorRule->name;
$authManager->add($updatePost);
}
$authorRule = $authManager->getRule('isPodiumAuthor');
if (!$authorRule instanceof AuthorRule) {
$authorRule = new AuthorRule();
$authManager->add($authorRule);
}
$updateOwnPost = $authManager->getPermission(self::PERM_UPDATE_OWN_POST);
if (!$updateOwnPost instanceof Permission) {
$updateOwnPost = $authManager->createPermission(self::PERM_UPDATE_OWN_POST);
$updateOwnPost->description = 'Update own Podium post';
$updateOwnPost->ruleName = $authorRule->name;
$authManager->add($updateOwnPost);
$authManager->addChild($updateOwnPost, $updatePost);
}
$deletePost = $authManager->getPermission(self::PERM_DELETE_POST);
if (!$deletePost instanceof Permission) {
$deletePost = $authManager->createPermission(self::PERM_DELETE_POST);
$deletePost->description = 'Delete Podium post';
$deletePost->ruleName = $moderatorRule->name;
$authManager->add($deletePost);
}
$deleteOwnPost = $authManager->getPermission(self::PERM_DELETE_OWN_POST);
if (!$deleteOwnPost instanceof Permission) {
$deleteOwnPost = $authManager->createPermission(self::PERM_DELETE_OWN_POST);
$deleteOwnPost->description = 'Delete own Podium post';
$deleteOwnPost->ruleName = $authorRule->name;
$authManager->add($deleteOwnPost);
$authManager->addChild($deleteOwnPost, $deletePost);
}
$user = $authManager->getRole(self::ROLE_USER);
if (!$user instanceof Role) {
$user = $authManager->createRole(self::ROLE_USER);
$authManager->add($user);
$authManager->addChild($user, $viewThread);
$authManager->addChild($user, $viewForum);
$authManager->addChild($user, $createThread);
$authManager->addChild($user, $createPost);
$authManager->addChild($user, $updateOwnPost);
$authManager->addChild($user, $deleteOwnPost);
}
$updateThread = $authManager->getPermission(self::PERM_UPDATE_THREAD);
if (!$updateThread instanceof Permission) {
$updateThread = $authManager->createPermission(self::PERM_UPDATE_THREAD);
$updateThread->description = 'Update Podium thread';
$updateThread->ruleName = $moderatorRule->name;
$authManager->add($updateThread);
}
$deleteThread = $authManager->getPermission(self::PERM_DELETE_THREAD);
if (!$deleteThread instanceof Permission) {
$deleteThread = $authManager->createPermission(self::PERM_DELETE_THREAD);
$deleteThread->description = 'Delete Podium thread';
$deleteThread->ruleName = $moderatorRule->name;
$authManager->add($deleteThread);
}
$pinThread = $authManager->getPermission(self::PERM_PIN_THREAD);
if (!$pinThread instanceof Permission) {
$pinThread = $authManager->createPermission(self::PERM_PIN_THREAD);
$pinThread->description = 'Pin Podium thread';
$pinThread->ruleName = $moderatorRule->name;
$authManager->add($pinThread);
}
$lockThread = $authManager->getPermission(self::PERM_LOCK_THREAD);
if (!$lockThread instanceof Permission) {
$lockThread = $authManager->createPermission(self::PERM_LOCK_THREAD);
$lockThread->description = 'Lock Podium thread';
$lockThread->ruleName = $moderatorRule->name;
$authManager->add($lockThread);
}
$moveThread = $authManager->getPermission(self::PERM_MOVE_THREAD);
if (!$moveThread instanceof Permission) {
$moveThread = $authManager->createPermission(self::PERM_MOVE_THREAD);
$moveThread->description = 'Move Podium thread';
$moveThread->ruleName = $moderatorRule->name;
$authManager->add($moveThread);
}
$movePost = $authManager->getPermission(self::PERM_MOVE_POST);
if (!$movePost instanceof Permission) {
$movePost = $authManager->createPermission(self::PERM_MOVE_POST);
$movePost->description = 'Move Podium post';
$movePost->ruleName = $moderatorRule->name;
$authManager->add($movePost);
}
$banUser = $authManager->getPermission(self::PERM_BAN_USER);
if (!$banUser instanceof Permission) {
$banUser = $authManager->createPermission(self::PERM_BAN_USER);
$banUser->description = 'Ban Podium user';
$authManager->add($banUser);
}
$moderator = $authManager->getRole(self::ROLE_MODERATOR);
if (!$moderator instanceof Role) {
$moderator = $authManager->createRole(self::ROLE_MODERATOR);
$authManager->add($moderator);
$authManager->addChild($moderator, $updatePost);
$authManager->addChild($moderator, $updateThread);
$authManager->addChild($moderator, $deletePost);
$authManager->addChild($moderator, $deleteThread);
$authManager->addChild($moderator, $pinThread);
$authManager->addChild($moderator, $lockThread);
$authManager->addChild($moderator, $moveThread);
$authManager->addChild($moderator, $movePost);
$authManager->addChild($moderator, $banUser);
$authManager->addChild($moderator, $user);
}
$deleteUser = $authManager->getPermission(self::PERM_DELETE_USER);
if (!$deleteUser instanceof Permission) {
$deleteUser = $authManager->createPermission(self::PERM_DELETE_USER);
$deleteUser->description = 'Delete Podium user';
$authManager->add($deleteUser);
}
$promoteUser = $authManager->getPermission(self::PERM_PROMOTE_USER);
if (!$promoteUser instanceof Permission) {
$promoteUser = $authManager->createPermission(self::PERM_PROMOTE_USER);
$promoteUser->description = 'Promote Podium user';
$authManager->add($promoteUser);
}
$createForum = $authManager->getPermission(self::PERM_CREATE_FORUM);
if (!$createForum instanceof Permission) {
$createForum = $authManager->createPermission(self::PERM_CREATE_FORUM);
$createForum->description = 'Create Podium forum';
$authManager->add($createForum);
}
$updateForum = $authManager->getPermission(self::PERM_UPDATE_FORUM);
if (!$updateForum instanceof Permission) {
$updateForum = $authManager->createPermission(self::PERM_UPDATE_FORUM);
$updateForum->description = 'Update Podium forum';
$authManager->add($updateForum);
}
$deleteForum = $authManager->getPermission(self::PERM_DELETE_FORUM);
if (!$deleteForum instanceof Permission) {
$deleteForum = $authManager->createPermission(self::PERM_DELETE_FORUM);
$deleteForum->description = 'Delete Podium forum';
$authManager->add($deleteForum);
}
$createCategory = $authManager->getPermission(self::PERM_CREATE_CATEGORY);
if (!$createCategory instanceof Permission) {
$createCategory = $authManager->createPermission(self::PERM_CREATE_CATEGORY);
$createCategory->description = 'Create Podium category';
$authManager->add($createCategory);
}
$updateCategory = $authManager->getPermission(self::PERM_UPDATE_CATEGORY);
if (!$updateCategory instanceof Permission) {
$updateCategory = $authManager->createPermission(self::PERM_UPDATE_CATEGORY);
$updateCategory->description = 'Update Podium category';
$authManager->add($updateCategory);
}
$deleteCategory = $authManager->getPermission(self::PERM_DELETE_CATEGORY);
if (!$deleteCategory instanceof Permission) {
$deleteCategory = $authManager->createPermission(self::PERM_DELETE_CATEGORY);
$deleteCategory->description = 'Delete Podium category';
$authManager->add($deleteCategory);
}
$settings = $authManager->getPermission(self::PERM_CHANGE_SETTINGS);
if (!$settings instanceof Permission) {
$settings = $authManager->createPermission(self::PERM_CHANGE_SETTINGS);
$settings->description = 'Change Podium settings';
$authManager->add($settings);
}
$admin = $authManager->getRole(self::ROLE_ADMIN);
if (!$admin instanceof Role) {
$admin = $authManager->createRole(self::ROLE_ADMIN);
$authManager->add($admin);
$authManager->addChild($admin, $deleteUser);
$authManager->addChild($admin, $promoteUser);
$authManager->addChild($admin, $createForum);
$authManager->addChild($admin, $updateForum);
$authManager->addChild($admin, $deleteForum);
$authManager->addChild($admin, $createCategory);
$authManager->addChild($admin, $updateCategory);
$authManager->addChild($admin, $deleteCategory);
$authManager->addChild($admin, $settings);
$authManager->addChild($admin, $moderator);
}
}
