Example #1
0
 /**
  * @param $action
  * @param $model
  * @param $key
  * @param $index
  * @return bool
  */
 public function checkAccess($action, $model, $key, $index)
 {
     $params = is_array($key) ? $key : ['id' => (string) $key];
     $params[0] = $this->controller ? $this->controller . '/' . $action : $action;
     if (!isset($this->_checkAccessCache[$params[0]])) {
         $operation = Rbac::routeToOperation(RouteNormalizer::normalizeRoute($params[0]));
         $this->_checkAccessCache[$params[0]] = Yii::$app->user->can($operation);
     }
     return $this->_checkAccessCache[$params[0]];
 }
Example #2
0
 /**
  * Generates correct auth item name event for long strings
  * @param $authItem
  * @return string
  * @deprecated Use [[\yz\admin\helpers\Rbac::authItemName]]
  */
 public static function authItemName($authItem)
 {
     return Rbac::authItemName($authItem);
 }
Example #3
0
 protected function checkAccessByRoute($route)
 {
     static $_routes = [];
     if (isset($_routes[$route])) {
         return $_routes[$route];
     }
     $operation = Rbac::routeToOperation($route);
     if ($operation === null) {
         return true;
     }
     return $_routes[$route] = Yii::$app->user->can($operation);
 }
Example #4
0
 /**
  * Returns the list of the backend operations that are allowed to be permitted to the user.
  * By default list is auto-discovered as all actions of controllers that are children of BackendController.
  * List has the following form:
  * ~~~
  * [
  *  'authItemName' => ['Description', type, ['children1', 'children2, ...]],
  * ]
  * ~~~
  * @returns array
  */
 public function getAuthItems()
 {
     $list = [];
     if (is_dir($this->controllerPath) == false) {
         return $list;
     }
     $moduleAuthItemName = Rbac::authItemName($this->className());
     $moduleDescription = \Yii::t('yz', 'Access to the module "{module}"', ['module' => $this->getName()]);
     $moduleAuthItem = [$moduleAuthItemName => [$moduleDescription, Item::TYPE_PERMISSION, []]];
     foreach (FileHelper::findFiles($this->controllerPath, ['only' => ['*Controller.php']]) as $file) {
         $relativePath = ltrim(substr($file, strlen($this->controllerPath)), '\\/');
         $controllerBaseClassName = substr($relativePath, 0, -4);
         // Removing .php
         $controllerName = substr($controllerBaseClassName, 0, -10);
         // Removing Controller
         $controllerClassName = ltrim($this->controllerNamespace . '\\' . str_replace('/', '\\', $controllerBaseClassName));
         $ref = new \ReflectionClass($controllerClassName);
         if ($ref->isSubclassOf(Controller::class) || $ref->implementsInterface(AccessControlInterface::class)) {
             $controllerId = implode('/', array_map([Inflector::class, 'camel2id'], explode('/', $controllerName)));
             $controllerAuthItemName = Rbac::authItemName($controllerClassName);
             $controllerDescription = \Yii::t('yz', 'Access to the section "{module}/{controller}"', ['controller' => $controllerName, 'module' => $this->getName()]);
             $controllerAuthItem = [$controllerAuthItemName => [$controllerDescription, Item::TYPE_PERMISSION, []]];
             $moduleAuthItem[$moduleAuthItemName][2][] = $controllerAuthItemName;
             $controllerInstance = $this->createControllerByID($controllerId);
             $actions = array_keys($controllerInstance->actions());
             $methods = $ref->getMethods(\ReflectionMethod::IS_PUBLIC);
             $actionsAuthItems = [];
             foreach (array_merge($actions, $methods) as $method) {
                 if (is_string($method)) {
                     $action = ucfirst($method);
                 } else {
                     /** @var \ReflectionMethod $method */
                     if (!preg_match('/^action([A-Z].*)$/', $method->getName(), $m)) {
                         continue;
                     }
                     $action = $m[1];
                 }
                 $actionAuthItemName = Rbac::operationName($controllerClassName, $action);
                 $actionDescription = \Yii::t('yz', 'Access to the action "{module}/{controller}/{action}"', ['action' => $action, 'controller' => $controllerName, 'module' => $this->getName()]);
                 $actionsAuthItems[$actionAuthItemName] = [$actionDescription, Item::TYPE_PERMISSION, []];
                 $controllerAuthItem[$controllerAuthItemName][2][] = $actionAuthItemName;
             }
             $list = array_merge($list, $controllerAuthItem, $actionsAuthItems);
         }
     }
     $list = array_merge($moduleAuthItem, $list);
     return $list;
 }
Example #5
0
 protected function accessControlBehavior()
 {
     return ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'matchCallback' => function ($rule, $action) {
         return \Yii::$app->user->can(Rbac::operationName($this, $action->id));
     }], ['allow' => false]]];
 }
Example #6
0
 /**
  * @return array
  */
 protected function getAuthItemsFromApp()
 {
     $list = [];
     if (!is_dir($this->app->controllerPath)) {
         return $list;
     }
     $moduleAuthItemName = $this->className();
     foreach (FileHelper::findFiles($this->app->controllerPath, ['only' => ['*Controller.php']]) as $file) {
         $relativePath = basename($file);
         $controllerBaseClassName = substr($relativePath, 0, -4);
         // Removing .php
         $controllerName = substr($controllerBaseClassName, 0, -10);
         // Removing Controller
         $controllerClassName = ltrim($this->app->controllerNamespace . '\\' . $controllerBaseClassName);
         $ref = new \ReflectionClass($controllerClassName);
         if ($ref->isSubclassOf(Controller::class) || $ref->implementsInterface(AccessControlInterface::class)) {
             /** @var string $controllerClassName */
             $controllerAuthItemName = $controllerClassName;
             $controllerDescription = \Yii::t('admin/t', 'Access to the section "Application/{controller}"', ['controller' => $controllerName]);
             $controllerAuthItem = [$controllerAuthItemName => [$controllerDescription, Item::TYPE_PERMISSION, []]];
             $moduleAuthItem[$moduleAuthItemName][2][] = $controllerAuthItemName;
             $controllerInstance = $this->app->createControllerByID(Inflector::camel2id($controllerName));
             $actions = array_keys($controllerInstance->actions());
             $methods = $ref->getMethods(\ReflectionMethod::IS_PUBLIC);
             $actionsAuthItems = [];
             foreach (array_merge($actions, $methods) as $method) {
                 if (is_string($method)) {
                     $action = ucfirst($method);
                 } else {
                     /** @var \ReflectionMethod $method */
                     if (!preg_match('/^action([A-Z].*)$/', $method->getName(), $m)) {
                         continue;
                     }
                     $action = $m[1];
                 }
                 $actionAuthItemName = Rbac::operationName($controllerClassName, $action);
                 $actionDescription = \Yii::t('admin/t', 'Access to the action "Application/{controller}/{action}"', ['action' => $action, 'controller' => $controllerName]);
                 $actionsAuthItems[$actionAuthItemName] = [$actionDescription, Item::TYPE_PERMISSION, []];
                 $controllerAuthItem[$controllerAuthItemName][2][] = $actionAuthItemName;
             }
             $list = array_merge($list, $controllerAuthItem, $actionsAuthItems);
         }
     }
     return $list;
 }
Example #7
0
 /**
  * @param string|array $route
  * @return bool
  */
 protected function checkAccess($route)
 {
     if (is_array($route)) {
         $route = reset($route);
     }
     $operation = Rbac::routeToOperation(RouteNormalizer::normalizeRoute($route));
     return \Yii::$app->user->can($operation);
 }