/**
* @brief 异步后台进程初始化
*/
public function __construct()
{
define('APP_NAME', 'Daemon');
define('APPLICATION_PATH', dirname(__DIR__));
define('AHA_SRC_PATH', dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . 'src');
require_once AHA_SRC_PATH . '/Aha/Daemon.php';
\Aha\Daemon::initLoader();
$this->_objAha = \Aha\Daemon::getInstance(APP_NAME, 'product');
$this->_objAha->getLoader()->registerNamespace(APP_NAME, APPLICATION_PATH);
$this->_objAha->run();
}
/**
* @brief 异步后台进程初始化
*/
public function __construct()
{
define('APP_NAME', 'Daemon');
define('APPLICATION_PATH', dirname(__DIR__) . '/../');
define('AHA_SRC_PATH', dirname(__DIR__) . '/../../src');
require_once AHA_SRC_PATH . '/Aha/Daemon.php';
\Aha\Daemon::initLoader();
$this->_objAha = \Aha\Daemon::getInstance(APP_NAME, 'dev');
$this->_objAha->getLoader()->registerNamespace(APP_NAME, APPLICATION_PATH);
$this->_objAha->run();
$this->_objProtocolPackage = new \Aha\Process\Protocol\Package();
\Daemon\Library\Ipc\Shared::initTable();
}
/**
* A filter to clear the authItem cache.
* @param type $filterChain The filter chain Yii is currently acting on.
*/
public function filterClearAuthCache($filterChain)
{
// Check for existence of authCache object (for backwards compatibility)
if (!is_null(Yii::app()->db->getSchema()->getTable('x2_auth_cache'))) {
if (Yii::app()->hasComponent('authCache')) {
$authCache = Yii::app()->authCache;
if (isset($authCache)) {
$authCache->clear();
}
}
}
$filterChain->run();
}
/**
* A filter to clear the groups cache.
*
* This method clears the cache whenever the groups controller is accessed.
* Caching improves performance throughout the app, but will occasionally
* need to be cleared. Keeping this filter here allows for cleaning up the
* cache when required.
*
* @param type $filterChain The filter chain Yii is currently acting on.
*/
public function filterClearGroupsCache($filterChain)
{
$filterChain->run();
Yii::app()->cache->delete('user_groups');
Yii::app()->cache->delete('user_roles');
}
/**
* Basic permissions check filter.
*
* It is meant to simplify the simpler actions where named after existing
* actions (or actions listed among the keys of {@link actionAuthItemMap})
*
* @param type $filterChain
*/
public function filterCheckCRUDPermissions($filterChain)
{
$model = new $this->modelClass();
$module = ucfirst($model->module);
$action = $this->action->id;
if (array_key_exists($action, $this->actionAuthItemMap)) {
$action = $this->actionAuthItemMap[$action];
} else {
$action = ucfirst($action);
}
$level = $this->actionCheckPermissions($module . $action);
if ($level) {
$filterChain->run();
} else {
$this->log("User \"{$this->user->username}\" denied API action; does not have permission for {$module}{$action}", 'application.automation.api');
$this->_sendResponse(403, 'This user does not have permission to perform operation "' . $action . "\" on model <b>{$this->modelClass}</b>");
}
}
/**
* Performs RBAC permission checks before allowing access to something.
*
* This is to make permissions consistent with normal use of te app
*
* @param type $filterChain
*/
public function filterRbac($filterChain)
{
$action = null;
// The name of the RBAC item to check
$data = array();
// Additional parameters for RBAC
$method = Yii::app()->request->requestType;
$user = Yii::app()->getSuModel();
$username = $user->username;
$userId = $user->id;
$denial = "User {$username} does not have permission to perform action {action}";
// Include module-specific, assignment-based permissions if operating
// on a model (as opposed to, say, querying all tags regardless of the
// type of record they're attached to)
if (isset($_GET['_class'])) {
$linkable = $this->staticModel->asa('X2LinkableBehavior');
$module = !empty($linkable) ? ucfirst($linkable->module) : $_GET['_class'];
// Assignment/ownership as stored in the model should be
// included in the RBAC parameters for business rules to execute
// properly, if an ID is specified:
if (isset($_GET['_id'])) {
$data['X2Model'] = $this->model;
}
}
// Resolve the name of the auth item to check.
//
// There are three actions and five different request types (DELETE,
// GET, PATCH, POST, PUT) two of which (PATCH/PUT) are indistinct.
switch ($this->action->id) {
case 'count':
switch ($method) {
case 'GET':
$action = "{$module}Index";
break;
}
break;
case 'model':
switch ($method) {
case 'DELETE':
$action = "{$module}Delete";
break;
case 'GET':
// Query or view individual:
$action = isset($_GET['_id']) ? "{$module}View" : "{$module}Index";
break;
case 'PATCH':
case 'PUT':
$action = "{$module}Update";
}
break;
case 'relationships':
case 'tags':
switch ($method) {
case 'DELETE':
case 'PATCH':
case 'PUT':
case 'POST':
// As long as the user has permission to view the
// record, they should have permission to alter these
// metadata (this is the behavior of the base app, as
// of this writing):
$action = "{$module}View";
break;
case 'GET':
if (isset($_GET['_class']) && isset($_GET['_id'])) {
// Respect the permissions of that particular model,
// so that URI's corresponding to a given model
// record respond consistently:
$action = "{$module}View";
} else {
// Querying all relationships/tags. Simply allow
// access because there's no analogue of this
// functionality in the application (as of this
// writing), let alone permission entries for them,
// and thus nothing on which to base permissions.
$filterChain->run();
}
break;
}
break;
}
// Use RBAC to check permission if an auth item exists.
if (Yii::app()->authManager->getAuthItem($action) instanceof CAuthItem) {
if (!Yii::app()->authManager->checkAccess($action, $userId, $data)) {
$this->send(403, "You do not have permission to perform this action..");
}
}
$filterChain->run();
}
public function execute()
{
$this->define_hooks();
$this->plugin_loader->run();
}
