コード例 #1
0
ファイル: AccessControl.php プロジェクト: kuzmiand/yii2-users 
 /**
  * Check if user has access to current route
  *
  * @param Action $action the action to be executed.
  *
  * @return boolean whether the action should continue to be executed.
  */
 public function beforeAction($action)
 {
     if ($action->id == 'captcha') {
         return true;
     }
     $route = '/' . $action->uniqueId;
     if (Route::isFreeAccess($route, $action)) {
         return true;
     }
     if (Yii::$app->user->isGuest) {
         $this->denyAccess();
     }
     // If user has been deleted, then destroy session and redirect to home page
     if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) {
         Yii::$app->getSession()->destroy();
         $this->denyAccess();
     }
     // Superadmin owns everyone
     if (Yii::$app->user->identity->isSuperadmin) {
         return true;
     }
     if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) {
         Yii::$app->user->logout();
         Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl());
     }
     if (User::canRoute($route)) {
         return true;
     }
     if (isset($this->denyCallback)) {
         call_user_func($this->denyCallback, null, $action);
     } else {
         $this->denyAccess();
     }
     return false;
 }
コード例 #2
0
ファイル: AuthHelper.php プロジェクト: kuzmiand/yii2-users 
 /**
  * Gather all user permissions and roles and store them in the session
  *
  * @param UserIdentity $identity
  */
 public static function updatePermissions($identity)
 {
     $session = Yii::$app->session;
     // Clear data first in case we want to refresh permissions
     $session->remove(self::SESSION_PREFIX_ROLES);
     $session->remove(self::SESSION_PREFIX_PERMISSIONS);
     $session->remove(self::SESSION_PREFIX_ROUTES);
     // Set permissions last mod time
     $session->set(self::SESSION_PREFIX_LAST_UPDATE, filemtime(self::getPermissionsLastModFile()));
     // Save roles, permissions and routes in session
     $session->set(self::SESSION_PREFIX_ROLES, array_keys(Role::getUserRoles($identity->id)));
     $session->set(self::SESSION_PREFIX_PERMISSIONS, array_keys(Permission::getUserPermissions($identity->id)));
     $session->set(self::SESSION_PREFIX_ROUTES, Route::getUserRoutes($identity->id));
 }
コード例 #3
0
ファイル: Role.php プロジェクト: kuzmiand/yii2-users 
 /**
  * Assign route to role via permission and create permission or route if it don't exists
  * Helper mainly for migrations
  *
  * @param string      $roleName
  * @param string      $permissionName
  * @param array       $routes
  * @param null|string $permissionDescription
  * @param null|string $groupCode
  *
  * @throws \InvalidArgumentException
  * @return true|static|string
  */
 public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
 {
     $role = static::findOne(['name' => $roleName]);
     if (!$role) {
         throw new \InvalidArgumentException("Role with name = {$roleName} not found");
     }
     $permission = Permission::findOne(['name' => $permissionName]);
     if (!$permission) {
         $permission = Permission::create($permissionName, $permissionDescription, $groupCode);
         if ($permission->hasErrors()) {
             return $permission;
         }
     }
     try {
         Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
     } catch (Exception $e) {
         // Don't throw Exception because we may have this permission for this role,
         // but need to add new routes to it
     }
     $routes = (array) $routes;
     foreach ($routes as $route) {
         $route = '/' . ltrim($route, '/');
         Route::create($route);
         try {
             Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
         } catch (Exception $e) {
             // Don't throw Exception because this permission may already have this route,
             // so just go to the next route
         }
     }
     AuthHelper::invalidatePermissions();
     return true;
 }
コード例 #4
0
 /**
  * Add new routes and remove unused (for example if module or controller was deleted)
  *
  * @param string $id
  *
  * @return \yii\web\Response
  */
 public function actionRefreshRoutes($id)
 {
     Route::refreshRoutes();
     return $this->redirect(['view', 'id' => $id]);
 }
コード例 #5
0
ファイル: Route.php プロジェクト: kuzmiand/yii2-users 
 /**
  * Check if current route allowed for everyone (in commonPermission routes)
  *
  * @param string $currentFullRoute
  *
  * @return bool
  */
 protected static function isInCommonPermission($currentFullRoute)
 {
     $commonRoutes = Yii::$app->cache->get('__commonRoutes');
     if ($commonRoutes === false) {
         $commonRoutesDB = (new Query())->select('child')->from(Yii::$app->getModule('user')->auth_item_child_table)->where(['parent' => Yii::$app->getModule('user')->commonPermissionName])->column();
         $commonRoutes = Route::withSubRoutes($commonRoutesDB, ArrayHelper::map(Route::find()->asArray()->all(), 'name', 'name'));
         Yii::$app->cache->set('__commonRoutes', $commonRoutes, 3600);
     }
     return in_array($currentFullRoute, $commonRoutes);
 }
コード例 #6
0
ファイル: User.php プロジェクト: kuzmiand/yii2-users 
 public static function canRoute($route, $superAdminAllowed = true)
 {
     if ($superAdminAllowed and @Yii::$app->user->identity->isSuperadmin) {
         return true;
     }
     $baseRoute = AuthHelper::unifyRoute($route);
     if (Route::isFreeAccess($baseRoute)) {
         return true;
     }
     AuthHelper::ensurePermissionsUpToDate();
     return Route::isRouteAllowed($baseRoute, Yii::$app->session->get(AuthHelper::SESSION_PREFIX_ROUTES, []));
 }