/** * Assign route to role via permission and create permission or route if it don't exists * Helper mainly for migrations * * @param string $roleName * @param string $permissionName * @param array $routes * @param null|string $permissionDescription * @param null|string $groupCode * * @throws \InvalidArgumentException * @return true|static|string */ public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null) { $role = static::findOne(['name' => $roleName]); if (!$role) { throw new \InvalidArgumentException("Role with name = {$roleName} not found"); } $permission = Permission::findOne(['name' => $permissionName]); if (!$permission) { $permission = Permission::create($permissionName, $permissionDescription, $groupCode); if ($permission->hasErrors()) { return $permission; } } try { Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user-management')->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute(); } catch (Exception $e) { // Don't throw Exception because we may have this permission for this role, // but need to add new routes to it } $routes = (array) $routes; foreach ($routes as $route) { Route::create($route); try { Yii::$app->db->createCommand()->insert(Yii::$app->getModule('user-management')->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute(); } catch (Exception $e) { // Don't throw Exception because this permission may already have this route, // so just go to the next route } } AuthHelper::invalidatePermissions(); return true; }
public function safeUp() { Route::refreshRoutes(); Role::create('Admin'); // ================= User management permissions ================= $group = new AuthItemGroup(); $group->name = 'User management'; $group->code = 'userManagement'; $group->save(false); Role::assignRoutesViaPermission('Admin', 'viewUsers', ['/user-management/user/index', '/user-management/user/view', '/user-management/user/grid-page-size'], 'View users', $group->code); Role::assignRoutesViaPermission('Admin', 'createUsers', ['/user-management/user/create'], 'Create users', $group->code); Role::assignRoutesViaPermission('Admin', 'editUsers', ['/user-management/user/update', '/user-management/user/bulk-activate', '/user-management/user/bulk-deactivate'], 'Edit users', $group->code); Role::assignRoutesViaPermission('Admin', 'deleteUsers', ['/user-management/user/delete', '/user-management/user/bulk-delete'], 'Delete users', $group->code); Role::assignRoutesViaPermission('Admin', 'changeUserPassword', ['/user-management/user/change-password'], 'Change user password', $group->code); Role::assignRoutesViaPermission('Admin', 'assignRolesToUsers', ['/user-management/user-permission/set', '/user-management/user-permission/set-roles'], 'Assign roles to users', $group->code); Permission::assignRoutes('viewVisitLog', ['/user-management/user-visit-log/index', '/user-management/user-visit-log/grid-page-size', '/user-management/user-visit-log/view'], 'View visit log', $group->code); Permission::create('viewUserRoles', 'View user roles', $group->code); Permission::create('viewRegistrationIp', 'View registration IP', $group->code); Permission::create('viewUserEmail', 'View user email', $group->code); Permission::create('editUserEmail', 'Edit user email', $group->code); Permission::create('bindUserToIp', 'Bind user to IP', $group->code); Permission::addChildren('assignRolesToUsers', ['viewUsers', 'viewUserRoles']); Permission::addChildren('changeUserPassword', ['viewUsers']); Permission::addChildren('deleteUsers', ['viewUsers']); Permission::addChildren('createUsers', ['viewUsers']); Permission::addChildren('editUsers', ['viewUsers']); Permission::addChildren('editUserEmail', ['viewUserEmail']); // ================= User common permissions ================= $group = new AuthItemGroup(); $group->name = 'User common permission'; $group->code = 'userCommonPermissions'; $group->save(false); Role::assignRoutesViaPermission('Admin', 'changeOwnPassword', ['/user-management/auth/change-own-password'], 'Change own password', $group->code); }
public function safeUp() { Permission::create(Yii::$app->getModule('user-management')->commonPermissionName); }
public function safeUp() { Permission::create(Yii::$app->getModule(\Yii::$app->user->moduleAliasName)->commonPermissionName); }