When [[enableSession]] is true, this method may attempt to read the user's authentication data
stored in session and reconstruct the corresponding identity object, if it has not done so before.
| public getIdentity ( boolean $autoRenew = true ) : yii\web\IdentityInterface | null | ||
| $autoRenew | boolean | whether to automatically renew authentication status if it has not been done so before. This is only useful when [[enableSession]] is true. |
| return | yii\web\IdentityInterface | null | the identity object associated with the currently logged-in user. `null` is returned if the user is not logged in (not authenticated). |
public function getIdentity($autoRenew = true)
{
if ($this->_overrideIdentity !== null) {
return $this->_overrideIdentity;
}
return parent::getIdentity($autoRenew);
}
/**
*
* overwrite 存到session
*/
public function getIdentity($autoRenew = true)
{
if (!Yii::$app->session["_userInfo"]) {
Yii::$app->session["_userInfo"] = parent::getIdentity($autoRenew);
}
return Yii::$app->session["_userInfo"];
}
/**
* check the permission, if we rewrite and controller, the controller id and module id is not changed
* @param \yii\base\Action $action
* @param \yii\web\User $user
* @param \yii\web\Request $request
* @return bool
*/
public function matchActionAccess($action, $user, $request)
{
if ($user->getIsGuest()) {
return false;
}
/** @var \core\auth\Module $authModule */
$authModule = \Yii::$app->getModule('core_auth');
foreach ($authModule->getAdmins() as $key => $admin) {
if ($user->getIdentity()->username == $admin['username']) {
return true;
}
}
if ($action->controller->module instanceof Application) {
$key = 'default' . '_' . $action->controller->id . '_' . $action->id;
} else {
$key = $action->getUniqueId();
$key = explode('/', $key);
array_shift($key);
$key = implode('_', $key);
}
$key = lcfirst(implode('', array_map(function ($k) {
return ucfirst($k);
}, explode('-', $key))));
return $user->can($key, $this->params);
}
/**
* Returns true if $user can edit secure options for concrete entity ($owner).
* @param User $user
* @return bool
*/
public function checkSecureAccess(User $user)
{
Yii::trace("Checking secure access to '{$this->owner->className()}'" . PHP_EOL . 'Identifier: ' . VarDumper::dumpAsString($this->owner->getPrimaryKey(true)) . PHP_EOL . "User: {$user->getId()}", __METHOD__);
if (($identity = $user->getIdentity()) && $identity->isAdmin) {
return true;
}
if (empty($this->secureRoles)) {
return false;
}
foreach ($this->secureRoles as $item) {
if (!$user->can($item)) {
return false;
}
}
return true;
}
/**
* @param bool $autoRenew
* @return null|\app\models\User
*/
public function getIdentity($autoRenew = true)
{
return parent::getIdentity($autoRenew);
}
/**
* @param array $row
* @param SecureActiveQueryInterface $query
* @param User $user
* @return User
* @throws \LogicException
* @SuppressWarnings(PHPMD.ElseExpression)
*/
protected function checkAccess(array $row, SecureActiveQueryInterface $query, User $user)
{
$identifier = ($identity = $user->getIdentity()) ? $identity->username : 0;
Yii::trace("Checking access to row data for user '{$identifier}'" . PHP_EOL . VarDumper::dumpAsString($row), __METHOD__);
$secureItemField = $query->getSecureItemAttribute();
if (!isset($row[$secureItemField])) {
throw new \LogicException("Row from database should contain secure item field '{$secureItemField}'");
}
$permission = $row[$secureItemField];
if (!is_null($identity) && $identity->isAdmin) {
$result = true;
} else {
$result = $user->can($permission);
}
Yii::getLogger()->log(($result ? 'Access granted' : 'Access denied') . " for user '{$identifier}' (" . $permission . ')', $result ? Logger::LEVEL_INFO : Logger::LEVEL_WARNING, __METHOD__);
return $result;
}
