부터: 1.0.0
저자: Spyros Soldatos (spyros@valor.gr)
상속: extends CActiveRecord
예제 #1
0
 public function checkAccess($item_name)
 {
     //Если суперпользователь, то разрешено все
     if (isset(Yii::app()->user->role) && Yii::app()->user->role == AuthItem::ROLE_ROOT) {
         return true;
     }
     $auth_item = AuthItem::model()->findByPk($item_name);
     if (!$auth_item) {
         Yii::log('Задача $item_name не найдена!');
         return false;
     }
     if ($auth_item->allow_for_all) {
         return true;
     }
     if ($auth_item->task) {
         if ($auth_item->task->allow_for_all) {
             return true;
         } elseif (Yii::app()->user->checkAccess($auth_item->task->name)) {
             return true;
         }
     } else {
         if (Yii::app()->user->checkAccess($auth_item->name)) {
             return true;
         }
     }
     return false;
 }
예제 #2
0
파일: AuthItemApi.php 프로젝트: hung5s/yap
 public function actionDelete($authItemName)
 {
     $authItemName = trim($authItemName);
     if ($authItemName == '') {
         return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_NAME_EMPTY', array('message' => 'Role name is empty'));
     }
     $authItem = AuthItem::model()->find('name=:name', array(':name' => $authItemName));
     if (!is_object($authItem)) {
         return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_NOT_FOUND', array('message' => 'Role is not found'));
     }
     // check if this role is system role
     if ($authItem->is_system == true) {
         return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_CANNOT_DELETE_BECAUSE_SYSTEM', array('message' => 'Cannot delete this role as it is a system role'));
     }
     // check if this role is assigned to any user
     $sql = 'SELECT COUNT(userid) FROM "' . SITE_ID . '_authassignment" WHERE itemname = \'' . $authItem->name . '\'';
     $count = app()->db->createCommand($sql)->queryScalar();
     if ($count > 0) {
         return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_CANNOT_DELETE_BECAUSE_ASSIGNED', array('message' => "Cannot delete this role as it's assigned to users"));
     }
     // delete the role
     if (!$authItem->delete()) {
         return $this->result = errorHandler()->logException(null, -1, 'XUSER_ERR_ROLE_DELETE_FAILED', array('message' => 'Deleting the role has been failed'));
     }
     return $this->result = array('result' => null, 'returnCode' => 1);
 }
예제 #3
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer $id the ID of the model to be loaded
  * @return AuthItem the loaded model
  * @throws CHttpException
  */
 public function loadModel($id)
 {
     $model = AuthItem::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, 'The requested page does not exist.');
     }
     return $model;
 }
예제 #4
0
 public static function newRoleId()
 {
     $rows = AuthItem::model()->FindBySql('select CAST(SUBSTRING(name,11) as SIGNED INTEGER) + 1 AS name from AuthItem where name like "rolebyuser%" order by CAST(SUBSTRING(name,11) as SIGNED INTEGER) desc limit 1');
     $result = '1';
     if (count((array) $rows) > 0) {
         $result = $rows['name'];
     }
     return $result;
 }
예제 #5
0
 public function actionIndex()
 {
     $moduleId = $this->get('id', '');
     $model = Module::model()->find('name = :name', array(':name' => $moduleId));
     if ($model && $this->generateRoutes($moduleId)) {
         $features = $this->getFeatures($moduleId);
     }
     $roles = AuthItem::model()->findAll('type = 2');
     $this->render('index', array('model' => $model, 'features' => $features, 'roles' => $roles));
 }
예제 #6
0
 public function checkAccess($auth_item_name, $params = array(), $allow_caching = true)
 {
     return true;
     if (Yii::app()->user->isRootRole()) {
         return true;
     }
     $auth_item = AuthItem::model()->findByPk($auth_item_name);
     if ($auth_item && $auth_item['allow_for_all']) {
         return true;
     }
     return parent::checkAccess($auth_item_name, $params, $allow_caching);
 }
예제 #7
0
 public function checkName()
 {
     if ($this->isNewRecord) {
         if (AuthItem::model()->exists('name=LOWER(:name)', array(':name' => strtolower($this->name)))) {
             $this->addError('name', at('Sorry, That name is already in use.'));
         }
     } else {
         if (AuthItem::model()->exists('name=LOWER(:name) AND id!=:id', array(':id' => $this->id, ':name' => strtolower($this->name)))) {
             $this->addError('name', at('Sorry, That name is already in use.'));
         }
     }
 }
예제 #8
0
 public function beforeAction($action)
 {
     $item_name = AuthItem::constructName(Yii::app()->controller->id, $action->id);
     if (!RbacModule::isAllow($item_name)) {
         $this->forbidden();
     }
     if (isset(Yii::app()->params->save_site_actions) && Yii::app()->params->save_site_actions) {
         MainModule::saveSiteAction();
     }
     $this->setTitle($action);
     $this->_setMetaTags($action);
     return true;
 }
예제 #9
0
    public function loadModel($name)
    {
        $model = AuthItem::model()->findByAttributes(array(
            'name' => $name,
            'type' => CAuthItem::TYPE_ROLE
        ));

        if (!$model)
        {
            $this->pageNotFound();
        }

        return $model;
    }
예제 #10
0
 public function preFilter($filter_chain)
 {
     $item_name = AuthItem::constructName($filter_chain->action->controller->id, $filter_chain->action->id);
     if (Yii::app()->user->checkAccess($item_name)) {
         $filter_chain->run();
     } else {
         $msg = null;
         if (YII_DEBUG) {
             $msg = t('Зарещено!') . ' ' . t($item_name) . '<br/>';
             $msg .= CHtml::link('Разрешить для роли "' . Yii::app()->user->role . '"', Yii::app()->createUrl('/rbac/task/allow', array('item_name' => $item_name)));
         }
         $filter_chain->action->controller->forbidden($msg);
     }
 }
예제 #11
0
 public function actionAssignment()
 {
     $model = new Authassignment();
     if (isset($_POST['Authassignment'])) {
         $model->attributes = $_POST['Authassignment'];
         if ($model->validate()) {
             //$this->saveModel($model);
             //$this->redirect(array('view','itemname'=>$model->itemname, 'userid'=>$model->userid));
             $auth = Yii::app()->authManager;
             $auth->assign($model->itemname, $model->userid, $model->bizrule, $model->data);
         }
     }
     $user = User::model()->findAll();
     $item = AuthItem::model()->findAll(array('condition' => 'type=2'));
     $this->render('assignment', array('model' => $model, 'user' => $user, 'item' => $item));
 }
예제 #12
0
 /**
  * Загрузка данных из бд и распределение их по спискам
  */
 private function getData()
 {
     $userAssign = CHtml::listData(AuthAssignment::model()->findAllByAttributes(['userid' => $this->user->id]), 'itemname', 'userid');
     $authItems = AuthItem::model()->findAll(['order' => 'type DESC, description ASC']);
     foreach ((array) $authItems as $item) {
         $this->itemsGroupedByTypes[$item->type][$item->name] = $item;
         $this->itemsList[$item->name] = $item;
         // если проверять каждый элемент, то генерируется огромное количество запросов, но получается правильное дерево с отмеченными дочерними элементами
         // созможно стоит при сохранении ролей что-то придумать
         $this->permissionList[$item->name] = isset($userAssign[$item->name]);
         //Yii::app()->authManager->checkAccess($item->name, $this->user->id);
     }
     $authItemsChild = AuthItemChild::model()->findAll();
     foreach ((array) $authItemsChild as $item) {
         $this->hierarchy[$item->parent][] = $item->child;
         $this->wereChildren[] = $item->child;
     }
 }
예제 #13
0
 /**
  * 删除所有的action操作
  * 写着玩的,不可随意执行,会把所有的operation删掉,并且删除这么operation和用户、角色之间的所有关系
  * 但是也可以随便执行,因为AR模式在这里执行不了,提供个思路,哈哈。
  */
 public function clearOpers()
 {
     $criteria = new CDbCriteria();
     $criteria->condition = "type = 0";
     $actions = AuthItem::model()->findAll($criteria);
     foreach ($actions as $key => $action) {
         $criteria_child = new CDbCriteria();
         $criteria_child->condition = "child = '{$action->name}'";
         $flag = ItemChildren::model()->deleteAll($criteria_child);
         if ($flag > 0) {
             if ($action->delete()) {
                 echo "{$action->name} delete success\n";
             } else {
                 echo "{$action->name} delete failed\n";
             }
         }
     }
 }
예제 #14
0
 /**
  * Check if we have the access keys in the db
  *
  */
 public function checkAccess($operation, $params = array())
 {
     // First make sure we haven't already added it
     // without looking in the db
     $missingRoles = array();
     if (Yii::app()->cache) {
         $missingRoles = Yii::app()->cache->get('missing_roles');
         if ($missingRoles === false) {
             $missingRoles = array();
         }
     }
     // Do we have that roles in the array
     if (!in_array($operation, $missingRoles)) {
         // We don't so look up the db
         $roleExists = AuthItem::model()->find('name=:name', array(':name' => $operation));
         if (!$roleExists) {
             // Figure out the type first
             if (strpos($operation, 'op_') !== false) {
                 $type = CAuthItem::TYPE_OPERATION;
             } elseif (strpos($operation, 'task_') !== false) {
                 $type = CAuthItem::TYPE_TASK;
             } else {
                 $type = CAuthItem::TYPE_ROLE;
             }
             // Create new auth item
             Yii::app()->authManager->createAuthItem($operation, $type, $operation, null, null);
         }
         $missingRoles[$operation] = $operation;
         // Save
         if (Yii::app()->cache) {
             Yii::app()->cache->set('missing_roles', $missingRoles);
         }
     }
     // In case we are in debug mode then return true all the time
     if (YII_DEBUG) {
         return true;
     }
     // Return parent check access
     return parent::checkAccess($operation, $params);
 }
예제 #15
0
 /**
  * @return \yii\db\ActiveQuery
  */
 public function getAuthItems()
 {
     return $this->hasMany(AuthItem::className(), ['rule_name' => 'name'])->from(['authItems' => Authitem::tableName()]);
 }
예제 #16
0
 /**
  * Creates a new model.
  * If creation is successful, the browser will be redirected to the 'view' page.
  */
 public function actionCreateAction()
 {
     $model = new AuthItem();
     // Uncomment the following line if AJAX validation is needed
     // $this->performAjaxValidation($model);
     if (isset($_POST['AuthItem'])) {
         $model->attributes = $_POST['AuthItem'];
         if ($model->save()) {
             $this->logAudit("Action " . $model->name . " was created ");
             $this->redirect(array('view', 'id' => $model->name));
         }
     }
     $this->render('createAction', array('model' => $model));
 }
예제 #17
0
 protected function getModulesTasks()
 {
     $tasks = array();
     $modules = AppManager::getModulesNames();
     foreach ($modules as $module_name => $module_desc) {
         $operations = array();
         $module_actions = AppManager::getModuleActions(ucfirst($module_name) . 'Module');
         foreach ($module_actions as $controller => $actions) {
             $prefix = str_replace('Controller', '', $controller);
             foreach ($actions as $name => $description) {
                 $name = $prefix . '_' . $name;
                 $exists = AuthItem::model()->exists(" name = '{$name}' AND type = '" . CAuthItem::TYPE_OPERATION . "'");
                 $operations[] = array('name' => $name, 'description' => $description, 'exists' => $exists);
             }
         }
         $exists = AuthItem::model()->exists(" name = '{$module_name}' AND type = '" . CAuthItem::TYPE_TASK . "'");
         $tasks[] = array('exists' => $exists, 'name' => $module_name, 'description' => $module_desc, 'operations' => $operations);
     }
     return $tasks;
 }
    function actionTest1()
    {
        $criteria = new CDbCriteria();
        $criteria->select = array('name', 'description');
        $criteria->with = array('authassignments' => array('select' => array('itemname', 'IF(name = itemname,true,false) AS Checked'), 'joinType' => 'LEFT JOIN', 'on' => 'itemname = name and userid = :userid', 'params' => array(':userid' => '1')));
        $criteria->condition = 'type = 2';
        //  $rows = AuthItem::model()->with(array('authassignments'=>array('together'=>false)))->FindAll();
        //  $rows = AuthAssignment::model()->with('users','authitems','authitems.authitemchildren')->FindAll();
        //  $rows  = User::model()->with('authitems')->FindAll();
        $rows = AuthItem::model()->with('authassignments')->FindAll();
        //  var_dump($rows[1]['authassignments']);
        $connection = Yii::app()->db;
        $sql = 'SELECT ai.NAME,
ai.description,
itemname,
IF (ai.NAME = itemname,true,false) AS Checked
FROM AuthItemChild RIGHT JOIN AuthItem ai ON parent = NAME LEFT JOIN AuthAssignment ON itemname = ai.NAME AND userid = 1 WHERE (
NOT parent IN (
SELECT b.child
FROM AuthItemChild b
)
OR (parent IS NULL)
)
AND ai.type = 2
GROUP BY ai.NAME
ORDER BY ai.NAME';
        $command = $connection->createCommand();
        $command->select(['NAME', 'description', 'itemname', 'IF (NAME = itemname,true,false) AS Checked'])->from(['AuthItem'])->leftJoin('AuthItemChild', 'parent = NAME')->leftJoin('AuthAssignment', ['and', 'itemname = NAME', 'userid = :userid'], [':userid' => '1'])->andWhere('not parent in (SELECT b.child FROM AuthItemChild b ) OR (parent IS NULL)')->andWhere('type=:type', [':type' => '2'])->group(['NAME'])->order(['NAME']);
        var_dump($command->join);
        var_dump($command->params);
        //var_dump($command->pdoStatement->getColumnMeta(0));
        $rows = [];
        $rows = $command->queryAll();
        var_dump($command->pdoStatement);
        //  var_dump($rows);
        // Print Rows
        if (count((array) $rows) > 0) {
            echo '<table style="border-collapse: collapse;"><tbody>';
            echo '<tr>';
            foreach (array_keys($rows[0]) as $field) {
                echo '<th style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $field . '</th>';
            }
            echo '</tr>';
            foreach ($rows as $row) {
                echo '<tr>';
                foreach ($row as $cell) {
                    echo '<td style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $cell . '</td>';
                }
                echo '</tr>';
            }
            echo '</tbody></table>';
        } else {
            echo 'empty rows';
        }
        /*     if (count((array) $rows) > 0) {
               echo '<table style="border-collapse: collapse;"><tbody>';
               echo '<tr>';
               foreach (array_keys($rows[0]->attributes) as $field)
               echo '<th style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $field . '</th>';
               echo '</tr>';
               foreach ($rows as $row) {
               echo '<tr>';
               foreach ($row->attributes as $cell)
               echo '<td style="padding: 5px; border: 1px solid black; min-width: 50px;">' . $cell . '</td>';
               echo '</tr>';
               }
               echo '</tbody></table>';
               } else
               echo 'empty rows'; */
    }
예제 #19
0
<?php

$roles = AuthItem::model()->findAllByAttributes(array('type' => CAuthItem::TYPE_ROLE));
return array('activeForm' => array('id' => 'user-form', 'enableAjaxValidation' => true, 'clientOptions' => array('validateOnSubmit' => true)), 'elements' => array('email' => array('type' => 'text'), 'name' => array('type' => 'text'), 'birthdate' => array('type' => 'date'), 'gender' => array('type' => 'dropdownlist', 'items' => User::$gender_options), 'about_self' => array('type' => 'textarea'), 'photo' => array('type' => 'file'), 'status' => array('type' => 'dropdownlist', 'items' => User::$status_options), 'role' => array('type' => 'dropdownlist', 'items' => CHtml::listData($roles, 'name', 'description')), 'password' => array('type' => 'password'), 'password_c' => array('type' => 'password')), 'buttons' => array('submit' => array('type' => 'submit', 'value' => 'сохранить')));
 /**
  * adding auth item child relationships
  */
 public function actionAddItemChild()
 {
     // Check Access
     checkAccessThrowException('op_permission_add_item_child');
     $model = new AuthItemChild();
     $roles = AuthItem::model()->findAll(array('order' => 'type DESC, name ASC'));
     $_roles = array();
     if (count($roles)) {
         foreach ($roles as $role) {
             $_roles[AuthItem::model()->types[$role->type]][$role->name] = $role->description . ' (' . $role->name . ')';
         }
     }
     // Did we choose a parent already?
     if (isset($_GET['parent']) && $_GET['parent'] != '') {
         $model->parent = $_GET['parent'];
     }
     if (isset($_POST['AuthItemChild'])) {
         if (isset($_POST['AuthItemChild']['child']) && count($_POST['AuthItemChild']['child'])) {
             // We need to delete all child items selected up until now
             $existsalready = AuthItemChild::model()->findAll('parent=:parent', array(':parent' => $model->parent));
             if (count($existsalready)) {
                 foreach ($existsalready as $existitem) {
                     Yii::app()->authManager->removeItemChild($existitem->parent, $existitem->child);
                 }
             }
             $added = 0;
             foreach ($_POST['AuthItemChild']['child'] as $childItem) {
                 $model->child = $childItem;
                 if ($model->validate()) {
                     $added++;
                 }
             }
             // Get model parent
             $authItem = AuthItem::model()->find('name=:name', array(':name' => $model->parent));
             fok(at('{number} Child item(s) Added.', array('{number}' => $added)));
             // Log Message
             alog(at("Added {number} child items for {name}", array('{number}' => $added, '{name}' => $model->parent)));
             if ($authItem) {
                 $this->redirect(array('view', 'id' => $authItem->id, '#' => 'tabs-2'));
             } else {
                 $this->redirect(array('index'));
             }
         }
     }
     // Selected values
     $selected = AuthItemChild::model()->findAll('parent=:parent', array(':parent' => $model->parent));
     $_selected = array();
     if (count($selected)) {
         foreach ($selected as $select) {
             $_selected[] = $select->child;
         }
     }
     $model->child = $_selected;
     // Add Breadcrumb
     $this->addBreadCrumb(at('Adding Child Permissions'));
     $this->title[] = at('Adding Child Permissions');
     $this->render('child_form', array('model' => $model, 'roles' => $_roles));
 }
예제 #21
0
 /**
  * Return the operations not assigned to a task by getting all the operations
  * and removing those assigned to the task, or all the operations if no task
  * is provided
  * @param string $name The name of the task
  * @param boolean $clever Use clever Assigning
  * @return array An array of operations(AuthItems) not assigned to the task
  */
 public static function getTaskNotAssignedOpers($name, $clever = false)
 {
     $tasks = new CDbCriteria();
     $tasks->condition = "type=" . CAuthItem::TYPE_OPERATION;
     if ($clever) {
         $p[0] = "/Viewing/";
         $p[1] = "/Administrating/";
         $r[0] = "";
         $r[1] = "";
         $cleverName = preg_replace($p, $r, $name);
         $len = strlen($cleverName);
         $tasks->addCondition("LEFT(name," . $len . ") = '" . $cleverName . "'");
     }
     $final = array();
     if ($name) {
         $na = AuthItem::model()->findAll($tasks);
     } else {
         return AuthItem::model()->findAll($tasks);
     }
     $as = self::getTaskAssignedOpers($name, $clever);
     foreach ($na as $n) {
         $exists = false;
         foreach ($as as $a) {
             if ($a['name'] == $n['name']) {
                 $exists = true;
             }
         }
         if (!$exists) {
             $final[] = $n;
         }
     }
     return $final === null ? array() : $final;
 }
예제 #22
0
echo CHtml::activeTextField($model, 'email', array('class' => 'validate[required,custom[email]]'));
?>
				<?php 
echo CHtml::error($model, 'email');
?>
			</div>
			<div class="clear"></div>
			<hr />

			<div class="grid-3-12"><?php 
echo CHtml::activeLabelEx($model, 'role');
?>
</div>
			<div class="grid-9-12">
				<?php 
echo CHtml::activeDropDownList($model, 'role', CHtml::listData(AuthItem::model()->findAll('type=:type', array(':type' => CAuthItem::TYPE_ROLE)), 'name', 'name'), array('data-placeholder' => at('Please select one...'), 'prompt' => '', 'class' => 'chzn-select validate[required]'));
?>
				<?php 
echo CHtml::error($model, 'role');
?>
			</div>
			<div class="clear"></div>
			<hr />

			<div class="grid-3-12"><?php 
echo CHtml::activeLabelEx($model, 'new_password');
?>
</div>
			<div class="grid-9-12">
				<?php 
echo CHtml::activePasswordField($model, 'new_password', array('class' => 'validate[minSize[6]]'));
예제 #23
0
 public function actionSaveAllowed()
 {
     if (!Helper::isAlwaysAllowedFileWritable()) {
         echo Helper::translate("srbac", "The always allowed file is not writable by the server") . "<br />";
         echo "File : " . $this->module->getAlwaysAllowedFile();
         return;
     }
     $allowed = array();
     foreach ($_POST as $controller) {
         foreach ($controller as $action) {
             //Delete items
             $auth = AuthItem::model()->findByPk($action);
             if ($auth !== null) {
                 $auth->delete();
             }
             $allowed[] = $action;
         }
     }
     $handle = fopen($this->module->getAlwaysAllowedFile(), "wb");
     fwrite($handle, "<?php \n return array(\n\t'" . implode("',\n\t'", $allowed) . "'\n);\n?>");
     fclose($handle);
     $this->renderPartial("saveAllowed", array("allowed" => $allowed));
 }
 /**
  * Edit category action
  */
 public function actioneditcategory()
 {
     // Perms
     if (!Yii::app()->user->checkAccess('op_extensions_editcats')) {
         throw new CHttpException(403, Yii::t('error', 'Sorry, You don\'t have the required permissions to enter this section'));
     }
     if (isset($_GET['id']) && ($model = ExtensionsCats::model()->findByPk($_GET['id']))) {
         if (isset($_POST['ExtensionsCats'])) {
             $model->attributes = $_POST['ExtensionsCats'];
             if ($model->save()) {
                 Yii::app()->user->setFlash('success', Yii::t('extensions', 'Category Updated.'));
                 $this->redirect(array('index'));
             }
         }
         $roles = AuthItem::model()->findAll(array('order' => 'type DESC, name ASC'));
         $_roles = array();
         if (count($roles)) {
             foreach ($roles as $role) {
                 $_roles[AuthItem::model()->types[$role->type]][$role->name] = $role->name;
             }
         }
         // Parent list
         $parents = array();
         $parentlist = ExtensionsCats::model()->getRootCats();
         if (count($parentlist)) {
             foreach ($parentlist as $row) {
                 $parents[$row->id] = $row->title;
             }
         }
         // Parse language selections and perms
         $model->language = $model->language ? explode(',', $model->language) : $model->language;
         $model->viewperms = $model->viewperms ? explode(',', $model->viewperms) : $model->viewperms;
         $model->addpostsperms = $model->addpostsperms ? explode(',', $model->addpostsperms) : $model->addpostsperms;
         $model->addcommentsperms = $model->addcommentsperms ? explode(',', $model->addcommentsperms) : $model->addcommentsperms;
         $model->addfilesperms = $model->addfilesperms ? explode(',', $model->addfilesperms) : $model->addfilesperms;
         $model->autoaddperms = $model->autoaddperms ? explode(',', $model->autoaddperms) : $model->autoaddperms;
         $this->breadcrumbs[Yii::t('extensions', 'Editing Category')] = '';
         $this->pageTitle[] = Yii::t('extensions', 'Editing Category');
         // Render
         $this->render('category_form', array('model' => $model, 'parents' => $parents, 'roles' => $_roles, 'label' => Yii::t('extensions', 'Editing Category')));
     } else {
         Yii::app()->user->setFlash('error', Yii::t('extensions', 'Category was not found.'));
         $this->redirect(array('index'));
     }
 }
예제 #25
0
 /**
  * Manages all models.
  */
 public function actionAdmin()
 {
     $model = new AuthItem('search');
     $model->unsetAttributes();
     // clear any default values
     if (isset($_GET['AuthItem'])) {
         $model->attributes = $_GET['AuthItem'];
     }
     $model->type = 2;
     $this->render('admin', array('model' => $model));
 }
	/**
	* Update an auth item.
	* Note: The item's type can not be changed.
	*/
	public function actionManage($item) {
		$item = $this->authManager->getEAuthItem($item);
		if (empty($item))
			throw new CHttpException(404, Yii::t('RbamModule.rbam','Authorisation item not found.'));
			
		$authItem = new AuthItem('update'); // $authItem is a CFormModel
		$attributes = array();
  	foreach ($authItem->getAttributes() as $name=>$value)
	  	$authItem->$name = $item->$name;
	  
		$form = $authItem->getForm(!in_array($item->name, $this->getModule()->getDefaultRoles()));
		if ($form->submitted($form->uniqueId)) {
			$response = array();
			if ($authItem->save($item)) {
				$response['content'] = Yii::t('RbamModule.rbam','"{item}" {type} updated.', array(
					'{item}'=>$item->name,
					'{type}'=>$this->type($item->type, true)
				));
				if ($item->name!==$_POST['AuthItem']['oldName'])
					$response['redirect'] = $this->createUrl($this->action->id, array('item'=>$item->name));
			}
			else {
				$errors = array();
				foreach ($authItem->getErrors() as $attribute=>$attributeErrors)
					foreach ($attributeErrors as $error)
						$errors[] = array(
							'attribute'=>$attribute,
							'label'=>$authItem->getAttributeLabel($attribute),
							'error'=>$error
						);
				$response = compact('errors');
			}
			header('Content-type: application/json');
			echo CJSON::encode($response);
	  	Yii::app()->end();
		}
		
		if (Yii::app()->getUser()->checkAccess($this->getModule()->authAssignmentsManagerRole)) {
			$authAssignment = new AuthAssignment('upate'); // $authAssignment is a CFormModel
			$assignmentForm = $authAssignment->getForm();			
		}
		else
			$assignmentForm = null;

		$this->pageTitle = $this->_pageTitle($this->action->id, array(
			'{item}'=>$item->name,
			'{type}'=>$this->type($item->type, true, true)
		));
		$this->breadcrumbs = array(
			'RBAM'=>array('rbam/index'),
			$this->_pageTitle('index')=>array('index'),
			$this->pageTitle
		);

		$this->render('form', compact('item', 'form', 'assignmentForm'));
	}
예제 #27
0
 /**
  * Checks if srbac is installed by checking if Auth items table exists.
  * @return boolean Whether srbac is installed or not
  */
 public function isInstalled()
 {
     try {
         $tables = Yii::app()->authManager->db->schema->tableNames;
         $itemTableName = Yii::app()->authManager->itemTable;
         $itemChildTableName = Yii::app()->authManager->itemChildTable;
         $assignmentTableName = Yii::app()->authManager->assignmentTable;
         $tablePrefix = AuthItem::model()->getDbConnection()->tablePrefix;
         if (!is_null($tablePrefix)) {
             $itemTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $itemTableName);
             $itemChildTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $itemChildTableName);
             $assignmentTableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $assignmentTableName);
         }
         if (in_array($itemTableName, $tables) && in_array($itemChildTableName, $tables) && in_array($assignmentTableName, $tables)) {
             return true;
         } else {
             $tables = array_map('strtolower', $tables);
             if (in_array(strtolower($itemTableName), $tables) && in_array(strtolower($itemChildTableName), $tables) && in_array(strtolower($assignmentTableName), $tables)) {
                 $this->_message = self::TABLE_NAMES_ERROR;
                 return true;
             }
         }
         return false;
     } catch (CDbException $ex) {
         return false;
     }
 }
예제 #28
0
 /**
  * Checks if srbac is installed by checking if Auth items table exists.
  * @return boolean Whether srbac is installed or not
  */
 public function isInstalled()
 {
     try {
         $tables = Yii::app()->authManager->db->schema->tableNames;
         $tableName = AuthItem::model()->tableName();
         $tablePrefix = AuthItem::model()->getDbConnection()->tablePrefix;
         if (!is_null($tablePrefix)) {
             $tableName = preg_replace('/{{(.*?)}}/', $tablePrefix . '\\1', $tableName);
         }
         if (in_array($tableName, $tables)) {
             return true;
         }
         return false;
     } catch (CDbException $ex) {
         return false;
     }
 }
예제 #29
0
파일: RBACTree.php 프로젝트: ranvirp/rdp
 /**
  * 
  * @desc recursive method 
  * @uses AuthItem::findUnboundItems()
  * @param array $tree Part of or empty array as main RBAC Tree container
  * @param integer $depth the Tree depth, which is not realy needed and nowhere used yet
  * @return array with AuthItem ['this', 'childs' => ['this', 'childs[...]]]
  * 
  */
 private function _buildItemTree($tree, $depth)
 {
     if (count($tree) < 1) {
         /*
          * find the Top Level Items with its childs
          * 
          * SELECT 
          * 		`t`.`parent` AS `t0_c0`, 
          * 		`t`.`parent` AS `t0_c0`, 
          * 		`t`.`child` AS `t0_c1`, 
          * 		`parents`.`parent` AS `t1_c0`, 
          * 		`parents`.`child` AS `t1_c1`, 
          * 		`items`.`name` AS `t2_c0`, 
          * 		`items`.`type` AS `t2_c1`, 
          * 		`items`.`description` AS `t2_c2`, 
          * 		`items`.`bizrule` AS `t2_c3`, 
          * 		`items`.`data` AS `t2_c4` 
          * FROM `AuthItemChild` `t`  
          * LEFT OUTER JOIN `AuthItemChild` `parents` 
          * 		ON (`parents`.`child`=`t`.`parent`)  
          * LEFT OUTER JOIN `AuthItem` `items` 
          * 		ON (`t`.`child`=`items`.`name`)  
          * WHERE (parents.parent IS NULL) 
          * ORDER BY t.parent
          */
         $result = $this->findAll(array('with' => array('parents', 'childs'), 'condition' => 'parents.parent IS NULL', 'order' => 'parents.parent DESC'));
         $depth++;
         $tree['depth'] = 0;
         $tree['parent-name'] = null;
         $tree['this-name'] = null;
         $tree['this'] = null;
         $tree['childs'] = array();
         $modelAuthItem = new AuthItem();
         //if(!count($result)) return $tree;
         foreach ($result as $row) {
             $cnt = count($tree['childs']) - 1;
             if (isset($tree['childs'][0]) && $tree['childs'][$cnt]['this-name'] == $row->parent) {
                 // build second depth in existing first depth
                 $tree['childs'][$cnt]['childs'][] = $this->_buildItemTree(array('depth' => $depth + 1, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth + 1);
             } else {
                 // build new first depth and included second depth
                 $tree['childs'][] = array('depth' => $depth, 'parent-name' => null, 'this-name' => $row->parent, 'this' => $modelAuthItem->findByAttributes(array('name' => $row->parent)), 'childs' => array($this->_buildItemTree(array('depth' => $depth + 1, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth + 1)));
             }
         }
         // add unbound items
         $model = new AuthItem();
         $unboundItems = $model->findUnboundItems();
         foreach ($unboundItems as $item) {
             $child = array('depth' => 1, 'parent-name' => null, 'this-name' => $item->name, 'this' => $item, 'childs' => array());
             array_unshift($tree['childs'], $child);
         }
         return $tree;
     } else {
         /*
          * SELECT 
          * 		`t`.`parent` AS `t0_c0`, 
          * 		`t`.`child` AS `t0_c1`, 
          * 		`childs`.`name` AS `t1_c0`, 
          * 		`childs`.`type` AS `t1_c1`, 
          * 		`childs`.`description` AS `t1_c2`, 
          * 		`childs`.`bizrule` AS `t1_c3`, 
          * 		`childs`.`data` AS `t1_c4` 
          * FROM `AuthItemChild` `t`  
          * LEFT OUTER JOIN `AuthItem` `childs` 
          * 		ON (`t`.`child`=`childs`.`name`)  
          * WHERE (`t`.`parent`=:yp0) 
          * ORDER BY childs.name
          */
         $ct = new CDbCriteria(array('order' => 'childs.name'));
         $ct->addColumnCondition(array('t.parent' => $tree['this']->name));
         $result = AuthItemChild::model()->with('childs')->findAll($ct);
         /*
         $result = $this->findAllByAttributes(
         	array('parent'=>$tree['this']->name),
         	array(
         		'with' => 'childs',
         		//'condition' => array('t.parent'=>$tree['this']->name),
         		'order' => 'childs.name',
         		)
         );
         */
         $depth++;
         if (count($result) > 0) {
             foreach ($result as $row) {
                 $tree['childs'][] = $this->_buildItemTree(array('depth' => $depth, 'parent-name' => $row->parent, 'this-name' => $row->childs->name, 'this' => $row->childs, 'childs' => array()), $depth);
             }
         }
         return $tree;
     }
 }
예제 #30
0
 public function actionListAuthItem($userid)
 {
     $this->renderPartial('../item/_authitem_opt', array('authItem' => AuthItem::model()->listNotAssignedItem($userid)));
 }