/** * Denies access if the module is successfully installed. * @param CFilterChain $filterChain * @throws CHttpException */ public function filterAccessControl($filterChain) { $accesscontrol = YiiPlug::app()->hasAccessControlModulesInstalled(); $user = YiiPlug::app()->hasUserModulesInstalled(); if (!$accesscontrol || !$user) { // no access control module available $filter = new CAccessControlFilter(); $rules = $this->accessRules(); $frules = array(); foreach ($rules as $key => $values) { $frule = array(); foreach ($values as $vkey => $value) { if (!$accesscontrol && $vkey !== 'roles') { // do not have accesscontrol module // skip role based access control (but keep other checks) $frule[$vkey] = $value; } } if ($user && $frule[0] === 'allow') { // has user authentication module // add authenticated user required for each action if (isset($frule['users'])) { $frule['users'][] = '@'; } else { $frule['users'] = array('@'); } } $frules[$key] = $frule; } $filter->setRules($frules); return $filter->filter($filterChain); } // we are in normal state, just do classic access control return parent::filterAccessControl($filterChain); }
public function filterAccessControl($filterChain) { $filter = new CAccessControlFilter(); $rules = $this->accesRulesByAction($filterChain->action); $filter->setRules($rules); $filter->filter($filterChain); }
/** * Filter Access Control. * * This replicates the access control module in the base controller and lets us * do our own special rules that insure we fail closed. * * @param CFilterChain $filterChain Yii passed object. * * @return void */ public function filterAccessControl($filterChain) { $rules = $this->accessRules(); // default deny $rules[] = array('deny'); $filter = new CAccessControlFilter(); $filter->setRules($rules); $filter->filter($filterChain); }
public function filterAccessControl($filterChain) { $rules = $this->accessRules(); // Fallback to denying everyone $rules[] = array('deny'); $filter = new CAccessControlFilter(); $filter->setRules($rules); $filter->filter($filterChain); }
/** * Filter recursively the menu items received setting visibility true or * false according to controller/action preFilter * * @param array $items The menu items being filtered. * @return array The menu items with visibility defined by preFilter(). */ protected function filterItems(array $items) { $app = Yii::app(); foreach ($items as $pos => $item) { if (!isset($item['visible'])) { // get the url parameter if (isset($item['url']) && is_array($item['url'])) { $url = $item['url'][0]; } // parse the url into controller and action $parts = explode("/", $url); if (count($parts) == 1) { $controller = $app->controller; $actionId = $parts[0]; } else { $controllerId = ucfirst($parts[1]); $actionId = count($parts) > 2 ? $parts[2] : 'index'; $controllerList = $app->createController($controllerId); $controller = $controllerList[0]; } // generate a controller instance to access and //compare the rules $action = $controller->createAction($actionId); $filter = new CAccessControlFilter(); $filter->setRules($controller->accessRules()); $user = $app->getUser(); $request = $app->getRequest(); $ip = $request->getUserHostAddress(); $item['visible'] = false; foreach ($filter->getRules() as $rule) { // we are making an assumption for now that all // menu items are GET actions if ($rule->isUserAllowed($user, $controller, $action, $ip, 'GET') > 0) { $item['visible'] = true; break; } } } /** * If current item is visible and has sub items, loops recursively * on them. */ if (isset($item['items']) && $item['visible']) { $item['items'] = $this->filterItems($item['items']); } $items[$pos] = $item; } return $items; }
public function filterAccessControl($filterChain) { $filter = new CAccessControlFilter(); $filter->setRules($this->accessRules()); $filter->filter($filterChain); }