/**
* Performs access check for the specified user.
* @param string the name of the operation that need access check
* @param mixed the user ID. This should can be either an integer and a string representing
* the unique identifier of a user. See {@link IWebUser::getId}.
* @param array name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user.
*/
public function checkAccess($itemName, $userId, $params = array())
{
/**
* As we don't want to let user change administrators permission in Back Office and
* we assume that an Administrator has all the permissions in the system, we don't
* check access for administrator user.
*/
if ($this->getAuthAssignment(self::ROLE_ADMINISTRATORS, $userId) !== NULL) {
return true;
} else {
return parent::checkAccess($itemName, $userId, $params);
}
}
/**
* Performs access check for the specified user.
* Checks and sees if there are a cached value first.
* This method is internally called by {@link checkAccess}.
* @param string $itemName the name of the operation that need access check
* @param mixed $userId the user ID. This should can be either an integer and a string representing
* the unique identifier of a user. See {@link IWebUser::getId}.
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @param array $assignments the assignments to the specified user
* @return boolean whether the operations can be performed by the user.
* @throws CExeption if the application component could not be loaded.
*/
public function checkAccess($itemName, $userId, $params = array())
{
if (Yii::app()->getComponent($this->cacheID) !== null) {
$cachedValue = Yii::app()->getComponent($this->cacheID)->get($this->cacheID . '_' . $itemName . '_' . $userId);
if (count($params) == 0 && $cachedValue !== false) {
$returnValue = $cachedValue === 1;
} else {
$returnValue = parent::checkAccess($itemName, $userId, $params);
Yii::app()->getComponent($this->cacheID)->set($this->cacheID . '_' . $itemName . '_' . $userId, intval($returnValue), $this->cachingDuration);
}
return $returnValue;
} else {
throw new CException('Application component ' . $this->cacheID . ' could not be loaded.');
}
}
/**
* Performs access check for the specified user.
* @param string $itemName the name of the operation that need access check.
* @param integer $userId the user id.
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @param boolean $allowCaching whether to allow caching the result of access check.
* @return boolean whether the operations can be performed by the user.
*/
public function checkAccess($itemName, $userId, $params = array(), $allowCaching = true)
{
$cacheKey = $this->resolveCacheKey($itemName, $userId);
$key = serialize($params);
if ($allowCaching && ($cache = $this->getCache()) !== null) {
if (($data = $cache->get($cacheKey)) !== false) {
$data = unserialize($data);
if (isset($data[$key])) {
return $data[$key];
}
}
} else {
$data = array();
}
$result = $data[$key] = parent::checkAccess($itemName, $userId, $params);
if (isset($cache)) {
$cache->set($cacheKey, serialize($data), $this->cachingDuration);
}
return $result;
}
protected function checkGroupAccess($itemName, $userId, $params)
{
$user = Yii::app()->getUser();
if (!$user->isGuest) {
$ugroups = Profile::model()->with('groups')->findByPk($userId);
foreach ($ugroups->groups as $group) {
if (parent::checkAccess($itemName, $group->id, $params)) {
return true;
}
}
}
return false;
}
