/** * Performs access check for the specified user. * @param string the name of the operation that need access check * @param mixed the user ID. This should can be either an integer and a string representing * the unique identifier of a user. See {@link IWebUser::getId}. * @param array name-value pairs that would be passed to biz rules associated * with the tasks and roles assigned to the user. * @return boolean whether the operations can be performed by the user. */ public function checkAccess($itemName, $userId, $params = array()) { /** * As we don't want to let user change administrators permission in Back Office and * we assume that an Administrator has all the permissions in the system, we don't * check access for administrator user. */ if ($this->getAuthAssignment(self::ROLE_ADMINISTRATORS, $userId) !== NULL) { return true; } else { return parent::checkAccess($itemName, $userId, $params); } }
/** * Performs access check for the specified user. * Checks and sees if there are a cached value first. * This method is internally called by {@link checkAccess}. * @param string $itemName the name of the operation that need access check * @param mixed $userId the user ID. This should can be either an integer and a string representing * the unique identifier of a user. See {@link IWebUser::getId}. * @param array $params name-value pairs that would be passed to biz rules associated * with the tasks and roles assigned to the user. * @param array $assignments the assignments to the specified user * @return boolean whether the operations can be performed by the user. * @throws CExeption if the application component could not be loaded. */ public function checkAccess($itemName, $userId, $params = array()) { if (Yii::app()->getComponent($this->cacheID) !== null) { $cachedValue = Yii::app()->getComponent($this->cacheID)->get($this->cacheID . '_' . $itemName . '_' . $userId); if (count($params) == 0 && $cachedValue !== false) { $returnValue = $cachedValue === 1; } else { $returnValue = parent::checkAccess($itemName, $userId, $params); Yii::app()->getComponent($this->cacheID)->set($this->cacheID . '_' . $itemName . '_' . $userId, intval($returnValue), $this->cachingDuration); } return $returnValue; } else { throw new CException('Application component ' . $this->cacheID . ' could not be loaded.'); } }
/** * Performs access check for the specified user. * @param string $itemName the name of the operation that need access check. * @param integer $userId the user id. * @param array $params name-value pairs that would be passed to biz rules associated * with the tasks and roles assigned to the user. * @param boolean $allowCaching whether to allow caching the result of access check. * @return boolean whether the operations can be performed by the user. */ public function checkAccess($itemName, $userId, $params = array(), $allowCaching = true) { $cacheKey = $this->resolveCacheKey($itemName, $userId); $key = serialize($params); if ($allowCaching && ($cache = $this->getCache()) !== null) { if (($data = $cache->get($cacheKey)) !== false) { $data = unserialize($data); if (isset($data[$key])) { return $data[$key]; } } } else { $data = array(); } $result = $data[$key] = parent::checkAccess($itemName, $userId, $params); if (isset($cache)) { $cache->set($cacheKey, serialize($data), $this->cachingDuration); } return $result; }
protected function checkGroupAccess($itemName, $userId, $params) { $user = Yii::app()->getUser(); if (!$user->isGuest) { $ugroups = Profile::model()->with('groups')->findByPk($userId); foreach ($ugroups->groups as $group) { if (parent::checkAccess($itemName, $group->id, $params)) { return true; } } } return false; }