/**
* Attaches or detaches user role/permission.
* @param string $id permission/role name.
* @param integer $user_id user id.
* @param integer $add 1/0 whether to add or to remove user permission.
* @throws \yii\web\HttpException only_root_remove_denied
*/
public function actionChange($id, $user_id, $add)
{
$authItem = AuthItem::findOne($id);
if ($add) {
Yii::$app->authManager->assign($authItem, $user_id);
} else {
$rootCount = AuthAssignment::find()->where(['item_name' => $id])->count();
if ($id == 'root' && !$rootCount < 2) {
throw new HttpException(403, Yii::t('access', 'only_root_remove_denied'));
}
Yii::$app->authManager->revoke($authItem, $user_id);
}
}
/**
* @param bool $id
* @throws NotFoundHttpException
* @return AuthItem
*/
protected function findModel($id = false)
{
if (!$id) {
return new AuthItem();
}
if (($model = AuthItem::findOne(['name' => $id])) !== null) {
return $model;
} else {
throw new NotFoundHttpException('Model not found.');
}
}
public static function userDefaultRoleAssignment($event)
{
return ($default = AuthItem::findOne(AuthItem::ROLE_DEFAULT)) ? Yii::$app->authManager->assign($default, $event->sender->primaryKey) : false;
}
/**
* @param bool $id
* @throws NotFoundHttpException
* @return AuthItem
*/
protected function findParentModel($id = false)
{
if (!$id) {
$model = new AuthItem();
} else {
if (!($model = AuthItem::findOne($id))) {
throw new NotFoundHttpException('Model not found.');
}
}
$model->type = \yii\rbac\Item::TYPE_ROLE;
return $model;
}
