예제 #1
0
 /**
  * @param string $id
  *
  * @return string
  */
 public function actionView($id)
 {
     $role = $this->findModel($id);
     $authManager = new DbManager();
     $allRoles = Role::find()->asArray()->andWhere('name != :current_name', [':current_name' => $id])->all();
     $permissions = Permission::find()->andWhere(Yii::$app->yee->auth_item_table . '.name != :commonPermissionName', [':commonPermissionName' => Yii::$app->yee->commonPermissionName])->joinWith('group')->all();
     $permissionsByGroup = [];
     foreach ($permissions as $permission) {
         $permissionsByGroup[@$permission->group->name][] = $permission;
     }
     $childRoles = $authManager->getChildren($role->name);
     $currentRoutesAndPermissions = AuthHelper::separateRoutesAndPermissions($authManager->getPermissionsByRole($role->name));
     $currentPermissions = $currentRoutesAndPermissions->permissions;
     return $this->renderIsAjax('view', compact('role', 'allRoles', 'childRoles', 'currentPermissions', 'permissionsByGroup'));
 }
예제 #2
0
 /**
  * Add or remove routes for this permission
  *
  * @param string $id
  *
  * @return \yii\web\Response
  */
 public function actionSetChildRoutes($id)
 {
     $item = $this->findModel($id);
     $newRoutes = Yii::$app->request->post('child_routes', []);
     $oldRoutes = array_keys(AuthHelper::getChildrenByType($item->name, AbstractItem::TYPE_ROUTE));
     $toAdd = array_diff($newRoutes, $oldRoutes);
     $toRemove = array_diff($oldRoutes, $newRoutes);
     Permission::addChildren($id, $toAdd);
     Permission::removeChildren($id, $toRemove);
     if (($toAdd or $toRemove) and $id == Yii::$app->yee->commonPermissionName) {
         Yii::$app->cache->delete('__commonRoutes');
     }
     AuthHelper::invalidatePermissions();
     Yii::$app->session->setFlash('crudMessage', Yii::t('yee', 'Saved'));
     return $this->redirect(['view', 'id' => $id]);
 }
예제 #3
0
 /**
  * Assign route to permission and create them if they don't exists
  * Helper mainly for migrations
  *
  * @param string $permissionName
  * @param array|string $routes
  * @param null|string $permissionDescription
  * @param null|string $groupCode
  *
  * @throws \InvalidArgumentException
  * @return true|static|string
  */
 public static function assignRoutes($permissionName, $routes, $permissionDescription = null, $groupCode = null)
 {
     $permission = static::findOne(['name' => $permissionName]);
     $routes = (array) $routes;
     if (!$permission) {
         $permission = static::create($permissionName, $permissionDescription, $groupCode);
         if ($permission->hasErrors()) {
             return $permission;
         }
     }
     foreach ($routes as $route) {
         $route = '/' . ltrim($route, '/');
         try {
             Yii::$app->db->createCommand()->insert(Yii::$app->yee->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
         } catch (Exception $e) {
             // Don't throw Exception because this permission may already have this route,
             // so just go to the next route
         }
     }
     AuthHelper::invalidatePermissions();
     return true;
 }
예제 #4
0
 /**
  * Useful for Menu widget
  *
  * <example>
  *    ...
  *        [ 'label'=>'Some label', 'url'=>['/site/index'], 'visible'=>User::canRoute(['/site/index']) ]
  *    ...
  * </example>
  *
  * @param string|array $route
  * @param bool $superAdminAllowed
  *
  * @return bool
  */
 public static function canRoute($route, $superAdminAllowed = true)
 {
     if ($superAdminAllowed and Yii::$app->user->isSuperadmin) {
         return true;
     }
     $baseRoute = AuthHelper::unifyRoute($route);
     if (substr($baseRoute, 0, 4) === "http") {
         return true;
     }
     if (Route::isFreeAccess($baseRoute)) {
         return true;
     }
     AuthHelper::ensurePermissionsUpToDate();
     return Route::isRouteAllowed($baseRoute, Yii::$app->session->get(AuthHelper::SESSION_PREFIX_ROUTES, []));
 }
예제 #5
0
 /**
  * Assign route to role via permission and create permission or route if it don't exists
  * Helper mainly for migrations
  *
  * @param string $roleName
  * @param string $permissionName
  * @param array $routes
  * @param null|string $permissionDescription
  * @param null|string $groupCode
  *
  * @throws \InvalidArgumentException
  * @return true|static|string
  */
 public static function assignRoutesViaPermission($roleName, $permissionName, $routes, $permissionDescription = null, $groupCode = null)
 {
     $role = static::findOne(['name' => $roleName]);
     if (!$role) {
         throw new \InvalidArgumentException("Role with name = {$roleName} not found");
     }
     $permission = Permission::findOne(['name' => $permissionName]);
     if (!$permission) {
         $permission = Permission::create($permissionName, $permissionDescription, $groupCode);
         if ($permission->hasErrors()) {
             return $permission;
         }
     }
     try {
         Yii::$app->db->createCommand()->insert(Yii::$app->yee->auth_item_child_table, ['parent' => $role->name, 'child' => $permission->name])->execute();
     } catch (Exception $e) {
         // Don't throw Exception because we may have this permission for this role,
         // but need to add new routes to it
     }
     $routes = (array) $routes;
     foreach ($routes as $route) {
         $route = '/' . ltrim($route, '/');
         Route::create($route);
         try {
             Yii::$app->db->createCommand()->insert(Yii::$app->yee->auth_item_child_table, ['parent' => $permission->name, 'child' => $route])->execute();
         } catch (Exception $e) {
             // Don't throw Exception because this permission may already have this route,
             // so just go to the next route
         }
     }
     AuthHelper::invalidatePermissions();
     return true;
 }
예제 #6
0
 /**
  * Check if controller has $freeAccess = true or $action in $freeAccessActions
  * Or it's login, logout, error page
  *
  * @param string $route
  * @param Action|null $action
  *
  * @return bool
  */
 public static function isFreeAccess($route, $action = null)
 {
     if ($action) {
         $controller = $action->controller;
         if ($controller->hasProperty('freeAccess') and $controller->freeAccess === true) {
             return true;
         }
         if ($controller->hasProperty('freeAccessActions') and in_array($action->id, $controller->freeAccessActions)) {
             return true;
         }
     }
     $systemPages = ['/auth/logout', AuthHelper::unifyRoute(Yii::$app->errorHandler->errorAction), AuthHelper::unifyRoute(Yii::$app->user->loginUrl)];
     if (in_array($route, $systemPages)) {
         return true;
     }
     if (static::isInCommonPermission($route)) {
         return true;
     }
     return false;
 }
예제 #7
0
 /**
  * Invalidate permissions if some item is deleted
  */
 public function afterDelete()
 {
     parent::afterDelete();
     AuthHelper::invalidatePermissions();
 }
예제 #8
0
 /**
  * @inheritdoc
  */
 protected function afterLogin($identity, $cookieBased, $duration)
 {
     AuthHelper::updatePermissions($identity);
     parent::afterLogin($identity, $cookieBased, $duration);
 }