public function checkAccess($action, $model = null, $params = []) { $newModel = null; if (array_key_exists('newModel', $params)) { $newModel = $params['newModel']; unset($params['newModel']); } $query = null; if (array_key_exists('query', $params)) { $query = $params['query']; unset($params['query']); } switch ($action) { case 'create': case 'create-form': $allowed = ModelHelper::canCreate($this->modelClass, $params, $newModel); break; case 'view': case 'read-form': $allowed = ModelHelper::canRead($model); break; case 'update': case 'update-form': $allowed = ModelHelper::canUpdate($model); break; case 'delete': case 'delete-form': $allowed = ModelHelper::canDelete($model); break; case 'index': case 'list': $allowed = ModelHelper::canList($this->modelClass, $params, $query); break; case 'change-position': $allowed = ModelHelper::canChangePosition($model); break; default: $allowed = false; } if (!$allowed) { $user = Yii::$app->getUser(); throw new ForbiddenHttpException(Yii::t('mozayka', 'Permission denied for user "{user}" to perform action "{action}".', ['user' => $user->getIsGuest() ? Yii::t('mozayka', 'Guest') : $user->getIdentity()->username, 'action' => $this->id . '/' . $action])); } }