/**
* This method is used to valide the user's authority with token in help desk chat system.
* This method is invoked right before an action is executed.
*
* The method will trigger the [[EVENT_BEFORE_ACTION]] event. The return value of the method
* will determine whether the action should continue to run.
*
* If you override this method, your code should look like the following:
*
* ```php
* public function beforeAction($action)
* {
* if (parent::beforeAction($action)) {
* // your custom code here
* return true; // or false if needed
* } else {
* return false;
* }
* }
* ```
* @param Action $action the action to be executed.
* @return boolean whether the action should continue to run.
* @author Harry Sun
*/
public function beforeAction($action)
{
$route = $this->id . '/' . $action->id;
//init i18n configuration from user agent
Yii::$app->language = LanguageUtil::getBrowserLanguage();
// the action ids without auth
$noAuth = ['site/login', 'site/logout', 'conversation/state', 'conversation/message', 'setting/index', 'setting/self-helpdesk', 'site/send-reset-password-email', 'site/reset-password', 'help-desk/check-auth', 'conversation/user-state', 'issue/create-from-js-sdk', 'issue/remove-attachment'];
if (in_array($route, $noAuth)) {
return true;
} else {
$accessToken = $this->getQuery('accesstoken');
$info = Token::getToken($accessToken);
if (!empty($info) && isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) {
Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language;
$expireTime = new \MongoDate(time() + Token::EXPIRE_TIME);
if ($info->expireTime < $expireTime) {
$info->expireTime = $expireTime;
}
$updateResult = $info->update();
return true;
}
LogUtil::error(['accessToken' => $accessToken, 'message' => 'You have not logined']);
throw new \yii\web\UnauthorizedHttpException('You have not logined');
}
}
/**
* Render customer service chat page
*/
public function actionChat()
{
Yii::$app->language = LanguageUtil::getBrowserLanguage();
$this->layout = 'chat';
return $this->render('chat');
}
public function checkAuth($module, $token)
{
$baseId = Yii::$app->id;
$moduleId = $module->id;
//init i18n configuration from user agent
Yii::$app->language = LanguageUtil::getBrowserLanguage();
if ($baseId === $moduleId) {
return true;
}
//accountId
$accountId = $this->getAccountIdFromCookies();
if (!empty($accountId) && $this->validateSignature()) {
return true;
}
if (!empty($token)) {
$info = Token::getToken($token);
if (!empty($info)) {
//set the language for i18n
Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language;
// If $module is a child module, use the parent module
if (!empty($module->module->id) && $module->module->id !== $baseId) {
$module = $module->module;
$moduleId = $module->id;
}
if (isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) {
if (isset($module->roleAccess) && !empty($roleAccess = $module->roleAccess) && in_array($info->role, $roleAccess) && in_array($moduleId, $info->enabledMods)) {
//set the current user
$userId = $this->getUserId();
$controllerId = $this->owner->id;
$actionId = $this->owner->action->id;
// the current route
// change 'POST product/products' to 'product/product/create'
$route = "{$moduleId}/{$controllerId}/{$actionId}";
// find the sensitive operation with route
$condition = ['isActivated' => true, 'actions' => $route, 'accountId' => $info->accountId];
$option = SensitiveOperation::findOne($condition);
if (!empty($option)) {
// admin has all sensitive operation access authority
if ($info->role !== User::ROLE_ADMIN) {
if ($info->role !== User::ROLE_OPERATOR) {
// other's role hasn't sensitive operation access authority
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
} else {
if (empty($option->users) || !in_array($info->userId, $option->users)) {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
}
}
}
define('CURRENT_USER_ID', $userId);
$info->expireTime = new \MongoDate(time() + Token::EXPIRE_TIME);
$updateResult = $info->update();
$this->updateAccessTokenExpire();
LogUtil::info(['tokenId' => $info->_id, 'updateResult' => $updateResult]);
return true;
} else {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
} else {
Yii::$app->language = LanguageUtil::getBrowserLanguage();
throw new UnauthorizedHttpException(Yii::t('common', 'login_timeout'));
}
}
}
throw new UnauthorizedHttpException(Yii::t('common', 'not_logined'));
}
