public function run()
{
$query = ProjectRole::find();
if ($this->projectId !== null) {
$query->byProjectId($this->projectId);
}
return $query->all();
}
/** @inheritdoc */
protected function beforeModify($data)
{
$role = ProjectRole::find()->byId($data['role_id'])->one();
$project = $this->project;
if ($role->getProjectId() != $project->getId()) {
throw new ForbiddenHttpException("Role '{$role->getId()}' doesn't owned by project '{$project->getId()}'.");
// todo-rbac
}
return true;
}
/**
* @param int $project_id
* @param int $role_id
* @return ProjectRole
* @throws ModelValidateException
* @throws NotFoundHttpException
* @throws ForbiddenHttpException
*/
public function actionUpdate($project_id, $role_id)
{
$project = Project::find()->byId($project_id)->oneOrThrow();
if ($project->getOwnerId() != \Yii::$app->getUser()->getId()) {
throw new ForbiddenHttpException();
// todo-rbac
}
$data = \Yii::$app->getRequest()->post();
$role = ProjectRole::find()->byId($role_id)->oneOrThrow();
if ($project->getId() != $role->getProjectId()) {
throw new ForbiddenHttpException();
}
if ($role->modify($data)) {
return $role;
} else {
throw new ModelValidateException($role);
}
}
