/**
* Initial RBAC action
* @param integer $id Superadmin ID
*/
public function actionInit($id = null)
{
$auth = new DbManager();
$auth->init();
$auth->removeAll();
//удаляем старые данные
// Rules
$groupRule = new GroupRule();
$auth->add($groupRule);
// Roles
$student = $auth->createRole('student');
$student->description = 'Student';
$student->ruleName = $groupRule->name;
$auth->add($student);
$teacher = $auth->createRole('teacher');
$teacher->description = 'Teacher';
$teacher->ruleName = $groupRule->name;
$auth->add($teacher);
$auth->addChild($teacher, $student);
$admin = $auth->createRole('admin');
$admin->description = 'Admin';
$admin->ruleName = $groupRule->name;
$auth->add($admin);
$auth->addChild($admin, $teacher);
$superadmin = $auth->createRole('superadmin');
$superadmin->description = 'Superadmin';
$superadmin->ruleName = $groupRule->name;
$auth->add($superadmin);
$auth->addChild($superadmin, $admin);
// Superadmin assignments
if ($id !== null) {
$auth->assign($superadmin, $id);
}
}
public function actionInit()
{
if (!$this->confirm("Are you sure? It will re-create permissions tree.")) {
return self::EXIT_CODE_NORMAL;
}
//$auth = Yii::$app->authManager;
// Підключення через Базу даних
$auth = new DbManager();
$auth->init();
$auth->removeAll();
// Роль студент
$student = $auth->createRole('student');
$student->description = 'Student';
$auth->add($student);
// Роль працедавець
$employer = $auth->createRole('employer');
$employer->description = 'Employer';
$auth->add($employer);
// Роль модератор
$moderator = $auth->createRole('moderator');
$moderator->description = 'Moderator';
$auth->add($moderator);
$auth->addChild($moderator, $student);
$auth->addChild($moderator, $employer);
// Роль адміністратор
$admin = $auth->createRole('admin');
$admin->description = 'Administrator';
$auth->add($admin);
$auth->addChild($admin, $moderator);
}
/**
* Initial RBAC action
* @param integer $id Superadmin ID
*/
public function actionInit($id = null)
{
$auth = new DbManager();
$auth->init();
$auth->removeAll();
//удаляем старые данные
// Rules
$groupRule = new GroupRule();
$auth->add($groupRule);
// Roles
$user = $auth->createRole('user');
$user->description = 'User';
$user->ruleName = $groupRule->name;
$auth->add($user);
$moderator = $auth->createRole(' moderator ');
$moderator->description = 'Moderator ';
$moderator->ruleName = $groupRule->name;
$auth->add($moderator);
$auth->addChild($moderator, $user);
$admin = $auth->createRole('admin');
$admin->description = 'Admin';
$admin->ruleName = $groupRule->name;
$auth->add($admin);
$auth->addChild($admin, $moderator);
$superadmin = $auth->createRole('superadmin');
$superadmin->description = 'Superadmin';
$superadmin->ruleName = $groupRule->name;
$auth->add($superadmin);
$auth->addChild($superadmin, $admin);
// Superadmin assignments
if ($id !== null) {
$auth->assign($superadmin, $id);
}
}
public function actionInit()
{
// $auth = Yii::$app->authManager;
$auth = new DbManager();
$auth->removeAll();
//удаляем старые данные
//Создадим права для доступа к админке
$dashboard = $auth->createPermission('dashboard');
$dashboard->description = 'Админ панель';
$auth->add($dashboard);
//Включаем наш обработчик
$rule = new UserRoleRule();
$auth->add($rule);
//Добавляем роли
$user = $auth->createRole('user');
$user->description = 'Пользователь';
$user->ruleName = $rule->name;
$auth->add($user);
$moder = $auth->createRole('moder');
$moder->description = 'Модератор';
$moder->ruleName = $rule->name;
$auth->add($moder);
//Добавляем потомков
$auth->addChild($moder, $user);
$auth->addChild($moder, $dashboard);
$admin = $auth->createRole('admin');
$admin->description = 'Администратор';
$admin->ruleName = $rule->name;
$auth->add($admin);
$auth->addChild($admin, $moder);
}
/**
* Update role using string name.
*
* @param string $id
* @return mixed
* @throws NotFoundHttpException
*/
public function actionUpdate($id)
{
$this->layout = '@app/views/layouts/one-column';
$role = $this->findRole($id);
$model = RoleForm::createFromRole($role, $this->authManager->getChildren($role->name));
/* @var $systemAlert Alert */
$systemAlert = Yii::$app->systemAlert;
if (Yii::$app->request->isAjax && $model->load($_POST)) {
Yii::$app->response->format = Response::FORMAT_JSON;
return ActiveForm::validate($model);
}
if ($model->load($_POST) && $model->validate()) {
$transaction = Yii::$app->db->beginTransaction();
try {
// update role description
$role->description = $model->description;
if (!$this->authManager->update($role->name, $role)) {
throw new Exception();
}
// update role permissions
$this->authManager->removeChildren($role);
foreach ($model->getPermissionModels() as $permission) {
$this->authManager->addChild($role, $permission);
}
$transaction->commit();
$systemAlert->setMessage(Alert::SUCCESS, Yii::t('user', 'Role updated successfully'));
return $this->redirect(['index']);
} catch (Exception $ex) {
$transaction->rollback();
$systemAlert->setMessage(Alert::DANGER, Yii::t('app', 'System error: {message}', ['message' => $ex->getMessage()]));
}
}
return $this->render('update', ['model' => $model]);
}
public function addChild($parent, $child)
{
if ($this->hasChild($parent, $child)) {
return;
}
return parent::addChild($parent, $child);
// TODO: Change the autogenerated stub
}
public function afterSave($insert, $changedAttributes)
{
$rbac = new DbManager();
$rbac->init();
$role = $rbac->createRole($this->name);
$role->description = $this->title;
if ($insert) {
if ($rbac->add($role)) {
if ($this->rights) {
$this->rights = unserialize($this->rights);
if (is_array($this->rights) && count($this->rights)) {
foreach ($this->rights as $key => $child) {
if (intval($child)) {
$child = $rbac->createPermission($key);
if (!$rbac->getPermission($key)) {
$rbac->add($child);
}
$rbac->addChild($role, $child);
}
}
}
}
}
} else {
if ($rbac->update($this->name, $role)) {
$rbac->removeChildren($role);
if ($this->rights) {
$this->rights = unserialize($this->rights);
if (is_array($this->rights) && count($this->rights)) {
foreach ($this->rights as $key => $child) {
if (intval($child)) {
$child = $rbac->createPermission($key);
if (!$rbac->getPermission($key)) {
$rbac->add($child);
}
$rbac->addChild($role, $child);
}
}
}
}
}
}
return parent::afterSave($insert, $changedAttributes);
}
/**
* Saves item.
*
* @return bool
*/
public function save()
{
if ($this->validate() == false) {
return false;
}
if ($isNewItem = $this->item === null) {
$this->item = $this->createItem($this->name);
} else {
$oldName = $this->item->name;
}
$this->item->name = $this->name;
$this->item->description = $this->description;
if (!empty($this->rule)) {
$rule = \Yii::createObject($this->rule);
if (null === $this->manager->getRule($rule->name)) {
$this->manager->add($rule);
}
$this->item->ruleName = $rule->name;
} else {
$this->item->ruleName = null;
}
$createdFlashMessage = '';
$updatedFlashMessage = '';
if ($this->item->type = Item::TYPE_PERMISSION) {
$createdFlashMessage = Yii::t('rbac', 'Permission has been created');
$updatedFlashMessage = Yii::t('rbac', 'Permission has been updated');
} else {
if ($this->item->type = Item::TYPE_ROLE) {
$createdFlashMessage = Yii::t('rbac', 'Role has been updated');
$updatedFlashMessage = Yii::t('rbac', 'Role has been updated');
}
}
if ($isNewItem) {
\Yii::$app->session->setFlash('success', $createdFlashMessage);
$this->manager->add($this->item);
} else {
\Yii::$app->session->setFlash('success', $updatedFlashMessage);
$this->manager->update($oldName, $this->item);
}
$this->manager->removeChildren($this->item);
if (is_array($this->children)) {
foreach ($this->children as $name) {
if ($this->item->type = Item::TYPE_PERMISSION) {
$child = $this->manager->getPermission($name);
} else {
if ($this->item->type = Item::TYPE_ROLE) {
$child = $this->manager->getRole($name);
}
}
if ($this->manager->hasChild($this->item, $child) == false) {
$this->manager->addChild($this->item, $child);
}
}
}
return true;
}
/**
* assign permissions to roles
*/
public function save()
{
$permissions = $this->permissions;
$auth = new DbManager();
$auth->init();
$role = $auth->getRole($this->role_name);
$auth->removeChildren($role);
foreach ($this->_permissions as $key => $value) {
if (isset($permissions[$key]) && is_array($permissions[$key])) {
foreach ($permissions[$key] as $v) {
if ($key == $value[$v]) {
$auth->addChild($role, $auth->getPermission($key));
} else {
$auth->addChild($role, $auth->getPermission($key . '_' . $value[$v]));
}
}
}
}
}
private function setDefault()
{
$userPermission = $this->createPermission('editUser', 'Изменение пользователей системы');
$rolePermission = $this->createPermission('editRole', 'Изменение ролей пользователей');
$adminRole = $this->createRole(Yii::$app->params['admin.role'], 'Администратор');
$this->authManager->addChild($adminRole, $userPermission);
$this->authManager->addChild($adminRole, $rolePermission);
$admin = User::findOne(['username' => Yii::$app->params['admin.name']]);
if (is_null($admin)) {
$admin = $this->createAdminUser();
}
$this->authManager->assign($adminRole, $admin->getPrimaryKey());
}
/**
* Helper for adding children to role or permission
*
* @param string $parentName
* @param array|string $childrenNames
* @param bool $throwException
*
* @throws \Exception
*/
public static function addChildren($parentName, $childrenNames, $throwException = false)
{
$parent = (object) ['name' => $parentName];
$childrenNames = (array) $childrenNames;
$dbManager = new DbManager();
foreach ($childrenNames as $childName) {
$child = (object) ['name' => $childName];
try {
$dbManager->addChild($parent, $child);
} catch (\Exception $e) {
if ($throwException) {
throw $e;
}
}
}
AuthHelper::invalidatePermissions();
}
/**
* Delete permission from a role.
* @param string $roleName role name.
* @param string $permName permission name.
*/
public function actionDelperm($roleName, $permName)
{
$role = $this->getRole($roleName);
$permissions = $this->_auth->getPermissionsByRole($roleName);
if (!isset($permissions[$permName])) {
$this->stderr("Role '{$roleName}' has not permission '{$permName}'.", Console::FG_RED);
return;
}
if (!($item = $this->_auth->getPermission($permName))) {
$this->stderr("Permission '{$permName}' cannot found by auth manager.", Console::FG_RED);
return;
}
$this->_auth->removeChild($role, $item);
$this->p('Permission "{perm}" removed from role "{role}"', ['perm' => $permName, 'role' => $role->name]);
// Transfer permissions to Administrator role.
if ($roleName != 'Administrator') {
$adminRole = $this->getRole('Administrator');
$permissions = $this->_auth->getPermissionsByRole($adminRole->name);
if (!isset($permissions[$permName])) {
$this->_auth->addChild($adminRole, $item);
$this->p('Permission "{perm}" transfer to Administrator.', ['perm' => $permName]);
}
}
}
/**
* @inheritdoc
*/
public function addChild($parent, $child)
{
$this->loadItems();
$this->loadChildren();
parent::addChild($parent, $child);
$this->_children[$parent->name][] = $child->name;
$this->invalidate(self::PART_CHILDREN);
return true;
}
/**
* Adds RBAC rules.
*/
public function add(DbManager $authManager)
{
$viewThread = $authManager->getPermission(self::PERM_VIEW_THREAD);
if (!$viewThread instanceof Permission) {
$viewThread = $authManager->createPermission(self::PERM_VIEW_THREAD);
$viewThread->description = 'View Podium thread';
$authManager->add($viewThread);
}
$viewForum = $authManager->getPermission(self::PERM_VIEW_FORUM);
if (!$viewForum instanceof Permission) {
$viewForum = $authManager->createPermission(self::PERM_VIEW_FORUM);
$viewForum->description = 'View Podium forum';
$authManager->add($viewForum);
}
$createThread = $authManager->getPermission(self::PERM_CREATE_THREAD);
if (!$createThread instanceof Permission) {
$createThread = $authManager->createPermission(self::PERM_CREATE_THREAD);
$createThread->description = 'Create Podium thread';
$authManager->add($createThread);
}
$createPost = $authManager->getPermission(self::PERM_CREATE_POST);
if (!$createPost instanceof Permission) {
$createPost = $authManager->createPermission(self::PERM_CREATE_POST);
$createPost->description = 'Create Podium post';
$authManager->add($createPost);
}
$moderatorRule = $authManager->getRule('isPodiumModerator');
if (!$moderatorRule instanceof ModeratorRule) {
$moderatorRule = new ModeratorRule();
$authManager->add($moderatorRule);
}
$updatePost = $authManager->getPermission(self::PERM_UPDATE_POST);
if (!$updatePost instanceof Permission) {
$updatePost = $authManager->createPermission(self::PERM_UPDATE_POST);
$updatePost->description = 'Update Podium post';
$updatePost->ruleName = $moderatorRule->name;
$authManager->add($updatePost);
}
$authorRule = $authManager->getRule('isPodiumAuthor');
if (!$authorRule instanceof AuthorRule) {
$authorRule = new AuthorRule();
$authManager->add($authorRule);
}
$updateOwnPost = $authManager->getPermission(self::PERM_UPDATE_OWN_POST);
if (!$updateOwnPost instanceof Permission) {
$updateOwnPost = $authManager->createPermission(self::PERM_UPDATE_OWN_POST);
$updateOwnPost->description = 'Update own Podium post';
$updateOwnPost->ruleName = $authorRule->name;
$authManager->add($updateOwnPost);
$authManager->addChild($updateOwnPost, $updatePost);
}
$deletePost = $authManager->getPermission(self::PERM_DELETE_POST);
if (!$deletePost instanceof Permission) {
$deletePost = $authManager->createPermission(self::PERM_DELETE_POST);
$deletePost->description = 'Delete Podium post';
$deletePost->ruleName = $moderatorRule->name;
$authManager->add($deletePost);
}
$deleteOwnPost = $authManager->getPermission(self::PERM_DELETE_OWN_POST);
if (!$deleteOwnPost instanceof Permission) {
$deleteOwnPost = $authManager->createPermission(self::PERM_DELETE_OWN_POST);
$deleteOwnPost->description = 'Delete own Podium post';
$deleteOwnPost->ruleName = $authorRule->name;
$authManager->add($deleteOwnPost);
$authManager->addChild($deleteOwnPost, $deletePost);
}
$user = $authManager->getRole(self::ROLE_USER);
if (!$user instanceof Role) {
$user = $authManager->createRole(self::ROLE_USER);
$authManager->add($user);
$authManager->addChild($user, $viewThread);
$authManager->addChild($user, $viewForum);
$authManager->addChild($user, $createThread);
$authManager->addChild($user, $createPost);
$authManager->addChild($user, $updateOwnPost);
$authManager->addChild($user, $deleteOwnPost);
}
$updateThread = $authManager->getPermission(self::PERM_UPDATE_THREAD);
if (!$updateThread instanceof Permission) {
$updateThread = $authManager->createPermission(self::PERM_UPDATE_THREAD);
$updateThread->description = 'Update Podium thread';
$updateThread->ruleName = $moderatorRule->name;
$authManager->add($updateThread);
}
$deleteThread = $authManager->getPermission(self::PERM_DELETE_THREAD);
if (!$deleteThread instanceof Permission) {
$deleteThread = $authManager->createPermission(self::PERM_DELETE_THREAD);
$deleteThread->description = 'Delete Podium thread';
$deleteThread->ruleName = $moderatorRule->name;
$authManager->add($deleteThread);
}
$pinThread = $authManager->getPermission(self::PERM_PIN_THREAD);
if (!$pinThread instanceof Permission) {
$pinThread = $authManager->createPermission(self::PERM_PIN_THREAD);
$pinThread->description = 'Pin Podium thread';
$pinThread->ruleName = $moderatorRule->name;
$authManager->add($pinThread);
}
$lockThread = $authManager->getPermission(self::PERM_LOCK_THREAD);
if (!$lockThread instanceof Permission) {
$lockThread = $authManager->createPermission(self::PERM_LOCK_THREAD);
$lockThread->description = 'Lock Podium thread';
$lockThread->ruleName = $moderatorRule->name;
$authManager->add($lockThread);
}
$moveThread = $authManager->getPermission(self::PERM_MOVE_THREAD);
if (!$moveThread instanceof Permission) {
$moveThread = $authManager->createPermission(self::PERM_MOVE_THREAD);
$moveThread->description = 'Move Podium thread';
$moveThread->ruleName = $moderatorRule->name;
$authManager->add($moveThread);
}
$movePost = $authManager->getPermission(self::PERM_MOVE_POST);
if (!$movePost instanceof Permission) {
$movePost = $authManager->createPermission(self::PERM_MOVE_POST);
$movePost->description = 'Move Podium post';
$movePost->ruleName = $moderatorRule->name;
$authManager->add($movePost);
}
$banUser = $authManager->getPermission(self::PERM_BAN_USER);
if (!$banUser instanceof Permission) {
$banUser = $authManager->createPermission(self::PERM_BAN_USER);
$banUser->description = 'Ban Podium user';
$authManager->add($banUser);
}
$moderator = $authManager->getRole(self::ROLE_MODERATOR);
if (!$moderator instanceof Role) {
$moderator = $authManager->createRole(self::ROLE_MODERATOR);
$authManager->add($moderator);
$authManager->addChild($moderator, $updatePost);
$authManager->addChild($moderator, $updateThread);
$authManager->addChild($moderator, $deletePost);
$authManager->addChild($moderator, $deleteThread);
$authManager->addChild($moderator, $pinThread);
$authManager->addChild($moderator, $lockThread);
$authManager->addChild($moderator, $moveThread);
$authManager->addChild($moderator, $movePost);
$authManager->addChild($moderator, $banUser);
$authManager->addChild($moderator, $user);
}
$deleteUser = $authManager->getPermission(self::PERM_DELETE_USER);
if (!$deleteUser instanceof Permission) {
$deleteUser = $authManager->createPermission(self::PERM_DELETE_USER);
$deleteUser->description = 'Delete Podium user';
$authManager->add($deleteUser);
}
$promoteUser = $authManager->getPermission(self::PERM_PROMOTE_USER);
if (!$promoteUser instanceof Permission) {
$promoteUser = $authManager->createPermission(self::PERM_PROMOTE_USER);
$promoteUser->description = 'Promote Podium user';
$authManager->add($promoteUser);
}
$createForum = $authManager->getPermission(self::PERM_CREATE_FORUM);
if (!$createForum instanceof Permission) {
$createForum = $authManager->createPermission(self::PERM_CREATE_FORUM);
$createForum->description = 'Create Podium forum';
$authManager->add($createForum);
}
$updateForum = $authManager->getPermission(self::PERM_UPDATE_FORUM);
if (!$updateForum instanceof Permission) {
$updateForum = $authManager->createPermission(self::PERM_UPDATE_FORUM);
$updateForum->description = 'Update Podium forum';
$authManager->add($updateForum);
}
$deleteForum = $authManager->getPermission(self::PERM_DELETE_FORUM);
if (!$deleteForum instanceof Permission) {
$deleteForum = $authManager->createPermission(self::PERM_DELETE_FORUM);
$deleteForum->description = 'Delete Podium forum';
$authManager->add($deleteForum);
}
$createCategory = $authManager->getPermission(self::PERM_CREATE_CATEGORY);
if (!$createCategory instanceof Permission) {
$createCategory = $authManager->createPermission(self::PERM_CREATE_CATEGORY);
$createCategory->description = 'Create Podium category';
$authManager->add($createCategory);
}
$updateCategory = $authManager->getPermission(self::PERM_UPDATE_CATEGORY);
if (!$updateCategory instanceof Permission) {
$updateCategory = $authManager->createPermission(self::PERM_UPDATE_CATEGORY);
$updateCategory->description = 'Update Podium category';
$authManager->add($updateCategory);
}
$deleteCategory = $authManager->getPermission(self::PERM_DELETE_CATEGORY);
if (!$deleteCategory instanceof Permission) {
$deleteCategory = $authManager->createPermission(self::PERM_DELETE_CATEGORY);
$deleteCategory->description = 'Delete Podium category';
$authManager->add($deleteCategory);
}
$settings = $authManager->getPermission(self::PERM_CHANGE_SETTINGS);
if (!$settings instanceof Permission) {
$settings = $authManager->createPermission(self::PERM_CHANGE_SETTINGS);
$settings->description = 'Change Podium settings';
$authManager->add($settings);
}
$admin = $authManager->getRole(self::ROLE_ADMIN);
if (!$admin instanceof Role) {
$admin = $authManager->createRole(self::ROLE_ADMIN);
$authManager->add($admin);
$authManager->addChild($admin, $deleteUser);
$authManager->addChild($admin, $promoteUser);
$authManager->addChild($admin, $createForum);
$authManager->addChild($admin, $updateForum);
$authManager->addChild($admin, $deleteForum);
$authManager->addChild($admin, $createCategory);
$authManager->addChild($admin, $updateCategory);
$authManager->addChild($admin, $deleteCategory);
$authManager->addChild($admin, $settings);
$authManager->addChild($admin, $moderator);
}
}
public function addChild($parent, $child)
{
return parent::addChild($parent, $child);
}
