/** * * @param type $role * @param type $user */ public function actionAssign($roleName, $userName) { $exitCode = 0; $this->outputItem("Searching for", $roleName, "Role in database"); $role = $this->_authManager->getRole($roleName); if (isset($role)) { $this->stdout('OK', Console::FG_GREEN); } else { $this->stdout('FAILED', Console::FG_RED, Console::BOLD); $exitCode = 1; } $this->outputItem("\nSearching for", $userName, "User Account in database"); $identityClass = \Yii::$app->user->identityClass; $user = $identityClass::findByUsername($userName); if (isset($user)) { $this->stdout('OK', Console::FG_GREEN); } else { $this->stdout('FAILED', Console::FG_RED); return 2; } $this->stdout('Linking: '); if ($this->_authManager->assign($role, $user->id)) { $this->stdout('OK', Console::FG_GREEN); } else { $this->stdout('FAILED', Console::FG_RED); } $this->stdout("\n"); return 0; }
/** * Get role by its name. * @param string $name * @return Role * @throws InvalidArgumentException when role not found. */ protected function getRole($name) { $role = $this->_auth->getRole($name); if (!$role) { throw new InvalidArgumentException('Role "' . $name . '" not found.'); } return $role; }
/** * Saves item. * * @return bool */ public function save() { if ($this->validate() == false) { return false; } if ($isNewItem = $this->item === null) { $this->item = $this->createItem($this->name); } else { $oldName = $this->item->name; } $this->item->name = $this->name; $this->item->description = $this->description; if (!empty($this->rule)) { $rule = \Yii::createObject($this->rule); if (null === $this->manager->getRule($rule->name)) { $this->manager->add($rule); } $this->item->ruleName = $rule->name; } else { $this->item->ruleName = null; } $createdFlashMessage = ''; $updatedFlashMessage = ''; if ($this->item->type = Item::TYPE_PERMISSION) { $createdFlashMessage = Yii::t('rbac', 'Permission has been created'); $updatedFlashMessage = Yii::t('rbac', 'Permission has been updated'); } else { if ($this->item->type = Item::TYPE_ROLE) { $createdFlashMessage = Yii::t('rbac', 'Role has been updated'); $updatedFlashMessage = Yii::t('rbac', 'Role has been updated'); } } if ($isNewItem) { \Yii::$app->session->setFlash('success', $createdFlashMessage); $this->manager->add($this->item); } else { \Yii::$app->session->setFlash('success', $updatedFlashMessage); $this->manager->update($oldName, $this->item); } $this->manager->removeChildren($this->item); if (is_array($this->children)) { foreach ($this->children as $name) { if ($this->item->type = Item::TYPE_PERMISSION) { $child = $this->manager->getPermission($name); } else { if ($this->item->type = Item::TYPE_ROLE) { $child = $this->manager->getRole($name); } } if ($this->manager->hasChild($this->item, $child) == false) { $this->manager->addChild($this->item, $child); } } } return true; }
private function getPermission($permissionName) { $this->outputItem("Searching for", $permissionName, "Role in database"); $permission = $this->_authManager->getRole($permissionName); if (isset($permission)) { $this->stdout('OK', Console::FG_GREEN); } else { $this->stdout('FAILED', Console::FG_RED, Console::BOLD); } return $permission; }
/** * Find role by name and throws NotFoundHttpException if it not exists. * * @param string $id * @return Role * @throws NotFoundHttpException */ protected function findRole($id) { $role = is_string($id) ? $this->authManager->getRole($id) : null; if (!$role instanceof Role) { throw new NotFoundHttpException(); } else { if ($role->name == 'admin') { // can't remove or update admin role throw new ForbiddenHttpException(Yii::t('user', "You can't update or delete administrative role")); } } return $role; }
/** * the register customer will be added 'customer' role */ public static function frontendRegister() { Event::on(User::className(), User::USER_REGISTER_DONE, function ($event) { /** @var \yii\base\ModelEvent $event */ $user = $event->sender; $auth = new DbManager(); $auth->init(); $role = $auth->getRole('Customer'); if (!$role) { $role = $auth->createRole('Customer'); $auth->add($role); } $auth->assign($role, $user->id); }); }
public function afterSave($insert, $changedAttributes) { parent::afterSave($insert, $changedAttributes); if (!\Yii::$app instanceof ConsoleApplication) { if ($this->scenario == 'update' || $this->scenario == 'create') { $auth = new DbManager(); $auth->init(); $name = $this->role ? $this->role : self::ROLE_DEFAULT; $role = $auth->getRole($name); if (!$insert) { $auth->revokeAll($this->id); } $auth->assign($role, $this->id); } } }
/** * assign permissions to roles */ public function save() { $permissions = $this->permissions; $auth = new DbManager(); $auth->init(); $role = $auth->getRole($this->role_name); $auth->removeChildren($role); foreach ($this->_permissions as $key => $value) { if (isset($permissions[$key]) && is_array($permissions[$key])) { foreach ($permissions[$key] as $v) { if ($key == $value[$v]) { $auth->addChild($role, $auth->getPermission($key)); } else { $auth->addChild($role, $auth->getPermission($key . '_' . $value[$v])); } } } } }
/** * Remove admin role for user * after that set member role for user * @param $id: user id from user table * @return redirect to admin/index page */ public function actionRemoverole($id) { $r = new DbManager(); $r->init(); if ($id > 0) { // remove admin role for this user $admin = $r->getRole('admin'); $r->revoke($admin, $id); // get member role to add to this user $member = $r->getRole('member'); $r->assign($member, $id); // update user table $this->updateUser($id, BUser::getAuthName('ROLE_MEMBER')); Yii::$app->getSession()->setFlash('user.success', Yii::t('user', 'User has been updated')); } else { Yii::$app->getSession()->setFlash('user.success', Yii::t('error', 'Sorry there is something wrong!')); } return $this->redirect(['index']); }
/** * Удаляет роль, привилегию или правило из системы * @param $type * @param $name * @return int * @throws ErrorException */ public function actionDelete($type, $name) { $item = null; switch ($type) { case self::TYPE_ROLE: $item = $this->authManager->getRole($name); break; case self::TYPE_PERMISSION: $item = $this->authManager->getPermission($name); break; case self::TYPE_RULE: $item = $this->authManager->getRule($name); break; default: throw new InvalidParamException(self::invalidTypeMessage()); break; } if (is_null($item)) { throw new ErrorException("{$type} '{$name}' не найдена."); } $this->authManager->remove($item); return Controller::EXIT_CODE_NORMAL; }
/** * Adds RBAC rules. */ public function add(DbManager $authManager) { $viewThread = $authManager->getPermission(self::PERM_VIEW_THREAD); if (!$viewThread instanceof Permission) { $viewThread = $authManager->createPermission(self::PERM_VIEW_THREAD); $viewThread->description = 'View Podium thread'; $authManager->add($viewThread); } $viewForum = $authManager->getPermission(self::PERM_VIEW_FORUM); if (!$viewForum instanceof Permission) { $viewForum = $authManager->createPermission(self::PERM_VIEW_FORUM); $viewForum->description = 'View Podium forum'; $authManager->add($viewForum); } $createThread = $authManager->getPermission(self::PERM_CREATE_THREAD); if (!$createThread instanceof Permission) { $createThread = $authManager->createPermission(self::PERM_CREATE_THREAD); $createThread->description = 'Create Podium thread'; $authManager->add($createThread); } $createPost = $authManager->getPermission(self::PERM_CREATE_POST); if (!$createPost instanceof Permission) { $createPost = $authManager->createPermission(self::PERM_CREATE_POST); $createPost->description = 'Create Podium post'; $authManager->add($createPost); } $moderatorRule = $authManager->getRule('isPodiumModerator'); if (!$moderatorRule instanceof ModeratorRule) { $moderatorRule = new ModeratorRule(); $authManager->add($moderatorRule); } $updatePost = $authManager->getPermission(self::PERM_UPDATE_POST); if (!$updatePost instanceof Permission) { $updatePost = $authManager->createPermission(self::PERM_UPDATE_POST); $updatePost->description = 'Update Podium post'; $updatePost->ruleName = $moderatorRule->name; $authManager->add($updatePost); } $authorRule = $authManager->getRule('isPodiumAuthor'); if (!$authorRule instanceof AuthorRule) { $authorRule = new AuthorRule(); $authManager->add($authorRule); } $updateOwnPost = $authManager->getPermission(self::PERM_UPDATE_OWN_POST); if (!$updateOwnPost instanceof Permission) { $updateOwnPost = $authManager->createPermission(self::PERM_UPDATE_OWN_POST); $updateOwnPost->description = 'Update own Podium post'; $updateOwnPost->ruleName = $authorRule->name; $authManager->add($updateOwnPost); $authManager->addChild($updateOwnPost, $updatePost); } $deletePost = $authManager->getPermission(self::PERM_DELETE_POST); if (!$deletePost instanceof Permission) { $deletePost = $authManager->createPermission(self::PERM_DELETE_POST); $deletePost->description = 'Delete Podium post'; $deletePost->ruleName = $moderatorRule->name; $authManager->add($deletePost); } $deleteOwnPost = $authManager->getPermission(self::PERM_DELETE_OWN_POST); if (!$deleteOwnPost instanceof Permission) { $deleteOwnPost = $authManager->createPermission(self::PERM_DELETE_OWN_POST); $deleteOwnPost->description = 'Delete own Podium post'; $deleteOwnPost->ruleName = $authorRule->name; $authManager->add($deleteOwnPost); $authManager->addChild($deleteOwnPost, $deletePost); } $user = $authManager->getRole(self::ROLE_USER); if (!$user instanceof Role) { $user = $authManager->createRole(self::ROLE_USER); $authManager->add($user); $authManager->addChild($user, $viewThread); $authManager->addChild($user, $viewForum); $authManager->addChild($user, $createThread); $authManager->addChild($user, $createPost); $authManager->addChild($user, $updateOwnPost); $authManager->addChild($user, $deleteOwnPost); } $updateThread = $authManager->getPermission(self::PERM_UPDATE_THREAD); if (!$updateThread instanceof Permission) { $updateThread = $authManager->createPermission(self::PERM_UPDATE_THREAD); $updateThread->description = 'Update Podium thread'; $updateThread->ruleName = $moderatorRule->name; $authManager->add($updateThread); } $deleteThread = $authManager->getPermission(self::PERM_DELETE_THREAD); if (!$deleteThread instanceof Permission) { $deleteThread = $authManager->createPermission(self::PERM_DELETE_THREAD); $deleteThread->description = 'Delete Podium thread'; $deleteThread->ruleName = $moderatorRule->name; $authManager->add($deleteThread); } $pinThread = $authManager->getPermission(self::PERM_PIN_THREAD); if (!$pinThread instanceof Permission) { $pinThread = $authManager->createPermission(self::PERM_PIN_THREAD); $pinThread->description = 'Pin Podium thread'; $pinThread->ruleName = $moderatorRule->name; $authManager->add($pinThread); } $lockThread = $authManager->getPermission(self::PERM_LOCK_THREAD); if (!$lockThread instanceof Permission) { $lockThread = $authManager->createPermission(self::PERM_LOCK_THREAD); $lockThread->description = 'Lock Podium thread'; $lockThread->ruleName = $moderatorRule->name; $authManager->add($lockThread); } $moveThread = $authManager->getPermission(self::PERM_MOVE_THREAD); if (!$moveThread instanceof Permission) { $moveThread = $authManager->createPermission(self::PERM_MOVE_THREAD); $moveThread->description = 'Move Podium thread'; $moveThread->ruleName = $moderatorRule->name; $authManager->add($moveThread); } $movePost = $authManager->getPermission(self::PERM_MOVE_POST); if (!$movePost instanceof Permission) { $movePost = $authManager->createPermission(self::PERM_MOVE_POST); $movePost->description = 'Move Podium post'; $movePost->ruleName = $moderatorRule->name; $authManager->add($movePost); } $banUser = $authManager->getPermission(self::PERM_BAN_USER); if (!$banUser instanceof Permission) { $banUser = $authManager->createPermission(self::PERM_BAN_USER); $banUser->description = 'Ban Podium user'; $authManager->add($banUser); } $moderator = $authManager->getRole(self::ROLE_MODERATOR); if (!$moderator instanceof Role) { $moderator = $authManager->createRole(self::ROLE_MODERATOR); $authManager->add($moderator); $authManager->addChild($moderator, $updatePost); $authManager->addChild($moderator, $updateThread); $authManager->addChild($moderator, $deletePost); $authManager->addChild($moderator, $deleteThread); $authManager->addChild($moderator, $pinThread); $authManager->addChild($moderator, $lockThread); $authManager->addChild($moderator, $moveThread); $authManager->addChild($moderator, $movePost); $authManager->addChild($moderator, $banUser); $authManager->addChild($moderator, $user); } $deleteUser = $authManager->getPermission(self::PERM_DELETE_USER); if (!$deleteUser instanceof Permission) { $deleteUser = $authManager->createPermission(self::PERM_DELETE_USER); $deleteUser->description = 'Delete Podium user'; $authManager->add($deleteUser); } $promoteUser = $authManager->getPermission(self::PERM_PROMOTE_USER); if (!$promoteUser instanceof Permission) { $promoteUser = $authManager->createPermission(self::PERM_PROMOTE_USER); $promoteUser->description = 'Promote Podium user'; $authManager->add($promoteUser); } $createForum = $authManager->getPermission(self::PERM_CREATE_FORUM); if (!$createForum instanceof Permission) { $createForum = $authManager->createPermission(self::PERM_CREATE_FORUM); $createForum->description = 'Create Podium forum'; $authManager->add($createForum); } $updateForum = $authManager->getPermission(self::PERM_UPDATE_FORUM); if (!$updateForum instanceof Permission) { $updateForum = $authManager->createPermission(self::PERM_UPDATE_FORUM); $updateForum->description = 'Update Podium forum'; $authManager->add($updateForum); } $deleteForum = $authManager->getPermission(self::PERM_DELETE_FORUM); if (!$deleteForum instanceof Permission) { $deleteForum = $authManager->createPermission(self::PERM_DELETE_FORUM); $deleteForum->description = 'Delete Podium forum'; $authManager->add($deleteForum); } $createCategory = $authManager->getPermission(self::PERM_CREATE_CATEGORY); if (!$createCategory instanceof Permission) { $createCategory = $authManager->createPermission(self::PERM_CREATE_CATEGORY); $createCategory->description = 'Create Podium category'; $authManager->add($createCategory); } $updateCategory = $authManager->getPermission(self::PERM_UPDATE_CATEGORY); if (!$updateCategory instanceof Permission) { $updateCategory = $authManager->createPermission(self::PERM_UPDATE_CATEGORY); $updateCategory->description = 'Update Podium category'; $authManager->add($updateCategory); } $deleteCategory = $authManager->getPermission(self::PERM_DELETE_CATEGORY); if (!$deleteCategory instanceof Permission) { $deleteCategory = $authManager->createPermission(self::PERM_DELETE_CATEGORY); $deleteCategory->description = 'Delete Podium category'; $authManager->add($deleteCategory); } $settings = $authManager->getPermission(self::PERM_CHANGE_SETTINGS); if (!$settings instanceof Permission) { $settings = $authManager->createPermission(self::PERM_CHANGE_SETTINGS); $settings->description = 'Change Podium settings'; $authManager->add($settings); } $admin = $authManager->getRole(self::ROLE_ADMIN); if (!$admin instanceof Role) { $admin = $authManager->createRole(self::ROLE_ADMIN); $authManager->add($admin); $authManager->addChild($admin, $deleteUser); $authManager->addChild($admin, $promoteUser); $authManager->addChild($admin, $createForum); $authManager->addChild($admin, $updateForum); $authManager->addChild($admin, $deleteForum); $authManager->addChild($admin, $createCategory); $authManager->addChild($admin, $updateCategory); $authManager->addChild($admin, $deleteCategory); $authManager->addChild($admin, $settings); $authManager->addChild($admin, $moderator); } }