Note that you must configure "authManager" application component in order to use this method.
Otherwise it will always return false.
| public can ( string $permissionName, array $params = [], boolean $allowCaching = true ) : boolean | ||
| $permissionName | string | the name of the permission (e.g. "edit post") that needs access check. |
| $params | array | name-value pairs that would be passed to the rules associated with the roles and permissions assigned to the user. |
| $allowCaching | boolean | whether to allow caching the result of access check. When this parameter is true (default), if the access check of an operation was performed before, its result will be directly returned when calling this method to check the same operation. If this parameter is false, this method will always call [[\yii\rbac\CheckAccessInterface::checkAccess()]] to obtain the up-to-date access result. Note that this caching is effective only within the same request and only works when `$params = []`. |
| Результат | boolean | whether the user can perform the operation as specified by the given permission. |
/**
* Проверка на возможность отображать элемент меню.
*
* @param array $item
* @return bool
*/
private function canShowMenuItem($item)
{
if (!isset($item['roles'])) {
return true;
}
foreach ($item['roles'] as $role) {
if ($this->user->can($role)) {
return true;
}
}
return false;
}
/**
* @return string
*/
public function run()
{
$li = [];
/**
* @var string $categoryName
* @var array $modules
*/
foreach ($this->itemsList as $categoryName => $modules) {
$li[] = Html::tag('li', $categoryName, ['class' => 'header']);
$hasAnyItem = false;
/** @var Module $module */
foreach ($modules as $module) {
$modulePermissionName = sprintf('access%s', ucfirst($module->name));
if ($this->user->can($modulePermissionName) == false) {
continue;
}
$hasAnyItem = true;
if ($controllers = $module->getAdminControllers()) {
$isActive = $this->moduleName == $module->name;
$aContent = [];
if (count($controllers) > 1) {
$aContent[] = Html::tag('i', '', ['class' => sprintf('fa fa-%s', $module->icon)]);
$aContent[] = Html::tag('span', $module->long_name);
$aContent[] = Html::tag('i', '', ['class' => 'fa fa-angle-left pull-right']);
$a = Html::tag('a', join("\n", $aContent), ['href' => '#']);
$optionsMain = $isActive ? ['class' => 'treeview active'] : ['class' => 'treeview'];
$li_2 = [];
foreach ($controllers as $controller) {
$isActive = $this->moduleName == $module->name && $this->controllerName == $controller;
$icon = Html::tag('i', '', ['class' => 'fa fa-circle-o']);
$aContent2 = sprintf('%s `%s.%s`', $icon, $module->name, $controller);
$a2 = Html::tag('a', $aContent2, ['href' => sprintf('/admin/%s/%s', $module->name, $controller)]);
$options = $isActive ? ['class' => 'active'] : [];
$li_2[] = Html::tag('li', $a2, $options);
}
$ul_2 = Html::ul($li_2, ['class' => 'treeview-menu', 'encode' => false]);
$li[] = Html::tag('li', $a . "\n" . $ul_2, $optionsMain);
} else {
$aContent[] = Html::tag('i', '', ['class' => sprintf('fa fa-%s', $module->icon)]);
$aContent[] = Html::tag('span', $module->long_name);
$a = Html::tag('a', join("\n", $aContent), ['href' => sprintf('/admin/%s', $module->name)]);
$options = $isActive ? ['class' => 'active'] : [];
$li[] = Html::tag('li', $a, $options);
}
}
}
if ($hasAnyItem == false) {
array_pop($li);
}
}
return Html::ul($li, ['class' => $this->defaultClassName, 'encode' => false]);
}
/**
* check the permission, if we rewrite and controller, the controller id and module id is not changed
* @param \yii\base\Action $action
* @param \yii\web\User $user
* @param \yii\web\Request $request
* @return bool
*/
public function matchActionAccess($action, $user, $request)
{
if ($user->getIsGuest()) {
return false;
}
/** @var \core\auth\Module $authModule */
$authModule = \Yii::$app->getModule('core_auth');
foreach ($authModule->getAdmins() as $key => $admin) {
if ($user->getIdentity()->username == $admin['username']) {
return true;
}
}
if ($action->controller->module instanceof Application) {
$key = 'default' . '_' . $action->controller->id . '_' . $action->id;
} else {
$key = $action->getUniqueId();
$key = explode('/', $key);
array_shift($key);
$key = implode('_', $key);
}
$key = lcfirst(implode('', array_map(function ($k) {
return ucfirst($k);
}, explode('-', $key))));
return $user->can($key, $this->params);
}
/**
* Checks if the user can perform the operation as specified by the given permission.
*
* Note that you must configure "authManager" application component in order to use this method.
* Otherwise an exception will be thrown.
*
* @param string $permissionName the name of the permission (e.g. "edit post") that needs access check.
* @param array $params name-value pairs that would be passed to the rules associated
* with the roles and permissions assigned to the user. A param with name 'user' is added to
* this array, which holds the value of [[id]].
* @param boolean $allowCaching whether to allow caching the result of access check.
* When this parameter is true (default), if the access check of an operation was performed
* before, its result will be directly returned when calling this method to check the same
* operation. If this parameter is false, this method will always call
* [[\yii\rbac\ManagerInterface::checkAccess()]] to obtain the up-to-date access result. Note that this
* caching is effective only within the same request and only works when `$params = []`.
* @return boolean whether the user can perform the operation as specified by the given permission.
* @SuppressWarnings(PHPMD.BooleanArgumentFlag)
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
if (!$this->getIsGuest() && $this->getIdentity()->isSuperUser()) {
return true;
}
return parent::can($permissionName, $params, $allowCaching);
}
/**
* @inheritdoc
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
// Always return true when SuperAdmin user
if ($this->getIsSuperAdmin()) {
return true;
}
return parent::can($permissionName, $params, $allowCaching);
}
public function checkAccess($operation, $params = [], $allowCaching = true)
{
// Always return true when SuperAdmin user
if ($this->getIsSuperAdmin()) {
return true;
}
return parent::can($operation, $params, $allowCaching);
}
/**
*
* 管理員就全給過
* @param type $permissionName
* @param type $params
* @param type $allowCaching
* @return boolean
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
//直接給所有權限
if ($this->identity->role == 1) {
return true;
}
return parent::can($permissionName, $params, $allowCaching);
}
public function can($permissionName, $params = [], $allowCaching = true)
{
if (!Yii::$app->user->isGuest) {
if ($this->isSuperuser()) {
return true;
}
}
return parent::can($permissionName, $params = [], $allowCaching = true);
}
/**
* Check if user can do $permissionName
*
* @param string $permissionName
* @param array $params
* @param bool $allowCaching
* @return bool
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
// check if we have an authmanager. if so, call the parent functionality
$auth = Yii::$app->getAuthManager();
if ($auth) {
return parent::can($permissionName, $params, $allowCaching);
}
// otherwise use our own custom permission via roles table
$user = $this->getIdentity();
return $user ? $user->can($permissionName) : false;
}
/**
* Performs access check for this user.
* @param string $operation the name of the operation that need access check.
* @param array $params name-value pairs that would be passed to business rules associated
* with the tasks and roles assigned to the user. A param with name 'userId' is added to
* this array, which holds the value of [[id]] when [[DbAuthManager]] or
* [[PhpAuthManager]] is used.
* @param boolean $allowCaching whether to allow caching the result of access check.
* When this parameter is true (default), if the access check of an operation was performed
* before, its result will be directly returned when calling this method to check the same
* operation. If this parameter is false, this method will always call
* [[AuthManager::can()]] to obtain the up-to-date access result. Note that this
* caching is effective only within the same request and only works when `$params = []`.
* @return boolean whether the operations can be performed by this user.
*/
public function can($operation, $params = [], $allowCaching = true)
{
//Check superadmin
if (!$this->isGuest) {
$module = Yii::$app->getModule('user');
if (in_array($this->identity->username, $module->superUsers)) {
return true;
}
}
return parent::can($operation, $params, $allowCaching);
}
/**
* Check if user can do $permissionName.
* If "authManager" component is set, this will simply use the default functionality.
* Otherwise, it will use our custom permission system
* @param string $permissionName
* @param array $params
* @param bool $allowCaching
* @return bool
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
// check for auth manager to call parent
$auth = Yii::$app->getAuthManager();
if ($auth) {
return parent::can($permissionName, $params, $allowCaching);
}
// otherwise use our own custom permission (via the role table)
/** @var \amnah\yii2\user\models\User $user */
$user = $this->getIdentity();
return $user ? $user->can($permissionName) : false;
}
/**
* Checks route permissions.
*
* Splits `permissionName` by underscore and match parts against more global rule
* eg. a permission `app_site` will match, `app_site_foo`
*
* @param $permissionName
* @param $params
* @param $allowCaching
*
* @return bool
*/
private function checkAccessRoute($permissionName, $params, $allowCaching)
{
$route = explode('_', $permissionName);
$routePermission = '';
foreach ($route as $part) {
$routePermission .= $part;
if (\Yii::$app->user->id) {
$canRoute = parent::can($routePermission, $params, $allowCaching);
} else {
$canRoute = $this->canGuest($routePermission, $params, $allowCaching);
}
if ($canRoute) {
return true;
}
$routePermission .= '_';
}
return false;
}
/**
* check the permission, if we rewrite and controller, the controller id and module id is not changed
* @param \yii\base\Action $action
* @param \yii\web\User $user
* @param \yii\web\Request $request
* @return bool
*/
public function matchActionAccess($action, $user, $request)
{
if ($this->isAdmin()) {
return true;
}
if ($action->controller instanceof Controller) {
$key = get_class($action->controller) . '_' . $action->id;
$keys = explode('-', $key);
$keys = array_map(function ($v) {
return ucfirst($v);
}, $keys);
$key = implode($keys);
if (\Yii::$app->authManager->getPermission($key)) {
return $user->can($key, $this->params);
} else {
return true;
}
}
}
/**
* @param array $row
* @param SecureActiveQueryInterface $query
* @param User $user
* @return User
* @throws \LogicException
* @SuppressWarnings(PHPMD.ElseExpression)
*/
protected function checkAccess(array $row, SecureActiveQueryInterface $query, User $user)
{
$identifier = ($identity = $user->getIdentity()) ? $identity->username : 0;
Yii::trace("Checking access to row data for user '{$identifier}'" . PHP_EOL . VarDumper::dumpAsString($row), __METHOD__);
$secureItemField = $query->getSecureItemAttribute();
if (!isset($row[$secureItemField])) {
throw new \LogicException("Row from database should contain secure item field '{$secureItemField}'");
}
$permission = $row[$secureItemField];
if (!is_null($identity) && $identity->isAdmin) {
$result = true;
} else {
$result = $user->can($permission);
}
Yii::getLogger()->log(($result ? 'Access granted' : 'Access denied') . " for user '{$identifier}' (" . $permission . ')', $result ? Logger::LEVEL_INFO : Logger::LEVEL_WARNING, __METHOD__);
return $result;
}
public function can($permissionName, $params = [], $allowCaching = true)
{
return $this->getIsAdmin() ? true : parent::can($permissionName, $params, $allowCaching);
}
/**
* @inheritdoc
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
return $this->isSuperAdmin() || $this->isGuestCan($permissionName) || parent::can($permissionName, $params, $allowCaching);
}
/**
* @param string $permissionName
* @param array $params
* @param bool|true $allowCaching
* @return bool
*/
public function can($permissionName, $params = [], $allowCaching = true)
{
if (!Yii::$app->user->isGuest) {
return parent::can($permissionName, $params, $allowCaching);
}
}
/**
* @param User $user the user object
* @return boolean whether the rule applies to the role
*/
protected function matchRole($user)
{
if (empty($this->roles)) {
return true;
}
foreach ($this->roles as $role) {
if ($role === '?') {
if ($user->getIsGuest()) {
return true;
}
} elseif ($role === '@') {
if (!$user->getIsGuest()) {
return true;
}
} elseif ($user->can($role)) {
return true;
}
}
return false;
}
/**
* Returns true if $user can edit secure options for concrete entity ($owner).
* @param User $user
* @return bool
*/
public function checkSecureAccess(User $user)
{
Yii::trace("Checking secure access to '{$this->owner->className()}'" . PHP_EOL . 'Identifier: ' . VarDumper::dumpAsString($this->owner->getPrimaryKey(true)) . PHP_EOL . "User: {$user->getId()}", __METHOD__);
if (($identity = $user->getIdentity()) && $identity->isAdmin) {
return true;
}
if (empty($this->secureRoles)) {
return false;
}
foreach ($this->secureRoles as $item) {
if (!$user->can($item)) {
return false;
}
}
return true;
}
