/** * Performs access check for the specified group. * * @param AccessRole $item the item to be checked against. * @param IPluggableUserGroup $group the concerned group. * @param unknown $askForPrivilegeElevation whether we should check for * privilege elevation if the group has access * @param array $params additional params that may be used into the business * rule execution. * @param AccessGroupAssignment[] $assignments the assignments to the specified group * @return boolean true if the access should be granted, false if it should be denied */ protected function checkGroupAccessRecursive(AccessRole $item, IPluggableUserGroup $group, $askForPrivilegeElevation, array $params = array(), array $assignments = array()) { Yii::trace('Checking permission "' . $item->getRoleName() . '" for group "' . $group->getName() . '"', 'access.manager.auth'); if (isset($params['groupId'])) { $params['groupId'] = $group->getId(); } if ($this->executeBizRule($item->getBusinessRule(), $params, $item->getData())) { if (in_array($item->getRoleName(), $this->defaultRoles)) { return $this->checkRingLevel($item, $askForPrivilegeElevation); } foreach ($assignments as $assignment) { if ($assignment->access_role_id === $item->access_role_id) { if ($this->executeBizRule($assignment->getBusinessRule(), $params, $assignment->getData())) { return $this->checkRingLevel($item, $askForPrivilegeElevation); } } } foreach ($item->higherAccessRoles as $parent) { if ($this->checkGroupAccessRecursive($parent, $group, $askForPrivilegeElevation, $params, $assignments)) { return $this->checkRingLevel($item, $askForPrivilegeElevation); } } } return false; }