public function testCheckFakePermission() { $config = Yii::getAlias('@app/tests/_data/rbac/permissions.php'); $auth = Yii::$app->authManager; $permission = $auth->createPermission('test'); $auth->add($permission); expect_that($auth->getPermission('test')); $command = new RbacController('test', 'test'); $command->path = $config; $command->beforeAction('test'); $command->actionUp(); expect_not($auth->getPermission('test')); }
public function execute($user, $item, $params) { /**@var Users $current_user */ $current_user = Yii::$app->user->identity; if (!Yii::$app->user->isGuest) { $role = $current_user->role; if (isset(RbacController::getRoleHierarchy()[$item->name]) || array_key_exists($item->name, RbacController::getRoleHierarchy())) { return RbacController::generateRoleCondition($item->name, $role); } } return false; }
public static function generateRoleCondition($role, $checking_role) { $parent_role = isset(RbacController::getRoleHierarchy()[$role]) || array_key_exists($role, RbacController::getRoleHierarchy()) ? RbacController::getRoleHierarchy()[$role] : null; if (!is_null($parent_role)) { if (is_array($parent_role)) { $condition = false; foreach ($parent_role as $c_parent_role) { $condition = $condition || self::generateRoleCondition($c_parent_role, $checking_role); $condition = $condition || $role == $checking_role; } } else { $condition = self::generateRoleCondition($parent_role, $checking_role); $condition = $condition || $role == $checking_role; } } else { $condition = $role == $checking_role; } return $condition; }
public function getEditableRoles($user_id = null) { $editable_roles = RbacController::getEditableRoles(); if (isset($editable_roles[$this->role])) { array_walk($editable_roles[$this->role], function (&$value, $key) { $value = isset(self::roles()[$key]) ? self::roles()[$key] : $value; }); } if (isset($editable_roles[$this->role])) { if ($user_id !== null && $user_id === $this->id) { $editable_roles[$this->role][$this->role] = $this->getCurrentRole(); } } return isset($editable_roles[$this->role]) ? $editable_roles[$this->role] : []; }