public function actionUpdatechild()
{
$item = Yii::$app->request->get('item');
if (empty($item)) {
return $this->redirect(['backend/rbac/item']);
}
if (Yii::$app->request->post()) {
// Delete all child of $item
LetAuthItemChild::deleteChild($item);
$auth = Yii::$app->authManager;
$itemObject = $auth->getRole($item);
$roles = Yii::$app->request->post('role');
$permissions = Yii::$app->request->post('permission');
if (!empty($roles)) {
foreach ($roles as $role) {
$roleObject = $auth->getRole($role);
$auth->addChild($itemObject, $roleObject);
}
}
if (!empty($permissions)) {
foreach ($permissions as $permission) {
$permissionObject = $auth->getPermission($permission);
$auth->addChild($itemObject, $permissionObject);
}
}
}
// Get items enable and child list
$assign['itemsRole'] = ArrayHelper::map(LetAuthItem::assignEnable($item, LetAuthItem::TYPE_ROLE), 'name', 'name');
$assign['itemsPermission'] = ArrayHelper::map(LetAuthItem::assignEnable($item, LetAuthItem::TYPE_PERMISSION), 'name', 'name');
$assign['child'] = LetAuthItemChild::getChild($item);
return $this->render('updatechild', $assign);
}
public function actionSetuprbac()
{
$permissions = [$this->module->id . ':view', $this->module->id . ':create', $this->module->id . ':update', $this->module->id . ':updateOwn', $this->module->id . ':delete', $this->module->id . ':deleteOwn'];
\app\modules\member\models\LetAuthItem::deleteAll(['in', 'name', $permissions]);
\app\modules\member\models\LetAuthItemChild::deleteAll(['in', 'child', $permissions]);
$auth = Yii::$app->authManager;
// Rule
$rule = $auth->getRule('isAuthor');
if (empty($rule)) {
$rule = new \app\rbac\AuthorRule();
$auth->add($rule);
}
// Permission
$admin = $auth->getRole('admin');
$member = $auth->getRole('member');
foreach ($permissions as $permission) {
$create = $auth->createPermission($permission);
if ($permission == $this->module->id . ':create') {
$auth->add($create);
$auth->addChild($member, $create);
} elseif ($permission == $this->module->id . ':updateOwn' or $permission == $this->module->id . ':deleteOwn') {
$create->ruleName = $rule->name;
$auth->add($create);
$auth->addChild($member, $create);
} else {
$auth->add($create);
}
$auth->addChild($admin, $create);
unset($create);
}
$updateOwn = $auth->getPermission($this->module->id . ':updateOwn');
$update = $auth->getPermission($this->module->id . ':update');
$auth->addChild($updateOwn, $update);
}
public static function assignEnable($item, $type = NULL)
{
$ignoreItems = LetAuthItemChild::getAncestors([$item]);
$ignoreItems[] = $item;
$listItems = self::find()->select(['name', 'type'])->where(['not in', 'name', $ignoreItems]);
if (!empty($type)) {
$listItems = $listItems->andWhere('type = :type', [':type' => $type]);
}
$listItems = $listItems->orderBy('type ASC')->asArray()->all();
return $listItems;
}
