/**
  * Retrieve administration informations if the token is valid.
  *
  * @param string $token The sha1 encrypted access token.
  * @throws luya\Exception If invalid token.
  * @return array
  */
 public function actionIndex($token)
 {
     if (empty(Yii::$app->remoteToken) || sha1(Yii::$app->remoteToken) !== $token) {
         throw new Exception('The provided remote token is wrong.');
     }
     return ['yii_version' => Yii::getVersion(), 'luya_version' => Boot::VERSION, 'app_title' => Yii::$app->siteTitle, 'app_debug' => (int) YII_DEBUG, 'app_env' => YII_ENV, 'app_transfer_exceptions' => (int) Yii::$app->errorHandler->transferException, 'admin_online_count' => UserOnline::getCount(), 'app_elapsed_time' => Yii::getLogger()->getElapsedTime()];
 }
 /**
  * The timestamp action provider informations about currenct only users and if the ui needs to be refreshed.
  *
  * @return array
  */
 public function actionIndex()
 {
     // clear user online list
     UserOnline::clearList();
     // return users, verify force reload.
     return ['useronline' => UserOnline::getList(), 'forceReload' => Yii::$app->adminuser->identity->force_reload];
 }
 public function checkAccess($action, $model = null, $params = [])
 {
     switch ($action) {
         case 'index':
         case 'view':
             $type = false;
             break;
         case 'create':
             $type = Auth::CAN_CREATE;
             break;
         case 'update':
             $type = Auth::CAN_UPDATE;
             break;
         case 'delete':
             $type = Auth::CAN_DELETE;
             break;
         default:
             throw new ForbiddenHttpException("Invalid RESPI Api action call.");
             break;
     }
     UserOnline::refreshUser($this->userAuthClass()->getIdentity()->id, $this->id);
     if (!Yii::$app->auth->matchApi($this->userAuthClass()->getIdentity()->id, $this->id, $type)) {
         throw new ForbiddenHttpException('you are unable to access this controller due to access restrictions.');
     }
 }
示例#4
0
 /**
  * Returns the rules for the AccessControl filter behavior.
  *
  * The rules are applied as following:
  *
  * + Must be logged in.
  * + Apply to all actions.
  * + Ignore if disabledPermissionCheck is enabled.
  * + Check permission with `\admin\components\Auth::matchRoute()`.
  * + By default not logged in users.
  *
  * @return array Rule-Definitions
  * @see yii\filters\AccessControl
  */
 public function getRules()
 {
     return [['allow' => true, 'actions' => [], 'roles' => ['@'], 'matchCallback' => function ($rule, $action) {
         if (!Yii::$app->adminuser->isGuest) {
             Yii::$app->luyaLanguage = Yii::$app->adminuser->identity->setting->get('luyadminlanguage', Yii::$app->luyaLanguage);
         }
         // see if a controller property has been defined to disabled the permission checks
         if ($action->controller->disablePermissionCheck) {
             return true;
         }
         // get the route based on the current $action object
         $route = implode('/', [$action->controller->module->id, $action->controller->id, $action->id]);
         UserOnline::refreshUser(Yii::$app->adminuser->getId(), $route);
         // check the access inside auth->matchRoute and return true/false.
         return Yii::$app->auth->matchRoute(Yii::$app->adminuser->getId(), $route);
     }]];
 }
示例#5
0
 public function login()
 {
     if ($this->validate()) {
         $user = $this->getUser();
         $user->detachBehavior('LogBehavior');
         $user->scenario = 'login';
         $user->force_reload = 0;
         $user->auth_token = Yii::$app->security->hashData(Yii::$app->security->generateRandomString(), $user->password_salt);
         $user->save();
         $login = new UserLogin();
         $login->setAttributes(['auth_token' => $user->auth_token, 'user_id' => $user->id]);
         $login->insert();
         UserOnline::refreshUser($user->id, 'login');
         return $user;
     } else {
         return false;
     }
 }
示例#6
0
 public function onBeforeLogout()
 {
     UserOnline::removeUser($this->getId());
 }