/** * Hide link if user hasn't access to it * * @inheritdoc */ public static function a($text, $url = null, $options = []) { if (in_array($url, [null, '', '#'])) { return parent::a($text, $url, $options); } return User::canRoute($url) ? parent::a($text, $url, $options) : ''; }
/** * Check if user has access to current route * * @param Action $action the action to be executed. * * @return boolean whether the action should continue to be executed. */ public function beforeAction($action) { if ($action->id == 'captcha') { return true; } $route = '/' . $action->uniqueId; if (Route::isFreeAccess($route, $action)) { return true; } if (Yii::$app->user->isGuest) { $this->denyAccess(); } // If user has been deleted, then destroy session and redirect to home page if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) { Yii::$app->getSession()->destroy(); $this->denyAccess(); } // Superadmin owns everyone if (Yii::$app->user->isSuperadmin) { return true; } if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) { Yii::$app->user->logout(); Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl()); } if (User::canRoute($route)) { $modelId = Yii::$app->getRequest()->getQueryParam('id'); $modelClass = isset($this->owner->modelClass) ? $this->owner->modelClass : null; //Check access for owners if ($modelClass && YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()) && $modelId) { $model = $modelClass::findOne(['id' => $modelId]); if ($model && Yii::$app->user->identity->id == $model->{$modelClass::getOwnerField()}) { return true; } } else { return true; } } if (isset($this->denyCallback)) { call_user_func($this->denyCallback, null, $action); } else { $this->denyAccess(); } return false; }
/** * @param array $items * * @return bool */ protected function ensureVisibility(&$items) { $allVisible = false; foreach ($items as &$item) { if (isset($item['url']) and !in_array($item['url'], ['', '#']) and !isset($item['visible'])) { $item['visible'] = User::canRoute($item['url']); } if (isset($item['items'])) { // If not children are visible - make invisible this node if (!$this->ensureVisibility($item['items']) and !isset($item['visible'])) { $item['visible'] = false; } } if (isset($item['label']) and (!isset($item['visible']) or $item['visible'] === true)) { $allVisible = true; } } return $allVisible; }