/**
* @param $action
* @param $model
* @param $key
* @param $index
* @return bool
*/
public function checkAccess($action, $model, $key, $index)
{
$params = is_array($key) ? $key : ['id' => (string) $key];
$params[0] = $this->controller ? $this->controller . '/' . $action : $action;
if (!isset($this->_checkAccessCache[$params[0]])) {
$operation = Rbac::routeToOperation(RouteNormalizer::normalizeRoute($params[0]));
$this->_checkAccessCache[$params[0]] = Yii::$app->user->can($operation);
}
return $this->_checkAccessCache[$params[0]];
}
/**
* Generates correct auth item name event for long strings
* @param $authItem
* @return string
* @deprecated Use [[\yz\admin\helpers\Rbac::authItemName]]
*/
public static function authItemName($authItem)
{
return Rbac::authItemName($authItem);
}
protected function checkAccessByRoute($route)
{
static $_routes = [];
if (isset($_routes[$route])) {
return $_routes[$route];
}
$operation = Rbac::routeToOperation($route);
if ($operation === null) {
return true;
}
return $_routes[$route] = Yii::$app->user->can($operation);
}
/**
* Returns the list of the backend operations that are allowed to be permitted to the user.
* By default list is auto-discovered as all actions of controllers that are children of BackendController.
* List has the following form:
* ~~~
* [
* 'authItemName' => ['Description', type, ['children1', 'children2, ...]],
* ]
* ~~~
* @returns array
*/
public function getAuthItems()
{
$list = [];
if (is_dir($this->controllerPath) == false) {
return $list;
}
$moduleAuthItemName = Rbac::authItemName($this->className());
$moduleDescription = \Yii::t('yz', 'Access to the module "{module}"', ['module' => $this->getName()]);
$moduleAuthItem = [$moduleAuthItemName => [$moduleDescription, Item::TYPE_PERMISSION, []]];
foreach (FileHelper::findFiles($this->controllerPath, ['only' => ['*Controller.php']]) as $file) {
$relativePath = ltrim(substr($file, strlen($this->controllerPath)), '\\/');
$controllerBaseClassName = substr($relativePath, 0, -4);
// Removing .php
$controllerName = substr($controllerBaseClassName, 0, -10);
// Removing Controller
$controllerClassName = ltrim($this->controllerNamespace . '\\' . str_replace('/', '\\', $controllerBaseClassName));
$ref = new \ReflectionClass($controllerClassName);
if ($ref->isSubclassOf(Controller::class) || $ref->implementsInterface(AccessControlInterface::class)) {
$controllerId = implode('/', array_map([Inflector::class, 'camel2id'], explode('/', $controllerName)));
$controllerAuthItemName = Rbac::authItemName($controllerClassName);
$controllerDescription = \Yii::t('yz', 'Access to the section "{module}/{controller}"', ['controller' => $controllerName, 'module' => $this->getName()]);
$controllerAuthItem = [$controllerAuthItemName => [$controllerDescription, Item::TYPE_PERMISSION, []]];
$moduleAuthItem[$moduleAuthItemName][2][] = $controllerAuthItemName;
$controllerInstance = $this->createControllerByID($controllerId);
$actions = array_keys($controllerInstance->actions());
$methods = $ref->getMethods(\ReflectionMethod::IS_PUBLIC);
$actionsAuthItems = [];
foreach (array_merge($actions, $methods) as $method) {
if (is_string($method)) {
$action = ucfirst($method);
} else {
/** @var \ReflectionMethod $method */
if (!preg_match('/^action([A-Z].*)$/', $method->getName(), $m)) {
continue;
}
$action = $m[1];
}
$actionAuthItemName = Rbac::operationName($controllerClassName, $action);
$actionDescription = \Yii::t('yz', 'Access to the action "{module}/{controller}/{action}"', ['action' => $action, 'controller' => $controllerName, 'module' => $this->getName()]);
$actionsAuthItems[$actionAuthItemName] = [$actionDescription, Item::TYPE_PERMISSION, []];
$controllerAuthItem[$controllerAuthItemName][2][] = $actionAuthItemName;
}
$list = array_merge($list, $controllerAuthItem, $actionsAuthItems);
}
}
$list = array_merge($moduleAuthItem, $list);
return $list;
}
protected function accessControlBehavior()
{
return ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'matchCallback' => function ($rule, $action) {
return \Yii::$app->user->can(Rbac::operationName($this, $action->id));
}], ['allow' => false]]];
}
/**
* @return array
*/
protected function getAuthItemsFromApp()
{
$list = [];
if (!is_dir($this->app->controllerPath)) {
return $list;
}
$moduleAuthItemName = $this->className();
foreach (FileHelper::findFiles($this->app->controllerPath, ['only' => ['*Controller.php']]) as $file) {
$relativePath = basename($file);
$controllerBaseClassName = substr($relativePath, 0, -4);
// Removing .php
$controllerName = substr($controllerBaseClassName, 0, -10);
// Removing Controller
$controllerClassName = ltrim($this->app->controllerNamespace . '\\' . $controllerBaseClassName);
$ref = new \ReflectionClass($controllerClassName);
if ($ref->isSubclassOf(Controller::class) || $ref->implementsInterface(AccessControlInterface::class)) {
/** @var string $controllerClassName */
$controllerAuthItemName = $controllerClassName;
$controllerDescription = \Yii::t('admin/t', 'Access to the section "Application/{controller}"', ['controller' => $controllerName]);
$controllerAuthItem = [$controllerAuthItemName => [$controllerDescription, Item::TYPE_PERMISSION, []]];
$moduleAuthItem[$moduleAuthItemName][2][] = $controllerAuthItemName;
$controllerInstance = $this->app->createControllerByID(Inflector::camel2id($controllerName));
$actions = array_keys($controllerInstance->actions());
$methods = $ref->getMethods(\ReflectionMethod::IS_PUBLIC);
$actionsAuthItems = [];
foreach (array_merge($actions, $methods) as $method) {
if (is_string($method)) {
$action = ucfirst($method);
} else {
/** @var \ReflectionMethod $method */
if (!preg_match('/^action([A-Z].*)$/', $method->getName(), $m)) {
continue;
}
$action = $m[1];
}
$actionAuthItemName = Rbac::operationName($controllerClassName, $action);
$actionDescription = \Yii::t('admin/t', 'Access to the action "Application/{controller}/{action}"', ['action' => $action, 'controller' => $controllerName]);
$actionsAuthItems[$actionAuthItemName] = [$actionDescription, Item::TYPE_PERMISSION, []];
$controllerAuthItem[$controllerAuthItemName][2][] = $actionAuthItemName;
}
$list = array_merge($list, $controllerAuthItem, $actionsAuthItems);
}
}
return $list;
}
/**
* @param string|array $route
* @return bool
*/
protected function checkAccess($route)
{
if (is_array($route)) {
$route = reset($route);
}
$operation = Rbac::routeToOperation(RouteNormalizer::normalizeRoute($route));
return \Yii::$app->user->can($operation);
}