TEst

Yarik
1 parent 393a55ab
Showing 14 changed files with 278 additions and 27 deletions Show diff stats
backend/controllers/SiteController.php
common/components/rules/CommentRule.php
common/components/rules/DeleteRule.php
common/components/rules/UpdateRule.php
common/components/rules/ViewRule.php
common/config/main.php
common/models/ActiveRecordRule.php
common/models/OptionHelper.php
common/models/Tools.php
common/models/User.php
common/modules/blog/controllers/ArticleController.php
common/modules/blog/models/Article.php
db-migration/yarik/all.backup
frontend/models/Options.php
@@ -29,16 +29,6 @@ class SiteController extends Controller
                 'rules' => [
                     [
                         'allow' => true,
-                        'actions' => ['test'],
-                        'matchCallback' => function($rule, $action) {
-                            return (Yii::$app->user->identity->id == 1);
-                        },
-                        'denyCallback' => function($rule, $action) {
-                            var_dump(Yii::$app->user->identity->id);
-                        },
-                    ],
-                    [
-                        'allow' => true,
                         'roles' => ['@']
                     ],
                 ],
@@ -157,6 +147,11 @@ class SiteController extends Controller
  
     public function actionTest()
     {
+        echo "<pre>";
+        //var_dump(Yii::$app->getAuthManager()->getRole('CHUVAK'));
+        //var_dump(Yii::$app->getAuthManager()->assign(Yii::$app->getAuthManager()->getRole('CHUVAK'), Yii::$app->user->getId()));
+        var_dump(Yii::$app->getAuthManager()->getRoles());
+        echo "</pre>";
         return $this->render('index');
     }
  
+<?php
+
+    namespace common\components\rules;
+
+    use yii\db\Query;
+    use yii\rbac\Rule;
+
+    class CommentRule extends Rule
+    {
+        public $name = 'canComment';
+
+        public function execute ($user, $item, $params)
+        {
+            $auth = \Yii::$app->authManager;
+            $access = false;
+            if($params['record']) {
+                $roles = \Yii::$app->user->identity->getRoles();
+                $permissions = [];
+                $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                foreach($queryRole as $oneRole)
+                {
+                    $permissions[] = $oneRole['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission'])));
+                }
+                foreach($queryUser as $oneUser)
+                {
+                    $permissions[] = $oneUser['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission'])));
+                }
+                $access = in_array($item->name, array_unique($permissions));
+            }
+            return $access;
+        }
+
+    }
 \ No newline at end of file
+<?php
+
+    namespace common\components\rules;
+
+    use yii\db\Query;
+    use yii\rbac\Rule;
+
+    class DeleteRule extends Rule
+    {
+        public $name = 'canDelete';
+
+        public function execute ($user, $item, $params)
+        {
+            $auth = \Yii::$app->authManager;
+            $access = false;
+            if($params['record']) {
+                $roles = \Yii::$app->user->identity->getRoles();
+                $permissions = [];
+                $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                foreach($queryRole as $oneRole)
+                {
+                    $permissions[] = $oneRole['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission'])));
+                }
+                foreach($queryUser as $oneUser)
+                {
+                    $permissions[] = $oneUser['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission'])));
+                }
+                $access = in_array($item->name, array_unique($permissions));
+            }
+            return $access;
+        }
+
+    }
 \ No newline at end of file
+<?php
+
+    namespace common\components\rules;
+
+    use yii\db\Query;
+    use yii\rbac\Rule;
+
+    class UpdateRule extends Rule
+    {
+        public $name = 'canUpdate';
+
+        public function execute ($user, $item, $params)
+        {
+            $auth = \Yii::$app->authManager;
+            $access = false;
+            if($params['record']) {
+                $roles = \Yii::$app->user->identity->getRoles();
+                $permissions = [];
+                $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                foreach($queryRole as $oneRole)
+                {
+                    $permissions[] = $oneRole['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission'])));
+                }
+                foreach($queryUser as $oneUser)
+                {
+                    $permissions[] = $oneUser['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission'])));
+                }
+                $access = in_array($item->name, array_unique($permissions));
+            }
+            return $access;
+        }
+
+    }
 \ No newline at end of file
+<?php
+
+    namespace common\components\rules;
+
+    use yii\db\Query;
+    use yii\rbac\Rule;
+
+    class ViewRule extends Rule
+    {
+        public $name = 'canView';
+
+        public function execute ($user, $item, $params)
+        {
+            $auth = \Yii::$app->authManager;
+            $access = false;
+            if($params['record']) {
+                $roles = \Yii::$app->user->identity->getRoles();
+                $permissions = [];
+                $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all();
+                foreach($queryRole as $oneRole)
+                {
+                    $permissions[] = $oneRole['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission'])));
+                }
+                foreach($queryUser as $oneUser)
+                {
+                    $permissions[] = $oneUser['permission'];
+                    $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission'])));
+                }
+                $access = in_array($item->name, array_unique($permissions));
+            }
+            return $access;
+        }
+
+    }
 \ No newline at end of file
@@ -12,6 +12,9 @@ return [
             'class' => 'common\modules\blog\Module',
         ],
     ],
+    'bootstrap' => [
+        'options',
+    ],
     'components' => [
         'cache' => [
             'class' => 'yii\caching\FileCache',
@@ -169,7 +172,9 @@ return [
         /*========End=======
          *end api sicial
          *  */
-        
+        'options' => [
+            'class' => 'common\models\OptionHelper',
+        ]
     ],
     'language' => 'ru-RU'
 ];
+<?php
+
+    namespace common\models;
+
+    use yii\db\ActiveRecord;
+    use yii\web\ForbiddenHttpException;
+
+    class ActiveRecordRule extends ActiveRecord
+    {
+        public static function find ()
+        {
+            $table = self::tableName();
+            $pk = self::primaryKey()[0];
+            $query = parent::find ();
+            if (\Yii::$app->authManager && \Yii::$app->options->rule)
+            {
+                $authManager = \Yii::$app->authManager;
+                $roles = \Yii::$app->user->identity->roles;
+                $query->leftJoin ('auth_table_access_group', $table.'.'.$pk.' = auth_table_access_group.record_id')
+                      ->leftJoin ('auth_table_access_user', $table.'.'.$pk.' = auth_table_access_user.record_id')
+                      ->orWhere (['auth_table_access_group.model_name' => self::className (), 'auth_table_access_group.role' => $roles])
+                      ->orWhere (['auth_table_access_user.user_id' => \Yii::$app->user->getId(), 'auth_table_access_user.model_name' => self::className ()]);
+            }
+            return $query;
+        }
+
+        public function delete ()
+        {
+            $id = $this->primaryKey;
+            $result = parent::delete();
+            if(is_int($id)) {
+                \Yii::$app->db->createCommand()->delete('auth_table_access_group', ['model_name' => self::className(), 'record_id' => $id])->execute();
+                \Yii::$app->db->createCommand()->delete('auth_table_access_user', ['model_name' => self::className(), 'record_id' => $id])->execute();
+            }
+            return $result;
+        }
+
+        public function update ($runValidation = true, $attributeNames = null)
+        {
+            if(\Yii::$app->user->can('updateRecord', ['record' => $this])) {
+                return parent::update ($runValidation, $attributeNames);
+            } else {
+                throw new ForbiddenHttpException(\Yii::t('app', 'Permission denied'));
+            }
+        }
+    }
 \ No newline at end of file
+<?php
+
+namespace common\models;
+
+use frontend\models\Options;
+use Yii;
+use yii\base\InvalidParamException;
+use yii\base\Model;
+
+class OptionHelper extends Model
+{
+    const OPTION_OBJECT = 1;
+    const OPTION_ARRAY = 2;
+    const OPTION_VALUE = 3;
+    public function getRule($return = 3)
+    {
+        $result = Options::find()->where(['name' => 'rules'])->with('value');
+        if($return == self::OPTION_OBJECT) {
+            return $result->one();
+        } elseif($return == self::OPTION_ARRAY) {
+            return $result->asArray()->one();
+        } elseif($return == self::OPTION_VALUE) {
+            return $result->one()->value->value;
+        } else {
+            throw new InvalidParamException(Yii::t('app', 'Must be 1-3'));
+        }
+    }
+}
@@ -2,6 +2,7 @@
  
 namespace common\models;
  
+
 class Tools
 {
     /** 
@@ -228,4 +228,29 @@ class User extends ActiveRecord implements IdentityInterface, UserRbacInterface
     {
        return $this->username;
     }
+
+    public function getRoles()
+    {
+        $auth = \Yii::$app->authManager;
+        $roles = $this->getRoleChildrenRecursive($auth->getRolesByUser($this->id), $auth);
+        return $roles;
+    }
+
+    protected function getRoleChildrenRecursive($roles, $auth, $result = [])
+    {
+        if(is_array($roles) && !empty($roles))
+        {
+            foreach($roles as $role => $item)
+            {
+                if(!($item instanceof \yii\rbac\Role)) {
+                    continue;
+                }
+                $result[] = $role;
+                $result = self::getRoleChildrenRecursive($auth->getChildren($role), $auth, $result);
+            }
+            return $result;
+        } else {
+            return $result;
+        }
+    }
 }
 <?php
 namespace common\modules\blog\controllers;
  
+use common\components\rules\CommentRule;
+use common\components\rules\DeleteRule;
+use common\components\rules\UpdateRule;
+use common\components\rules\ViewRule;
 use common\models\Language;
 use common\modules\blog\models\Article;
 use common\modules\blog\models\ArticleLang;
 use common\modules\blog\models\ArticleMedia;
 use common\modules\blog\models\ArticleToCategory;
 use yii\data\ActiveDataProvider;
+use yii\rbac\DbManager;
 use yii\web\Controller;
 use yii\web\UploadedFile;
  
@@ -15,6 +20,7 @@ class ArticleController extends Controller
  
 	public function actionIndex()
     {
+        var_dump(\Yii::$app->options->rule);
         $dataProvider = new ActiveDataProvider([
             'query' => Article::find(),
             'pagination' => [
@@ -2,6 +2,7 @@
  
 namespace common\modules\blog\models;
  
+use common\models\ActiveRecordRule;
 use common\models\Media;
 use common\models\User;
 use common\modules\blog\behaviors\Autocomplete;
@@ -31,7 +32,7 @@ use yii\db\Query;
  * @property ArticleToCategory[] $articleToCategories
  * @property Media[] $media
  */
-class Article extends \yii\db\ActiveRecord
+class Article extends ActiveRecordRule
 {
     /**
      * @inheritdoc
@@ -158,4 +159,5 @@ class Article extends \yii\db\ActiveRecord
     {
         return $this->getArticleToCategories()->select('article_category_id')->column();
     }
+
 }
@@ -5,7 +5,7 @@ namespace frontend\models;
 use Yii;
  
 /**
- * This is the model class for table "options".
+ * This is the model class for table "option".
  *
  * @property integer $option_id
  * @property string $option_key
@@ -22,43 +22,42 @@ class Options extends \yii\db\ActiveRecord
     /**
      * @inheritdoc
      */
-    public static function tableName()
+    public static function tableName ()
     {
-        return 'options';
+        return 'option';
     }
  
     /**
      * @inheritdoc
      */
-    public function rules()
+    public function rules ()
     {
         return [
-            [['option_key'], 'required'],
-            [['option_parent', 'option_translatable'], 'integer'],
-            [['option_key', 'option_format'], 'string', 'max' => 200]
+            [['option_key'], 'required'], [['option_parent', 'option_translatable'], 'integer'], [['option_key', 'option_format'], 'string', 'max' => 200]
         ];
     }
  
     /**
      * @inheritdoc
      */
-    public function attributeLabels()
+    public function attributeLabels ()
     {
         return [
-            'option_id' => Yii::t('app', 'Option ID'),
-            'option_key' => Yii::t('app', 'Option Key'),
-            'option_parent' => Yii::t('app', 'Option Parent'),
-            'option_translatable' => Yii::t('app', 'Option Translatable'),
-            'option_format' => Yii::t('app', 'Option Format'),
+            'option_id' => Yii::t ('app', 'Option ID'), 'option_key' => Yii::t ('app', 'Option Key'), 'option_parent' => Yii::t ('app', 'Option Parent'), 'option_translatable' => Yii::t ('app', 'Option Translatable'), 'option_format' => Yii::t ('app', 'Option Format'),
         ];
     }
  
     /**
      * @return \yii\db\ActiveQuery
      */
-    public function getOptionValues()
+    public function getOptionLang ()
     {
-        return $this->hasMany(OptionValues::className(), ['option_id' => 'option_id']);
+        return $this->hasMany (OptionLang::className (), ['option_id' => 'option_id']);
+    }
+
+    public function getValue ()
+    {
+        return $this->hasOne(OptionLang::className(), ['option_id' => 'option_id'])->where(['option_lang.language_id' => '0']);
     }
  
     /**