From ecf033672981009aefbd2b91005d51bc787ed282 Mon Sep 17 00:00:00 2001 From: Yarik Date: Tue, 23 Feb 2016 17:16:25 +0200 Subject: [PATCH] TEst --- backend/controllers/SiteController.php | 15 +++++---------- common/components/rules/CommentRule.php | 36 ++++++++++++++++++++++++++++++++++++ common/components/rules/DeleteRule.php | 36 ++++++++++++++++++++++++++++++++++++ common/components/rules/UpdateRule.php | 36 ++++++++++++++++++++++++++++++++++++ common/components/rules/ViewRule.php | 36 ++++++++++++++++++++++++++++++++++++ common/config/main.php | 7 ++++++- common/models/ActiveRecordRule.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++ common/models/OptionHelper.php | 28 ++++++++++++++++++++++++++++ common/models/Tools.php | 1 + common/models/User.php | 25 +++++++++++++++++++++++++ common/modules/blog/controllers/ArticleController.php | 6 ++++++ common/modules/blog/models/Article.php | 4 +++- db-migration/yarik/all.backup | Bin 3567 -> 0 bytes frontend/models/Options.php | 29 ++++++++++++++--------------- 14 files changed, 278 insertions(+), 27 deletions(-) create mode 100644 common/components/rules/CommentRule.php create mode 100644 common/components/rules/DeleteRule.php create mode 100644 common/components/rules/UpdateRule.php create mode 100644 common/components/rules/ViewRule.php create mode 100644 common/models/ActiveRecordRule.php create mode 100644 common/models/OptionHelper.php diff --git a/backend/controllers/SiteController.php b/backend/controllers/SiteController.php index d3e6e13..5a723bd 100644 --- a/backend/controllers/SiteController.php +++ b/backend/controllers/SiteController.php @@ -29,16 +29,6 @@ class SiteController extends Controller 'rules' => [ [ 'allow' => true, - 'actions' => ['test'], - 'matchCallback' => function($rule, $action) { - return (Yii::$app->user->identity->id == 1); - }, - 'denyCallback' => function($rule, $action) { - var_dump(Yii::$app->user->identity->id); - }, - ], - [ - 'allow' => true, 'roles' => ['@'] ], ], @@ -157,6 +147,11 @@ class SiteController extends Controller public function actionTest() { + echo "
";
+        //var_dump(Yii::$app->getAuthManager()->getRole('CHUVAK'));
+        //var_dump(Yii::$app->getAuthManager()->assign(Yii::$app->getAuthManager()->getRole('CHUVAK'), Yii::$app->user->getId()));
+        var_dump(Yii::$app->getAuthManager()->getRoles());
+        echo "
"; return $this->render('index'); } diff --git a/common/components/rules/CommentRule.php b/common/components/rules/CommentRule.php new file mode 100644 index 0000000..7df4d99 --- /dev/null +++ b/common/components/rules/CommentRule.php @@ -0,0 +1,36 @@ +authManager; + $access = false; + if($params['record']) { + $roles = \Yii::$app->user->identity->getRoles(); + $permissions = []; + $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + foreach($queryRole as $oneRole) + { + $permissions[] = $oneRole['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission']))); + } + foreach($queryUser as $oneUser) + { + $permissions[] = $oneUser['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission']))); + } + $access = in_array($item->name, array_unique($permissions)); + } + return $access; + } + + } \ No newline at end of file diff --git a/common/components/rules/DeleteRule.php b/common/components/rules/DeleteRule.php new file mode 100644 index 0000000..32b8569 --- /dev/null +++ b/common/components/rules/DeleteRule.php @@ -0,0 +1,36 @@ +authManager; + $access = false; + if($params['record']) { + $roles = \Yii::$app->user->identity->getRoles(); + $permissions = []; + $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + foreach($queryRole as $oneRole) + { + $permissions[] = $oneRole['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission']))); + } + foreach($queryUser as $oneUser) + { + $permissions[] = $oneUser['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission']))); + } + $access = in_array($item->name, array_unique($permissions)); + } + return $access; + } + + } \ No newline at end of file diff --git a/common/components/rules/UpdateRule.php b/common/components/rules/UpdateRule.php new file mode 100644 index 0000000..7078f1f --- /dev/null +++ b/common/components/rules/UpdateRule.php @@ -0,0 +1,36 @@ +authManager; + $access = false; + if($params['record']) { + $roles = \Yii::$app->user->identity->getRoles(); + $permissions = []; + $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + foreach($queryRole as $oneRole) + { + $permissions[] = $oneRole['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission']))); + } + foreach($queryUser as $oneUser) + { + $permissions[] = $oneUser['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission']))); + } + $access = in_array($item->name, array_unique($permissions)); + } + return $access; + } + + } \ No newline at end of file diff --git a/common/components/rules/ViewRule.php b/common/components/rules/ViewRule.php new file mode 100644 index 0000000..0dd3bc0 --- /dev/null +++ b/common/components/rules/ViewRule.php @@ -0,0 +1,36 @@ +authManager; + $access = false; + if($params['record']) { + $roles = \Yii::$app->user->identity->getRoles(); + $permissions = []; + $queryRole = (new Query())->from('auth_table_access_group')->where(['in', 'role', $roles])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + $queryUser = (new Query())->from('auth_table_access_user')->where(['user_id' => $user])->andWhere(['record_id' => $params['record']->primaryKey])->all(); + foreach($queryRole as $oneRole) + { + $permissions[] = $oneRole['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneRole['permission']))); + } + foreach($queryUser as $oneUser) + { + $permissions[] = $oneUser['permission']; + $permissions = array_merge($permissions, array_keys($auth->getPermissionsByRole($oneUser['permission']))); + } + $access = in_array($item->name, array_unique($permissions)); + } + return $access; + } + + } \ No newline at end of file diff --git a/common/config/main.php b/common/config/main.php index 01d0899..fa05698 100644 --- a/common/config/main.php +++ b/common/config/main.php @@ -12,6 +12,9 @@ return [ 'class' => 'common\modules\blog\Module', ], ], + 'bootstrap' => [ + 'options', + ], 'components' => [ 'cache' => [ 'class' => 'yii\caching\FileCache', @@ -169,7 +172,9 @@ return [ /*========End======= *end api sicial * */ - + 'options' => [ + 'class' => 'common\models\OptionHelper', + ] ], 'language' => 'ru-RU' ]; diff --git a/common/models/ActiveRecordRule.php b/common/models/ActiveRecordRule.php new file mode 100644 index 0000000..2314962 --- /dev/null +++ b/common/models/ActiveRecordRule.php @@ -0,0 +1,46 @@ +authManager && \Yii::$app->options->rule) + { + $authManager = \Yii::$app->authManager; + $roles = \Yii::$app->user->identity->roles; + $query->leftJoin ('auth_table_access_group', $table.'.'.$pk.' = auth_table_access_group.record_id') + ->leftJoin ('auth_table_access_user', $table.'.'.$pk.' = auth_table_access_user.record_id') + ->orWhere (['auth_table_access_group.model_name' => self::className (), 'auth_table_access_group.role' => $roles]) + ->orWhere (['auth_table_access_user.user_id' => \Yii::$app->user->getId(), 'auth_table_access_user.model_name' => self::className ()]); + } + return $query; + } + + public function delete () + { + $id = $this->primaryKey; + $result = parent::delete(); + if(is_int($id)) { + \Yii::$app->db->createCommand()->delete('auth_table_access_group', ['model_name' => self::className(), 'record_id' => $id])->execute(); + \Yii::$app->db->createCommand()->delete('auth_table_access_user', ['model_name' => self::className(), 'record_id' => $id])->execute(); + } + return $result; + } + + public function update ($runValidation = true, $attributeNames = null) + { + if(\Yii::$app->user->can('updateRecord', ['record' => $this])) { + return parent::update ($runValidation, $attributeNames); + } else { + throw new ForbiddenHttpException(\Yii::t('app', 'Permission denied')); + } + } + } \ No newline at end of file diff --git a/common/models/OptionHelper.php b/common/models/OptionHelper.php new file mode 100644 index 0000000..4623524 --- /dev/null +++ b/common/models/OptionHelper.php @@ -0,0 +1,28 @@ +where(['name' => 'rules'])->with('value'); + if($return == self::OPTION_OBJECT) { + return $result->one(); + } elseif($return == self::OPTION_ARRAY) { + return $result->asArray()->one(); + } elseif($return == self::OPTION_VALUE) { + return $result->one()->value->value; + } else { + throw new InvalidParamException(Yii::t('app', 'Must be 1-3')); + } + } +} diff --git a/common/models/Tools.php b/common/models/Tools.php index 77cc03e..0d6baa6 100644 --- a/common/models/Tools.php +++ b/common/models/Tools.php @@ -2,6 +2,7 @@ namespace common\models; + class Tools { /** diff --git a/common/models/User.php b/common/models/User.php index 26c9517..e555475 100644 --- a/common/models/User.php +++ b/common/models/User.php @@ -228,4 +228,29 @@ class User extends ActiveRecord implements IdentityInterface, UserRbacInterface { return $this->username; } + + public function getRoles() + { + $auth = \Yii::$app->authManager; + $roles = $this->getRoleChildrenRecursive($auth->getRolesByUser($this->id), $auth); + return $roles; + } + + protected function getRoleChildrenRecursive($roles, $auth, $result = []) + { + if(is_array($roles) && !empty($roles)) + { + foreach($roles as $role => $item) + { + if(!($item instanceof \yii\rbac\Role)) { + continue; + } + $result[] = $role; + $result = self::getRoleChildrenRecursive($auth->getChildren($role), $auth, $result); + } + return $result; + } else { + return $result; + } + } } diff --git a/common/modules/blog/controllers/ArticleController.php b/common/modules/blog/controllers/ArticleController.php index 9550612..dcc13b8 100644 --- a/common/modules/blog/controllers/ArticleController.php +++ b/common/modules/blog/controllers/ArticleController.php @@ -1,12 +1,17 @@ options->rule); $dataProvider = new ActiveDataProvider([ 'query' => Article::find(), 'pagination' => [ diff --git a/common/modules/blog/models/Article.php b/common/modules/blog/models/Article.php index ea992ff..85584b1 100644 --- a/common/modules/blog/models/Article.php +++ b/common/modules/blog/models/Article.php @@ -2,6 +2,7 @@ namespace common\modules\blog\models; +use common\models\ActiveRecordRule; use common\models\Media; use common\models\User; use common\modules\blog\behaviors\Autocomplete; @@ -31,7 +32,7 @@ use yii\db\Query; * @property ArticleToCategory[] $articleToCategories * @property Media[] $media */ -class Article extends \yii\db\ActiveRecord +class Article extends ActiveRecordRule { /** * @inheritdoc @@ -158,4 +159,5 @@ class Article extends \yii\db\ActiveRecord { return $this->getArticleToCategories()->select('article_category_id')->column(); } + } diff --git a/db-migration/yarik/all.backup b/db-migration/yarik/all.backup index f581fe1..4ed3234 100644 Binary files a/db-migration/yarik/all.backup and b/db-migration/yarik/all.backup differ diff --git a/frontend/models/Options.php b/frontend/models/Options.php index 5cff9d4..8efac0c 100644 --- a/frontend/models/Options.php +++ b/frontend/models/Options.php @@ -5,7 +5,7 @@ namespace frontend\models; use Yii; /** - * This is the model class for table "options". + * This is the model class for table "option". * * @property integer $option_id * @property string $option_key @@ -22,43 +22,42 @@ class Options extends \yii\db\ActiveRecord /** * @inheritdoc */ - public static function tableName() + public static function tableName () { - return 'options'; + return 'option'; } /** * @inheritdoc */ - public function rules() + public function rules () { return [ - [['option_key'], 'required'], - [['option_parent', 'option_translatable'], 'integer'], - [['option_key', 'option_format'], 'string', 'max' => 200] + [['option_key'], 'required'], [['option_parent', 'option_translatable'], 'integer'], [['option_key', 'option_format'], 'string', 'max' => 200] ]; } /** * @inheritdoc */ - public function attributeLabels() + public function attributeLabels () { return [ - 'option_id' => Yii::t('app', 'Option ID'), - 'option_key' => Yii::t('app', 'Option Key'), - 'option_parent' => Yii::t('app', 'Option Parent'), - 'option_translatable' => Yii::t('app', 'Option Translatable'), - 'option_format' => Yii::t('app', 'Option Format'), + 'option_id' => Yii::t ('app', 'Option ID'), 'option_key' => Yii::t ('app', 'Option Key'), 'option_parent' => Yii::t ('app', 'Option Parent'), 'option_translatable' => Yii::t ('app', 'Option Translatable'), 'option_format' => Yii::t ('app', 'Option Format'), ]; } /** * @return \yii\db\ActiveQuery */ - public function getOptionValues() + public function getOptionLang () { - return $this->hasMany(OptionValues::className(), ['option_id' => 'option_id']); + return $this->hasMany (OptionLang::className (), ['option_id' => 'option_id']); + } + + public function getValue () + { + return $this->hasOne(OptionLang::className(), ['option_id' => 'option_id'])->where(['option_lang.language_id' => '0']); } /** -- libgit2 0.21.4