ArtBoxAccessBehavior.php
4.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
namespace artweb\artbox\behaviors;
use Yii;
use yii\base\Action;
use yii\base\Event;
use yii\behaviors\AttributeBehavior;
use yii\di\Instance;
use yii\base\Module;
use yii\filters\AccessRule;
use yii\web\Request;
use yii\web\User;
use yii\web\ForbiddenHttpException;
class ArtBoxAccessBehavior extends AttributeBehavior
{
public $rules = [];
/**
* @var AccessRule[] $ruleList
*/
private $ruleList = [];
public function events()
{
return [
Module::EVENT_BEFORE_ACTION => 'interception',
];
}
/**
* Check whether current user have access to current action.
*
* @param Event $event
*
* @return void
* @throws \yii\web\ForbiddenHttpException
*/
public function interception($event)
{
if (!isset( Yii::$app->i18n->translations[ 'db_rbac' ] )) {
Yii::$app->i18n->translations[ 'db_rbac' ] = [
'class' => 'yii\i18n\PhpMessageSource',
'sourceLanguage' => 'ru-Ru',
'basePath' => '@developeruz/db_rbac/messages',
];
}
$route = Yii::$app->getRequest()
->resolve();
//Проверяем права по конфигу
$this->createRule();
$user = Instance::ensure(Yii::$app->user, User::className());
$request = Yii::$app->getRequest();
$action = $event->action;
if (!$this->cheсkByRule($action, $user, $request)) {
//И по AuthManager
if (!$this->checkPermission($route)) {
if ($user->getIsGuest()) {
$user->loginRequired();
} else {
throw new ForbiddenHttpException(Yii::t('db_rbac', 'Недостаточно прав'));
}
}
}
}
/**
* Fill $ruleList with AccessRules
*
* @return void
*/
protected function createRule()
{
foreach ($this->rules as $controller => $rule) {
foreach ($rule as $singleRule) {
if (is_array($singleRule)) {
$option = [
'controllers' => [ $controller ],
'class' => 'yii\filters\AccessRule',
];
$this->ruleList[] = Yii::createObject(array_merge($option, $singleRule));
}
}
}
}
/**
* Check whether the User allowed to perform action
*
* @param Action $action
* @param User $user
* @param Request $request
*
* @return bool
*/
protected function cheсkByRule($action, $user, $request)
{
foreach ($this->ruleList as $rule) {
if ($rule->allows($action, $user, $request)) {
return true;
}
}
return false;
}
/**
* Check whether the User have permission for current operation
*
* @param array $route
*
* @return bool
*/
protected function checkPermission($route)
{
//$route[0] - is the route, $route[1] - is the associated parameters
$routePathTmp = explode('/', $route[ 0 ]);
$routeVariant = array_shift($routePathTmp);
if (Yii::$app->user->can($routeVariant, $route[ 1 ])) {
return true;
}
/**
* @var string $routePart
*/
foreach ($routePathTmp as $routePart) {
$routeVariant .= '/' . $routePart;
if (Yii::$app->user->can($routeVariant, $route[ 1 ])) {
return true;
}
}
return false;
}
}