1 | <?php |
||
2 | /** |
||
3 | * RBAC implementation for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-rbac |
||
6 | * @package hipanel-rbac |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2016-2019, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\rbac; |
||
12 | |||
13 | /** |
||
14 | * HiPanel AuthManager. |
||
15 | * |
||
16 | * @author Andrii Vasyliev <[email protected]> |
||
17 | */ |
||
18 | class AuthManager extends \yii\rbac\PhpManager |
||
19 | { |
||
20 | public $itemFile = '@hipanel/rbac/files/items.php'; |
||
21 | public $ruleFile = '@hipanel/rbac/files/rules.php'; |
||
22 | public $assignmentFile = '@hipanel/rbac/files/assignments.php'; |
||
23 | |||
24 | use SetterTrait; |
||
25 | |||
26 | /** |
||
27 | * We don't keep all the assignments, only persistent. |
||
28 | * @see persistAssignments |
||
29 | */ |
||
30 | protected function saveAssignments() |
||
31 | { |
||
32 | 26 | } |
|
33 | |||
34 | 26 | /** |
|
35 | * Does real assignments saving. |
||
36 | * The idea is to split persistent assignments from session only. |
||
37 | */ |
||
38 | public function persistAssignments() |
||
39 | { |
||
40 | parent::saveAssignments(); |
||
41 | } |
||
42 | |||
43 | public function checkAccess($userId, $permission, $params = []) |
||
44 | { |
||
45 | 26 | if (empty($this->getAssignments($userId))) { |
|
46 | $this->applyUserAssignments($userId); |
||
47 | 26 | } |
|
48 | 2 | ||
49 | return parent::checkAccess($userId, $permission, $params) |
||
50 | && !parent::checkAccess($userId, "deny:$permission", $params); |
||
51 | 26 | } |
|
52 | 26 | ||
53 | public function applyUserAssignments($userId) |
||
54 | { |
||
55 | 2 | $roles = ''; |
|
56 | |||
57 | 2 | if (isset($this->getApp()->user)) { |
|
58 | $user = $this->getApp()->user->identity; |
||
59 | 2 | if ((!$user || $user->id !== $userId) && $userId) { |
|
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
60 | $user = call_user_func([$this->getApp()->user->identityClass, 'findIdentity'], $userId); |
||
61 | } |
||
62 | if (isset($user->roles)) { |
||
63 | $roles = $user->roles; |
||
64 | } |
||
65 | } |
||
66 | |||
67 | if (empty($userId)) { |
||
68 | $userId = ''; |
||
69 | 2 | $roles = 'role:unauthorized'; |
|
70 | 2 | } |
|
71 | 2 | ||
72 | if ($roles) { |
||
73 | $this->setAssignments($roles, $userId); |
||
74 | 2 | } |
|
75 | 2 | } |
|
76 | |||
77 | 2 | protected function getApp() |
|
78 | { |
||
79 | return class_exists('Yii') ? \Yii::$app : \yii\helpers\Yii::getApp(); |
||
0 ignored issues
–
show
The type
yii\helpers\Yii was not found. Maybe you did not declare it correctly or list all dependencies?
The issue could also be caused by a filter entry in the build configuration.
If the path has been excluded in your configuration, e.g. filter:
dependency_paths: ["lib/*"]
For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths
Loading history...
|
|||
80 | } |
||
81 | } |
||
82 |