From a31e0bb7ff9caa6b1ae74696a9af7fed9a89cde3 Mon Sep 17 00:00:00 2001 From: Csirmaz Date: Tue, 10 Dec 2019 13:09:04 +0100 Subject: [PATCH 1/4] Removed strongly typed parameters from CRUD actions. --- controllers/AssignmentController.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/controllers/AssignmentController.php b/controllers/AssignmentController.php index d22b47a..cbbf706 100755 --- a/controllers/AssignmentController.php +++ b/controllers/AssignmentController.php @@ -113,11 +113,11 @@ public function actionIndex() /** * Displays a single Assignment model. * - * @param int $id + * @param $id * * @return mixed */ - public function actionView(int $id) + public function actionView($id) { $model = $this->findModel($id); @@ -130,11 +130,11 @@ public function actionView(int $id) /** * Assign items * - * @param int $id + * @param $id * * @return array */ - public function actionAssign(int $id) + public function actionAssign($id) { $items = Yii::$app->getRequest()->post('items', []); $assignmentModel = $this->findModel($id); @@ -146,11 +146,11 @@ public function actionAssign(int $id) /** * Remove items * - * @param int $id + * @param $id * * @return array */ - public function actionRemove(int $id) + public function actionRemove($id) { $items = Yii::$app->getRequest()->post('items', []); $assignmentModel = $this->findModel($id); @@ -163,13 +163,13 @@ public function actionRemove(int $id) * Finds the Assignment model based on its primary key value. * If the model is not found, a 404 HTTP exception will be thrown. * - * @param int $id + * @param $id * * @return AssignmentModel the loaded model * * @throws NotFoundHttpException if the model cannot be found */ - protected function findModel(int $id) + protected function findModel($id) { $class = $this->userIdentityClass; From ec4f35efe50d4ee3fd582e34480750821a1bdee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s?= <58684196+gammaire@users.noreply.github.com> Date: Fri, 13 Dec 2019 16:16:35 +0100 Subject: [PATCH 2/4] Update composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 919b32b..3dafcad 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "yii2mod/yii2-rbac", + "name": "gammaire/yii2-rbac", "description": "RBAC management module for Yii2", "keywords": [ "yii2", From e5f583c298e0cf896eaa97d442c04ded8785a354 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s?= <58684196+gammaire@users.noreply.github.com> Date: Fri, 13 Dec 2019 16:28:13 +0100 Subject: [PATCH 3/4] Reverted previous change. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 3dafcad..919b32b 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "gammaire/yii2-rbac", + "name": "yii2mod/yii2-rbac", "description": "RBAC management module for Yii2", "keywords": [ "yii2", From 3907ddbcf6dc47edd2061a6566af5c7c35986fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Csirmaz=20Andr=C3=A1s?= Date: Fri, 24 Jan 2020 15:23:26 +0100 Subject: [PATCH 4/4] Added admin filter to Assignment/Route/Rule/Item controllers. --- base/ItemController.php | 443 ++++++++++++++------------- controllers/AssignmentController.php | 339 ++++++++++---------- controllers/RouteController.php | 169 +++++----- controllers/RuleController.php | 291 +++++++++--------- 4 files changed, 647 insertions(+), 595 deletions(-) diff --git a/base/ItemController.php b/base/ItemController.php index a48e537..84acb96 100644 --- a/base/ItemController.php +++ b/base/ItemController.php @@ -18,219 +18,232 @@ */ class ItemController extends Controller { - /** - * @var string search class name for auth items search - */ - public $searchClass = [ - 'class' => AuthItemSearch::class, - ]; - - /** - * @var int Type of Auth Item - */ - protected $type; - - /** - * @var array labels use in view - */ - protected $labels; - - /** - * @inheritdoc - */ - public function behaviors(): array - { - return [ - 'verbs' => [ - 'class' => VerbFilter::class, - 'actions' => [ - 'index' => ['get'], - 'view' => ['get'], - 'create' => ['get', 'post'], - 'update' => ['get', 'post'], - 'delete' => ['post'], - 'assign' => ['post'], - 'remove' => ['post'], - ], - ], - 'contentNegotiator' => [ - 'class' => 'yii\filters\ContentNegotiator', - 'only' => ['assign', 'remove'], - 'formats' => [ - 'application/json' => Response::FORMAT_JSON, - ], - ], - ]; - } - - /** - * Lists of all auth items - * - * @return mixed - */ - public function actionIndex() - { - $searchModel = Yii::createObject($this->searchClass); - $searchModel->type = $this->type; - $dataProvider = $searchModel->search(Yii::$app->request->queryParams); - - return $this->render('index', [ - 'dataProvider' => $dataProvider, - 'searchModel' => $searchModel, - ]); - } - - /** - * Displays a single AuthItem model. - * - * @param string $id - * - * @return mixed - */ - public function actionView(string $id) - { - $model = $this->findModel($id); - - return $this->render('view', ['model' => $model]); - } - - /** - * Creates a new AuthItem model. - * - * If creation is successful, the browser will be redirected to the 'view' page. - * - * @return mixed - */ - public function actionCreate() - { - $model = new AuthItemModel(); - $model->type = $this->type; - - if ($model->load(Yii::$app->request->post()) && $model->save()) { - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been saved.')); - - return $this->redirect(['view', 'id' => $model->name]); - } - - return $this->render('create', ['model' => $model]); - } - - /** - * Updates an existing AuthItem model. - * - * If update is successful, the browser will be redirected to the 'view' page. - * - * @param string $id - * - * @return mixed - */ - public function actionUpdate(string $id) - { - $model = $this->findModel($id); - - if ($model->load(Yii::$app->request->post()) && $model->save()) { - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been saved.')); - - return $this->redirect(['view', 'id' => $model->name]); - } - - return $this->render('update', ['model' => $model]); - } - - /** - * Deletes an existing AuthItem model. - * - * If deletion is successful, the browser will be redirected to the 'index' page. - * - * @param string $id - * - * @return mixed - */ - public function actionDelete(string $id) - { - $model = $this->findModel($id); - Yii::$app->getAuthManager()->remove($model->item); - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been removed.')); - - return $this->redirect(['index']); - } - - /** - * Assign items - * - * @param string $id - * - * @return array - */ - public function actionAssign(string $id) - { - $items = Yii::$app->getRequest()->post('items', []); - $model = $this->findModel($id); - $model->addChildren($items); - - return array_merge($model->getItems()); - } - - /** - * Remove items - * - * @param string $id - * - * @return array - */ - public function actionRemove(string $id): array - { - $items = Yii::$app->getRequest()->post('items', []); - $model = $this->findModel($id); - $model->removeChildren($items); - - return array_merge($model->getItems()); - } - - /** - * @inheritdoc - */ - public function getViewPath(): string - { - return $this->module->getViewPath() . DIRECTORY_SEPARATOR . 'item'; - } - - /** - * @return int - */ - public function getType(): int - { - return $this->type; - } - - /** - * @return array - */ - public function getLabels(): array - { - return $this->labels; - } - - /** - * Finds the AuthItem model based on its primary key value. - * - * If the model is not found, a 404 HTTP exception will be thrown. - * - * @param string $id - * - * @return AuthItemModel the loaded model - * - * @throws NotFoundHttpException if the model cannot be found - */ - protected function findModel(string $id): AuthItemModel - { - $auth = Yii::$app->getAuthManager(); - $item = $this->type === Item::TYPE_ROLE ? $auth->getRole($id) : $auth->getPermission($id); - - if (empty($item)) { - throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); - } - - return new AuthItemModel($item); - } + /** + * @var string search class name for auth items search + */ + public $searchClass = [ + 'class' => AuthItemSearch::class, + ]; + + /** + * @var int Type of Auth Item + */ + protected $type; + + /** + * @var array labels use in view + */ + protected $labels; + + /** + * @inheritdoc + */ + public function behaviors(): array + { + return [ + 'verbs' => [ + 'class' => VerbFilter::class, + 'actions' => [ + 'index' => ['get'], + 'view' => ['get'], + 'create' => ['get', 'post'], + 'update' => ['get', 'post'], + 'delete' => ['post'], + 'assign' => ['post'], + 'remove' => ['post'], + ], + ], + 'contentNegotiator' => [ + 'class' => 'yii\filters\ContentNegotiator', + 'only' => ['assign', 'remove'], + 'formats' => [ + 'application/json' => Response::FORMAT_JSON, + ], + ], + ]; + } + + /** + * Lists of all auth items + * + * @return mixed + */ + public function actionIndex() + { + $searchModel = Yii::createObject($this->searchClass); + $searchModel->type = $this->type; + $dataProvider = $searchModel->search(Yii::$app->request->queryParams); + + return $this->render('index', [ + 'dataProvider' => $dataProvider, + 'searchModel' => $searchModel, + ]); + } + + /** + * Displays a single AuthItem model. + * + * @param string $id + * + * @return mixed + */ + public function actionView(string $id) + { + $model = $this->findModel($id); + + return $this->render('view', ['model' => $model]); + } + + /** + * Creates a new AuthItem model. + * + * If creation is successful, the browser will be redirected to the 'view' page. + * + * @return mixed + */ + public function actionCreate() + { + $model = new AuthItemModel(); + $model->type = $this->type; + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been saved.')); + + return $this->redirect(['view', 'id' => $model->name]); + } + + return $this->render('create', ['model' => $model]); + } + + /** + * Updates an existing AuthItem model. + * + * If update is successful, the browser will be redirected to the 'view' page. + * + * @param string $id + * + * @return mixed + */ + public function actionUpdate(string $id) + { + $model = $this->findModel($id); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been saved.')); + + return $this->redirect(['view', 'id' => $model->name]); + } + + return $this->render('update', ['model' => $model]); + } + + /** + * Deletes an existing AuthItem model. + * + * If deletion is successful, the browser will be redirected to the 'index' page. + * + * @param string $id + * + * @return mixed + */ + public function actionDelete(string $id) + { + $model = $this->findModel($id); + Yii::$app->getAuthManager()->remove($model->item); + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Item has been removed.')); + + return $this->redirect(['index']); + } + + /** + * Assign items + * + * @param string $id + * + * @return array + */ + public function actionAssign(string $id) + { + $items = Yii::$app->getRequest()->post('items', []); + $model = $this->findModel($id); + $model->addChildren($items); + + return array_merge($model->getItems()); + } + + /** + * Remove items + * + * @param string $id + * + * @return array + */ + public function actionRemove(string $id): array + { + $items = Yii::$app->getRequest()->post('items', []); + $model = $this->findModel($id); + $model->removeChildren($items); + + return array_merge($model->getItems()); + } + + /** + * @inheritdoc + */ + public function getViewPath(): string + { + return $this->module->getViewPath() . DIRECTORY_SEPARATOR . 'item'; + } + + /** + * @return int + */ + public function getType(): int + { + return $this->type; + } + + /** + * @return array + */ + public function getLabels(): array + { + return $this->labels; + } + + /** + * Finds the AuthItem model based on its primary key value. + * + * If the model is not found, a 404 HTTP exception will be thrown. + * + * @param string $id + * + * @return AuthItemModel the loaded model + * + * @throws NotFoundHttpException if the model cannot be found + */ + protected function findModel(string $id): AuthItemModel + { + $auth = Yii::$app->getAuthManager(); + $item = $this->type === Item::TYPE_ROLE ? $auth->getRole($id) : $auth->getPermission($id); + + if (empty($item)) { + throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); + } + + return new AuthItemModel($item); + } + + public function beforeAction($action) + { + if (!parent::beforeAction($action)) { + return false; + } + + if (!\app\controllers\UsersController::test('admin')) { + throw new \yii\web\ForbiddenHttpException('You are not allowed to access this page.'); + } + + return true; + } } diff --git a/controllers/AssignmentController.php b/controllers/AssignmentController.php index cbbf706..23e9337 100755 --- a/controllers/AssignmentController.php +++ b/controllers/AssignmentController.php @@ -16,167 +16,180 @@ */ class AssignmentController extends Controller { - /** - * @var \yii\web\IdentityInterface the class name of the [[identity]] object - */ - public $userIdentityClass; - - /** - * @var string search class name for assignments search - */ - public $searchClass = [ - 'class' => AssignmentSearch::class, - ]; - - /** - * @var string id column name - */ - public $idField = 'id'; - - /** - * @var string username column name - */ - public $usernameField = 'username'; - - /** - * @var array assignments GridView columns - */ - public $gridViewColumns = []; - - /** - * @inheritdoc - */ - public function init() - { - parent::init(); - - if ($this->userIdentityClass === null) { - $this->userIdentityClass = Yii::$app->user->identityClass; - } - - if (empty($this->gridViewColumns)) { - $this->gridViewColumns = [ - $this->idField, - $this->usernameField, - ]; - } - } - - /** - * @inheritdoc - */ - public function behaviors(): array - { - return [ - 'verbs' => [ - 'class' => 'yii\filters\VerbFilter', - 'actions' => [ - 'index' => ['get'], - 'view' => ['get'], - 'assign' => ['post'], - 'remove' => ['post'], - ], - ], - 'contentNegotiator' => [ - 'class' => 'yii\filters\ContentNegotiator', - 'only' => ['assign', 'remove'], - 'formats' => [ - 'application/json' => Response::FORMAT_JSON, - ], - ], - ]; - } - - /** - * List of all assignments - * - * @return string - */ - public function actionIndex() - { - /* @var AssignmentSearch */ - $searchModel = Yii::createObject($this->searchClass); - - if ($searchModel instanceof AssignmentSearch) { - $dataProvider = $searchModel->search(Yii::$app->request->queryParams, $this->userIdentityClass, $this->idField, $this->usernameField); - } else { - $dataProvider = $searchModel->search(Yii::$app->request->queryParams); - } - - return $this->render('index', [ - 'dataProvider' => $dataProvider, - 'searchModel' => $searchModel, - 'gridViewColumns' => $this->gridViewColumns, - ]); - } - - /** - * Displays a single Assignment model. - * - * @param $id - * - * @return mixed - */ - public function actionView($id) - { - $model = $this->findModel($id); - - return $this->render('view', [ - 'model' => $model, - 'usernameField' => $this->usernameField, - ]); - } - - /** - * Assign items - * - * @param $id - * - * @return array - */ - public function actionAssign($id) - { - $items = Yii::$app->getRequest()->post('items', []); - $assignmentModel = $this->findModel($id); - $assignmentModel->assign($items); - - return $assignmentModel->getItems(); - } - - /** - * Remove items - * - * @param $id - * - * @return array - */ - public function actionRemove($id) - { - $items = Yii::$app->getRequest()->post('items', []); - $assignmentModel = $this->findModel($id); - $assignmentModel->revoke($items); - - return $assignmentModel->getItems(); - } - - /** - * Finds the Assignment model based on its primary key value. - * If the model is not found, a 404 HTTP exception will be thrown. - * - * @param $id - * - * @return AssignmentModel the loaded model - * - * @throws NotFoundHttpException if the model cannot be found - */ - protected function findModel($id) - { - $class = $this->userIdentityClass; - - if (($user = $class::findIdentity($id)) !== null) { - return new AssignmentModel($user); - } - - throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); - } + /** + * @var \yii\web\IdentityInterface the class name of the [[identity]] object + */ + public $userIdentityClass; + + /** + * @var string search class name for assignments search + */ + public $searchClass = [ + 'class' => AssignmentSearch::class, + ]; + + /** + * @var string id column name + */ + public $idField = 'id'; + + /** + * @var string username column name + */ + public $usernameField = 'username'; + + /** + * @var array assignments GridView columns + */ + public $gridViewColumns = []; + + /** + * @inheritdoc + */ + public function init() + { + parent::init(); + + if ($this->userIdentityClass === null) { + $this->userIdentityClass = Yii::$app->user->identityClass; + } + + if (empty($this->gridViewColumns)) { + $this->gridViewColumns = [ + $this->idField, + $this->usernameField, + ]; + } + } + + /** + * @inheritdoc + */ + public function behaviors(): array + { + return [ + 'verbs' => [ + 'class' => 'yii\filters\VerbFilter', + 'actions' => [ + 'index' => ['get'], + 'view' => ['get'], + 'assign' => ['post'], + 'remove' => ['post'], + ], + ], + 'contentNegotiator' => [ + 'class' => 'yii\filters\ContentNegotiator', + 'only' => ['assign', 'remove'], + 'formats' => [ + 'application/json' => Response::FORMAT_JSON, + ], + ], + ]; + } + + /** + * List of all assignments + * + * @return string + */ + public function actionIndex() + { + /* @var AssignmentSearch */ + $searchModel = Yii::createObject($this->searchClass); + + if ($searchModel instanceof AssignmentSearch) { + $dataProvider = $searchModel->search(Yii::$app->request->queryParams, $this->userIdentityClass, $this->idField, $this->usernameField); + } else { + $dataProvider = $searchModel->search(Yii::$app->request->queryParams); + } + + return $this->render('index', [ + 'dataProvider' => $dataProvider, + 'searchModel' => $searchModel, + 'gridViewColumns' => $this->gridViewColumns, + ]); + } + + /** + * Displays a single Assignment model. + * + * @param $id + * + * @return mixed + */ + public function actionView($id) + { + $model = $this->findModel($id); + + return $this->render('view', [ + 'model' => $model, + 'usernameField' => $this->usernameField, + ]); + } + + /** + * Assign items + * + * @param $id + * + * @return array + */ + public function actionAssign($id) + { + $items = Yii::$app->getRequest()->post('items', []); + $assignmentModel = $this->findModel($id); + $assignmentModel->assign($items); + + return $assignmentModel->getItems(); + } + + /** + * Remove items + * + * @param $id + * + * @return array + */ + public function actionRemove($id) + { + $items = Yii::$app->getRequest()->post('items', []); + $assignmentModel = $this->findModel($id); + $assignmentModel->revoke($items); + + return $assignmentModel->getItems(); + } + + /** + * Finds the Assignment model based on its primary key value. + * If the model is not found, a 404 HTTP exception will be thrown. + * + * @param $id + * + * @return AssignmentModel the loaded model + * + * @throws NotFoundHttpException if the model cannot be found + */ + protected function findModel($id) + { + $class = $this->userIdentityClass; + + if (($user = $class::findIdentity($id)) !== null) { + return new AssignmentModel($user); + } + + throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); + } + + public function beforeAction($action) + { + if (!parent::beforeAction($action)) { + return false; + } + + if (!\app\controllers\UsersController::test('admin')) { + throw new \yii\web\ForbiddenHttpException('You are not allowed to access this page.'); + } + + return true; + } } diff --git a/controllers/RouteController.php b/controllers/RouteController.php index 9f9e7c1..cccd1f3 100755 --- a/controllers/RouteController.php +++ b/controllers/RouteController.php @@ -15,91 +15,104 @@ */ class RouteController extends Controller { - /** - * @var array route model class - */ - public $modelClass = [ - 'class' => RouteModel::class, - ]; + /** + * @var array route model class + */ + public $modelClass = [ + 'class' => RouteModel::class, + ]; - /** - * Returns a list of behaviors that this component should behave as. - * - * @return array - */ - public function behaviors(): array - { - return [ - 'verbs' => [ - 'class' => VerbFilter::class, - 'actions' => [ - 'index' => ['get', 'post'], - 'create' => ['post'], - 'assign' => ['post'], - 'remove' => ['post'], - 'refresh' => ['post'], - ], - ], - 'contentNegotiator' => [ - 'class' => 'yii\filters\ContentNegotiator', - 'only' => ['assign', 'remove', 'refresh'], - 'formats' => [ - 'application/json' => Response::FORMAT_JSON, - ], - ], - ]; - } + /** + * Returns a list of behaviors that this component should behave as. + * + * @return array + */ + public function behaviors(): array + { + return [ + 'verbs' => [ + 'class' => VerbFilter::class, + 'actions' => [ + 'index' => ['get', 'post'], + 'create' => ['post'], + 'assign' => ['post'], + 'remove' => ['post'], + 'refresh' => ['post'], + ], + ], + 'contentNegotiator' => [ + 'class' => 'yii\filters\ContentNegotiator', + 'only' => ['assign', 'remove', 'refresh'], + 'formats' => [ + 'application/json' => Response::FORMAT_JSON, + ], + ], + ]; + } - /** - * Lists all Route models. - * - * @return mixed - */ - public function actionIndex() - { - $model = Yii::createObject($this->modelClass); + /** + * Lists all Route models. + * + * @return mixed + */ + public function actionIndex() + { + $model = Yii::createObject($this->modelClass); - return $this->render('index', ['routes' => $model->getAvailableAndAssignedRoutes()]); - } + return $this->render('index', ['routes' => $model->getAvailableAndAssignedRoutes()]); + } - /** - * Assign routes - * - * @return array - */ - public function actionAssign(): array - { - $routes = Yii::$app->getRequest()->post('routes', []); - $model = Yii::createObject($this->modelClass); - $model->addNew($routes); + /** + * Assign routes + * + * @return array + */ + public function actionAssign(): array + { + $routes = Yii::$app->getRequest()->post('routes', []); + $model = Yii::createObject($this->modelClass); + $model->addNew($routes); - return $model->getAvailableAndAssignedRoutes(); - } + return $model->getAvailableAndAssignedRoutes(); + } - /** - * Remove routes - * - * @return array - */ - public function actionRemove(): array - { - $routes = Yii::$app->getRequest()->post('routes', []); - $model = Yii::createObject($this->modelClass); - $model->remove($routes); + /** + * Remove routes + * + * @return array + */ + public function actionRemove(): array + { + $routes = Yii::$app->getRequest()->post('routes', []); + $model = Yii::createObject($this->modelClass); + $model->remove($routes); - return $model->getAvailableAndAssignedRoutes(); - } + return $model->getAvailableAndAssignedRoutes(); + } - /** - * Refresh cache of routes - * - * @return array - */ - public function actionRefresh(): array - { - $model = Yii::createObject($this->modelClass); - $model->invalidate(); + /** + * Refresh cache of routes + * + * @return array + */ + public function actionRefresh(): array + { + $model = Yii::createObject($this->modelClass); + $model->invalidate(); - return $model->getAvailableAndAssignedRoutes(); - } + return $model->getAvailableAndAssignedRoutes(); + } + + public function beforeAction($action) + { + if (!parent::beforeAction($action)) { + return false; + } + + if (!\app\controllers\UsersController::test('admin')) { + throw new \yii\web\ForbiddenHttpException('You are not allowed to access this page.'); + } + + return true; + } } diff --git a/controllers/RuleController.php b/controllers/RuleController.php index e939101..dffd127 100644 --- a/controllers/RuleController.php +++ b/controllers/RuleController.php @@ -16,143 +16,156 @@ */ class RuleController extends Controller { - /** - * @var string search class name for rules search - */ - public $searchClass = [ - 'class' => BizRuleSearch::class, - ]; - - /** - * Returns a list of behaviors that this component should behave as. - * - * @return array - */ - public function behaviors(): array - { - return [ - 'verbs' => [ - 'class' => VerbFilter::class, - 'actions' => [ - 'index' => ['get'], - 'view' => ['get'], - 'create' => ['get', 'post'], - 'update' => ['get', 'post'], - 'delete' => ['post'], - ], - ], - ]; - } - - /** - * List of all rules - * - * @return mixed - */ - public function actionIndex() - { - $searchModel = Yii::createObject($this->searchClass); - $dataProvider = $searchModel->search(Yii::$app->request->getQueryParams()); - - return $this->render('index', [ - 'dataProvider' => $dataProvider, - 'searchModel' => $searchModel, - ]); - } - - /** - * Displays a single Rule item. - * - * @param string $id - * - * @return mixed - */ - public function actionView(string $id) - { - $model = $this->findModel($id); - - return $this->render('view', ['model' => $model]); - } - - /** - * Creates a new Rule item. - * - * If creation is successful, the browser will be redirected to the 'view' page. - * - * @return mixed - */ - public function actionCreate() - { - $model = new BizRuleModel(); - - if ($model->load(Yii::$app->request->post()) && $model->save()) { - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been saved.')); - - return $this->redirect(['view', 'id' => $model->name]); - } - - return $this->render('create', ['model' => $model]); - } - - /** - * Updates an existing Rule item. - * - * If update is successful, the browser will be redirected to the 'view' page. - * - * @param string $id - * - * @return mixed - */ - public function actionUpdate(string $id) - { - $model = $this->findModel($id); - - if ($model->load(Yii::$app->request->post()) && $model->save()) { - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been saved.')); - - return $this->redirect(['view', 'id' => $model->name]); - } - - return $this->render('update', ['model' => $model]); - } - - /** - * Deletes an existing Rule item. - * - * If deletion is successful, the browser will be redirected to the 'index' page. - * - * @param string $id - * - * @return mixed - */ - public function actionDelete(string $id) - { - $model = $this->findModel($id); - Yii::$app->authManager->remove($model->item); - Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been deleted.')); - - return $this->redirect(['index']); - } - - /** - * Finds the BizRuleModel based on its primary key value. - * - * If the model is not found, a 404 HTTP exception will be thrown. - * - * @param string $id - * - * @return BizRuleModel the loaded model - * - * @throws \yii\web\NotFoundHttpException - */ - protected function findModel(string $id) - { - $item = Yii::$app->authManager->getRule($id); - - if (!empty($item)) { - return new BizRuleModel($item); - } - - throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); - } + /** + * @var string search class name for rules search + */ + public $searchClass = [ + 'class' => BizRuleSearch::class, + ]; + + /** + * Returns a list of behaviors that this component should behave as. + * + * @return array + */ + public function behaviors(): array + { + return [ + 'verbs' => [ + 'class' => VerbFilter::class, + 'actions' => [ + 'index' => ['get'], + 'view' => ['get'], + 'create' => ['get', 'post'], + 'update' => ['get', 'post'], + 'delete' => ['post'], + ], + ], + ]; + } + + /** + * List of all rules + * + * @return mixed + */ + public function actionIndex() + { + $searchModel = Yii::createObject($this->searchClass); + $dataProvider = $searchModel->search(Yii::$app->request->getQueryParams()); + + return $this->render('index', [ + 'dataProvider' => $dataProvider, + 'searchModel' => $searchModel, + ]); + } + + /** + * Displays a single Rule item. + * + * @param string $id + * + * @return mixed + */ + public function actionView(string $id) + { + $model = $this->findModel($id); + + return $this->render('view', ['model' => $model]); + } + + /** + * Creates a new Rule item. + * + * If creation is successful, the browser will be redirected to the 'view' page. + * + * @return mixed + */ + public function actionCreate() + { + $model = new BizRuleModel(); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been saved.')); + + return $this->redirect(['view', 'id' => $model->name]); + } + + return $this->render('create', ['model' => $model]); + } + + /** + * Updates an existing Rule item. + * + * If update is successful, the browser will be redirected to the 'view' page. + * + * @param string $id + * + * @return mixed + */ + public function actionUpdate(string $id) + { + $model = $this->findModel($id); + + if ($model->load(Yii::$app->request->post()) && $model->save()) { + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been saved.')); + + return $this->redirect(['view', 'id' => $model->name]); + } + + return $this->render('update', ['model' => $model]); + } + + /** + * Deletes an existing Rule item. + * + * If deletion is successful, the browser will be redirected to the 'index' page. + * + * @param string $id + * + * @return mixed + */ + public function actionDelete(string $id) + { + $model = $this->findModel($id); + Yii::$app->authManager->remove($model->item); + Yii::$app->session->setFlash('success', Yii::t('yii2mod.rbac', 'Rule has been deleted.')); + + return $this->redirect(['index']); + } + + /** + * Finds the BizRuleModel based on its primary key value. + * + * If the model is not found, a 404 HTTP exception will be thrown. + * + * @param string $id + * + * @return BizRuleModel the loaded model + * + * @throws \yii\web\NotFoundHttpException + */ + protected function findModel(string $id) + { + $item = Yii::$app->authManager->getRule($id); + + if (!empty($item)) { + return new BizRuleModel($item); + } + + throw new NotFoundHttpException(Yii::t('yii2mod.rbac', 'The requested page does not exist.')); + } + + public function beforeAction($action) + { + if (!parent::beforeAction($action)) { + return false; + } + + if (!\app\controllers\UsersController::test('admin')) { + throw new \yii\web\ForbiddenHttpException('You are not allowed to access this page.'); + } + + return true; + } }