diff --git a/Module.php b/Module.php index 12f49dce..2e0ab25f 100644 --- a/Module.php +++ b/Module.php @@ -2,6 +2,7 @@ namespace mdm\admin; +use mdm\admin\components\Configs; use Yii; use yii\helpers\Inflector; @@ -61,13 +62,13 @@ class Module extends \yii\base\Module * @see [[menus]] */ private $_coreItems = [ - 'user' => 'Users', - 'assignment' => 'Assignments', - 'role' => 'Roles', - 'permission' => 'Permissions', - 'route' => 'Routes', - 'rule' => 'Rules', - 'menu' => 'Menus', + 'user/index' => 'Users', + 'assignment/index' => 'Assignments', + 'role/index' => 'Roles', + 'permission/index' => 'Permissions', + 'route/index' => 'Routes', + 'rule/index' => 'Rules', + 'menu/index' => 'Menus', ]; /** * @var array @@ -122,20 +123,18 @@ public function getMenus() // resolve core menus $this->_normalizeMenus = []; - $config = components\Configs::instance(); + $config = Configs::instance(); $conditions = [ - 'user' => $config->db && $config->db->schema->getTableSchema($config->userTable), - 'assignment' => ($userClass = Yii::$app->getUser()->identityClass) && is_subclass_of($userClass, 'yii\db\BaseActiveRecord'), - 'menu' => $config->db && $config->db->schema->getTableSchema($config->menuTable), + 'user/index' => $config->db && $config->db->schema->getTableSchema($config->userTable), + 'assignment/index' => ($userClass = Yii::$app->getUser()->identityClass) && is_subclass_of($userClass, 'yii\db\BaseActiveRecord'), + 'menu/index' => $config->db && $config->db->schema->getTableSchema($config->menuTable), ]; + foreach ($this->_coreItems as $id => $lable) { if (!isset($conditions[$id]) || $conditions[$id]) { $this->_normalizeMenus[$id] = ['label' => Yii::t('rbac-admin', $lable), 'url' => [$mid . $id]]; } } - foreach (array_keys($this->controllerMap) as $id) { - $this->_normalizeMenus[$id] = ['label' => Yii::t('rbac-admin', Inflector::humanize($id)), 'url' => [$mid . $id]]; - } // user configure menus foreach ($this->_menus as $id => $value) { @@ -147,7 +146,7 @@ public function getMenus() $value = ['label' => $value]; } $this->_normalizeMenus[$id] = isset($this->_normalizeMenus[$id]) ? array_merge($this->_normalizeMenus[$id], $value) - : $value; + : $value; if (!isset($this->_normalizeMenus[$id]['url'])) { $this->_normalizeMenus[$id]['url'] = [$mid . $id]; } diff --git a/components/AccessControl.php b/components/AccessControl.php index 89f26622..fa381cc6 100644 --- a/components/AccessControl.php +++ b/components/AccessControl.php @@ -67,7 +67,15 @@ public function beforeAction($action) { $actionId = $action->getUniqueId(); $user = $this->getUser(); - if (Helper::checkRoute('/' . $actionId, Yii::$app->getRequest()->get(), $user)) { + + $request = Yii::$app->getRequest(); + if($request->getIsPost()){ + $params = $request->post(); + }else{ + $params = $request->get(); + } + + if (Helper::checkRoute('/' . $actionId, $params, $user)) { return true; } $this->denyAccess($user); diff --git a/composer.json b/composer.json index 7001d249..38879506 100644 --- a/composer.json +++ b/composer.json @@ -1,5 +1,5 @@ { - "name": "mdmsoft/yii2-admin", + "name": "noname007/yii2-admin", "description": "RBAC Auth manager for Yii2 ", "keywords": ["yii", "admin", "auth", "rbac"], "type": "yii2-extension", diff --git a/controllers/UserController.php b/controllers/UserController.php index 5a3808ff..1f5cfad1 100644 --- a/controllers/UserController.php +++ b/controllers/UserController.php @@ -252,7 +252,8 @@ public function actionActivate($id) */ protected function findModel($id) { - if (($model = User::findOne($id)) !== null) { + $class = Yii::$app->getUser()->identityClass ? : mdm\admin\models\User::class; + if (($model = $class::findOne($id)) !== null) { return $model; } else { throw new NotFoundHttpException('The requested page does not exist.'); diff --git a/models/Assignment.php b/models/Assignment.php index 4d72f742..6128695b 100644 --- a/models/Assignment.php +++ b/models/Assignment.php @@ -42,12 +42,22 @@ public function assign($items) { $manager = Configs::authManager(); $success = 0; + + $current_user_id = Yii::$app->getUser()->getId(); + foreach ($items as $name) { try { - $item = $manager->getRole($name); - $item = $item ?: $manager->getPermission($name); - $manager->assign($item, $this->id); - $success++; + $verify_result = $manager->checkAccess($current_user_id, $name); + + Yii::debug("verify role|permission: $name, result: " + . ($verify_result ? "Y" : "N")); + + if ($verify_result) { + $item = $manager->getRole($name); + $item = $item ?: $manager->getPermission($name); + $manager->assign($item, $this->id); + $success++; + } } catch (\Exception $exc) { Yii::error($exc->getMessage(), __METHOD__); } @@ -63,14 +73,22 @@ public function assign($items) */ public function revoke($items) { + $current_user_id = Yii::$app->getUser()->getId(); $manager = Configs::authManager(); $success = 0; foreach ($items as $name) { try { - $item = $manager->getRole($name); - $item = $item ?: $manager->getPermission($name); - $manager->revoke($item, $this->id); - $success++; + $verify_result = $manager->checkAccess($current_user_id, $name); + + Yii::debug("verify role|permission: $name, result: " + . ($verify_result ? "Y" : "N")); + + if ($verify_result) { + $item = $manager->getRole($name); + $item = $item ?: $manager->getPermission($name); + $manager->revoke($item, $this->id); + $success++; + } } catch (\Exception $exc) { Yii::error($exc->getMessage(), __METHOD__); } @@ -85,29 +103,50 @@ public function revoke($items) */ public function getItems() { + $current_user_id = Yii::$app->getUser()->getId(); $manager = Configs::authManager(); $available = []; - foreach (array_keys($manager->getRoles()) as $name) { - $available[$name] = 'role'; + + $roles = $manager->getRolesByUser($current_user_id); + + foreach ($roles as $role) { + $name = $role->name; + $available[$name][0] = 'role'; + $available[$name][1] = $role->description; + + $child_roles = $manager->getChildRoles($name); + foreach ($child_roles as $childRole) + { + $name = $childRole->name; + $available[$name][0] = 'role'; + $available[$name][1] = $childRole->description; + } } - foreach (array_keys($manager->getPermissions()) as $name) { + + $permissions = $manager->getPermissionsByUser($current_user_id); + + foreach ($permissions as $permission) { + $name = $permission->name; if ($name[0] != '/') { - $available[$name] = 'permission'; + $available[$name][0] = 'permission'; + $available[$name][1] = $permission->description; } } $assigned = []; foreach ($manager->getAssignments($this->id) as $item) { - $assigned[$item->roleName] = $available[$item->roleName]; - unset($available[$item->roleName]); + if(isset($available[$item->roleName])) { + $assigned[$item->roleName] = $available[$item->roleName]; + unset($available[$item->roleName]); + } } ksort($available); ksort($assigned); return [ 'available' => $available, - 'assigned' => $assigned, + 'assigned' => $assigned, ]; } diff --git a/models/AuthItem.php b/models/AuthItem.php index 53a53ea1..7f26307a 100644 --- a/models/AuthItem.php +++ b/models/AuthItem.php @@ -254,18 +254,23 @@ public function getItems() $advanced = Configs::instance()->advanced; $available = []; if ($this->type == Item::TYPE_ROLE) { - foreach (array_keys($manager->getRoles()) as $name) { - $available[$name] = 'role'; + foreach ($manager->getRoles() as $item) { + $name = $item->name; + $available[$name][0] = 'role'; + $available[$name][1] = $item->description; } } - foreach (array_keys($manager->getPermissions()) as $name) { - $available[$name] = $name[0] == '/' || $advanced && $name[0] == '@' ? 'route' : 'permission'; + foreach ($manager->getPermissions() as $item) { + $name = $item->name; + $available[$name][0] = $name[0] == '/' || $advanced && $name[0] == '@' ? 'route' : 'permission'; + $available[$name][1] = $item->description; } $assigned = []; foreach ($manager->getChildren($this->_item->name) as $item) { - $assigned[$item->name] = $item->type == 1 ? 'role' : ($item->name[0] == '/' || $advanced && $item->name[0] == '@' + $assigned[$item->name][0] = $item->type == 1 ? 'role' : ($item->name[0] == '/' || $advanced && $item->name[0] == '@' ? 'route' : 'permission'); + $assigned[$item->name][1] = $item->description; unset($available[$item->name]); } unset($available[$this->name]); diff --git a/views/assignment/_script.js b/views/assignment/_script.js index deb2d541..a9958b84 100644 --- a/views/assignment/_script.js +++ b/views/assignment/_script.js @@ -31,14 +31,25 @@ function search(target) { $list.html(''); var q = $('.search[data-target="' + target + '"]').val(); + var groups = { - role: [$(''), false], - permission: [$(''), false], + role: [$(''), false], + permission: [$(''), false], }; + + $.each(_opts.items[target], function (name, group) { if (name.indexOf(q) >= 0) { - $(''), false], - permission: [$(''), false], - route: [$(''), false], + role: [$(''), false], + permission: [$(''), false], + route: [$(''), false], }; + $.each(_opts.items[target], function (name, group) { if (name.indexOf(q) >= 0) { - $('