From b6190fa61b7117efb9b5a867590aa394f05d742d Mon Sep 17 00:00:00 2001
From: soul11201 <soul11201@gmail.com>
Date: Fri, 17 Aug 2018 17:36:47 +0800
Subject: [PATCH 1/6] Enhencement:  the params AccessController will check  may
 be passed by post method

---
 components/AccessControl.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/components/AccessControl.php b/components/AccessControl.php
index 89f26622..fa381cc6 100644
--- a/components/AccessControl.php
+++ b/components/AccessControl.php
@@ -67,7 +67,15 @@ public function beforeAction($action)
     {
         $actionId = $action->getUniqueId();
         $user = $this->getUser();
-        if (Helper::checkRoute('/' . $actionId, Yii::$app->getRequest()->get(), $user)) {
+
+        $request = Yii::$app->getRequest();
+        if($request->getIsPost()){
+            $params = $request->post();
+        }else{
+            $params = $request->get();
+        }
+
+        if (Helper::checkRoute('/' . $actionId, $params, $user)) {
             return true;
         }
         $this->denyAccess($user);

From d47c0c84f34285dff142111633e13a1700d98b62 Mon Sep 17 00:00:00 2001
From: soul11201 <soul11201@gmail.com>
Date: Tue, 28 May 2019 20:12:56 +0800
Subject: [PATCH 2/6] =?UTF-8?q?=20=C3=A9=C2=A1=C2=B5=C3=A9=C2=9D=C2=A2?=
 =?UTF-8?q?=C3=A5=C2=B1=C2=95=C3=A7=C2=A4=C2=BA=C3=A5=C2=86=C2=85=C3=A5?=
 =?UTF-8?q?=C2=AE=C2=B9=C3=A4=C2=BC=C2=98=C3=A5=C2=8C=C2=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. 调整页面显示，只能看到自己有权限的页面
2. 分配: 给对方自己有的权限及子权限,且对方没有这个权限或者个权限的父权
限
3. 分配、角色、权限、路由展示：描述信息（权限名字） 或者 权限名字  没
有描述的时候
---
 Module.php                  | 29 ++++++++--------
 models/Assignment.php       | 69 +++++++++++++++++++++++++++++--------
 models/AuthItem.php         | 16 ++++++---
 views/assignment/_script.js | 12 +++++--
 views/item/_script.js       | 13 +++++--
 views/layouts/left-menu.php | 18 ++++++----
 6 files changed, 112 insertions(+), 45 deletions(-)

diff --git a/Module.php b/Module.php
index 12f49dce..2e0ab25f 100644
--- a/Module.php
+++ b/Module.php
@@ -2,6 +2,7 @@
 
 namespace mdm\admin;
 
+use mdm\admin\components\Configs;
 use Yii;
 use yii\helpers\Inflector;
 
@@ -61,13 +62,13 @@ class Module extends \yii\base\Module
      * @see [[menus]]
      */
     private $_coreItems = [
-        'user' => 'Users',
-        'assignment' => 'Assignments',
-        'role' => 'Roles',
-        'permission' => 'Permissions',
-        'route' => 'Routes',
-        'rule' => 'Rules',
-        'menu' => 'Menus',
+        'user/index' => 'Users',
+        'assignment/index' => 'Assignments',
+        'role/index' => 'Roles',
+        'permission/index' => 'Permissions',
+        'route/index' => 'Routes',
+        'rule/index' => 'Rules',
+        'menu/index' => 'Menus',
     ];
     /**
      * @var array
@@ -122,20 +123,18 @@ public function getMenus()
             // resolve core menus
             $this->_normalizeMenus = [];
 
-            $config = components\Configs::instance();
+            $config = Configs::instance();
             $conditions = [
-                'user' => $config->db && $config->db->schema->getTableSchema($config->userTable),
-                'assignment' => ($userClass = Yii::$app->getUser()->identityClass) && is_subclass_of($userClass, 'yii\db\BaseActiveRecord'),
-                'menu' => $config->db && $config->db->schema->getTableSchema($config->menuTable),
+                'user/index' => $config->db && $config->db->schema->getTableSchema($config->userTable),
+                'assignment/index' => ($userClass = Yii::$app->getUser()->identityClass) && is_subclass_of($userClass, 'yii\db\BaseActiveRecord'),
+                'menu/index' => $config->db && $config->db->schema->getTableSchema($config->menuTable),
             ];
+
             foreach ($this->_coreItems as $id => $lable) {
                 if (!isset($conditions[$id]) || $conditions[$id]) {
                     $this->_normalizeMenus[$id] = ['label' => Yii::t('rbac-admin', $lable), 'url' => [$mid . $id]];
                 }
             }
-            foreach (array_keys($this->controllerMap) as $id) {
-                $this->_normalizeMenus[$id] = ['label' => Yii::t('rbac-admin', Inflector::humanize($id)), 'url' => [$mid . $id]];
-            }
 
             // user configure menus
             foreach ($this->_menus as $id => $value) {
@@ -147,7 +146,7 @@ public function getMenus()
                     $value = ['label' => $value];
                 }
                 $this->_normalizeMenus[$id] = isset($this->_normalizeMenus[$id]) ? array_merge($this->_normalizeMenus[$id], $value)
-                : $value;
+                    : $value;
                 if (!isset($this->_normalizeMenus[$id]['url'])) {
                     $this->_normalizeMenus[$id]['url'] = [$mid . $id];
                 }
diff --git a/models/Assignment.php b/models/Assignment.php
index c677bd0c..cc00f4f5 100644
--- a/models/Assignment.php
+++ b/models/Assignment.php
@@ -42,12 +42,22 @@ public function assign($items)
     {
         $manager = Configs::authManager();
         $success = 0;
+
+        $current_user_id = Yii::$app->getUser()->getId();
+
         foreach ($items as $name) {
             try {
-                $item = $manager->getRole($name);
-                $item = $item ?: $manager->getPermission($name);
-                $manager->assign($item, $this->id);
-                $success++;
+                $verify_result = $manager->checkAccess($current_user_id, $name);
+
+                Yii::debug("verify role|permission: $name, result: "
+                    . ($verify_result ? "Y" : "N"));
+
+                if ($verify_result) {
+                    $item = $manager->getRole($name);
+                    $item = $item ?: $manager->getPermission($name);
+                    $manager->assign($item, $this->id);
+                    $success++;
+                }
             } catch (\Exception $exc) {
                 Yii::error($exc->getMessage(), __METHOD__);
             }
@@ -63,14 +73,22 @@ public function assign($items)
      */
     public function revoke($items)
     {
+        $current_user_id = Yii::$app->getUser()->getId();
         $manager = Configs::authManager();
         $success = 0;
         foreach ($items as $name) {
             try {
-                $item = $manager->getRole($name);
-                $item = $item ?: $manager->getPermission($name);
-                $manager->revoke($item, $this->id);
-                $success++;
+                $verify_result = $manager->checkAccess($current_user_id, $name);
+
+                Yii::debug("verify role|permission: $name, result: "
+                    . ($verify_result ? "Y" : "N"));
+
+                if ($verify_result) {
+                    $item = $manager->getRole($name);
+                    $item = $item ?: $manager->getPermission($name);
+                    $manager->revoke($item, $this->id);
+                    $success++;
+                }
             } catch (\Exception $exc) {
                 Yii::error($exc->getMessage(), __METHOD__);
             }
@@ -85,27 +103,48 @@ public function revoke($items)
      */
     public function getItems()
     {
+        $current_user_id = Yii::$app->getUser()->getId();
         $manager = Configs::authManager();
         $available = [];
-        foreach (array_keys($manager->getRoles()) as $name) {
-            $available[$name] = 'role';
+
+        $roles = $manager->getRolesByUser($current_user_id);
+
+        foreach ($roles as $role) {
+            $name = $role->name;
+            $available[$name][0] = 'role';
+            $available[$name][1] = $role->description;
+
+            $child_roles = $manager->getChildRoles($name);
+            foreach ($child_roles as $childRole)
+            {
+                $name = $childRole->name;
+                $available[$name][0] = 'role';
+                $available[$name][1] = $childRole->description;
+            }
         }
 
-        foreach (array_keys($manager->getPermissions()) as $name) {
+
+        $permissions = $manager->getPermissionsByUser($current_user_id);
+
+        foreach ($permissions as $permission) {
+            $name = $permission->name;
             if ($name[0] != '/') {
-                $available[$name] = 'permission';
+                $available[$name][0] = 'permission';
+                $available[$name][1] = $permission->description;
             }
         }
 
         $assigned = [];
         foreach ($manager->getAssignments($this->id) as $item) {
-            $assigned[$item->roleName] = $available[$item->roleName];
-            unset($available[$item->roleName]);
+            if(isset($available[$item->roleName])) {
+                $assigned[$item->roleName] = $available[$item->roleName];
+                unset($available[$item->roleName]);
+            }
         }
 
         return [
             'available' => $available,
-            'assigned' => $assigned,
+            'assigned'  => $assigned,
         ];
     }
 
diff --git a/models/AuthItem.php b/models/AuthItem.php
index 79813675..d06eca03 100644
--- a/models/AuthItem.php
+++ b/models/AuthItem.php
@@ -248,17 +248,23 @@ public function getItems()
         $manager = Configs::authManager();
         $available = [];
         if ($this->type == Item::TYPE_ROLE) {
-            foreach (array_keys($manager->getRoles()) as $name) {
-                $available[$name] = 'role';
+            foreach ($manager->getRoles() as $item) {
+                $name = $item->name;
+                $available[$name][0] = 'role';
+                $available[$name][1] = $item->description;
             }
         }
-        foreach (array_keys($manager->getPermissions()) as $name) {
-            $available[$name] = $name[0] == '/' ? 'route' : 'permission';
+        foreach ($manager->getPermissions() as $item) {
+            $name = $item->name;
+            $available[$name][0] = $name[0] == '/' ? 'route' : 'permission';
+            $available[$name][1] = $item->description;
+
         }
 
         $assigned = [];
         foreach ($manager->getChildren($this->_item->name) as $item) {
-            $assigned[$item->name] = $item->type == 1 ? 'role' : ($item->name[0] == '/' ? 'route' : 'permission');
+            $assigned[$item->name][0] = $item->type == 1 ? 'role' : ($item->name[0] == '/' ? 'route' : 'permission');
+            $assigned[$item->name][1] = $item->description;
             unset($available[$item->name]);
         }
         unset($available[$this->name]);
diff --git a/views/assignment/_script.js b/views/assignment/_script.js
index deb2d541..7db4674c 100644
--- a/views/assignment/_script.js
+++ b/views/assignment/_script.js
@@ -37,8 +37,16 @@ function search(target) {
     };
     $.each(_opts.items[target], function (name, group) {
         if (name.indexOf(q) >= 0) {
-            $('<option>').text(name).val(name).appendTo(groups[group][0]);
-            groups[group][1] = true;
+
+            var text;
+            if(group[1] == null)
+            {
+                text = name;
+            }else {
+                text = group[1] + " ( " + name + ")";
+            }
+            $('<option>').text( text ).val(name).appendTo(groups[group[0]][0]);
+            groups[group[0]][1] = true;
         }
     });
     $.each(groups, function () {
diff --git a/views/item/_script.js b/views/item/_script.js
index 34a9f83c..6736f733 100644
--- a/views/item/_script.js
+++ b/views/item/_script.js
@@ -28,6 +28,7 @@ $('.search[data-target]').keyup(function () {
 
 function search(target) {
     var $list = $('select.list[data-target="' + target + '"]');
+
     $list.html('');
     var q = $('.search[data-target="' + target + '"]').val();
 
@@ -38,8 +39,16 @@ function search(target) {
     };
     $.each(_opts.items[target], function (name, group) {
         if (name.indexOf(q) >= 0) {
-            $('<option>').text(name).val(name).appendTo(groups[group][0]);
-            groups[group][1] = true;
+
+            var text;
+            if(group[1] == null)
+            {
+                text = name;
+            }else {
+                text = group[1] + " ( " + name + ")";
+            }
+            $('<option>').text( text ).val(name).appendTo(groups[group[0]][0]);
+            groups[group[0]][1] = true;
         }
     });
     $.each(groups, function () {
diff --git a/views/layouts/left-menu.php b/views/layouts/left-menu.php
index aea7ef91..9a597d8e 100644
--- a/views/layouts/left-menu.php
+++ b/views/layouts/left-menu.php
@@ -4,10 +4,13 @@
 
 /* @var $this \yii\web\View */
 /* @var $content string */
+/* @var $controller \yii\web\Controller string */
+
 
 $controller = $this->context;
 $menus = $controller->module->menus;
 $route = $controller->route;
+$user = Yii::$app->getUser();
 foreach ($menus as $i => $menu) {
     $menus[$i]['active'] = strpos($route, trim($menu['url'][0], '/')) === 0;
 }
@@ -19,12 +22,15 @@
         <div id="manager-menu" class="list-group">
             <?php
             foreach ($menus as $menu) {
-                $label = Html::tag('i', '', ['class' => 'glyphicon glyphicon-chevron-right pull-right']) .
-                    Html::tag('span', Html::encode($menu['label']), []);
-                $active = $menu['active'] ? ' active' : '';
-                echo Html::a($label, $menu['url'], [
-                    'class' => 'list-group-item' . $active,
-                ]);
+                $r = \mdm\admin\components\Helper::checkRoute($menu['url'][0]);
+                if($r) {
+                    $label = Html::tag('i', '', ['class' => 'glyphicon glyphicon-chevron-right pull-right']) .
+                        Html::tag('span', Html::encode($menu['label']), []);
+                    $active = $menu['active'] ? ' active' : '';
+                    echo Html::a($label, $menu['url'], [
+                        'class' => 'list-group-item' . $active,
+                    ]);
+                }
             }
             ?>
         </div>

From dd78092669a51b357e8f4f421f7a261821425c98 Mon Sep 17 00:00:00 2001
From: soul11201 <soul11201@gmail.com>
Date: Tue, 28 May 2019 20:41:52 +0800
Subject: [PATCH 3/6] localizations support copy from
 https://github.com/mdmsoft/yii2-admin/pull/368

in ./views/assignnets/view.php and ./views/item/view.php add $labels - localization support js. Update _script.js too.
---
 views/assignment/_script.js | 7 +++++--
 views/assignment/view.php   | 6 ++++++
 views/item/_script.js       | 7 ++++---
 views/item/view.php         | 8 ++++++++
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/views/assignment/_script.js b/views/assignment/_script.js
index 7db4674c..a9958b84 100644
--- a/views/assignment/_script.js
+++ b/views/assignment/_script.js
@@ -31,10 +31,13 @@ function search(target) {
     $list.html('');
     var q = $('.search[data-target="' + target + '"]').val();
 
+
     var groups = {
-        role: [$('<optgroup label="Roles">'), false],
-        permission: [$('<optgroup label="Permission">'), false],
+        role: [$('<optgroup label="' + _labels['Roles'] + '">'), false],
+        permission: [$('<optgroup label="' + _labels['Permissions'] + '">'), false],
     };
+
+
     $.each(_opts.items[target], function (name, group) {
         if (name.indexOf(q) >= 0) {
 
diff --git a/views/assignment/view.php b/views/assignment/view.php
index 82e91c7c..43c3c786 100644
--- a/views/assignment/view.php
+++ b/views/assignment/view.php
@@ -26,7 +26,13 @@
 $opts = Json::htmlEncode([
     'items' => $model->getItems(),
 ]);
+$labels = Json::htmlEncode([
+    'Roles' => Yii::t('rbac-admin', 'Roles'),
+    'Permissions' => Yii::t('rbac-admin', 'Permissions'),
+]);
+
 $this->registerJs("var _opts = {$opts};");
+$this->registerJs("var _labels = {$labels};");
 $this->registerJs($this->render('_script.js'));
 $animateIcon = ' <i class="glyphicon glyphicon-refresh glyphicon-refresh-animate"></i>';
 ?>
diff --git a/views/item/_script.js b/views/item/_script.js
index 6736f733..3c1537d1 100644
--- a/views/item/_script.js
+++ b/views/item/_script.js
@@ -33,10 +33,11 @@ function search(target) {
     var q = $('.search[data-target="' + target + '"]').val();
 
     var groups = {
-        role: [$('<optgroup label="Roles">'), false],
-        permission: [$('<optgroup label="Permission">'), false],
-        route: [$('<optgroup label="Routes">'), false],
+        role: [$('<optgroup label="' + _labels['Roles'] + '">'), false],
+        permission: [$('<optgroup label="' + _labels['Permissions'] + '">'), false],
+        route: [$('<optgroup label="' + _labels['Routes'] + '">'), false],
     };
+
     $.each(_opts.items[target], function (name, group) {
         if (name.indexOf(q) >= 0) {
 
diff --git a/views/item/view.php b/views/item/view.php
index a8b7b565..ea20dc2b 100644
--- a/views/item/view.php
+++ b/views/item/view.php
@@ -22,6 +22,14 @@
     'items' => $model->getItems(),
 ]);
 $this->registerJs("var _opts = {$opts};");
+
+$labels = Json::htmlEncode([
+    'Roles' => Yii::t('rbac-admin', 'Roles'),
+    'Permissions' => Yii::t('rbac-admin', 'Permissions'),
+    'Routes' => Yii::t('rbac-admin', 'Routes'),
+]);
+$this->registerJs("var _labels = {$labels};");
+
 $this->registerJs($this->render('_script.js'));
 $animateIcon = ' <i class="glyphicon glyphicon-refresh glyphicon-refresh-animate"></i>';
 ?>

From 8a05c3650abf99e9bc03fef50fae947c365768a5 Mon Sep 17 00:00:00 2001
From: soul11201 <soul11201@gmail.com>
Date: Tue, 28 May 2019 20:48:46 +0800
Subject: [PATCH 4/6] copy from
 https://github.com/mdmsoft/yii2-admin/pull/352/files

---
 controllers/AssignmentController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/controllers/AssignmentController.php b/controllers/AssignmentController.php
index e4921d95..70ffc1cb 100644
--- a/controllers/AssignmentController.php
+++ b/controllers/AssignmentController.php
@@ -45,7 +45,6 @@ public function behaviors()
             'verbs' => [
                 'class' => VerbFilter::className(),
                 'actions' => [
-                    'assign' => ['post'],
                     'assign' => ['post'],
                     'revoke' => ['post'],
                 ],

From 1d3dcb85b6c5a5f414fcbecbf58729fa2ef2eb2e Mon Sep 17 00:00:00 2001
From: soul11201 <soul11201@gmail.com>
Date: Fri, 5 Jul 2019 14:49:04 +0800
Subject: [PATCH 5/6] vendor name to noname007

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 7001d249..38879506 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-    "name": "mdmsoft/yii2-admin",
+    "name": "noname007/yii2-admin",
     "description": "RBAC Auth manager for Yii2 ",
     "keywords": ["yii", "admin", "auth", "rbac"],
     "type": "yii2-extension",

From 915f740174aa2a84a89ae48986555cf96a1be685 Mon Sep 17 00:00:00 2001
From: yangzhenzhen01 <yangzhenzhen01@ke.com>
Date: Mon, 25 Jan 2021 19:14:02 +0800
Subject: [PATCH 6/6] UserController UserModle use config

---
 controllers/UserController.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controllers/UserController.php b/controllers/UserController.php
index 5a3808ff..1f5cfad1 100644
--- a/controllers/UserController.php
+++ b/controllers/UserController.php
@@ -252,7 +252,8 @@ public function actionActivate($id)
      */
     protected function findModel($id)
     {
-        if (($model = User::findOne($id)) !== null) {
+        $class = Yii::$app->getUser()->identityClass ? : mdm\admin\models\User::class;
+        if (($model = $class::findOne($id)) !== null) {
             return $model;
         } else {
             throw new NotFoundHttpException('The requested page does not exist.');