fcaldarelli · August 29, 2019 20:54
diff --git a/RbacController.php b/RbacController.php
 <?php
 namespace console\controllers;

 use Yii;
 use yii\console\Controller;

 class RbacController extends Controller
 {
    private $auth;

    private function createPermission($name, $roles, $rule = null)
    {
        $p = $this->auth->createPermission($name);
        $p->description = $name;
        if($rule != null) $p->ruleName = $rule->name;
        $this->auth->add($p);
        foreach($roles as $role) $this->auth->addChild($role, $p);
        return $p;
    }

    private function createRule($ruleClass)
    {
        $rule = new $ruleClass;
        $this->auth->add($rule);
        return $rule;
    }

    public function actionInit()
    {
        $auth = Yii::$app->authManager;

        $this->auth = $auth;

        $auth->removeAll();

        // RUOLO superadmin
        $roleSuperadmin = $auth->createRole('superadmin');
        $auth->add($roleSuperadmin);

        // RUOLO company_admin
        $roleCompanyAdmin = $auth->createRole('company_admin');
        $auth->add($roleCompanyAdmin);

        // Rule
        $roomsRule = $this->createRule(\backend\models\rule\RoomsRule::className());

        // -----------
        // BACKEND - ROOMS
        // -----------
        $this->createPermission('backend.rooms.create', [$roleCompanyAdmin], $roomsRule);
        $this->createPermission('backend.rooms.view',   [$roleCompanyAdmin], $roomsRule);
        $this->createPermission('backend.rooms.update', [$roleCompanyAdmin], $roomsRule);
        $this->createPermission('backend.rooms.delete', [$roleCompanyAdmin], $roomsRule);
        $this->createPermission('backend.rooms.index',  [$roleCompanyAdmin], $roomsRule);

        // Imposta tutti gli utenti
 		foreach(\common\models\User::find()->all() as $u)
 		{
 			$u->configureRbac();
 		}


 		$auth->addChild($roleSuperadmin, $roleCompanyAdmin);

    }
 }
 ?>
diff --git a/RoomsController.php b/RoomsController.php
 <?php
 class RoomsController extends BaseController
 {
    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        return \yii\helpers\ArrayHelper::merge(parent::behaviors(), [
            'access' => new \yii\helpers\ReplaceArrayValue([
                'class' => \yii\filters\AccessControl::className(),
                'rules' => [

                    [ 'allow' => true, 'actions' => ['create'], 'roles' => ['backend.rooms.create'], ],
                    [ 'allow' => true, 'actions' => ['delete'], 'roles' => ['backend.rooms.delete'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],
                    [ 'allow' => true, 'actions' => ['index'],  'roles' => ['backend.rooms.index'], ],
                    [ 'allow' => true, 'actions' => ['update'], 'roles' => ['backend.rooms.update'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],
                    [ 'allow' => true, 'actions' => ['view'],   'roles' => ['backend.rooms.view'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],

                    [ 'allow' => true, 'actions' => ['qrcode'] ],

                ],
            ]),
        ]);
    }
diff --git a/RoomsRule.php b/RoomsRule.php
 <?php
 namespace backend\models\rule;

 use yii\rbac\Rule;
 use common\models\User;

 /**
 * RoomsRule
 */
 class RoomsRule extends Rule
 {
    public $name = 'backend.rooms';

    /**
     * @param string|int $user the user ID.
     * @param Item $item the role or permission that this rule is associated with
     * @param array $params parameters passed to ManagerInterface::checkAccess().
     * @return bool a value indicating whether the rule permits the role or permission it is associated with.
     */
     public function execute($user, $item, $params)
     {
         $retVal = false;

         $userModel = User::findOne($user);

         if($item->name == $this->name.'.index')
         {
             $retVal = true;
         }
         else if($item->name == $this->name.'.check-in-out')
         {
             $retVal = true;
         }
         else if($item->name == $this->name.'.create')
         {
            $retVal = true;
         }
         else
         {
            if(isset($params['id']))
            {
                if($userModel->access == \common\models\User::ACCESS_HOTEL)
                {
                    $room = \common\models\Room::findOne($params['id']);
                    $retVal = ($userModel->hotel_id == $room->hotel_id);
                }
                else
                {
                    $retVal = true;
                }
            }
        }

         return $retVal;
     }
 }
diff --git a/User.php b/User.php
 <?php
 class User extends ActiveRecord implements IdentityInterface
 {
    // Access
    const ACCESS_SUPERADMIN = 'superadmin';
    const ACCESS_COMPANY_ADMIN = 'company_admin';

    public function configureRbac()
    {
        $auth = \Yii::$app->authManager;

        // Remove all roles
        $auth->revokeAll($this->id);

        if($this->access!=null)
        {
            $auth->assign($auth->getRole($this->access), $this->id);
        }
    }
	<?php
	namespace console\controllers;

	use Yii;
	use yii\console\Controller;

	class RbacController extends Controller
	{
	private $auth;

	private function createPermission($name, $roles, $rule = null)
	{
	$p = $this->auth->createPermission($name);
	$p->description = $name;
	if($rule != null) $p->ruleName = $rule->name;
	$this->auth->add($p);
	foreach($roles as $role) $this->auth->addChild($role, $p);
	return $p;
	}

	private function createRule($ruleClass)
	{
	$rule = new $ruleClass;
	$this->auth->add($rule);
	return $rule;
	}

	public function actionInit()
	{
	$auth = Yii::$app->authManager;

	$this->auth = $auth;

	$auth->removeAll();

	// RUOLO superadmin
	$roleSuperadmin = $auth->createRole('superadmin');
	$auth->add($roleSuperadmin);

	// RUOLO company_admin
	$roleCompanyAdmin = $auth->createRole('company_admin');
	$auth->add($roleCompanyAdmin);

	// Rule
	$roomsRule = $this->createRule(\backend\models\rule\RoomsRule::className());

	// -----------
	// BACKEND - ROOMS
	// -----------
	$this->createPermission('backend.rooms.create', [$roleCompanyAdmin], $roomsRule);
	$this->createPermission('backend.rooms.view', [$roleCompanyAdmin], $roomsRule);
	$this->createPermission('backend.rooms.update', [$roleCompanyAdmin], $roomsRule);
	$this->createPermission('backend.rooms.delete', [$roleCompanyAdmin], $roomsRule);
	$this->createPermission('backend.rooms.index', [$roleCompanyAdmin], $roomsRule);

	// Imposta tutti gli utenti
	foreach(\common\models\User::find()->all() as $u)
	{
	$u->configureRbac();
	}


	$auth->addChild($roleSuperadmin, $roleCompanyAdmin);

	}
	}
	?>
	<?php
	class RoomsController extends BaseController
	{
	/**
	* @inheritdoc
	*/
	public function behaviors()
	{
	return \yii\helpers\ArrayHelper::merge(parent::behaviors(), [
	'access' => new \yii\helpers\ReplaceArrayValue([
	'class' => \yii\filters\AccessControl::className(),
	'rules' => [

	[ 'allow' => true, 'actions' => ['create'], 'roles' => ['backend.rooms.create'], ],
	[ 'allow' => true, 'actions' => ['delete'], 'roles' => ['backend.rooms.delete'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],
	[ 'allow' => true, 'actions' => ['index'], 'roles' => ['backend.rooms.index'], ],
	[ 'allow' => true, 'actions' => ['update'], 'roles' => ['backend.rooms.update'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],
	[ 'allow' => true, 'actions' => ['view'], 'roles' => ['backend.rooms.view'], 'roleParams' => ['id' => Yii::$app->request->get('id')] ],

	[ 'allow' => true, 'actions' => ['qrcode'] ],

	],
	]),
	]);
	}
	<?php
	namespace backend\models\rule;

	use yii\rbac\Rule;
	use common\models\User;

	/**
	* RoomsRule
	*/
	class RoomsRule extends Rule
	{
	public $name = 'backend.rooms';

	/**
	* @param string\|int $user the user ID.
	* @param Item $item the role or permission that this rule is associated with
	* @param array $params parameters passed to ManagerInterface::checkAccess().
	* @return bool a value indicating whether the rule permits the role or permission it is associated with.
	*/
	public function execute($user, $item, $params)
	{
	$retVal = false;

	$userModel = User::findOne($user);

	if($item->name == $this->name.'.index')
	{
	$retVal = true;
	}
	else if($item->name == $this->name.'.check-in-out')
	{
	$retVal = true;
	}
	else if($item->name == $this->name.'.create')
	{
	$retVal = true;
	}
	else
	{
	if(isset($params['id']))
	{
	if($userModel->access == \common\models\User::ACCESS_HOTEL)
	{
	$room = \common\models\Room::findOne($params['id']);
	$retVal = ($userModel->hotel_id == $room->hotel_id);
	}
	else
	{
	$retVal = true;
	}
	}
	}

	return $retVal;
	}
	}
	<?php
	class User extends ActiveRecord implements IdentityInterface
	{
	// Access
	const ACCESS_SUPERADMIN = 'superadmin';
	const ACCESS_COMPANY_ADMIN = 'company_admin';

	public function configureRbac()
	{
	$auth = \Yii::$app->authManager;

	// Remove all roles
	$auth->revokeAll($this->id);

	if($this->access!=null)
	{
	$auth->assign($auth->getRole($this->access), $this->id);
	}
	}