Код: Выделить всё
class ArticleRule extends Rule
{
public $name = 'updateArticle';
/**
* Executes the rule.
*
* @param string|int $user the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[\yii\web\User::id]].
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]].
* @return bool a value indicating whether the rule permits the auth item it is associated with.
* @throws NotFoundHttpException
*/
public function execute($user, $item, $params)
{
$article_id = filter_var(ArrayHelper::getValue($params, 'article_id'), FILTER_VALIDATE_INT);
if ($article_id === false)
throw new \InvalidArgumentException('article_id required and must be int or can be converted to int');
/** @var Article $article */
$article = Article::find()->where(['id' => $article_id])->select('user_id, status_id')->oneOrFail();
$userOnly = ArrayHelper::getValue($params, 'userOnly', false);
$allowedStatuses = ArrayHelper::getValue($params, 'allowedStatuses', [Status::DRAFT, Status::RETURNED]);
$adminRoles = ArrayHelper::getValue($params, 'adminRoles', ['editor', 'webmaster']);
$additionalCondition = ArrayHelper::getValue($params, 'additionalCondition', true);
$canByOwn = $article->user_id == $user;
$canByStatus = in_array($article->status_id, $allowedStatuses);
$canByRole = AccessHelper::can($adminRoles);
return (($canByOwn && $canByStatus) || ($canByRole && !$userOnly)) && $additionalCondition;
}
}
class AccessHelper
{
/**
* @param array|string $roles
* @return bool
*/
public static function can($roles)
{
if (is_string($roles))
$roles = explode(',', preg_replace('/\s/', '', $roles));
return (bool)array_filter(array_map([Yii::$app->user, 'can'], $roles));
}
// кстати это сейчас перестало работать потому что я роль редактора унаследовал от юзера, но по другому не знаю как...
public static function currentUserRoleIs($name)
{
$usrRoles = ArrayHelper::getColumn(Yii::$app->authManager->getRolesByUser(Yii::$app->user->id), 'name');
return in_array($name, $usrRoles);
}
}
Код: Выделить всё
public function behaviors() {
return [
'access' => [
'class' => AccessControl::class,
'rules' => [
[
'actions' => ['edit-step1', 'edit-step2', 'edit-step3', 'edit-step4', 'check'],
'allow' => true,
'roles' => ['updateOwnArticle'],
'roleParams' => function() {
return [
'article_id' => Yii::$app->request->get('id')
];
}
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => ['updateOwnArticle'],
'roleParams' => function() {
$article = Article::findOneOrFail(Yii::$app->request->get('id'));
return [
'article_id' => $article->id,
'allowedStatuses' => [Status::DRAFT],
'adminRoles' => ['editor'],
'additionalCondition' => !$article->getPayments()->exists(),
];
}
]
],
],
];
}
Код: Выделить всё
public function behaviors() {
return [
'access' => [
'class' => AccessControl::class,
'rules' => [
[
'actions' => ['create'],
'allow' => true,
'roles' => ['updateOwnArticle'],
'roleParams' => function() {
return [
'article_id' => Yii::$app->request->post('ArticleFile')['article_id']
];
}
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => ['updateOwnArticle'],
'roleParams' => function() {
return [
'article_id' => ArticleFile::find()
->where(['id' => Yii::$app->request->get('id')])
->select('article_id')
->scalar()
];
}
],
],
],
];
}