1 <?php
2 3 4 5 6 7 8
9 class AuthItemController extends RController
10 {
11 12 13
14 private $_authorizer;
15 16 17
18 private $_model;
19
20 21 22
23 public function init()
24 {
25 $this->_authorizer = $this->module->getAuthorizer();
26 $this->layout = $this->module->layout;
27 $this->defaultAction = 'permissions';
28
29
30 $this->module->registerScripts();
31 }
32
33 34 35
36 public function filters()
37 {
38 return array(
39 'accessControl'
40 );
41 }
42
43 44 45 46 47
48 public function accessRules()
49 {
50 return array(
51 array('allow',
52 'actions'=>array(
53 'permissions',
54 'operations',
55 'tasks',
56 'roles',
57 'generate',
58 'create',
59 'update',
60 'delete',
61 'removeChild',
62 'assign',
63 'revoke',
64 'sortable',
65 ),
66 'users'=>$this->_authorizer->getSuperusers(),
67 ),
68 array('deny',
69 'users'=>array('*'),
70 ),
71 );
72 }
73
74 75 76
77 public function actionPermissions()
78 {
79 $dataProvider = new RPermissionDataProvider('permissions');
80
81
82 $roles = $dataProvider->getRoles();
83 $roleColumnWidth = $roles!==array() ? 75/count($roles) : 0;
84
85
86 $columns = array(
87 array(
88 'name'=>'description',
89 'header'=>Rights::t('core', 'Item'),
90 'type'=>'raw',
91 'htmlOptions'=>array(
92 'class'=>'permission-column',
93 'style'=>'width:25%',
94 ),
95 ),
96 );
97
98
99 foreach( $roles as $roleName=>$role )
100 {
101 $columns[] = array(
102 'name'=>strtolower($roleName),
103 'header'=>$role->getNameText(),
104 'type'=>'raw',
105 'htmlOptions'=>array(
106 'class'=>'role-column',
107 'style'=>'width:'.$roleColumnWidth.'%',
108 ),
109 );
110 }
111
112 $view = 'permissions';
113 $params = array(
114 'dataProvider'=>$dataProvider,
115 'columns'=>$columns,
116 );
117
118
119 isset($_POST['ajax'])===true ? $this->renderPartial($view, $params) : $this->render($view, $params);
120 }
121
122 123 124
125 public function actionOperations()
126 {
127 Yii::app()->user->rightsReturnUrl = array('authItem/operations');
128
129 $dataProvider = new RAuthItemDataProvider('operations', array(
130 'type'=>CAuthItem::TYPE_OPERATION,
131 'sortable'=>array(
132 'id'=>'RightsOperationTableSort',
133 'element'=>'.operation-table',
134 'url'=>$this->createUrl('authItem/sortable'),
135 ),
136 ));
137
138
139 $this->render('operations', array(
140 'dataProvider'=>$dataProvider,
141 'isBizRuleEnabled'=>$this->module->enableBizRule,
142 'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
143 ));
144 }
145
146 147 148
149 public function actionTasks()
150 {
151 Yii::app()->user->rightsReturnUrl = array('authItem/tasks');
152
153 $dataProvider = new RAuthItemDataProvider('tasks', array(
154 'type'=>CAuthItem::TYPE_TASK,
155 'sortable'=>array(
156 'id'=>'RightsTaskTableSort',
157 'element'=>'.task-table',
158 'url'=>$this->createUrl('authItem/sortable'),
159 ),
160 ));
161
162
163 $this->render('tasks', array(
164 'dataProvider'=>$dataProvider,
165 'isBizRuleEnabled'=>$this->module->enableBizRule,
166 'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
167 ));
168 }
169
170 171 172
173 public function actionRoles()
174 {
175 Yii::app()->user->rightsReturnUrl = array('authItem/roles');
176
177 $dataProvider = new RAuthItemDataProvider('roles', array(
178 'type'=>CAuthItem::TYPE_ROLE,
179 'sortable'=>array(
180 'id'=>'RightsRoleTableSort',
181 'element'=>'.role-table',
182 'url'=>$this->createUrl('authItem/sortable'),
183 ),
184 ));
185
186
187 $this->render('roles', array(
188 'dataProvider'=>$dataProvider,
189 'isBizRuleEnabled'=>$this->module->enableBizRule,
190 'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
191 ));
192 }
193
194 195 196
197 public function actionGenerate()
198 {
199
200 $generator = $this->module->getGenerator();
201
202
203 $model = new GenerateForm();
204
205
206 if( isset($_POST['GenerateForm'])===true )
207 {
208
209 $model->attributes = $_POST['GenerateForm'];
210 if( $model->validate()===true )
211 {
212 $items = array(
213 'tasks'=>array(),
214 'operations'=>array(),
215 );
216
217
218 foreach( $model->items as $itemname=>$value )
219 {
220 if( (bool)$value===true )
221 {
222 if( strpos($itemname, '*')!==false )
223 $items['tasks'][] = $itemname;
224 else
225 $items['operations'][] = $itemname;
226 }
227 }
228
229
230 $generator->addItems($items['tasks'], CAuthItem::TYPE_TASK);
231 $generator->addItems($items['operations'], CAuthItem::TYPE_OPERATION);
232 if( ($generatedItems = $generator->run())!==false && $generatedItems!==array() )
233 {
234 Yii::app()->getUser()->setFlash($this->module->flashSuccessKey,
235 Rights::t('core', 'Authorization items created.')
236 );
237 $this->redirect(array('authItem/permissions'));
238 }
239 }
240 }
241
242
243 $items = $generator->getControllerActions();
244
245
246 $authItems = $this->_authorizer->getAuthItems(array(
247 CAuthItem::TYPE_TASK,
248 CAuthItem::TYPE_OPERATION,
249 ));
250 $existingItems = array();
251 foreach( $authItems as $itemName=>$item )
252 $existingItems[ $itemName ] = $itemName;
253
254 Yii::app()->clientScript->registerScript('rightsGenerateItemTableSelectRows',
255 "jQuery('.generate-item-table').rightsSelectRows();"
256 );
257
258
259 $this->render('generate', array(
260 'model'=>$model,
261 'items'=>$items,
262 'existingItems'=>$existingItems,
263 ));
264 }
265
266 267 268 269
270 public function actionCreate()
271 {
272 $type = $this->getType();
273
274
275 $formModel = new AuthItemForm('create');
276
277 if( isset($_POST['AuthItemForm'])===true )
278 {
279 $formModel->attributes = $_POST['AuthItemForm'];
280 if( $formModel->validate()===true )
281 {
282
283 $item = $this->_authorizer->createAuthItem($formModel->name, $type, $formModel->description, $formModel->bizRule, $formModel->data);
284 $item = $this->_authorizer->attachAuthItemBehavior($item);
285
286
287 Yii::app()->user->setFlash($this->module->flashSuccessKey,
288 Rights::t('core', ':name created.', array(':name'=>$item->getNameText()))
289 );
290
291
292 $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
293 }
294 }
295
296
297 $this->render('create', array(
298 'formModel'=>$formModel,
299 ));
300 }
301
302 303 304
305 public function actionUpdate()
306 {
307
308 $model = $this->loadModel();
309 $itemName = $model->getName();
310
311
312 $formModel = new AuthItemForm('update');
313
314 if( isset($_POST['AuthItemForm'])===true )
315 {
316 $formModel->attributes = $_POST['AuthItemForm'];
317 if( $formModel->validate()===true )
318 {
319
320 $this->_authorizer->updateAuthItem($itemName, $formModel->name, $formModel->description, $formModel->bizRule, $formModel->data);
321 $item = $this->_authorizer->authManager->getAuthItem($formModel->name);
322 $item = $this->_authorizer->attachAuthItemBehavior($item);
323
324
325 Yii::app()->user->setFlash($this->module->flashSuccessKey,
326 Rights::t('core', ':name updated.', array(':name'=>$item->getNameText()))
327 );
328
329
330 $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
331 }
332 }
333
334 $type = Rights::getValidChildTypes($model->type);
335 $exclude = array($this->module->superuserName);
336 $childSelectOptions = Rights::getParentAuthItemSelectOptions($model, $type, $exclude);
337
338 if( $childSelectOptions!==array() )
339 {
340 $childFormModel = new AuthChildForm();
341
342
343 if( isset($_POST['AuthChildForm'])===true )
344 {
345 $childFormModel->attributes = $_POST['AuthChildForm'];
346 if( $childFormModel->validate()===true )
347 {
348
349 $this->_authorizer->authManager->addItemChild($itemName, $childFormModel->itemname);
350 $child = $this->_authorizer->authManager->getAuthItem($childFormModel->itemname);
351 $child = $this->_authorizer->attachAuthItemBehavior($child);
352
353
354 Yii::app()->user->setFlash($this->module->flashSuccessKey,
355 Rights::t('core', 'Child :name added.', array(':name'=>$child->getNameText()))
356 );
357
358
359 $this->redirect(array('authItem/update', 'name'=>urlencode($itemName)));
360 }
361 }
362 }
363 else
364 {
365 $childFormModel = null;
366 }
367
368
369 $formModel->name = $model->name;
370 $formModel->description = $model->description;
371 $formModel->type = $model->type;
372 $formModel->bizRule = $model->bizRule!=='NULL' ? $model->bizRule : '';
373 $formModel->data = $model->data!==null ? serialize($model->data) : '';
374
375 $parentDataProvider = new RAuthItemParentDataProvider($model);
376 $childDataProvider = new RAuthItemChildDataProvider($model);
377
378
379 $this->render('update', array(
380 'model'=>$model,
381 'formModel'=>$formModel,
382 'childFormModel'=>$childFormModel,
383 'childSelectOptions'=>$childSelectOptions,
384 'parentDataProvider'=>$parentDataProvider,
385 'childDataProvider'=>$childDataProvider,
386 ));
387 }
388
389 390 391
392 public function actionDelete()
393 {
394
395 if( Yii::app()->request->isPostRequest===true )
396 {
397 $itemName = $this->getItemName();
398
399
400 $item = $this->_authorizer->authManager->getAuthItem($itemName);
401 $item = $this->_authorizer->attachAuthItemBehavior($item);
402
403
404 $this->_authorizer->authManager->removeAuthItem($itemName);
405
406
407 Yii::app()->user->setFlash($this->module->flashSuccessKey,
408 Rights::t('core', ':name deleted.', array(':name'=>$item->getNameText()))
409 );
410
411
412 if( isset($_POST['ajax'])===false )
413 $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
414 }
415 else
416 {
417 throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
418 }
419 }
420
421 422 423
424 public function actionRemoveChild()
425 {
426
427 if( Yii::app()->request->isPostRequest===true )
428 {
429 $itemName = $this->getItemName();
430 $childName = $this->getChildName();
431
432
433 $this->_authorizer->authManager->removeItemChild($itemName, $childName);
434 $child = $this->_authorizer->authManager->getAuthItem($childName);
435 $child = $this->_authorizer->attachAuthItemBehavior($child);
436
437
438 Yii::app()->user->setFlash($this->module->flashSuccessKey,
439 Rights::t('core', 'Child :name removed.', array(':name'=>$child->getNameText()))
440 );
441
442
443 if( isset($_POST['ajax'])===false )
444 $this->redirect(array('authItem/update', 'name'=>urlencode($itemName)));
445 }
446 else
447 {
448 throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
449 }
450 }
451
452 453 454
455 public function actionAssign()
456 {
457
458 if( Yii::app()->request->isPostRequest===true )
459 {
460 $model = $this->loadModel();
461 $childName = $this->getChildName();
462
463 if( $childName!==null && $model->hasChild($childName)===false )
464 $model->addChild($childName);
465
466
467 if( isset($_POST['ajax'])===false )
468 $this->redirect(array('authItem/permissions'));
469 }
470 else
471 {
472 throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
473 }
474 }
475
476 477 478
479 public function actionRevoke()
480 {
481
482 if( Yii::app()->request->isPostRequest===true )
483 {
484 $model = $this->loadModel();
485 $childName = $this->getChildName();
486
487 if( $childName!==null && $model->hasChild($childName)===true )
488 $model->removeChild($childName);
489
490
491 if( isset($_POST['ajax'])===false )
492 $this->redirect(array('authItem/permissions'));
493 }
494 else
495 {
496 throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
497 }
498 }
499
500 501 502
503 public function actionSortable()
504 {
505
506 if( Yii::app()->request->isPostRequest===true )
507 {
508 $this->_authorizer->authManager->updateItemWeight($_POST['result']);
509 }
510 else
511 {
512 throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
513 }
514 }
515
516 517 518
519 public function getItemName()
520 {
521 return isset($_GET['name'])===true ? urldecode($_GET['name']) : null;
522 }
523
524 525 526
527 public function getChildName()
528 {
529 return isset($_GET['child'])===true ? urldecode($_GET['child']) : null;
530 }
531
532 533 534 535
536 public function getType()
537 {
538 $type = $_GET['type'];
539 $validTypes = array(CAuthItem::TYPE_OPERATION, CAuthItem::TYPE_TASK, CAuthItem::TYPE_ROLE);
540 if( in_array($type, $validTypes)===true )
541 return $type;
542 else
543 throw new CException(Rights::t('core', 'Invalid authorization item type.'));
544 }
545
546 547 548 549
550 public function loadModel()
551 {
552 if( $this->_model===null )
553 {
554 $itemName = $this->getItemName();
555
556 if( $itemName!==null )
557 {
558 $this->_model = $this->_authorizer->authManager->getAuthItem($itemName);
559 $this->_model = $this->_authorizer->attachAuthItemBehavior($this->_model);
560 }
561
562 if( $this->_model===null )
563 throw new CHttpException(404, Rights::t('core', 'The requested page does not exist.'));
564 }
565
566 return $this->_model;
567 }
568 }
569