1 <?php
2 /**
3 * Rights filter class file.
4 *
5 * @author Christoffer Niska <cniska@live.com>
6 * @copyright Copyright © 2010 Christoffer Niska
7 * @since 0.7
8 */
9 class RightsFilter extends CFilter
10 {
11 protected $_allowedActions = array();
12
13 /**
14 * Performs the pre-action filtering.
15 * @param CFilterChain $filterChain the filter chain that the filter is on.
16 * @return boolean whether the filtering process should continue and the action
17 * should be executed.
18 */
19 protected function preFilter($filterChain)
20 {
21 // By default we assume that the user is allowed access
22 $allow = true;
23
24 $user = Yii::app()->getUser();
25 $controller = $filterChain->controller;
26 $action = $filterChain->action;
27
28 // Check if the action should be allowed
29 if( $this->_allowedActions!=='*' && in_array($action->id, $this->_allowedActions)===false )
30 {
31 // Initialize the authorization item as an empty string
32 $authItem = '';
33
34 // Append the module id to the authorization item name
35 // in case the controller called belongs to a module
36 if( ($module = $controller->getModule())!==null )
37 $authItem .= ucfirst($module->id).'.';
38
39 // Append the controller id to the authorization item name
40 $authItem .= ucfirst($controller->id);
41
42 // Check if user has access to the controller
43 if( $user->checkAccess($authItem.'.*')!==true )
44 {
45 // Append the action id to the authorization item name
46 $authItem .= '.'.ucfirst($action->id);
47
48 // Check if the user has access to the controller action
49 if( $user->checkAccess($authItem)!==true )
50 $allow = false;
51 }
52 }
53
54 // User is not allowed access, deny access
55 if( $allow===false )
56 {
57 $controller->accessDenied();
58 return false;
59 }
60
61 // Authorization item did not exist or the user had access, allow access
62 return true;
63 }
64
65 /**
66 * Sets the allowed actions.
67 * @param string $allowedActions the actions that are always allowed separated by commas,
68 * you may also use star (*) to represent all actions.
69 */
70 public function setAllowedActions($allowedActions)
71 {
72 if( $allowedActions==='*' )
73 $this->_allowedActions = $allowedActions;
74 else
75 $this->_allowedActions = preg_split('/[\s,]+/', $allowedActions, -1, PREG_SPLIT_NO_EMPTY);
76 }
77 }
78