Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
5f0f721c
Commit
5f0f721c
authored
Mar 28, 2013
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Finished AccessControl.
parent
b505a9d9
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
35 deletions
+11
-35
AccessRule.php
framework/web/AccessRule.php
+11
-35
No files found.
framework/web/AccessRule.php
View file @
5f0f721c
...
...
@@ -35,22 +35,16 @@ class AccessRule extends Component
*/
public
$controllers
;
/**
* @var array list of
user names that this rule applies to. The comparison is case-insensitive.
*
If not set or empty, it means this rule applies to all users. Two special tokens are recognized
:
* @var array list of
roles that this rule applies to. Two special roles are recognized, and
*
they are checked via [[User::isGuest]]
:
*
* - `?`: matches a guest user (not authenticated yet)
* - `@`: matches an authenticated user
*
* @see \yii\web\Application::user
*/
public
$users
;
/**
* @var array list of roles that this rule applies to. For each role, the current user's
* {@link CWebUser::checkAccess} method will be invoked. If one of the invocations
* returns true, the rule will be applied.
* Note, you should mainly use roles in an "allow" rule because by definition,
* a role represents a permission collection.
* If not set or empty, it means this rule applies to all roles.
* Using additional role names requires RBAC (Role-Based Access Control), and
* [[User::hasAccess()]] will be called.
*
* If this property is not set or empty, it means this rule applies to all roles.
*/
public
$roles
;
/**
...
...
@@ -106,7 +100,6 @@ class AccessRule extends Component
public
function
allows
(
$action
,
$user
,
$request
)
{
if
(
$this
->
matchAction
(
$action
)
&&
$this
->
matchUser
(
$user
)
&&
$this
->
matchRole
(
$user
)
&&
$this
->
matchIP
(
$request
->
getUserIP
())
&&
$this
->
matchVerb
(
$request
->
getRequestMethod
())
...
...
@@ -138,27 +131,6 @@ class AccessRule extends Component
}
/**
* @param User $user the user
* @return boolean whether the rule applies to the user
*/
protected
function
matchUser
(
$user
)
{
if
(
empty
(
$this
->
users
))
{
return
true
;
}
foreach
(
$this
->
users
as
$u
)
{
if
(
$u
===
'?'
&&
$user
->
getIsGuest
())
{
return
true
;
}
elseif
(
$u
===
'@'
&&
!
$user
->
getIsGuest
())
{
return
true
;
}
elseif
(
!
strcasecmp
(
$u
,
$user
->
getName
()))
{
return
true
;
}
}
return
false
;
}
/**
* @param User $user the user object
* @return boolean whether the rule applies to the role
*/
...
...
@@ -168,7 +140,11 @@ class AccessRule extends Component
return
true
;
}
foreach
(
$this
->
roles
as
$role
)
{
if
(
$user
->
checkAccess
(
$role
))
{
if
(
$role
===
'?'
&&
$user
->
getIsGuest
())
{
return
true
;
}
elseif
(
$role
===
'@'
&&
!
$user
->
getIsGuest
())
{
return
true
;
}
elseif
(
$user
->
hasAccess
(
$role
))
{
return
true
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment