add denyActions & update @inheritdoc

wanforge · wanforge · commit 3172ec03e7d1 · 2020-03-04T08:03:35.000+07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 Yii2 RBAC Change Log
 ====================
 
+Version 0.2.0
+--------------
+- Add denyActions
+
 Version 0.1.2
 --------------
 - Add Doc
diff --git a/documentation/configuration.md b/documentation/configuration.md
@@ -64,6 +64,10 @@ The code below shows how to use ACF which is implemented as `diecoding\rbac\Acce
         // add a lot of actions here until you finally completed setting up rbac,
         // otherwise you may not even take a first step.
     ],
+    'denyActions' => [
+        'some-controller/some-action',
+        // The actions listed here will be deny to everyone including guests.
+    ],
 ],
 ...
 ```
diff --git a/src/AppAsset.php b/src/AppAsset.php
@@ -5,7 +5,7 @@
 use yii\web\AssetBundle;
 
 /**
- * @inheritDoc
+ * @inheritdoc
  * 
  * @author Die Coding (Sugeng Sulistiyawan) <diecoding@gmail.com>
  * @copyright 2019 Die Coding
diff --git a/src/Module.php b/src/Module.php
@@ -5,7 +5,7 @@
 use Yii;
 
 /**
- * @inheritDoc
+ * @inheritdoc
  * 
  * @author Die Coding (Sugeng Sulistiyawan) <diecoding@gmail.com>
  * @copyright 2019 Die Coding
@@ -16,17 +16,17 @@
 class Module extends \mdm\admin\Module
 {
     /**
-     * @inheritDoc
+     * @inheritdoc
      */
     public $controllerNamespace = 'mdm\admin\controllers';
 
     /**
-     * @inheritDoc
+     * @inheritdoc
      */
     public $layout = 'left-menu';
 
     /**
-     * @inheritDoc
+     * @inheritdoc
      */
     public function init()
     {
diff --git a/src/components/AccessControl.php b/src/components/AccessControl.php
@@ -2,8 +2,23 @@
 
 namespace diecoding\rbac\components;
 
+use yii\base\Module;
+use Yii;
+use yii\web\ForbiddenHttpException;
+
 /**
- * @inheritDoc
+ * To use AccessControl, declare it in the application config as behavior.
+ * For example.
+ *
+ * ```
+ * 'as access' => [
+ *     'class' => 'mdm\admin\components\AccessControl',
+ *     'allowActions' => ['site/login', 'site/error'],
+ *     'denyActions' => ['test/*'],
+ * ]
+ * ```
+ * 
+ * @inheritdoc
  * 
  * @author Die Coding (Sugeng Sulistiyawan) <diecoding@gmail.com>
  * @copyright 2019 Die Coding
@@ -13,5 +28,77 @@
  */
 class AccessControl extends \mdm\admin\components\AccessControl
 {
+    /**
+     * @var array List of action that no access.
+     */
+    public $denyActions = [];
+
+    /**
+     * @inheritdoc
+     * 
+     * @since 0.2.0
+     */
+    protected function isActive($action)
+    {
+        $uniqueId = $action->getUniqueId();
+        if ($uniqueId === Yii::$app->getErrorHandler()->errorAction) {
+            return false;
+        }
+
+        $user = $this->getUser();
+        if ($user->getIsGuest()) {
+            $loginUrl = null;
+            if (is_array($user->loginUrl) && isset($user->loginUrl[0])) {
+                $loginUrl = $user->loginUrl[0];
+            } else if (is_string($user->loginUrl)) {
+                $loginUrl = $user->loginUrl;
+            }
+            if (!is_null($loginUrl) && trim($loginUrl, '/') === $uniqueId) {
+                return false;
+            }
+        }
+
+        if ($this->owner instanceof Module) {
+            // convert action uniqueId into an ID relative to the module
+            $mid = $this->owner->getUniqueId();
+            $id = $uniqueId;
+            if ($mid !== '' && strpos($id, $mid . '/') === 0) {
+                $id = substr($id, strlen($mid) + 1);
+            }
+        } else {
+            $id = $action->id;
+        }
+
+        foreach ($this->denyActions as $route) {
+            if (substr($route, -1) === '*') {
+                $route = rtrim($route, "*");
+                if ($route === '' || strpos($id, $route) === 0) {
+                    throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
+                }
+            } else {
+                if ($id === $route) {
+                    throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
+                }
+            }
+        }
+
+        foreach ($this->allowActions as $route) {
+            if (substr($route, -1) === '*') {
+                $route = rtrim($route, "*");
+                if ($route === '' || strpos($id, $route) === 0) {
+                    return false;
+                }
+            } else {
+                if ($id === $route) {
+                    return false;
+                }
+            }
+        }
+
+        if ($action->controller->hasMethod('allowAction') && in_array($action->id, $action->controller->allowAction())) {
+            return false;
+        }
 
+        return true;
+    }
 }
diff --git a/src/components/Assign.php b/src/components/Assign.php
@@ -5,7 +5,7 @@
 use yii\base\Component;
 
 /**
- * @inheritDoc
+ * @inheritdoc
  * 
  * @author Die Coding (Sugeng Sulistiyawan) <diecoding@gmail.com>
  * @copyright 2019 Die Coding

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`use yii\web\AssetBundle;`
`6`	`6`
`7`	`7`	`/**`
`8`		`- * @inheritDoc`
	`8`	`+ * @inheritdoc`
`9`	`9`	`*`
`10`	`10`	`* @author Die Coding (Sugeng Sulistiyawan) <[email protected]>`
`11`	`11`	`* @copyright 2019 Die Coding`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`use yii\base\Component;`
`6`	`6`
`7`	`7`	`/**`
`8`		`- * @inheritDoc`
	`8`	`+ * @inheritdoc`
`9`	`9`	`*`
`10`	`10`	`* @author Die Coding (Sugeng Sulistiyawan) <[email protected]>`
`11`	`11`	`* @copyright 2019 Die Coding`