ActiveRecordRule.php
1.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?php
namespace common\models;
use yii\db\ActiveRecord;
use yii\web\ForbiddenHttpException;
class ActiveRecordRule extends ActiveRecord
{
public static function find ()
{
$query = parent::find ();
if (\Yii::$app->authManager && \Yii::$app->options->rule)
{
$authManager = \Yii::$app->authManager;
$roles = \Yii::$app->user->identity->roles;
$query->leftJoin ('auth_table_access_group', 'article.article_id = auth_table_access_group.record_id')
->leftJoin ('auth_table_access_user', 'article.article_id = auth_table_access_user.record_id')
->orWhere (['auth_table_access_group.model_name' => self::className (), 'auth_table_access_group.role' => $roles])
->orWhere (['auth_table_access_user.user_id' => \Yii::$app->user->getId(), 'auth_table_access_user.model_name' => self::className ()]);
}
return $query;
}
public function delete ()
{
$id = $this->primaryKey;
$result = parent::delete();
if(is_int($id)) {
\Yii::$app->db->createCommand()->delete('auth_table_access_group', ['model_name' => self::className(), 'record_id' => $id])->execute();
\Yii::$app->db->createCommand()->delete('auth_table_access_user', ['model_name' => self::className(), 'record_id' => $id])->execute();
}
return $result;
}
public function update ($runValidation = true, $attributeNames = null)
{
if(\Yii::$app->user->can('updateRecord', ['record' => $this])) {
return parent::update ($runValidation, $attributeNames);
} else {
throw new ForbiddenHttpException(\Yii::t('app', 'Permission denied'));
}
}
}