<?php

    namespace common\models;

    use yii\db\ActiveRecord;
    use yii\web\ForbiddenHttpException;

    class ActiveRecordRule extends ActiveRecord
    {
        public static function find ()
        {
            $query = parent::find ();
            if (\Yii::$app->authManager && \Yii::$app->options->rule)
            {
                $authManager = \Yii::$app->authManager;
                $roles = \Yii::$app->user->identity->roles;
                $query->leftJoin ('auth_table_access_group', 'article.article_id = auth_table_access_group.record_id')
                      ->leftJoin ('auth_table_access_user', 'article.article_id = auth_table_access_user.record_id')
                      ->orWhere (['auth_table_access_group.model_name' => self::className (), 'auth_table_access_group.role' => $roles])
                      ->orWhere (['auth_table_access_user.user_id' => \Yii::$app->user->getId(), 'auth_table_access_user.model_name' => self::className ()]);
            }
            return $query;
        }

        public function delete ()
        {
            $id = $this->primaryKey;
            $result = parent::delete();
            if(is_int($id)) {
                \Yii::$app->db->createCommand()->delete('auth_table_access_group', ['model_name' => self::className(), 'record_id' => $id])->execute();
                \Yii::$app->db->createCommand()->delete('auth_table_access_user', ['model_name' => self::className(), 'record_id' => $id])->execute();
            }
            return $result;
        }

        public function update ($runValidation = true, $attributeNames = null)
        {
            if(\Yii::$app->user->can('updateRecord', ['record' => $this])) {
                return parent::update ($runValidation, $attributeNames);
            } else {
                throw new ForbiddenHttpException(\Yii::t('app', 'Permission denied'));
            }
        }
    }