Консольный скрипт для создания ролей, разрешений и имен правил в rbac (roles, permissions, rules)
Primary tabs
О создании консольной команды мы говорили тут.
Консольный скрипт для создания ролей в rbac
<?php
namespace app\modules\admin\commands;
//use yii\helpers\Console;
use yii\console\Controller;
use Yii;
/**
* Конфигурируем роли, разрешения и правила.
*
* @package app\commands
*/
class RolesController extends Controller
{
/**
* Тестовый метод для консольной команды.
*
* Вызвать можно так:
* ./yii admin/roles/init
*/
public function actionInit()
{
$rule_ar = ['ANotOnlyViewRule' => 'app\rbac\rules\NotOnlyViewRule',
'BNotOnlyViewRule' => 'app\rbac\rules\NotOnlyViewRule',
'CNotOnlyViewRule' => 'app\rbac\rules\NotOnlyViewRule',
];
$perm_ar = [ 'ANotOnlyViewPermission' => ['rule' => 'ANotOnlyViewRule', 'description' => 'Если пользователь принадлежит к ручным КДЛ'],
'BNotOnlyViewPermission' => ['rule' => 'BNotOnlyViewRule', 'description' => 'Если пользователь принадлежит к ручным КДЛ'],
'CNotOnlyViewPermission' => ['rule' => 'CNotOnlyViewRule', 'description' => 'Если пользователь принадлежит к ручным КДЛ'],
];
$role_ar = ['A_ROLE' => ['description' => 'Просто для пробы.', 'permissions' => ['ANotOnlyViewPermission', 'BNotOnlyViewPermission'], 'childRoles' => ['D_ROLE'] ],
'B_ROLE' => ['description' => 'Просто для пробы.', 'permissions' => ['BNotOnlyViewPermission', ], 'childRoles' => ['D_ROLE'] ],
'C_ROLE' => ['description' => 'Просто для пробы.', 'permissions' => ['CNotOnlyViewPermission', 'ANotOnlyViewPermission'], 'childRoles' => ['ABC_ROLE'] ]
];
$this->createRules($rule_ar);
$this->createPermissions($perm_ar);
$this->createRoles($role_ar);
}
public function actionRemoveAll()
{
echo "All the authorization data will be removed! Are you sure?(yes/no)\n";
$line = trim(fgets(STDIN));
if($line == "yes") {
$auth = Yii::$app->authManager;
$auth->removeAll();
echo "Goodbye all the authorization data!\n";
}
}
private function createRules($rules)
{
$auth = Yii::$app->authManager;
$res = [];
$all_rules = $auth->getRules();
foreach ($rules as $key => $value) {
if (!array_key_exists($key, $all_rules)) {
$res[$key] = null;
eval('$res[$key] = new '. $value. ';');
if ($res[$key]) {
$res[$key]->name = $key;
$auth->add($res[$key]);
}
echo "Rule $key was added.\n";
}
}
return $res;
}
private function createPermissions($permissions)
{
$auth = Yii::$app->authManager;
$res = [];
$all_rules = $auth->getRules();
$all_permissions = $auth->getPermissions();
foreach ($permissions as $key => $value) {
if (!array_key_exists($key, $all_permissions)) {
$res[$key] = $auth->createPermission($key);
echo "Permission $key was added\n";
if ($value['rule'] && array_key_exists($value['rule'], $all_rules)) {
$rulename = $all_rules[$value['rule']]->name;
$res[$key]->ruleName = $rulename;
echo "\twith rule $rulename\n";
}
if ($value['description']) {
$res[$key]->description = $value['description'];
}
$auth->add($res[$key]);
if (array_key_exists('permissions', $value)) {
$all_permissions = $auth->getPermissions();
foreach ($value['permissions'] as $permission) {
if (array_key_exists($permission, $all_permissions)) {
$auth->addChild($res[$key], $all_permissions[$permission]);
echo "\twith permission ". $permission. "\n";
}
}
}
}
}
return $res;
}
private function createRoles($roles)
{
$auth = Yii::$app->authManager;
$res = [];
$all_permissions = $auth->getPermissions();
$all_roles = $auth->getRoles();
$all_rules = $auth->getRules();
foreach ($roles as $key => $value) {
if (!array_key_exists($key, $all_roles)) {
$res[$key] = $auth->createRole($key);
if (array_key_exists('rule', $value)) {
$res[$key]->rule = $value['rule'];
}
if (array_key_exists('description', $value)) {
$res[$key]->description = $value['description'];
}
$auth->add($res[$key]);
echo "Role $key was added\n";
if (array_key_exists('permissions', $value)) {
foreach ($value['permissions'] as $permission) {
if (array_key_exists($permission, $all_permissions)) {
$auth->addChild($res[$key], $all_permissions[$permission]);
echo "\twith permission ". $permission. "\n";
}
}
}
if (array_key_exists('childRoles', $value)) {
$all_roles = $auth->getRoles();
foreach ($value['childRoles'] as $childRole) {
if (array_key_exists($childRole, $all_roles)) {
$auth->addChild($res[$key], $all_roles[$childRole]);
echo "\t\twith child role ". $childRole. "\n";
}
}
}
}
}
return $res;
}
}Метод для удаления запускается командой
./yii admin/roles/remove-all
- Log in to post comments
- 2217 reads