10457115494

Committed 19 Aug 2024 04:21PM UTC coverage: 92.453% (+0.3%) from 92.179%

Build # 10457115494

Build Type

Pull #18

github

Committed by

web-flow

Commit Message

Merge 4a93431cc into c8cb31b23

Pull Request Pull Request #18: feat: Add Yii authorization integration with AuthManager and Behaviors methods

Run Details

31 of 33 new or added lines in 3 files covered. (93.94%)

196 of 212 relevant lines covered (92.45%)

41.41 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.0

/src/components/PermissionControl.php

<?php

namespace yii\permission\components;

use Yii;
use yii\base\ActionFilter;
use yii\di\Instance;
use yii\web\ForbiddenHttpException;
use yii\web\User;

class PermissionControl extends ActionFilter
{
    /**
     * @var User|array|string|false the user object.
     */
    public $user = 'user';

    /**
     * @var callable|null a callback that will be called if the access should be denied
     */
    public $denyCallback;

    /**
     * @var array the default configuration of the policy
     */
    public $policyConfig = ['class' => 'yii\permission\components\PermissionPolicy'];

    /**
     * @var array the policies.
     */
    public $policy = [];

    /**
     * Initializes the PermissionControl component.
     *
     * @return void
     */
    public function init()
    {
        parent::init();
        if ($this->user !== false) {
            $this->user = Instance::ensure($this->user, User::class);
        }
        foreach ($this->policy as $i => $policy) {
            if (is_array($policy)) {
                $this->policy[$i] = Yii::createObject(array_merge($this->policyConfig, $policy));
            }
        }
    }

    /**
     * Checks if the current user has permission to perform the given action.
     *
     * @param Action $action the action to be performed
     * @throws ForbiddenHttpException if the user does not have permission
     * @return bool true if the user has permission, false otherwise
     */
    public function beforeAction($action)
    {
        $user = $this->user;
        foreach ($this->policy as $policy) {
            if ($allow = $policy->allows($action, $user)) {
                return true;
            } elseif ($allow === false) {
                if (isset($policy->denyCallback)) {
                    call_user_func($policy->denyCallback, $policy, $action);
                } elseif ($this->denyCallback !== null) {
                    call_user_func($this->denyCallback, $policy, $action);
                } else {
                    $this->denyAccess($user);
                }

                return false;
            }
        }

        if ($this->denyCallback !== null) {
            call_user_func($this->denyCallback, null, $action);
        } else {
            $this->denyAccess($user);
        }
        return false;
    }
    /**
     * Denies the access of the user.
     * The default implementation will redirect the user to the login page if he is a guest;
     * if the user is already logged, a 403 HTTP exception will be thrown.
     * 
     * @param User|false $user the current user or boolean `false` in case of detached User component
     * @throws ForbiddenHttpException if the user is already logged in or in case of detached User component.
     */
    protected function denyAccess($user)
    {
        if ($user !== false && $user->getIsGuest()) {
            $user->loginRequired();
        } else {
            throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
        }
    }
}

1	<?php
2
3	namespace yii\permission\components;
4
5	use Yii;
6	use yii\base\ActionFilter;
7	use yii\di\Instance;
8	use yii\web\ForbiddenHttpException;
9	use yii\web\User;
10
11	class PermissionControl extends ActionFilter
12	{
13	/**
14	* @var User\|array\|string\|false the user object.
15	*/
16	public $user = 'user';
17
18	/**
19	* @var callable\|null a callback that will be called if the access should be denied
20	*/
21	public $denyCallback;
22
23	/**
24	* @var array the default configuration of the policy
25	*/
26	public $policyConfig = ['class' => 'yii\permission\components\PermissionPolicy'];
27
28	/**
29	* @var array the policies.
30	*/
31	public $policy = [];
32
33	/**
34	* Initializes the PermissionControl component.
35	*
36	* @return void
37	*/
38	public function init()
39	{
40	parent::init();	24✔
41	if ($this->user !== false) {	24✔
42	$this->user = Instance::ensure($this->user, User::class);	24✔
43	}
44	foreach ($this->policy as $i => $policy) {	24✔
45	if (is_array($policy)) {	24✔
46	$this->policy[$i] = Yii::createObject(array_merge($this->policyConfig, $policy));	24✔
47	}
48	}
49	}	12✔
50
51	/**
52	* Checks if the current user has permission to perform the given action.
53	*
54	* @param Action $action the action to be performed
55	* @throws ForbiddenHttpException if the user does not have permission
56	* @return bool true if the user has permission, false otherwise
57	*/
58	public function beforeAction($action)
59	{
60	$user = $this->user;	24✔
61	foreach ($this->policy as $policy) {	24✔
62	if ($allow = $policy->allows($action, $user)) {	24✔
63	return true;	8✔
64	} elseif ($allow === false) {	24✔
65	if (isset($policy->denyCallback)) {	8✔
66	call_user_func($policy->denyCallback, $policy, $action);	8✔
67	} elseif ($this->denyCallback !== null) {	8✔
68	call_user_func($this->denyCallback, $policy, $action);	8✔
69	} else {
70	$this->denyAccess($user);	8✔
71	}
72
73	return false;	4✔
74	}
75	}
76
77	if ($this->denyCallback !== null) {	16✔
78	call_user_func($this->denyCallback, null, $action);	8✔
79	} else {
80	$this->denyAccess($user);	8✔
81	}
NEW 82	return false;	×
83	}
84	/**
85	* Denies the access of the user.
86	* The default implementation will redirect the user to the login page if he is a guest;
87	* if the user is already logged, a 403 HTTP exception will be thrown.
88	*
89	* @param User\|false $user the current user or boolean `false` in case of detached User component
90	* @throws ForbiddenHttpException if the user is already logged in or in case of detached User component.
91	*/
92	protected function denyAccess($user)
93	{
94	if ($user !== false && $user->getIsGuest()) {	16✔
NEW 95	$user->loginRequired();	×
96	} else {
97	throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));	16✔
98	}
99	}
100	}

php-casbin / yii-permission / 10457115494

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous