diff --git a/build/build b/build/build index ab5e54a..07e8115 100755 --- a/build/build +++ b/build/build @@ -14,10 +14,20 @@ defined('STDOUT') or define('STDOUT', fopen('php://stdout', 'w')); define('YII_DEBUG', true); -$vendor = __DIR__ . '/../vendor/autoload.php'; -if (file_exists($vendor)) { - require($vendor); -} else { +$composerAutoload = [ + __DIR__ . '/../vendor/autoload.php', // yii2 as the root package + __DIR__ . '/../../../autoload.php', // yii2-basic or yii2-advanced as the root package +]; + +foreach ($composerAutoload as $autoload) { + if (file_exists($autoload)) { + require($autoload); + $vendorPath = dirname($autoload); + break; + } +} + +if (!isset($vendorPath)) { echo "composer autoloader could not be found.\nYou should run `composer install` in repo root directory.\n"; exit(1); } diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 24de70a..8a6b091 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -283,6 +283,7 @@ Yii Framework 2 Change Log - Chg: Moved all filter classes to namespace `yii\filters` (qiangxue) - Chg: Removed `Application::preload` in favor of `Application::bootstrap` (qiangxue) - Chg: Re-implemented RBAC by following more closely to the original NIST RBAC model. Dropped `yii\rbac\PhpManager`. (qiangxue) +- Chg: Renamed `yii\web\User::checkAccess()` to `yii\web\User::can()` (qiangxue) - New #66: [Auth client library](https://github.com/yiisoft/yii2-authclient) OpenId, OAuth1, OAuth2 clients (klimov-paul) - New #303: Added built-in support for REST API (qiangxue) - New #503: Added `yii\di\Container` and `yii\di\ServiceLocator` (qiangxue) diff --git a/framework/base/Application.php b/framework/base/Application.php index e6778b0..f385708 100644 --- a/framework/base/Application.php +++ b/framework/base/Application.php @@ -13,7 +13,7 @@ use Yii; * Application is the base class for all application classes. * * @property \yii\web\AssetManager $assetManager The asset manager component. This property is read-only. - * @property \yii\rbac\Manager $authManager The auth manager for this application. Null is returned if auth + * @property \yii\rbac\ManagerInterface $authManager The auth manager for this application. Null is returned if auth * manager is not configured. This property is read-only. * @property string $basePath The root directory of the application. * @property \yii\caching\Cache $cache The cache application component. Null if the component is not enabled. @@ -559,7 +559,7 @@ abstract class Application extends Module /** * Returns the auth manager for this application. - * @return \yii\rbac\Manager the auth manager for this application. + * @return \yii\rbac\ManagerInterface the auth manager for this application. * Null is returned if auth manager is not configured. */ public function getAuthManager() diff --git a/framework/classes.php b/framework/classes.php index ff90de0..da7a244 100644 --- a/framework/classes.php +++ b/framework/classes.php @@ -195,17 +195,18 @@ return [ 'yii\mutex\Mutex' => YII_PATH . '/mutex/Mutex.php', 'yii\mutex\MysqlMutex' => YII_PATH . '/mutex/MysqlMutex.php', 'yii\rbac\Assignment' => YII_PATH . '/rbac/Assignment.php', + 'yii\rbac\BaseManager' => YII_PATH . '/rbac/BaseManager.php', 'yii\rbac\DbManager' => YII_PATH . '/rbac/DbManager.php', 'yii\rbac\Item' => YII_PATH . '/rbac/Item.php', - 'yii\rbac\Manager' => YII_PATH . '/rbac/Manager.php', - 'yii\rbac\PhpManager' => YII_PATH . '/rbac/PhpManager.php', + 'yii\rbac\ManagerInterface' => YII_PATH . '/rbac/ManagerInterface.php', + 'yii\rbac\Permission' => YII_PATH . '/rbac/Permission.php', + 'yii\rbac\Role' => YII_PATH . '/rbac/Role.php', 'yii\rbac\Rule' => YII_PATH . '/rbac/Rule.php', 'yii\requirements\YiiRequirementChecker' => YII_PATH . '/requirements/YiiRequirementChecker.php', 'yii\rest\Action' => YII_PATH . '/rest/Action.php', 'yii\rest\ActiveController' => YII_PATH . '/rest/ActiveController.php', 'yii\rest\Controller' => YII_PATH . '/rest/Controller.php', 'yii\rest\CreateAction' => YII_PATH . '/rest/CreateAction.php', - 'yii\rest\DataExporter' => YII_PATH . '/rest/DataExporter.php', 'yii\rest\DeleteAction' => YII_PATH . '/rest/DeleteAction.php', 'yii\rest\IndexAction' => YII_PATH . '/rest/IndexAction.php', 'yii\rest\OptionsAction' => YII_PATH . '/rest/OptionsAction.php', diff --git a/framework/filters/AccessRule.php b/framework/filters/AccessRule.php index a2eeb19..d831e2f 100644 --- a/framework/filters/AccessRule.php +++ b/framework/filters/AccessRule.php @@ -42,8 +42,8 @@ class AccessRule extends Component * - `?`: matches a guest user (not authenticated yet) * - `@`: matches an authenticated user * - * Using additional role names requires RBAC (Role-Based Access Control), and - * [[User::checkAccess()]] will be called. + * Using other role names requires RBAC (Role-Based Access Control), and + * [[User::can()]] will be called. * * If this property is not set or empty, it means this rule applies to all roles. */ @@ -148,7 +148,7 @@ class AccessRule extends Component if (!$user->getIsGuest()) { return true; } - } elseif ($user->checkAccess($role)) { + } elseif ($user->can($role)) { return true; } } diff --git a/framework/web/User.php b/framework/web/User.php index 619e688..2e375a1 100644 --- a/framework/web/User.php +++ b/framework/web/User.php @@ -570,33 +570,32 @@ class User extends Component } /** - * Performs access check for this user. + * Checks if the user can perform the operation as specified by the given permission. * * Note that you must configure "authManager" application component in order to use this method. * Otherwise an exception will be thrown. * - * @param string $operation the name of the operation that need access check. - * @param array $params name-value pairs that would be passed to business rules associated - * with the tasks and roles assigned to the user. A param with name 'userId' is added to - * this array, which holds the value of [[id]] when [[\yii\rbac\DbManager]] or - * [[\yii\rbac\PhpManager]] is used. + * @param string $permissionName the name of the permission (e.g. "edit post") that needs access check. + * @param array $params name-value pairs that would be passed to the rules associated + * with the roles and permissions assigned to the user. A param with name 'user' is added to + * this array, which holds the value of [[id]]. * @param boolean $allowCaching whether to allow caching the result of access check. * When this parameter is true (default), if the access check of an operation was performed * before, its result will be directly returned when calling this method to check the same * operation. If this parameter is false, this method will always call - * [[\yii\rbac\Manager::checkAccess()]] to obtain the up-to-date access result. Note that this + * [[\yii\rbac\ManagerInterface::checkAccess()]] to obtain the up-to-date access result. Note that this * caching is effective only within the same request and only works when `$params = []`. - * @return boolean whether the operations can be performed by this user. + * @return boolean whether the user can perform the operation as specified by the given permission. */ - public function checkAccess($operation, $params = [], $allowCaching = true) + public function can($permissionName, $params = [], $allowCaching = true) { $auth = Yii::$app->getAuthManager(); - if ($allowCaching && empty($params) && isset($this->_access[$operation])) { - return $this->_access[$operation]; + if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) { + return $this->_access[$permissionName]; } - $access = $auth->checkAccess($this->getId(), $operation, $params); + $access = $auth->checkAccess($this->getId(), $permissionName, $params); if ($allowCaching && empty($params)) { - $this->_access[$operation] = $access; + $this->_access[$permissionName] = $access; } return $access;