Fixes #15422: Added default roles dynamic definition support via closure for `yii\rbac\BaseManager`

framework/CHANGELOG.md

@@ -57,6 +57,7 @@ Yii Framework 2 Change Log
 - Enh #15357: Added multi statement support for `yii\db\sqlite\Command` (sergeymakinen)
 - Enh #15360: Refactored `BaseConsole::updateProgress()` (developeruz)
 - Enh #15415: Added transaction/retry support for `yii\db\Command` (sergeymakinen)
+- Enh #15422: Added default roles dynamic definition support via closure for `yii\rbac\BaseManager` (deltacube)
 - Enh: Added check to `yii\base\Model::formName()` to prevent source path disclosure when form is represented by an anonymous class (silverfire)
 - Chg #15420: Handle OPTIONS request in `yii\filter\Cors` so the preflight check isn't passed trough authentication filters (michaelarnauts, leandrogehlen)
 

framework/rbac/BaseManager.php

@@ -28,7 +28,7 @@ abstract class BaseManager extends Component implements ManagerInterface
      * @var array a list of role names that are assigned to every user automatically without calling [[assign()]].
      * Note that these roles are applied to users, regardless of their state of authentication.
      */
-    public $defaultRoles = [];
+    protected $defaultRoles = [];
 
 
     /**
@@ -196,6 +196,36 @@ abstract class BaseManager extends Component implements ManagerInterface
     }
 
     /**
+     * Set default roles
+     * @param array|\Closure $roles either array of roles or a callable returning it
+     * @since 2.0.14
+     */
+    public function setDefaultRoles($roles)
+    {
+        if (is_array($roles)) {
+            $this->defaultRoles = $roles;
+        } elseif (is_callable($roles)) {
+            $roles = $roles();
+            if (!is_array($roles)) {
+                throw new InvalidParamException('Default roles closure must return an array');
+            }
+            $this->defaultRoles = $roles;
+        } else {
+            throw new InvalidParamException('Default roles must be either an array or a callable');
+        }
+    }
+
+    /**
+     * Get default roles
+     * @return array default roles
+     * @since 2.0.14
+     */
+    public function getDefaultRoles()
+    {
+        return $this->defaultRoles;
+    }
+
+    /**
      * Returns defaultRoles as array of Role objects.
      * @since 2.0.12
      * @return Role[] default roles. The array is indexed by the role names

tests/framework/rbac/ManagerTestCase.php

@@ -7,6 +7,7 @@
 
 namespace yiiunit\framework\rbac;
 
+use yii\base\InvalidParamException;
 use yii\rbac\Item;
 use yii\rbac\Permission;
 use yii\rbac\Role;
@@ -613,4 +614,27 @@ abstract class ManagerTestCase extends TestCase
         $rule = $this->auth->getRule('action_rule');
         $this->assertInstanceOf(ActionRule::className(), $rule);
     }
+
+    public function testDefaultRoles()
+    {
+        try {
+            $this->auth->defaultRoles = 'test';
+        } catch (\Exception $e) {
+            $this->assertInstanceOf(InvalidParamException::class, $e);
+            $this->assertEquals('Default roles must be either an array or a callable', $e->getMessage());
+
+            try {
+                $this->auth->defaultRoles = function () {
+                    return 'test';
+                };
+            } catch (\Exception $e) {
+                $this->assertInstanceOf(InvalidParamException::class, $e);
+                $this->assertEquals('Default roles closure must return an array', $e->getMessage());
+            }
+
+            return;
+        }
+
+        $this->fail('Not rise an exception');
+    }
 }