Custom denyCallback setup even when returning false from matchCallback using Yii2 behavior

Question

Custom denyCallback setup even when returning false from matchCallback using Yii2 behavior

I use Yii2and use behaviors in my controllers.

I create my own permission system because the permissions are quite complex. I need to use matchCallback .

Here is an example:

public function behaviors() {
    return [
        'access' => [
            'class' => AccessControl::className(),
            'only' => ['view'],
            'rules' => [
                [
                    'allow' => true,
                    'actions' => ['view'],
                    'matchCallback' => function ($rule, $action) {
                        return Yii::$app->authManager->can($rule, $action);
                    }
                ],      
                // everything else is denied
            ],
        ],
    ];
}

Now, unfortunately, the way it works matchCallbackis to return trueor falseon if it should continue to execute the rule and not be able to return true or false of which is allowed or not.

So, if I return falsethat he should not continue (and therefore forbid them), then I can’t configure denyCallbackas he completes the rule.

denyCallback, false matchCallback - -?

+4

php yii yii2 permissions user-permissions

Brett 06 . '15 16:47

2

... Yii::$app->authManager->checkAccess($uerId,$permissionName,$dataToPassInArray) . , , Yii::$app->user->identity. , (, yii\web\User ).

0

Benyu Luo 27 . '16 4:36

Tony · Accepted Answer · 2015-07-06T17:12:23+0000

denyCallback AccessControl AccessRule. , allow null. , denyCallback AccessRule:

public function behaviors() {
    return [
        'access' => [
            'class' => AccessControl::className(),
            'only' => ['view'],
            'rules' => [
                [
                    'allow' => true,
                    'actions' => ['view'],
                    'matchCallback' => function ($rule, $action) {
                        return Yii::$app->authManager->can($rule, $action);
                    }
                ],
            'denyCallback' => function ($rule, $action){...}
            // everything else is denied
            ],
        ],
    ];
}

AccessRule allows(), false null, , denyCallback , :

class MyAccessRule extends AccessRule
{
    public function allows($action, $user, $request)
    {
        $allows = parent::allows($action, $user, $request);
        if ($allows === null) {
            return false;
        } else {
            return $allows;
        }

    }
}

matchCallback , , matchCallback true, (, , ..), allows() allow true false, . matchCallback false - allow null, denyCallback , AccessControl denyCallback, .

, , allows() .

class MyAccessRule extends AccessRule
{
    public $allowCallback;
    public function allows($action, $user, $request)
    {
        if(!empty($this->allowCallback) {
            return call_user_func($this->allowCallback);
        }
        $allows = parent::allows($action, $user, $request);
        if ($allows === null) {
            return false;
        } else {
            return $allows;
        }

    }
}

Custom denyCallback setup even when returning false from matchCallback using Yii2 behavior

More articles: