updated access trait, use sql FIND_IN_SET, removed mask access items,…

… fixed make file, updated README
handcode · Jun 18, 2016 · 0c3d8fb · 0c3d8fb
1 parent b2e5f42
commit 0c3d8fb
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 123 deletions.
diff --git a/README.md b/README.md
@@ -134,18 +134,16 @@ This migrations adds the available access check columns to your database table(s
 
 :bulb: Access options:
 
-- All access option -> {*}
+- All access option `*`
 - specific rbac roles and permissions assignable
     - single or multi
-        - `{*}`
-        - `{Role1},{Role2},{Permission1},...`
+        - `*`
+        - `Role1,Role2,Permission1,...`
 
-- limit access to specific domains / languages
-    - single or multi
-        - `{*}`
-        - `{de},{en},{fr},...`
+- limit access to specific domain / language
+    - `de` or `en`
 
-- `Owner` access overrides other given permissions
+- `Owner` gets all access over other given permissions
     - every active rocord can have exact one owner!
 
 Planned updates:

diff --git a/db/traits/ActiveRecordAccessTrait.php b/db/traits/ActiveRecordAccessTrait.php
@@ -52,14 +52,16 @@ public static function find()
         /** @var $query \yii\db\ActiveQuery */
         $query = parent::find();
 
+        // access owner check
+        $query->where(['access_owner' => \Yii::$app->user->id]);
+
         // access read check
-        $query->where(['or like', 'access_read', array_keys(self::getUsersAuthItems())]);
+        foreach (array_keys(self::getUsersAuthItems()) as $authItem) {
+            $query->orWhere('FIND_IN_SET("' . $authItem . '", access_read)');
+        }
 
         // access domain check
-        $query->andWhere(['or like', 'access_domain', array_keys(self::acceptedAccessDomain())]);
-
-        // owner check
-        $query->orWhere(['access_owner' => \Yii::$app->user->id]);
+        $query->andWhere(['access_domain' => \Yii::$app->language]);
 
         return $query;
     }
@@ -75,6 +77,7 @@ public function rules()
                 [['access_owner', 'access_domain', 'access_read', 'access_update', 'access_delete'], 'safe'],
                 [['access_domain', 'access_read', 'access_update', 'access_delete'], 'string', 'max' => 255],
                 [['access_domain', 'access_read', 'access_update', 'access_delete'], 'default', 'value' => null],
+                [['access_domain'], 'default', 'value' => self::$_public],
                 [['access_owner'], 'integer'],
             ]
         );
@@ -119,7 +122,7 @@ public function beforeDelete()
      */
     public static function allAccess()
     {
-        return [self::mask(self::$_public) => self::$_public];
+        return [self::$_public => self::$_public];
     }
 
     /**
@@ -146,7 +149,7 @@ public static function getUsersAuthItems()
                     } else {
                         $description = $name;
                     }
-                    $authRoles[self::mask($name)] = $description;
+                    $authRoles[$name] = $description;
                 }
 
                 // All permissions
@@ -157,7 +160,7 @@ public static function getUsersAuthItems()
                     } else {
                         $description = $name;
                     }
-                    $authPermissions[self::mask($name)] = $description;
+                    $authPermissions[$name] = $description;
                 }
 
                 // All auth items
@@ -168,7 +171,7 @@ public static function getUsersAuthItems()
                 // Users auth items
                 $authItems = [];
                 foreach (\Yii::$app->authManager->getAssignments(\Yii::$app->user->id) as $name => $item) {
-                    $authItems[self::mask($name)] = $authManager->getItem($item->roleName)->description;
+                    $authItems[$name] = $authManager->getItem($item->roleName)->description;
                 }
             }
 
@@ -177,15 +180,6 @@ public static function getUsersAuthItems()
         return $publicAuthItem;
     }
 
-    /**
-     * Currrent application language and * for all access_domains
-     * @return array
-     */
-    public static function acceptedAccessDomain()
-    {
-        return ArrayHelper::merge([self::mask(\Yii::$app->language) => \Yii::$app->language], self::allAccess());
-    }
-
     /**
      * For use with yii2-giiant OptsProvider
      * @return array available access domains
@@ -194,7 +188,7 @@ public static function optsAccessDomain()
     {
         $languages = self::allAccess();
         foreach (\Yii::$app->urlManager->languages as $language) {
-            $languages[self::mask($language)] = $language;
+            $languages[$language] = $language;
         }
 
         return $languages;
@@ -229,6 +223,7 @@ public static function optsAccessDelete()
 
     /**
      * Decode items from array to csv
+     *
      * @param $itemArray
      *
      * @return string
@@ -240,22 +235,20 @@ public function authItemArrayToString($itemArray)
 
     /**
      * Encode item from csv to array
+     *
      * @param $itemString
      *
      * @return array
      */
     public function authItemStringToArray($itemString)
     {
-        $arr = [];
-        foreach (explode(',', $itemString) as $item) {
-            $arr[$item] = self::unmask($item);
-        }
-
-        return $arr;
+        $arr = explode(',', $itemString);
+        return array_combine($arr, $arr);
     }
 
     /**
      * Check permission for record
+     *
      * @param null $action
      *
      * @return bool
@@ -276,30 +269,9 @@ private function grandPermission($action = null)
         return true;
     }
 
-    /**
-     * Mask a given string into {$item}
-     * @param $item
-     *
-     * @return string
-     */
-    private static function mask($item)
-    {
-        return '{' . $item . '}';
-    }
-
-    /**
-     * Unmask a given string from {$item} to $item
-     * @param $item
-     *
-     * @return string
-     */
-    private static function unmask($item)
-    {
-        return str_replace('{', '', str_replace('}', '', $item));
-    }
-
     /**
      * Set error flash for controller action id
+     *
      * @param string $action
      *
      * @return bool|false

diff --git a/tests/Makefile b/tests/Makefile
@@ -23,7 +23,7 @@ open:	 ##@docker open application web service in browser
 	$(OPEN_CMD) http://$(DOCKER_HOST_IP):$(shell $(DOCKER_COMPOSE) port nginx 80 | sed 's/[0-9.]*://')
 
 open-db:	 ##@docker open application web service in browser
-	$(OPEN_CMD) mysql://root:secret@$(DOCKER_HOST_IP):$(shell $(DOCKER_COMPOSE) port db 3306/ | sed 's/[0-9.]*://')
+	$(OPEN_CMD) mysql://root:secret@$(DOCKER_HOST_IP):$(shell $(DOCKER_COMPOSE) port db 3306 | sed 's/[0-9.]*://')
 
 bash:	 ##@docker open application development bash
 	$(DOCKER_COMPOSE) run --rm phpfpm bash

diff --git a/tests/migrations/m160614_100345_add_product_table_access_trait_test.php b/tests/migrations/m160614_100345_add_product_table_access_trait_test.php
@@ -45,11 +45,11 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{*}',
+                'access_domain' => 'en',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{*}',
-                'access_delete' => '{*}',
+                'access_read'   => '*',
+                'access_update' => '*',
+                'access_delete' => '*',
             ]
         );
 
@@ -58,11 +58,11 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{*}',
+                'access_domain' => 'en',
                 'access_owner'  => '3',
-                'access_read'   => '{Editor}',
-                'access_update' => '{*}',
-                'access_delete' => '{*}',
+                'access_read'   => 'Editor',
+                'access_update' => '*',
+                'access_delete' => '*',
             ]
         );
 
@@ -71,11 +71,11 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{*}',
+                'access_domain' => 'en',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{Editor}',
-                'access_delete' => '{*}',
+                'access_read'   => '*',
+                'access_update' => 'Editor',
+                'access_delete' => '*',
             ]
         );
 
@@ -84,11 +84,11 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{*}',
+                'access_domain' => 'en',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{*}',
-                'access_delete' => '{Editor}',
+                'access_read'   => '*',
+                'access_update' => '*',
+                'access_delete' => 'Editor',
             ]
         );
 
@@ -97,11 +97,11 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{*}',
+                'access_domain' => 'en',
                 'access_owner'  => '2',
-                'access_read'   => '{Supervisor}',
-                'access_update' => '{Supervisor}',
-                'access_delete' => '{Supervisor}',
+                'access_read'   => 'Supervisor',
+                'access_update' => 'Supervisor',
+                'access_delete' => 'Supervisor',
             ]
         );
 
@@ -110,45 +110,45 @@ public function safeUp()
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{de}',
+                'access_domain' => 'de',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{*}',
-                'access_delete' => '{*}',
+                'access_read'   => '*',
+                'access_update' => '*',
+                'access_delete' => '*',
             ]
         );
         // access domain
         $this->insert(
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{en}',
+                'access_domain' => 'en',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{*}',
-                'access_delete' => '{*}',
+                'access_read'   => '*',
+                'access_update' => '*',
+                'access_delete' => '*',
             ]
         );
         $this->insert(
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{en}',
+                'access_domain' => 'de',
                 'access_owner'  => '3',
-                'access_read'   => '{Supervisor}',
-                'access_update' => '{Supervisor}',
-                'access_delete' => '{Supervisor}',
+                'access_read'   => 'Editor',
+                'access_update' => 'Supervisor',
+                'access_delete' => 'Supervisor',
             ]
         );
         $this->insert(
             $this->tableName,
             [
                 'title'         => 'Product',
-                'access_domain' => '{fr},{de}',
+                'access_domain' => 'fr',
                 'access_owner'  => '3',
-                'access_read'   => '{*}',
-                'access_update' => '{Supervisor}',
-                'access_delete' => '{Supervisor}',
+                'access_read'   => '*',
+                'access_update' => 'Supervisor',
+                'access_delete' => 'Supervisor',
             ]
         );
     }