2017-09-19 22:36:16 +05:30
|
|
|
<?php
|
|
|
|
namespace common\rbac\rules;
|
|
|
|
|
|
|
|
use common\models\Account;
|
|
|
|
use Yii;
|
|
|
|
use yii\rbac\Rule;
|
|
|
|
|
|
|
|
class AccountOwner extends Rule {
|
|
|
|
|
|
|
|
public $name = 'account_owner';
|
|
|
|
|
|
|
|
/**
|
2019-07-15 04:29:56 +05:30
|
|
|
* In our application the permissions are given not to users but to tokens,
|
|
|
|
* so we receive $accessToken here and extract all the assigned scopes from it.
|
2017-09-19 22:36:16 +05:30
|
|
|
*
|
|
|
|
* @param string|int $accessToken
|
|
|
|
* @param \yii\rbac\Item $item
|
2019-07-15 04:29:56 +05:30
|
|
|
* @param array $params the "accountId" parameter must be passed as the id of the account
|
|
|
|
* to which the request is made
|
|
|
|
* the "optionalRules" parameter allows you to disable the mandatory acceptance
|
|
|
|
* of the latest version of the rules
|
2017-09-19 22:36:16 +05:30
|
|
|
*
|
|
|
|
* @return bool a value indicating whether the rule permits the auth item it is associated with.
|
|
|
|
*/
|
|
|
|
public function execute($accessToken, $item, $params): bool {
|
|
|
|
$accountId = $params['accountId'] ?? null;
|
|
|
|
if ($accountId === null) {
|
2018-02-28 03:57:35 +05:30
|
|
|
return false;
|
2017-09-19 22:36:16 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
$identity = Yii::$app->user->findIdentityByAccessToken($accessToken);
|
2017-12-23 03:40:54 +05:30
|
|
|
if ($identity === null) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
$account = $identity->getAccount();
|
|
|
|
if ($account === null) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($account->id !== (int)$accountId) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($account->status !== Account::STATUS_ACTIVE) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$actualRulesOptional = $params['optionalRules'] ?? false;
|
|
|
|
if (!$actualRulesOptional && !$account->isAgreedWithActualRules()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|