accounts/api/rbac/Manager.php

39 lines
1.0 KiB
PHP

<?php
declare(strict_types=1);
namespace api\rbac;
use Yii;
use yii\rbac\Assignment;
use yii\rbac\PhpManager;
class Manager extends PhpManager {
/**
* In our application the permissions are given not to users itself, but to tokens,
* so we extract them from the extended identity interface.
*
* In Yii2, the mechanism of recursive permissions checking requires that the array
* with permissions must be indexed by the keys of these permissions.
*
* @param string $accessToken
* @return string[]
*/
public function getAssignments($accessToken): array {
$identity = Yii::$app->user->getIdentity();
if ($identity === null) {
return [];
}
/** @noinspection NullPointerExceptionInspection */
$rawPermissions = $identity->getAssignedPermissions();
$result = [];
foreach ($rawPermissions as $name) {
$result[$name] = new Assignment(['roleName' => $name]);
}
return $result;
}
}