Merge pull request #1 from hiqsol/master

Refactoring roles and permissions names
hiqdev · Nov 10, 2016 · 84c6b5a · 84c6b5a
2 parents 2741a28 + 8c68994
commit 84c6b5a
Show file tree

Hide file tree

Showing 6 changed files with 161 additions and 171 deletions.
diff --git a/src/AuthManager.php b/src/AuthManager.php
@@ -53,8 +53,8 @@ public function checkAccess($userId, $permission, $params = [])
             if (isset($user->username)) {
                 $userId = $user->username;
             }
-            if (isset($user->type)) {
-                $this->setAssignment($user->type, $userId);
+            if (isset($user->roles)) {
+                $this->setAssignments($user->roles, $userId);
             }
         }
 

diff --git a/src/Initer.php b/src/Initer.php
@@ -20,70 +20,59 @@ class Initer
 {
     public static function init(AuthManager $auth)
     {
-        $auth->setRole('client');
-        $auth->setRole('support');
-        $auth->setRole('admin');
-        $auth->setRole('manager');
-        $auth->setRole('reseller');
-        $auth->setRole('owner');
-        $auth->setRole('freezer');
-        $auth->setRole('billCreator');
-        $auth->setRole('billDeleter');
-        $auth->setRole('billManager');
+        $auth->setRole('role:client');
+        $auth->setRole('role:support');
+        $auth->setRole('role:admin');
+        $auth->setRole('role:manager');
+        $auth->setRole('role:reseller');
+        $auth->setRole('role:owner');
+
+        $auth->setRole('role:domain.freezer');
+        $auth->setRole('role:bill.manager');
 
         $auth->setPermission('restore-password');
         $auth->setPermission('deposit');
-        $auth->setPermission('do-support');
+        $auth->setPermission('support');
         $auth->setPermission('manage');
-        $auth->setPermission('administrate');
+        $auth->setPermission('admin');
         $auth->setPermission('resell');
         $auth->setPermission('own');
 
-        $auth->setPermission('freeze');
-        $auth->setPermission('unfreeze');
-        $auth->setPermission('create-bills');
-        $auth->setPermission('update-bills');
-        $auth->setPermission('delete-bills');
-
-        $auth->setChild('client',           'restore-password');
-        $auth->setChild('client',           'deposit');
-
-        $auth->setChild('support',          'do-support');
-
-        $auth->setChild('admin',            'support');
-        $auth->setChild('admin',            'administrate');
+        $auth->setPermission('domain.freeze');
+        $auth->setPermission('domain.unfreeze');
+        $auth->setPermission('domain.set-contacts');
 
-        $auth->setChild('manager',          'support');
-        $auth->setChild('manager',          'manage');
+        $auth->setPermission('bill.create');
+        $auth->setPermission('bill.update');
+        $auth->setPermission('bill.delete');
 
-        $auth->setChild('reseller',         'billManager');
-        $auth->setChild('reseller',         'resell');
-        $auth->setChild('reseller',         'deposit');
+        $auth->setChild('role:client',                  'restore-password');
+        $auth->setChild('role:client',                  'deposit');
 
-        $auth->setChild('owner',            'billManager');
-        $auth->setChild('owner',            'resell');
-        $auth->setChild('owner',            'own');
+        $auth->setChild('role:support',                 'support');
 
-        $auth->setChild('freezer',          'freeze');
-        $auth->setChild('freezer',          'unfreeze');
+        $auth->setChild('role:admin',                   'role:support');
+        $auth->setChild('role:admin',                   'admin');
 
-        $auth->setChild('billCreator',      'create-bills');
-        $auth->setChild('billDeleter',      'delete-bills');
+        $auth->setChild('role:manager',                 'role:support');
+        $auth->setChild('role:manager',                 'manage');
 
-        $auth->setChild('billManager',      'manager');
-        $auth->setChild('billManager',      'create-bills');
-        $auth->setChild('billManager',      'update-bills');
-        $auth->setChild('billManager',      'delete-bills');
+        $auth->setChild('role:reseller',                'role:manager');
+        $auth->setChild('role:reseller',                'role:bill.manager');
+        $auth->setChild('role:reseller',                'resell');
+        $auth->setChild('role:reseller',                'deposit');
 
-        $auth->setAssignment('freezer',     'sol');
-        $auth->setAssignment('freezer',     'andre');
+        $auth->setChild('role:owner',                   'role:manager');
+        $auth->setChild('role:owner',                   'role:bill.manager');
+        $auth->setChild('role:owner',                   'resell');
+        $auth->setChild('role:owner',                   'own');
 
-        $auth->setAssignment('billManager', 'sol');
-        $auth->setAssignment('billManager', 'margo');
-        $auth->setAssignment('billManager', 'dsr');
-        $auth->setAssignment('billManager', 'olgadsr');
+        $auth->setChild('role:domain.freezer',          'domain.freeze');
+        $auth->setChild('role:domain.freezer',          'domain.unfreeze');
 
-        $auth->persistAssignments();
+        $auth->setChild('role:bill.manager',            'bill.create');
+        $auth->setChild('role:bill.manager',            'bill.update');
+        $auth->setChild('role:bill.manager',            'bill.delete');
     }
 
     public static function reinit(AuthManager $auth)

diff --git a/src/SetterTrait.php b/src/SetterTrait.php
@@ -85,26 +85,38 @@ public function setChild($parent, $child)
     }
 
     /**
-     * Assigns a role to a user.
-     * @param string|Role $role
+     * Assigns an item (role or permission) to a user.
+     * @param string|Item $item
      * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
-     * @throws \Exception when given wrong role name or the role has already been assigned to the user
-     * @return Assignment the role assignment information
+     * @throws \Exception when given wrong item name
+     * @return Assignment the assignment object
      */
-    public function setAssignment($role, $userId)
+    public function setAssignment($item, $userId)
     {
-        if (is_string($role)) {
-            $name = $role;
-            $role = $this->getRole($role);
-            if (is_null($role)) {
-                throw new InvalidParamException("Unknown role:$name at setAssignment");
+        if (is_string($item)) {
+            $name = $item;
+            $item = $this->getItem($item);
+            if (is_null($item)) {
+                throw new InvalidParamException("Unknown item:$name at setAssignment");
             }
         }
-        if (isset($this->assignments[$userId][$role->name])) {
-            return false;
+        if (isset($this->assignments[$userId][$item->name])) {
+            return $this->assignments[$userId][$item->name];
         }
 
-        return $this->assign($role, $userId);
+        return $this->assign($item, $userId);
+    }
+
+    /**
+     * Assigns items to a user.
+     * @param array $items
+     * @param string|integer $userId
+     */
+    public function setAssignments(array $items, $userId)
+    {
+        foreach ($items as $item) {
+            $this->setAssignment($item, $userId);
+        }
     }
 
     /**
@@ -115,4 +127,13 @@ public function getAllAssignments()
     {
         return $this->assignments;
     }
+
+    /**
+     * Returns all items in the system.
+     * @return array
+     */
+    public function getAllItems()
+    {
+        return $this->items;
+    }
 }
diff --git a/src/files/assignments.php b/src/files/assignments.php
@@ -1,19 +1,2 @@
 <?php
-return [
-    'sol' => [
-        'freezer',
-        'billManager',
-    ],
-    'andre' => [
-        'freezer',
-    ],
-    'margo' => [
-        'billManager',
-    ],
-    'dsr' => [
-        'billManager',
-    ],
-    'olgadsr' => [
-        'billManager',
-    ],
-];
+return [];
diff --git a/src/files/items.php b/src/files/items.php
@@ -1,74 +1,63 @@
 <?php
 return [
-    'client' => [
+    'role:client' => [
         'type' => 1,
         'children' => [
             'restore-password',
             'deposit',
         ],
     ],
-    'support' => [
+    'role:support' => [
         'type' => 1,
         'children' => [
-            'do-support',
+            'support',
         ],
     ],
-    'admin' => [
+    'role:admin' => [
         'type' => 1,
         'children' => [
-            'support',
-            'administrate',
+            'role:support',
+            'admin',
         ],
     ],
-    'manager' => [
+    'role:manager' => [
         'type' => 1,
         'children' => [
-            'support',
+            'role:support',
             'manage',
         ],
     ],
-    'reseller' => [
+    'role:reseller' => [
         'type' => 1,
         'children' => [
-            'billManager',
+            'role:manager',
+            'role:bill.manager',
             'resell',
             'deposit',
         ],
     ],
-    'owner' => [
+    'role:owner' => [
         'type' => 1,
         'children' => [
-            'billManager',
+            'role:manager',
+            'role:bill.manager',
             'resell',
             'own',
         ],
     ],
-    'freezer' => [
-        'type' => 1,
-        'children' => [
-            'freeze',
-            'unfreeze',
-        ],
-    ],
-    'billCreator' => [
+    'role:domain.freezer' => [
         'type' => 1,
         'children' => [
-            'create-bills',
+            'domain.freeze',
+            'domain.unfreeze',
         ],
     ],
-    'billDeleter' => [
+    'role:bill.manager' => [
         'type' => 1,
         'children' => [
-            'delete-bills',
-        ],
-    ],
-    'billManager' => [
-        'type' => 1,
-        'children' => [
-            'manager',
-            'create-bills',
-            'update-bills',
-            'delete-bills',
+            'bill.create',
+            'bill.update',
+            'bill.delete',
         ],
     ],
     'restore-password' => [
@@ -77,13 +66,13 @@
     'deposit' => [
         'type' => 2,
     ],
-    'do-support' => [
+    'support' => [
         'type' => 2,
     ],
     'manage' => [
         'type' => 2,
     ],
-    'administrate' => [
+    'admin' => [
         'type' => 2,
     ],
     'resell' => [
@@ -92,19 +81,22 @@
     'own' => [
         'type' => 2,
     ],
-    'freeze' => [
+    'domain.freeze' => [
+        'type' => 2,
+    ],
+    'domain.unfreeze' => [
         'type' => 2,
     ],
-    'unfreeze' => [
+    'domain.set-contacts' => [
         'type' => 2,
     ],
-    'create-bills' => [
+    'bill.create' => [
         'type' => 2,
     ],
-    'update-bills' => [
+    'bill.update' => [
         'type' => 2,
     ],
-    'delete-bills' => [
+    'bill.delete' => [
         'type' => 2,
     ],
 ];