Quellcode durchsuchen

[Technique] Mise en place AuthorizationChecker #1328

feature/souke
Guillaume Bourgeois vor 1 Jahr
Ursprung
Commit
063f1ea64d
33 geänderte Dateien mit 164 neuen und 105 gelöschten Zeilen
  1. +3
    -6
      backend/controllers/AccessController.php
  2. +3
    -1
      backend/controllers/CommunicateAdminController.php
  3. +3
    -1
      backend/controllers/CommunicateController.php
  4. +3
    -1
      backend/controllers/CreditController.php
  5. +3
    -6
      backend/controllers/DashboardController.php
  6. +3
    -6
      backend/controllers/DeliveryNoteController.php
  7. +3
    -1
      backend/controllers/DevelopmentController.php
  8. +3
    -2
      backend/controllers/DistributionController.php
  9. +3
    -6
      backend/controllers/DocumentController.php
  10. +3
    -2
      backend/controllers/OrderController.php
  11. +3
    -6
      backend/controllers/PointSaleController.php
  12. +3
    -1
      backend/controllers/ProducerAdminController.php
  13. +3
    -1
      backend/controllers/ProducerController.php
  14. +3
    -6
      backend/controllers/ProducerPriceRangeAdminController.php
  15. +3
    -6
      backend/controllers/ProductCategoryController.php
  16. +3
    -6
      backend/controllers/ProductController.php
  17. +3
    -8
      backend/controllers/QuotationController.php
  18. +3
    -1
      backend/controllers/ReportController.php
  19. +6
    -2
      backend/controllers/SiteController.php
  20. +3
    -1
      backend/controllers/StatsAdminController.php
  21. +3
    -4
      backend/controllers/StatsController.php
  22. +3
    -1
      backend/controllers/SubscriptionController.php
  23. +3
    -5
      backend/controllers/SupportAdminController.php
  24. +3
    -7
      backend/controllers/SupportController.php
  25. +3
    -2
      backend/controllers/TaxRateAdminController.php
  26. +3
    -4
      backend/controllers/UserController.php
  27. +3
    -8
      backend/controllers/UserGroupController.php
  28. +5
    -0
      common/logic/User/User/Model/User.php
  29. +45
    -0
      common/logic/User/User/Service/AuthorizationChecker.php
  30. +15
    -0
      common/logic/User/User/Service/UserSolver.php
  31. +7
    -2
      common/logic/User/User/Wrapper/UserContainer.php
  32. +7
    -0
      common/logic/User/User/Wrapper/UserModule.php
  33. +1
    -2
      producer/controllers/CreditController.php

+ 3
- 6
backend/controllers/AccessController.php Datei anzeigen

@@ -52,11 +52,6 @@ class AccessController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -64,7 +59,9 @@ class AccessController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/CommunicateAdminController.php Datei anzeigen

@@ -66,7 +66,9 @@ class CommunicateAdminController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->isCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/CommunicateController.php Datei anzeigen

@@ -64,7 +64,9 @@ class CommunicateController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/CreditController.php Datei anzeigen

@@ -56,7 +56,9 @@ class CreditController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 6
backend/controllers/DashboardController.php Datei anzeigen

@@ -59,16 +59,13 @@ class DashboardController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
],
],
],
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
];
}


+ 3
- 6
backend/controllers/DeliveryNoteController.php Datei anzeigen

@@ -48,11 +48,6 @@ class DeliveryNoteController extends DocumentController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -60,7 +55,9 @@ class DeliveryNoteController extends DocumentController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/DevelopmentController.php Datei anzeigen

@@ -59,7 +59,9 @@ class DevelopmentController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 2
backend/controllers/DistributionController.php Datei anzeigen

@@ -75,8 +75,9 @@ class DistributionController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
$userModule = $this->getUserModule();
return $userModule->isCurrentAdmin() || $userModule->isCurrentProducer();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 6
backend/controllers/DocumentController.php Datei anzeigen

@@ -64,11 +64,6 @@ class DocumentController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -76,7 +71,9 @@ class DocumentController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 2
backend/controllers/OrderController.php Datei anzeigen

@@ -69,8 +69,9 @@ class OrderController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->isCurrentProducer()
|| $this->getUserModule()->isCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 6
backend/controllers/PointSaleController.php Datei anzeigen

@@ -55,11 +55,6 @@ class PointSaleController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -67,7 +62,9 @@ class PointSaleController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
],
],

+ 3
- 1
backend/controllers/ProducerAdminController.php Datei anzeigen

@@ -68,7 +68,9 @@ class ProducerAdminController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->isCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/ProducerController.php Datei anzeigen

@@ -72,7 +72,9 @@ class ProducerController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 6
backend/controllers/ProducerPriceRangeAdminController.php Datei anzeigen

@@ -53,11 +53,6 @@ class ProducerPriceRangeAdminController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -65,7 +60,9 @@ class ProducerPriceRangeAdminController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->isCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
]
],

+ 3
- 6
backend/controllers/ProductCategoryController.php Datei anzeigen

@@ -55,11 +55,6 @@ class ProductCategoryController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -67,7 +62,9 @@ class ProductCategoryController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
],
],

+ 3
- 6
backend/controllers/ProductController.php Datei anzeigen

@@ -68,11 +68,6 @@ class ProductController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -80,7 +75,9 @@ class ProductController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 8
backend/controllers/QuotationController.php Datei anzeigen

@@ -41,10 +41,8 @@ namespace backend\controllers;
use common\helpers\GlobalParam;
use common\logic\Document\Quotation\Model\QuotationSearch;
use common\logic\Order\Order\Model\Order;
use Yii;
use yii\base\UserException;
use yii\filters\AccessControl;
use yii\filters\VerbFilter;
use yii\helpers\Html;

class QuotationController extends DocumentController
@@ -52,11 +50,6 @@ class QuotationController extends DocumentController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -64,7 +57,9 @@ class QuotationController extends DocumentController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/ReportController.php Datei anzeigen

@@ -57,7 +57,9 @@ class ReportController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 6
- 2
backend/controllers/SiteController.php Datei anzeigen

@@ -67,7 +67,9 @@ class SiteController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
],
[
@@ -75,7 +77,9 @@ class SiteController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->getCurrentStatus() == User::STATUS_ADMIN;
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
],
],

+ 3
- 1
backend/controllers/StatsAdminController.php Datei anzeigen

@@ -56,7 +56,9 @@ class StatsAdminController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->isUserCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
]
],

+ 3
- 4
backend/controllers/StatsController.php Datei anzeigen

@@ -41,9 +41,6 @@ namespace backend\controllers;
use common\helpers\GlobalParam;
use yii\filters\AccessControl;
use Yii;
use DateTime;
use DateInterval;
use DatePeriod;

class StatsController extends BackendController
{
@@ -57,7 +54,9 @@ class StatsController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 1
backend/controllers/SubscriptionController.php Datei anzeigen

@@ -58,7 +58,9 @@ class SubscriptionController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 5
backend/controllers/SupportAdminController.php Datei anzeigen

@@ -51,10 +51,6 @@ class SupportAdminController extends SupportController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -62,7 +58,9 @@ class SupportAdminController extends SupportController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->isCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 7
backend/controllers/SupportController.php Datei anzeigen

@@ -41,7 +41,6 @@ namespace backend\controllers;
use common\logic\Ticket\Ticket\Model\Ticket;
use common\logic\Ticket\Ticket\Model\TicketSearch;
use yii\filters\AccessControl;
use yii\filters\VerbFilter;
use yii\helpers\Html;
use yii\web\NotFoundHttpException;

@@ -50,11 +49,6 @@ class SupportController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -62,7 +56,9 @@ class SupportController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 2
backend/controllers/TaxRateAdminController.php Datei anzeigen

@@ -39,7 +39,6 @@
namespace backend\controllers;

use common\logic\Config\TaxRate\Model\TaxRate;
use Yii;
use yii\web\NotFoundHttpException;
use yii\filters\VerbFilter;
use yii\filters\AccessControl;
@@ -66,7 +65,9 @@ class TaxRateAdminController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->isUserCurrentAdmin();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsAdministrator($this->getUserCurrent());
}
]
],

+ 3
- 4
backend/controllers/UserController.php Datei anzeigen

@@ -41,15 +41,12 @@ namespace backend\controllers;
use backend\models\CreditForm;
use common\helpers\GlobalParam;
use backend\models\MailForm;
use common\helpers\MeanPayment;
use common\helpers\Password;
use common\logic\Order\Order\Model\OrderSearch;
use common\logic\PointSale\PointSale\Model\PointSale;
use common\logic\PointSale\UserPointSale\Model\UserPointSale;
use common\logic\Payment\Model\Payment;
use common\logic\User\User\Model\User;
use common\logic\User\User\Model\UserSearch;
use common\logic\User\User\Wrapper\UserModule;
use common\logic\User\UserProducer\Model\UserProducer;
use common\logic\User\UserUserGroup\Model\UserUserGroup;
use yii\base\UserException;
@@ -73,7 +70,9 @@ class UserController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
]
],

+ 3
- 8
backend/controllers/UserGroupController.php Datei anzeigen

@@ -41,10 +41,8 @@ namespace backend\controllers;
use common\helpers\GlobalParam;
use common\logic\User\UserGroup\Model\UserGroupSearch;
use common\logic\User\UserUserGroup\Model\UserUserGroup;
use Yii;
use yii\filters\AccessControl;
use yii\web\NotFoundHttpException;
use yii\filters\VerbFilter;
use yii\helpers\Html;

/**
@@ -56,11 +54,6 @@ class UserGroupController extends BackendController
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -68,7 +61,9 @@ class UserGroupController extends BackendController
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return $this->getUserModule()->hasAccessBackend();
return $this->getUserModule()
->getAuthorizationChecker()
->isGrantedAsProducer($this->getUserCurrent());
}
],
],

+ 5
- 0
common/logic/User/User/Model/User.php Datei anzeigen

@@ -263,6 +263,11 @@ class User extends ActiveRecordCommon implements IdentityInterface
return $this->lastname;
}

public function getStatus(): string
{
return $this->status;
}

/**
* @inheritdoc
*/

+ 45
- 0
common/logic/User/User/Service/AuthorizationChecker.php Datei anzeigen

@@ -0,0 +1,45 @@
<?php

namespace common\logic\User\User\Service;

use common\logic\AbstractUtils;
use common\logic\User\User\Model\User;

class AuthorizationChecker extends AbstractUtils
{
protected UserSolver $userSolver;

public function loadDependencies(): void
{
$this->userSolver = $this->loadService(UserSolver::class);
}

public function isGrantedAsAdministrator(User $user = null): bool
{
if(!$user) {
return false;
}

return $this->userSolver->isStatusAdministrator($user);
}

public function isGrantedAsProducer(User $user = null): bool
{
if(!$user) {
return false;
}

return $this->isGrantedAsAdministrator($user)
|| $this->userSolver->isStatusProducer($user);
}

public function isGrantedAsUser(User $user = null): bool
{
if(!$user) {
return false;
}

return $this->isGrantedAsProducer($user)
|| $this->userSolver->isStatusUser($user);
}
}

+ 15
- 0
common/logic/User/User/Service/UserSolver.php Datei anzeigen

@@ -130,6 +130,11 @@ class UserSolver extends AbstractService implements SolverInterface
return $user->status == User::STATUS_ADMIN;
}

public function isStatusAdministrator(User $user): bool
{
return $user->getStatus() == User::STATUS_ADMIN;
}

/**
* Retourne si l'utilisateur est un producteur ou non.
*
@@ -140,6 +145,16 @@ class UserSolver extends AbstractService implements SolverInterface
|| $user->status == User::STATUS_PRODUCER) && $user->id_producer;
}

public function isStatusProducer(User $user): bool
{
return $user->getStatus() == User::STATUS_PRODUCER;
}

public function isStatusUser(User $user): bool
{
return $user->getStatus() == User::STATUS_ACTIVE;
}

/**
* Retourne l'utilisateur courant.
*

+ 7
- 2
common/logic/User/User/Wrapper/UserContainer.php Datei anzeigen

@@ -5,14 +5,13 @@ namespace common\logic\User\User\Wrapper;
use common\logic\AbstractContainer;
use common\logic\User\User\Repository\UserRepository;
use common\logic\User\User\Repository\UserRepositoryQuery;
use common\logic\User\User\Service\AuthorizationChecker;
use common\logic\User\User\Service\NewsletterManager;
use common\logic\User\User\Service\NewsletterUtils;
use common\logic\User\User\Service\UserBuilder;
use common\logic\User\User\Service\UserDefinition;
use common\logic\User\User\Service\UserNotifier;
use common\logic\User\User\Service\UsersCreditCsvGenerator;
use common\logic\User\User\Service\UserSolver;
use common\logic\User\User\Service\UserUtils;

class UserContainer extends AbstractContainer
{
@@ -27,6 +26,7 @@ class UserContainer extends AbstractContainer
UserNotifier::class,
UsersCreditCsvGenerator::class,
NewsletterManager::class,
AuthorizationChecker::class,
];
}

@@ -59,4 +59,9 @@ class UserContainer extends AbstractContainer
{
return NewsletterManager::getInstance();
}

public function getAuthorizationChecker(): AuthorizationChecker
{
return AuthorizationChecker::getInstance();
}
}

+ 7
- 0
common/logic/User/User/Wrapper/UserModule.php Datei anzeigen

@@ -4,6 +4,7 @@ namespace common\logic\User\User\Wrapper;

use common\logic\AbstractModule;
use common\logic\User\User\Repository\UserRepository;
use common\logic\User\User\Service\AuthorizationChecker;
use common\logic\User\User\Service\NewsletterManager;
use common\logic\User\User\Service\UserBuilder;
use common\logic\User\User\Service\UserDefinition;
@@ -19,6 +20,7 @@ use common\logic\User\User\Service\UserSolver;
* @mixin UserNotifier
* @mixin UsersCreditCsvGenerator
* @mixin NewsletterManager
* @mixin AuthorizationChecker
*/
class UserModule extends AbstractModule
{
@@ -31,4 +33,9 @@ class UserModule extends AbstractModule
{
return $this->container;
}

public function getAuthorizationChecker(): AuthorizationChecker
{
return AuthorizationChecker::getInstance();
}
}

+ 1
- 2
producer/controllers/CreditController.php Datei anzeigen

@@ -42,7 +42,6 @@ use common\helpers\GlobalParam;
use common\helpers\MeanPayment;
use common\logic\Payment\Model\Payment;
use producer\models\CreditForm;
use yii\data\ActiveDataProvider;
use yii\filters\VerbFilter;

class CreditController extends ProducerBaseController
@@ -54,7 +53,7 @@ class CreditController extends ProducerBaseController
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'class' => VerbFilter::class,
'actions' => [
'stripe-verification' => ['post'],
],

Laden…
Abbrechen
Speichern