Merge pull request #2808 from kuzmina-mariya/fix/yupe-module-rbac

#2303: accessRules для главного модуля Yupe
yupe · Dec 25, 2018 · e1d2b2e · e1d2b2e
2 parents 0ce36d9 + e3d54cd
commit e1d2b2e
Show file tree

Hide file tree

Showing 6 changed files with 123 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 Версия 1.3 В разработке
 -----------------------
 
+- #2303: accessRules для главного модуля Yupe (@loveorigami, @kuzmina-mariya)
 - #2652: Allowed memory size при большом количестве вариантов (@pa1m0n, @kuzmina-mariya)
 - #2670: Баг с добавлением товара в корзину (@validcom94, @kuzmina-mariya)
 - #2794: Сортировка порядка галерей (@tmsk70, @kuzmina-mariya)

diff --git a/protected/modules/yupe/YupeModule.php b/protected/modules/yupe/YupeModule.php
@@ -579,6 +579,7 @@ public function getNavigation()
                 'icon' => "fa fa-fw fa-question-circle",
                 'label' => Yii::t('YupeModule.yupe', 'About Yupe!'),
                 'url' => ['/yupe/backend/help'],
+                'visible' => Yii::app()->getUser()->checkAccess('Yupe.Backend.index'),
             ],
         ];
     }
@@ -874,14 +875,59 @@ public function getAuthItems()
         return [
             [
                 'name' => 'ManageYupeParams',
-                'description' => Yii::t('YupeModule.yupe', 'Modules update'),
+                'description' => Yii::t('YupeModule.yupe', 'Manage Yupe params'),
                 'type' => AuthItem::TYPE_TASK,
                 'items' => [
                     [
                         'type' => AuthItem::TYPE_OPERATION,
-                        'name' => 'Yupe.YupeBackend.index',
+                        'name' => 'Yupe.Backend.index',
                         'description' => Yii::t('YupeModule.yupe', 'Yupe panel'),
                     ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.Settings',
+                        'description' => Yii::t('YupeModule.yupe', 'View modules list'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.Modupdate',
+                        'description' => Yii::t('YupeModule.yupe', 'Update module'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.Modulesettings',
+                        'description' => Yii::t('YupeModule.yupe', 'View module settings'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.SaveModulesettings',
+                        'description' => Yii::t('YupeModule.yupe', 'Update module settings'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.Themesettings',
+                        'description' => Yii::t('YupeModule.yupe', 'Update theme settings'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.FlushDumpSettings',
+                        'description' => Yii::t('YupeModule.yupe', 'Cleanup settings dump'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.Backend.Ajaxflush',
+                        'description' => Yii::t('YupeModule.yupe', 'Cleanup cache and assets'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.ModulesBackend.ConfigUpdate',
+                        'description' => Yii::t('YupeModule.yupe', 'Update module config'),
+                    ],
+                    [
+                        'type' => AuthItem::TYPE_OPERATION,
+                        'name' => 'Yupe.ModulesBackend.ModuleStatus',
+                        'description' => Yii::t('YupeModule.yupe', 'Update module status'),
+                    ],
                 ],
             ],
         ];

diff --git a/protected/modules/yupe/controllers/BackendController.php b/protected/modules/yupe/controllers/BackendController.php
@@ -23,11 +23,18 @@ public function accessRules()
     {
         return [
             ['allow', 'roles' => ['admin']],
-            ['allow', 'actions' => ['index']],
+            ['allow', 'actions' => ['index'], 'roles' => ['Yupe.Backend.index'],],
             ['allow', 'actions' => ['error']],
             ['allow', 'actions' => ['AjaxFileUpload']],
             ['allow', 'actions' => ['AjaxImageUpload']],
             ['allow', 'actions' => ['transliterate']],
+            ['allow', 'actions' => ['settings'], 'roles' => ['Yupe.Backend.Settings'],],
+            ['allow', 'actions' => ['modulesettings'], 'roles' => ['Yupe.Backend.Modulesettings'],],
+            ['allow', 'actions' => ['saveModulesettings'], 'roles' => ['Yupe.Backend.SaveModulesettings'],],
+            ['allow', 'actions' => ['modupdate'], 'roles' => ['Yupe.Backend.Modupdate'],],
+            ['allow', 'actions' => ['themesettings'], 'roles' => ['Yupe.Backend.Themesettings'],],
+            ['allow', 'actions' => ['ajaxflush'], 'roles' => ['Yupe.Backend.Ajaxflush'],],
+            ['allow', 'actions' => ['flushDumpSettings'], 'roles' => ['Yupe.Backend.FlushDumpSettings'],],
             ['deny',],
         ];
     }
@@ -342,7 +349,7 @@ public function saveParamsSetting($moduleId, $params)
      *
      * @param string $name - id модуля
      *
-     * @return nothing
+     * @return void
      */
     public function actionModupdate($name = null)
     {
@@ -390,7 +397,7 @@ public function actionModupdate($name = null)
      * Страничка для отображения ссылок на ресурсы для получения помощи
      *
      * @since 0.4
-     * @return nothing
+     * @return void
      */
     public function actionHelp()
     {

diff --git a/protected/modules/yupe/controllers/ModulesBackendController.php b/protected/modules/yupe/controllers/ModulesBackendController.php
@@ -10,6 +10,8 @@ public function accessRules()
     {
         return [
             ['allow', 'roles' => ['admin']],
+            ['allow', 'actions' => ['configUpdate'], 'roles' => ['Yupe.ModulesBackend.ConfigUpdate'],],
+            ['allow', 'actions' => ['moduleStatus'], 'roles' => ['Yupe.ModulesBackend.ModuleStatus'],],
             ['deny',],
         ];
     }

diff --git a/protected/modules/yupe/messages/ru/yupe.php b/protected/modules/yupe/messages/ru/yupe.php
@@ -358,4 +358,16 @@
     'Я.Money on' => 'Я.Money на',
     'defaultImage' => 'Изображение по умолчанию',
     'Catalog' => 'Каталог',
+    'View modules list' => 'Просмотр списка модулей',
+    'Update module' => 'Обновление модуля',
+    'View module settings' => 'Просмотр настроек модуля',
+    'Update module settings' => 'Изменение настроек модуля',
+    'Update theme settings' => 'Изменение настроек темы',
+    'Cleanup Yupe' => 'Очистка Юпи',
+    'Cleanup settings dump' => 'Очистка кеша настроек',
+    'Cleanup cache and assets' => 'Очистка кеша и ресурсов (assets)',
+    'Cleanup assets' => 'Очистка ресурсов (assets)',
+    'Manage Yupe params' => 'Управление параметрами Юпи!',
+    'Update module config' => 'Обновление конфигурации модуля',
+    'Update module status' => 'Обновление статуса модуля',
 ];
diff --git a/protected/modules/yupe/views/backend/_moduleslist.php b/protected/modules/yupe/views/backend/_moduleslist.php
@@ -184,7 +184,18 @@ function moduleRow($module, &$updates, &$modules)
             ?>
         </td>
         <td class="button-column">
-            <?php if ($module->getIsActive() && $module->getEditableParams()): ?>
+            <?php
+            $canUpdateModule = Yii::app()->getUser()->checkAccess(AuthItem::ROLE_ADMIN)
+                || Yii::app()->getUser()->checkAccess('Yupe.Backend.Modupdate');
+
+            $canViewModuleSettings = Yii::app()->getUser()->checkAccess(AuthItem::ROLE_ADMIN)
+                || Yii::app()->getUser()->checkAccess('Yupe.Backend.Modulesettings');
+
+            $canChangeModuleStatus = Yii::app()->getUser()->checkAccess(AuthItem::ROLE_ADMIN)
+                || Yii::app()->getUser()->checkAccess('Yupe.ModulesBackend.ModuleStatus');
+            ?>
+
+            <?php if ($module->getIsActive() && $module->getEditableParams() && $canViewModuleSettings): ?>
                 <?= CHtml::link(
                     '<i class="fa fa-fw fa-wrench" rel="tooltip" title="' . Yii::t(
                         'YupeModule.yupe',
@@ -200,48 +211,50 @@ function moduleRow($module, &$updates, &$modules)
                 'module' => $module->getId(),
             ];
 
-            echo $module->getIsNoDisable() ? '' :
-                ($module->getIsInstalled() || $module->getIsActive()
-                    ? ($module->getIsActive()
-                        ? CHtml::link(
-                            '<i class="fa fa-fw fa-minus-circle" rel="tooltip" title="' . Yii::t(
-                                'YupeModule.yupe',
-                                'Disable'
-                            ) . '">&nbsp;</i>',
-                            $url + ['status' => '0'],
-                            array_merge($htmlOptions, ['status' => 0, 'method' => 'deactivate'])
+            if ($canChangeModuleStatus) {
+                echo $module->getIsNoDisable() ? '' :
+                    ($module->getIsInstalled() || $module->getIsActive()
+                        ? ($module->getIsActive()
+                            ? CHtml::link(
+                                '<i class="fa fa-fw fa-minus-circle" rel="tooltip" title="' . Yii::t(
+                                    'YupeModule.yupe',
+                                    'Disable'
+                                ) . '">&nbsp;</i>',
+                                $url + ['status' => '0'],
+                                array_merge($htmlOptions, ['status' => 0, 'method' => 'deactivate'])
+                            )
+                            : CHtml::link(
+                                '<i class="fa fa-fw fa-check-circle" rel="tooltip" title="' . Yii::t(
+                                    'YupeModule.yupe',
+                                    'Enable'
+                                ) . '">&nbsp;</i>',
+                                $url + ['status' => '1'],
+                                array_merge($htmlOptions, ['status' => 1, 'method' => 'activate'])
+                            ) .
+                            ($module->isNeedUninstall()
+                                ? ''
+                                : CHtml::link(
+                                    '<i class="fa fa-fw fa-times" rel="tooltip" title="' . Yii::t(
+                                        'YupeModule.yupe',
+                                        'Uninstall'
+                                    ) . '">&nbsp;</i>',
+                                    $url + ['status' => '0'],
+                                    array_merge($htmlOptions, ['status' => 0, 'method' => 'uninstall'])
+                                )
+                            )
                         )
                         : CHtml::link(
-                            '<i class="fa fa-fw fa-check-circle" rel="tooltip" title="' . Yii::t(
+                            '<i class="fa fa-fw fa-download" rel="tooltip" title="' . Yii::t(
                                 'YupeModule.yupe',
-                                'Enable'
+                                'Install'
                             ) . '">&nbsp;</i>',
                             $url + ['status' => '1'],
-                            array_merge($htmlOptions, ['status' => 1, 'method' => 'activate'])
-                        ) .
-                        ($module->isNeedUninstall()
-                            ? ''
-                            : CHtml::link(
-                                '<i class="fa fa-fw fa-times" rel="tooltip" title="' . Yii::t(
-                                    'YupeModule.yupe',
-                                    'Uninstall'
-                                ) . '">&nbsp;</i>',
-                                $url + ['status' => '0'],
-                                array_merge($htmlOptions, ['status' => 0, 'method' => 'uninstall'])
-                            )
+                            array_merge($htmlOptions, ['status' => 1, 'method' => 'install'])
                         )
-                    )
-                    : CHtml::link(
-                        '<i class="fa fa-fw fa-download" rel="tooltip" title="' . Yii::t(
-                            'YupeModule.yupe',
-                            'Install'
-                        ) . '">&nbsp;</i>',
-                        $url + ['status' => '1'],
-                        array_merge($htmlOptions, ['status' => 1, 'method' => 'install'])
-                    )
-                );
+                    );
+            }
 
-            if (isset($updates[$module->getId()]) && $module->getIsInstalled()) {
+            if (isset($updates[$module->getId()]) && $module->getIsInstalled() && $canUpdateModule) {
                 echo CHtml::link(
                     '<i class="fa fa-fw fa-refresh" rel="tooltip" title="' . Yii::t(
                         'YupeModule.yupe',
@@ -251,7 +264,7 @@ function moduleRow($module, &$updates, &$modules)
                     ['/yupe/backend/modupdate', 'name' => $module->getId()]
                 );
             }
-            if ($module->getIsActive() && $module->isConfigNeedUpdate()) {
+            if ($module->getIsActive() && $module->isConfigNeedUpdate() && $canChangeModuleStatus) {
                 echo CHtml::link(
                     '<i class="fa fa-fw fa-repeat" rel="tooltip" title="' . Yii::t(
                         'YupeModule.yupe',