Merge pull request #332 from CheckeredFlag/restrict-assignments

Added option to restrict user assignments to roles only
2019-08-21 09:17:34 +02:00
parent f9d8ebaaa7 b526cb9ccc
commit 4993f50c60
4 changed files with 24 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@
 - Fix #244: Fix forced inclusion of a suggested class (tonydspaniard)
 - Fix user event triggering in admin controller (maxxer)
 - Enh #331: Added Ukrainian translations (kwazaro)
+ - Enh #324: Added option to restrict user assignments to roles only (CheckeredFlag)

 ## 1.5.0 April 19, 2019
 - Fix: Fix condition in EmailChangeService (it was always false) (borisaeric)
--- a/docs/installation/configuration-options.md
+++ b/docs/installation/configuration-options.md
@ -199,6 +199,11 @@ Configures the root directory of the view files. See [overriding views](../enhan

 Configures the name of the session key that will be used to hold the original admin identifier.

+#### restrictUserPermissionAssignment (type: `boolean`, default: `false`)
+
+If `false`, allow the assignment of both roles and permissions to users.
+Set to `true` to restrict user assignments to roles only.
+


 © [2amigos](http://www.2amigos.us/) 2013-2019
--- a/src/User/Module.php
+++ b/src/User/Module.php
@ -181,4 +181,8 @@ class Module extends BaseModule
     * @var integer If != NULL sets a max password age in days
     */
    public $maxPasswordAge = null;
+    /**
+     * @var boolean whether to restrict assignment of permissions to users
+     */
+    public $restrictUserPermissionAssignment = false;
 }
--- a/src/User/Widget/AssignmentsWidget.php
+++ b/src/User/Widget/AssignmentsWidget.php
@ -15,10 +15,12 @@ use Da\User\Model\Assignment;
 use Da\User\Service\UpdateAuthAssignmentsService;
 use Da\User\Traits\AuthManagerAwareTrait;
 use Da\User\Traits\ContainerAwareTrait;
+use Yii;
 use yii\base\InvalidConfigException;
 use yii\base\InvalidParamException;
 use yii\base\Widget;
 use yii\helpers\ArrayHelper;
+use yii\rbac\Item;

 class AssignmentsWidget extends Widget
 {
@ -61,24 +63,31 @@ class AssignmentsWidget extends Widget
            $this->make(UpdateAuthAssignmentsService::class, [$model])->run();
        }

+        $items[Yii::t('usuario', 'Roles')] = $this->getAvailableItems(Item::TYPE_ROLE);
+        if (!Yii::$app->getModule('user')->restrictUserPermissionAssignment) {
+            $items[Yii::t('usuario', 'Permissions')] = $this->getAvailableItems(Item::TYPE_PERMISSION);
+        }
+
        return $this->render(
            '/widgets/assignments/form',
            [
                'model' => $model,
-                'availableItems' => $this->getAvailableItems(),
+                'availableItems' => $items,
            ]
        );
    }

    /**
-     * Returns all available auth items to be attached to the user.
+     * Returns available auth items to be attached to the user.
+     * 
+     * @param int|null type of auth items or null to return all
     * 
     * @return array
     */
-    protected function getAvailableItems()
+    protected function getAvailableItems($type = null)
    {
        return ArrayHelper::map(
-            $this->getAuthManager()->getItems(),
+            $this->getAuthManager()->getItems($type),
            'name',
            function ($item) {
                return empty($item->description)