From b526cb9ccc987cb02cf94b14491bab185a06798f Mon Sep 17 00:00:00 2001 From: Marco Moreno Date: Fri, 19 Jul 2019 11:08:33 -0400 Subject: [PATCH] Added option to restrict user assignments to roles only --- CHANGELOG.md | 1 + docs/installation/configuration-options.md | 5 +++++ src/User/Module.php | 4 ++++ src/User/Widget/AssignmentsWidget.php | 19 ++++++++++++++----- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9739a7e..0656516 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Fix #244: Fix forced inclusion of a suggested class (tonydspaniard) - Fix user event triggering in admin controller (maxxer) - Enh #331: Added Ukrainian translations (kwazaro) + - Enh #324: Added option to restrict user assignments to roles only (CheckeredFlag) ## 1.5.0 April 19, 2019 - Fix: Fix condition in EmailChangeService (it was always false) (borisaeric) diff --git a/docs/installation/configuration-options.md b/docs/installation/configuration-options.md index 1f5148c..2a7b478 100644 --- a/docs/installation/configuration-options.md +++ b/docs/installation/configuration-options.md @@ -199,6 +199,11 @@ Configures the root directory of the view files. See [overriding views](../enhan Configures the name of the session key that will be used to hold the original admin identifier. +#### restrictUserPermissionAssignment (type: `boolean`, default: `false`) + +If `false`, allow the assignment of both roles and permissions to users. +Set to `true` to restrict user assignments to roles only. + © [2amigos](http://www.2amigos.us/) 2013-2019 diff --git a/src/User/Module.php b/src/User/Module.php index e71c65a..c7c1c2c 100644 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -181,4 +181,8 @@ class Module extends BaseModule * @var integer If != NULL sets a max password age in days */ public $maxPasswordAge = null; + /** + * @var boolean whether to restrict assignment of permissions to users + */ + public $restrictUserPermissionAssignment = false; } diff --git a/src/User/Widget/AssignmentsWidget.php b/src/User/Widget/AssignmentsWidget.php index 1ef18fc..42a0931 100644 --- a/src/User/Widget/AssignmentsWidget.php +++ b/src/User/Widget/AssignmentsWidget.php @@ -15,10 +15,12 @@ use Da\User\Model\Assignment; use Da\User\Service\UpdateAuthAssignmentsService; use Da\User\Traits\AuthManagerAwareTrait; use Da\User\Traits\ContainerAwareTrait; +use Yii; use yii\base\InvalidConfigException; use yii\base\InvalidParamException; use yii\base\Widget; use yii\helpers\ArrayHelper; +use yii\rbac\Item; class AssignmentsWidget extends Widget { @@ -61,24 +63,31 @@ class AssignmentsWidget extends Widget $this->make(UpdateAuthAssignmentsService::class, [$model])->run(); } + $items[Yii::t('usuario', 'Roles')] = $this->getAvailableItems(Item::TYPE_ROLE); + if (!Yii::$app->getModule('user')->restrictUserPermissionAssignment) { + $items[Yii::t('usuario', 'Permissions')] = $this->getAvailableItems(Item::TYPE_PERMISSION); + } + return $this->render( '/widgets/assignments/form', [ 'model' => $model, - 'availableItems' => $this->getAvailableItems(), + 'availableItems' => $items, ] ); } /** - * Returns all available auth items to be attached to the user. - * + * Returns available auth items to be attached to the user. + * + * @param int|null type of auth items or null to return all + * * @return array */ - protected function getAvailableItems() + protected function getAvailableItems($type = null) { return ArrayHelper::map( - $this->getAuthManager()->getItems(), + $this->getAuthManager()->getItems($type), 'name', function ($item) { return empty($item->description)