Split RouteAccessControl from AccessBehaviorTrait #7
Conversation
…orTrait rule; use the new filter in the trait
|
And while we're at it, I would recommend moving the new The advantage would be: since the filter itself has no dependencies, it would be an easier to use component in other yii2 projects. |
src/filters/RouteAccessControl.php
Outdated
|
|
||
| public function beforeAction($action) | ||
| { | ||
| $this->rules[] = $this->getRouteAcessControlRule(); |
There was a problem hiding this comment.
Let‘s add a index here e.g. routeAccess. Even if we don‘t need it (yet), it is better to have it.
…ndex in the rules array, fix routeCheckParams usage
…s to _ as before)
I have to correct myself here: Since the separator for the route checks is now configurable in the new RouteAccessControl filter, I have also patched \User::checkAccessRoute() so that the separator can also be configured there via the optional routePartSeparator parameter. see: 7fc3775 The default is the underscore in both places as before, but if the separator can be changed, it must be possible in both places. |
|
@handcode merge & release at will |
This PR create a new
RouteAccessControlfilter which (re)implements the logic from the prev.AccessBehaviorTraitrule.The new filter can be used as "normal" behavior without the trait drawbacks.
For BC the
AccessBehaviorTraitstill exists and use the newRouteAccessControlfilter now.Besides the separation itself, a few small changes were made to the AccessCheck logic during refactoring:
yii\web\Controller. In all other cases,\Yii::$app->controlleris used.user->can()checks for the various "levels" of the route-permission are made inside the access rule now. This means that the check can be used with anyyii\web\Userinstance now, previously only withdmstr\web\Userinstances, as the actual route checks were executed there.userinstance for the checks is taken from theyii\filters\AccessControl::userproperty, so it is configurable now.If this PR, or rather the idea behind it, is accepted, we should be able to remove the
dmstr\web\User::checkAccessRoute()method, as it is no longer necessary for the RouteAccess check and as it is private it cannot be used outside of class.