Merge pull request #2 from dmstr/feature/fix-default-update-delete-pe…

…rmission

Feature/fix default update delete permission

README.md

@@ -8,6 +8,19 @@ The package has been extracted from https://github.com/dmstr/yii2-db
 
 ## General usage
 
+### Configuration options
+
+In application config:
+```
+    'params' => [
+        'ActiveRecordAccessTrait' => [
+            'enableRecursiveRoles' => true
+        ],
+    ],
+```
+
+> Note: Static property usage `enableRecursiveRoles` is deprecated.
+
 ### Example
 
 
@@ -49,6 +62,19 @@ Permissions to set default values
 - `access.defaults.accessDomain:global`
 - `access.defaults.updateDelete:<ROLE>`
 
+Add rule for default value in `Model::rules()`, if you want to set it automatically
+
+```
+[
+    [
+        'access_update',
+        'access_delete',
+    ],
+    'default',
+    'value' => self::getDefaultAccessUpdateDelete()
+],
+```
+
 **Option 2:**
 
 Simply override this method in our AR model and set the access fields you have/want to the field names you have/want!

src/ActiveRecordAccessTrait.php

@@ -206,13 +206,17 @@ public static function getUsersAuthItems()
                 $authItems = [];
 
                 $allRoles = $authManager->getRoles();
-                if (static::$enableRecursiveRoles === false) {
+
+                if (!static::isEnabledRecursiveRoles()) {
                     if (Yii::$app->user->can('Admin')) {
+                        // when user is 'Admin' use all roles
                         $roles = $allRoles;
                     } else {
+                        // only use directly assigned roles
                         $roles = $authManager->getRolesByUser(Yii::$app->user->id);
                     }
                 } else {
+                    // check all roles
                     $roles = [];
                     foreach ($allRoles as $roleItem) {
                         $roleName = $roleItem->name;
@@ -237,6 +241,12 @@ public static function getUsersAuthItems()
         return $publicAuthItem;
     }
 
+    /**
+     * @return bool|mixed
+     */
+    public static function isEnabledRecursiveRoles () {
+        return Yii::$app->params['ActiveRecordAccessTrait']['enableRecursiveRoles'] ?? static::$enableRecursiveRoles;
+    }
 
     public static function getDefaultAccessDomain() {
         // return first found permission
@@ -268,18 +278,21 @@ public static function getDefaultAccessUpdateDelete() {
         }
 
         // return first found permission
-        $AuthManager = \Yii::$app->authManager;
-        $permissions = $AuthManager->getPermissionsByUser(Yii::$app->user->id);
+        $authManager = \Yii::$app->authManager;
+        $permissions = $authManager->getPermissions();
         foreach ($permissions as $name => $Permission) {
             if (StringHelper::startsWith($name, 'access.defaults.updateDelete:')) {
                 $data = explode(':', $name);
                 if (empty($data[1])) {
                     Yii::warning("Invalid update/delete access permission '$name'", __METHOD__);
                     continue;
                 }
-                return $data[1];
+                if (Yii::$app->user->can($data[1])) {
+                    return $data[1];
+                }
             }
         }
+        return null;
     }