refs yiisoft#12771 \yii\web\User::can() and guest

Skip \yii\rbac\PhpManager::checkAccessRecursive and \yii\rbac\DbManager::checkAccessRecursive if role assignments are empty
pchapl · Oct 20, 2016 · c8589e9 · c8589e9
1 parent dc7c377
commit c8589e9
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 0 deletions.
diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
@@ -5,6 +5,7 @@ Yii Framework 2 Change Log
 ------------------------
 
 - no changes in this release.
+- Enh #12771: Skip \yii\rbac\PhpManager::checkAccessRecursive and \yii\rbac\DbManager::checkAccessRecursive if role assignments are empty (Ni-san)
 
 
 2.0.10 October 20, 2016
@@ -94,6 +95,7 @@ Yii Framework 2 Change Log
 - Enh #12580: Make `yii.js` comply with strict and non-strict javascript mode to allow concatenation with external code (mikehaertl)
 - Enh #12664: Added support for wildcards for `optional` at `yii\filters\auth\AuthMethod` (mg-code)
 - Enh #12744: Added `afterInit` event to `yii.activeForm.js` (werew01f)
+- Enh #12499: When AJAX validation in enabled, `yii.activeForm.js` will run it forcefully on form submit to display all possible errors (silverfire)
 - Enh: Method `yii\console\controllers\AssetController::getAssetManager()` automatically enables `yii\web\AssetManager::forceCopy` in case it is not explicitly specified (pana1990, klimov-paul)
 
 

diff --git a/framework/rbac/BaseManager.php b/framework/rbac/BaseManager.php
@@ -220,4 +220,15 @@ protected function executeRule($user, $item, $params)
             throw new InvalidConfigException("Rule not found: {$item->ruleName}");
         }
     }
+
+    /**
+     * Check that there no any roles in user's role assignments and in default roles
+     *
+     * @param Assignment[] $assignments list of user's role assignments
+     * @return bool true if empty
+     */
+    protected function emptyRoles(array $assignments)
+    {
+        return count($assignments) === 0 && count($this->defaultRoles) === 0;
+    }
 }
diff --git a/framework/rbac/DbManager.php b/framework/rbac/DbManager.php
@@ -119,6 +119,12 @@ public function init()
     public function checkAccess($userId, $permissionName, $params = [])
     {
         $assignments = $this->getAssignments($userId);
+
+        // nothing to check, user has no any rights
+        if ($this->emptyRoles($assignments)) {
+            return false;
+        }
+
         $this->loadFromCache();
         if ($this->items !== null) {
             return $this->checkAccessFromCache($userId, $permissionName, $params, $assignments);

diff --git a/framework/rbac/PhpManager.php b/framework/rbac/PhpManager.php
@@ -97,6 +97,12 @@ public function init()
     public function checkAccess($userId, $permissionName, $params = [])
     {
         $assignments = $this->getAssignments($userId);
+
+        // nothing to check, user has no any rights
+        if ($this->emptyRoles($assignments)) {
+            return false;
+        }
+
         return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
     }
 

diff --git a/tests/framework/rbac/ManagerTestCase.php b/tests/framework/rbac/ManagerTestCase.php
@@ -182,6 +182,16 @@ public function testCheckAccess()
                 'blablabla' => false,
                 null => false,
             ],
+            'guest' => [
+                // all actions denied for guest (user not exists)
+                'createPost' => false,
+                'readPost' => false,
+                'updatePost' => false,
+                'deletePost' => false,
+                'updateAnyPost' => false,
+                'blablabla' => false,
+                null => false,
+            ],
         ];
 
         $params = ['authorID' => 'author B'];