search

yiisoft / yii2

Yii 2: The Fast, Secure and Professional PHP Framework
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
14.24k stars 6.91k forks source link

bizRule callback (not bug) #982

Closed alarcl closed 11 years ago

alarcl commented 11 years ago

Why u use eval and php in string for bizRule?

May be use callback will be nicer?

in rbac.php somthing like this

'UserApproved' => [
    'type' => Item::TYPE_ROLE,
    'description' => 'approved',
    'bizRule' => function (/*$params, $data*/) { return Yii::$app->user->identity->approved; },
    'data' => null
],

in https://github.com/yiisoft/yii2/blob/master/framework/yii/rbac/Manager.php#L149 somthing like this

public function executeBizRule($bizRule, $params, $data)
{
    return $bizRule === '' || $bizRule === null || (is_callable($bizRule) ? $bizRule($params, $data) : ($this->showErrors ? eval($bizRule) != 0 : @eval($bizRule) != 0));
}
bwoester commented 11 years ago

I prepared a pull request for this 5 months ago, see #471. After discussing it, qiang opened an issue to decouple bizRules from authItems (see #499). Depending on how the separated bizRules will be stored, the solution will maybe support anonymous functions.

samdark commented 11 years ago

@alarcl it can be used as you've suggested. As @bwoester pointed out, the reason for eval is bizRule storage in database that has its own separate issue.