Commit b66c4cf4 by Alexander Makarov

Fixes #5435: Added extra checks to `yii\rbac\DbManager` to prevent database…

Fixes #5435: Added extra checks to `yii\rbac\DbManager` to prevent database exceptions when `$userId` is empty
parent 66c2c6c0
...@@ -15,6 +15,7 @@ Yii Framework 2 Change Log ...@@ -15,6 +15,7 @@ Yii Framework 2 Change Log
- Bug #5379: `Module::afterAction()` was called even when `beforeAction()` returned false (cebe) - Bug #5379: `Module::afterAction()` was called even when `beforeAction()` returned false (cebe)
- Bug #5423: `yii\behaviors\Cors` causes "undefined index" error when its `cors` is configured (qiangxue) - Bug #5423: `yii\behaviors\Cors` causes "undefined index" error when its `cors` is configured (qiangxue)
- Bug #5424: `Html::addCssStyle()` wasn't correctly setting style passed in array (kartik-v, samdark) - Bug #5424: `Html::addCssStyle()` wasn't correctly setting style passed in array (kartik-v, samdark)
- Bug #5435: Added extra checks to `yii\rbac\DbManager` to prevent database exceptions when `$userId` is empty (samdark)
- Bug: Date and time formatting now assumes UTC as the timezone for input dates unless a timezone is explicitly given (cebe) - Bug: Date and time formatting now assumes UTC as the timezone for input dates unless a timezone is explicitly given (cebe)
- Enh #4040: Added `$viewFile` and `$params` to the `EVENT_BEFORE_RENDER` and `EVENT_AFTER_RENDER` events for `View` (qiangxue) - Enh #4040: Added `$viewFile` and `$params` to the `EVENT_BEFORE_RENDER` and `EVENT_AFTER_RENDER` events for `View` (qiangxue)
- Enh #4275: Added `removeChildren()` to `yii\rbac\ManagerInterface` and implementations (samdark) - Enh #4275: Added `removeChildren()` to `yii\rbac\ManagerInterface` and implementations (samdark)
......
...@@ -342,6 +342,10 @@ class DbManager extends BaseManager ...@@ -342,6 +342,10 @@ class DbManager extends BaseManager
*/ */
public function getRolesByUser($userId) public function getRolesByUser($userId)
{ {
if (empty($userId)) {
return [];
}
$query = (new Query)->select('b.*') $query = (new Query)->select('b.*')
->from(['a' => $this->assignmentTable, 'b' => $this->itemTable]) ->from(['a' => $this->assignmentTable, 'b' => $this->itemTable])
->where('a.item_name=b.name') ->where('a.item_name=b.name')
...@@ -381,6 +385,10 @@ class DbManager extends BaseManager ...@@ -381,6 +385,10 @@ class DbManager extends BaseManager
*/ */
public function getPermissionsByUser($userId) public function getPermissionsByUser($userId)
{ {
if (empty($userId)) {
return [];
}
$query = (new Query)->select('item_name') $query = (new Query)->select('item_name')
->from($this->assignmentTable) ->from($this->assignmentTable)
->where(['user_id' => (string)$userId]); ->where(['user_id' => (string)$userId]);
...@@ -469,6 +477,10 @@ class DbManager extends BaseManager ...@@ -469,6 +477,10 @@ class DbManager extends BaseManager
*/ */
public function getAssignment($roleName, $userId) public function getAssignment($roleName, $userId)
{ {
if (empty($userId)) {
return null;
}
$row = (new Query)->from($this->assignmentTable) $row = (new Query)->from($this->assignmentTable)
->where(['user_id' => (string)$userId, 'item_name' => $roleName]) ->where(['user_id' => (string)$userId, 'item_name' => $roleName])
->one($this->db); ->one($this->db);
...@@ -489,6 +501,10 @@ class DbManager extends BaseManager ...@@ -489,6 +501,10 @@ class DbManager extends BaseManager
*/ */
public function getAssignments($userId) public function getAssignments($userId)
{ {
if (empty($userId)) {
return [];
}
$query = (new Query) $query = (new Query)
->from($this->assignmentTable) ->from($this->assignmentTable)
->where(['user_id' => (string)$userId]); ->where(['user_id' => (string)$userId]);
...@@ -623,6 +639,10 @@ class DbManager extends BaseManager ...@@ -623,6 +639,10 @@ class DbManager extends BaseManager
*/ */
public function revoke($role, $userId) public function revoke($role, $userId)
{ {
if (empty($userId)) {
return false;
}
return $this->db->createCommand() return $this->db->createCommand()
->delete($this->assignmentTable, ['user_id' => (string)$userId, 'item_name' => $role->name]) ->delete($this->assignmentTable, ['user_id' => (string)$userId, 'item_name' => $role->name])
->execute() > 0; ->execute() > 0;
...@@ -633,6 +653,10 @@ class DbManager extends BaseManager ...@@ -633,6 +653,10 @@ class DbManager extends BaseManager
*/ */
public function revokeAll($userId) public function revokeAll($userId)
{ {
if (empty($userId)) {
return false;
}
return $this->db->createCommand() return $this->db->createCommand()
->delete($this->assignmentTable, ['user_id' => (string)$userId]) ->delete($this->assignmentTable, ['user_id' => (string)$userId])
->execute() > 0; ->execute() > 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment