/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionCreate($idTree)
{
$modelTree = Tree::model()->find('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, ':module' => 'news', ':organization' => Yii::app()->session['code_no']));
if ($modelTree === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree))) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$model = new News();
$model->id_tree = $idTree;
$model->flag_enable = true;
$model->date_start_pub = date('d.m.Y');
$model->date_end_pub = date('01.m.Y', PHP_INT_MAX);
$model->author = Yii::app()->user->name;
$model->general_page = 0;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if (isset($_POST['News'])) {
$model->attributes = $_POST['News'];
$model->log_change = LogChange::setLog($model->log_change, 'создание');
if ($model->save()) {
// сохраняем файлы
$model->saveFiles($model->id, $idTree);
// сохраняем изображения
$model->saveImages($model->id, $idTree);
// сохраняем миниатюра изображения
$model->saveThumbailForNews($model);
$this->redirect(array('view', 'id' => $model->id, 'idTree' => $idTree));
}
}
$this->render('create', array('model' => $model, 'idTree' => $idTree));
}
/**
* 返回access 里面name
*/
function access($access_id = null)
{
$model = Access::model()->findAll();
if (!$access_id) {
$access_id = $this->access_id;
}
$t = \ArrHelper::parentTree($model, $access_id);
unset($s);
foreach ($t as $v) {
$s .= $v . ".";
}
return substr($s, 0, -1);
}
/**
Функция возвращает массив с правами пользователей
на разделы в зависимости от выбранного режима section->use_organization = true|false
если true - возвращает права по организациям access_organization->right_(view|create|edit|delete)
если false - возвращает права на текущий раздел access->right_(view|create|edit|delete)
Передаваемые параметры:
$section_id (обязательный) - ИД Раздела (Section->id)
$org_id (не обязательный, по умолчанию = 0) - ИД
Результат:
array('allow|deny'
{,actions=array('index'|,'admin'|,'create'|,'edit'|,'delete')}
,users=>array('имя текущего пользователя')
)
**/
public static function getAccessRight($section_id, $org_id = 0)
{
if (Yii::app()->user->role_admin) {
return array('allow', 'users' => array(Yii::app()->user->name));
}
$result_array = array('users' => array(Yii::app()->user->name));
$result_actions = array();
$modelSection = Section::model()->findByPk($section_id);
if (count($modelSection) == 0) {
return $result_array;
}
$tableAccess = Access::model()->tableSchema->rawName;
$tableAccessOrganization = Yii::app()->db->tablePrefix . 'access_organization';
$tableGroupUser = Yii::app()->db->tablePrefix . 'group_user';
$model = Yii::app()->db->createCommand()->select('t.id,t.date_create,t.date_modification,' . (!$modelSection->use_organization ? 't.right_view,t.right_create,t.right_edit,t.right_delete' : ($org_id == 0 && $modelSection->use_organization ? 'a_o.right_view,' : 'a_o.right_view,') . 'a_o.right_view,a_o.right_create,a_o.right_edit,a_o.right_delete'))->from('{{access}} t')->leftJoin($tableAccessOrganization . ' a_o', '[t].[id]=[a_o].[id_access]' . (!($org_id == 0 && $modelSection->use_organization) ? ' AND [a_o].[id_organization]=' . $org_id : ''))->where('[t].[id_section]=' . $section_id . ' AND ([t].[id_user]=' . Yii::app()->user->id . ' OR ' . '[t].[id_group] IN (select [g_u].[id_group] from ' . $tableGroupUser . ' [g_u] ' . 'where [g_u].[id_user]=' . Yii::app()->user->id . '))')->queryAll();
foreach ($model as $value) {
if ($value['right_view'] == true) {
if (!in_array('index', $result_actions)) {
$result_actions[] = 'index';
}
if (!in_array('admin', $result_actions)) {
$result_actions[] = 'admin';
}
}
if (!($modelSection->use_organization && $org_id == 0)) {
if ($value['right_create'] == true) {
if (!in_array('create', $result_actions)) {
$result_actions[] = 'create';
}
}
if ($value['right_edit'] == true) {
if (!in_array('edit', $result_actions)) {
$result_actions[] = 'edit';
}
}
if ($value['right_delete'] == true) {
if (!in_array('delete', $result_actions)) {
$result_actions[] = 'delete';
}
}
}
}
if (count($result_actions)) {
$result_array = array_merge($result_array, array('allow', 'actions' => $result_actions));
} else {
$result_array = array_merge($result_array, array('deny'));
}
return $result_array;
}
public static function checkAccess()
{
//find module and controller
$module = Yii::app()->getController()->getModule();
if (!empty($module)) {
$module = Yii::app()->getController()->getModule()->getId();
}
$controller = Yii::app()->getController()->id;
//if the user is trying to login, allow
if ($module == 'user' && $controller == 'login') {
return true;
}
$access = Access::model()->findByAttributes(array('module' => $module, 'controller' => $controller, 'action' => Yii::app()->getController()->getAction()->id, 'enabled' => 1));
//if there's no rule, allow everyone
if (!$access) {
return true;
}
if ($access->all) {
return true;
}
if ($access->loggedIn && Yii::app()->user->id) {
return true;
}
if ($access->guest && Yii::app()->user->isGuest) {
return true;
}
//find the user
$userId = Yii::app()->user->id;
//if the user isn't logged in, and we already know guests aren't allowed here
if (!$userId) {
return false;
}
//find the user roles and allowed roles
$userRoles = User::model()->findByPk($userId)->roles;
if (array_intersect($access->roles, $userRoles)) {
return true;
}
return false;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id, $idTree)
{
if (!Tree::model()->exists('id=:id AND module=:module', array(':id' => $idTree, 'module' => 'jornalRequest'))) {
throw new CHttpException(404, 'Страница не найдена.');
}
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree))) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$model = JornalRequest::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
public function loadModel($id)
{
$model = Access::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, Yii::t('app', 'The requested page does not exist.'));
}
return $model;
}
option').prop('selected', true);
}
</script>
<div id="content_permission" class="well">
<h5 style="background-color: white;" class="well">Доступ</h5>
<p><?php
echo $form->checkBoxRow($model, 'useParentRight', $model->isNewRecord ? array('checked' => 'checked') : array());
?>
</p>
<table style="border: 0;" id="table_group_user">
<tr><td>
<?php
// ГРУППЫ //
echo $form->dropDownListRow($model, 'permissionGroup', CHtml::listData(Access::model()->with('group')->findAll(array('order' => 'group.code_no,group.name', 'condition' => 't.id_tree=:id_tree AND t.is_group=1', 'params' => array(':id_tree' => $model->id))), 'group.id', 'group.name'), array('multiple' => true, 'style' => 'width: 300px; height: 200px;'));
?>
<br />
<?php
$this->widget('bootstrap.widgets.TbButton', array('label' => 'Добавить', 'url' => 'javascript:;', 'htmlOptions' => array('data-toggle' => 'modal', 'data-target' => '#userGroupModal', 'onclick' => 'getListGroups();')));
?>
<?php
$this->widget('bootstrap.widgets.TbButton', array('label' => 'Удалить', 'url' => 'javascript:;', 'htmlOptions' => array('onclick' => '$(\'#' . CHtml::activeId($model, 'permissionGroup') . ' option:selected\').remove();')));
?>
</td>
<td>
<?php
// ПОЛЬЗОВАТЕЛИ //
echo $form->dropDownListRow($model, 'permissionUser', User::model()->getUsersByTreeAccess($model->id), array('multiple' => true, 'style' => 'width: 300px; height: 200px;'));
?>
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id)
{
//$model=Tree::model()->findByPk($id);
$model = Tree::model()->find(array('condition' => 'id=:id AND organization=:organization' . (!Yii::app()->user->admin && !Access::model()->checkAccessUserForTree($id) ? ' AND 1<>1' : ''), 'params' => array(':id' => $id, ':organization' => Yii::app()->session['code_no'])));
if ($model === null || !Tree::model()->checkParentRight($model->id_parent)) {
throw new CHttpException(404, 'Запрашиваемая страница не существует.');
}
return $model;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id, $idTree)
{
if (Tree::model()->find('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, 'module' => 'news', ':organization' => Yii::app()->session['code_no'])) === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$delDate = Yii::app()->user->admin ? '' : ' AND date_delete is null';
$model = News::model()->findByPk($id, 'id_tree=:id_tree ' . $delDate, array(':id_tree' => $idTree));
if ($model === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
return $model;
}
/** Построение дерева структуры сайта НА ГЛАВНОЙ СТРАНИЦЕ
* относительно текущего НО (Yii::app()->session['code_no'])
* */
public function getTreeForMain($id = 0, $parent_id = 0)
{
$criteria = new CDbCriteria();
$criteria->addCondition('id_parent=' . $parent_id);
$criteria->addCondition('id<>' . $id);
$criteria->addCondition("organization='" . Yii::app()->session['code_no'] . "'");
if (!Yii::app()->user->admin) {
$criteria->addCondition('date_delete IS NULL');
}
$orgData = Tree::model()->findAll($criteria);
$data = array();
foreach ($orgData as $value) {
if (Yii::app()->user->admin || Access::model()->checkAccessUserForTree($value->id)) {
$data[] = array('id' => $value->id, 'text' => '<div style="margin-top:-2px;"><i class="icon-folder-open"></i> ' . ($value->module != '' ? CHtml::link($value->name, array($value->module . '/admin', 'idTree' => $value->id)) : $value->name) . '</div>', 'children' => $this->getTreeForMain($id, $value->id), 'htmlOptions' => array('style' => 'font-weight:bold;'));
} else {
$data = array_merge($data, $this->getTreeForMain($id, $value->id));
}
}
return $data;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return Telephone the loaded model
* @throws CHttpException
*/
public function loadModel($id, $idTree)
{
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$criteria = new CDbCriteria();
$criteria->compare('id', $id);
$criteria->addInCondition('ifns_code', CHtml::listData(Telephone::model()->listOrganizations($idTree), 'code', 'code'));
$model = Telephone::model()->find($criteria);
//$model=Telephone::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
return $model;
}
/** Дерево меню для DropDownList **/
public function getMenuDropDownList($type_menu, $id = 0, $parent_id = 0, $level = 1)
{
$criteria = new CDbCriteria();
$criteria->addCondition('id_parent=' . $parent_id);
$criteria->addCondition('id<>' . $id);
$criteria->addCondition('type_menu=' . $type_menu);
$data = array();
$orgData = Menu::model()->findAll($criteria);
foreach ($orgData as $value) {
if (Yii::app()->user->admin || Access::model()->checkAccessUserForTree($value->id)) {
$item = array($value->id => str_repeat('--', $level) . ' ' . $value->name);
$flagLevel = 1;
} else {
$item = array();
$flagLevel = 0;
}
$data = $data + $item + $this->getMenuDropDownList($type_menu, $id, $value->id, $level + $flagLevel);
}
return $data;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id, $idTree)
{
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$model = UpdateEod::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
<?php
echo CHtml::dropDownList('Tree[AccessGroup]', '', CHtml::listData(Access::model()->with('group')->findAll(array('condition' => 't.id_tree=:id_tree AND t.is_group=1', 'params' => array(':id_tree' => $model->id), 'order' => 'group.name')), 'group.id', 'group.name'), array('ajax' => array('type' => 'GET', 'url' => $this->createUrl('/admin/telephone/ajaxTreeAccess', array('id' => $model->id)), 'update' => '#ajaxTreeGroup', 'data' => array('identity' => 'js:this.value', 'is_group' => 1))));
Yii::app()->clientScript->registerScript('update-module-on-tree-access-group', '$(document).ready(function() {
$("#' . CHtml::getIdByName('Tree[AccessGroup]') . '").change();
});');
?>
<div id="ajaxTreeGroup"></div>
/**
**/
public function getUsersByTreeAccess($id_tree)
{
$record = Access::model()->with('user')->findAll(array('order' => 'user.home_no,user.last_name,user.first_name,user.middle_name', 'condition' => 't.id_tree=:id_tree AND is_group=0', 'params' => array(':id_tree' => $id_tree)));
$resultArray = array();
foreach ($record as $value) {
$resultArray[$value->user->id] = $value->user->login . ' (' . $value->user->last_name . ' ' . $value->user->first_name . ' ' . $value->user->middle_name . ')';
}
return $resultArray;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id, $idTree)
{
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$delDate = Yii::app()->user->admin ? '' : ' AND date_delete is null';
$model = News::model()->findByPk($id, 'id_tree=:id_tree ' . $delDate, array(':id_tree' => $idTree));
if ($model === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
return $model;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id, $idTree)
{
if (!Tree::model()->exists('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, 'module' => 'vksUfns', ':organization' => Yii::app()->session['code_no']))) {
throw new CHttpException(404, 'Страница не найдена.');
}
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$model = VksUfns::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
<?php
echo CHtml::dropDownList('Tree[AccessUser]', '', CHtml::listData(Access::model()->with('user')->findAll(array('condition' => 't.id_tree=:id_tree AND t.is_group=0', 'params' => array(':id_tree' => $model->id), 'order' => 'user.last_name,user.first_name,user.middle_name')), 'user.id', 'user.concatened'), array('ajax' => array('type' => 'GET', 'url' => $this->createUrl('/admin/telephone/ajaxTreeAccess', array('id' => $model->id)), 'update' => '#ajaxTreeUser', 'data' => array('identity' => 'js:this.value', 'is_group' => 0))));
Yii::app()->clientScript->registerScript('update-module-on-tree-access-user', '$(document).ready(function() {
$("#' . CHtml::getIdByName('Tree[AccessUser]') . '").change();
});');
?>
<div id="ajaxTreeUser"></div>