/**
* @param string $email
* @param string $name
* @param string $pass
* @return int
*/
public function actionAdd($email = '', $name = '', $pass = '')
{
/** @var Account\backend\Module $Module */
$Module = \Yii::$app->getModule($this->accountModule);
$roles = $Module->roles;
if (empty($email)) {
$email = $this->prompt('Enter user email:', ['required' => true]);
}
if (empty($name)) {
$name = $this->prompt('Enter user name:', ['required' => true]);
}
if (empty($pass)) {
$pass = $this->prompt('Enter user password:'******'required' => true]);
}
/** @var AccountModel $Account */
$Account = \Yii::createObject(AccountModel::class);
$Account->setAttributes(['name' => $name, 'email' => $email, 'password' => $pass, 'activated_at' => time()]);
$Account->save();
if (!$Account->hasErrors()) {
AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id);
AuthManager()->assign(RbacFactory::Role($roles['admin']), $Account->id);
$this->stdout("User have been successfully added\n", Console::FG_GREEN);
} else {
$this->stdout("ERROR creating user\n", Console::FG_RED);
$error = array_shift($Account->getFirstErrors());
if (!empty($error)) {
$this->stdout("\t> {$error}\n", Console::FG_RED);
}
return static::EXIT_CODE_ERROR;
}
return static::EXIT_CODE_NORMAL;
}
/**
* метод создает пользователя и назначает его админом
* @param string $email
* @param string $name
* @param string $pass
* @return int
*/
public function actionAdd($email = '', $name = '', $pass = '')
{
if (empty($email)) {
$email = $this->prompt('Enter user email:', ['required' => true]);
}
if (empty($name)) {
$name = $this->prompt('Enter user name:', ['required' => true]);
}
if (empty($pass)) {
$pass = $this->prompt('Enter user password:'******'required' => true]);
}
$User = new \resources\User(['name' => $name, 'email' => $email, 'password' => $pass, 'activated' => \resources\User::ACTIVATED, 'deleted' => \resources\User::NOT_DELETED]);
$User->save();
if (!$User->hasErrors()) {
AuthManager()->assign(RF::Role(\frontend\Permissions::ROLE_USER), $User->id);
AuthManager()->assign(RF::Role(\frontend\Permissions::ROLE_ADMIN), $User->id);
$this->stdout("User have been successfully added\n", \yii\helpers\Console::FG_GREEN);
} else {
$this->stdout("ERROR creating user\n", \yii\helpers\Console::FG_RED);
$error = array_shift($User->getFirstErrors());
if (!empty($error)) {
$this->stdout("\t> {$error}\n", \yii\helpers\Console::FG_RED);
}
return static::EXIT_CODE_ERROR;
}
return static::EXIT_CODE_NORMAL;
}
/**
* @param \yii\authclient\ClientInterface $Client
* @return bool
* @throws \yii\base\InvalidConfigException
*/
public function save(\yii\authclient\ClientInterface $Client)
{
/** @var Account\backend\Module $Module */
$Module = \Yii::$app->getModule($this->accountModule);
$roles = $Module->roles;
/** @var AccountModel $Account */
$Account = \Yii::createObject(AccountModel::class);
$Account->appendClientAttributes($Client);
$Account->setAttributes(['email' => $this->email]);
$Account->validate() && $Account->save();
$AuthResponse = AccountAuthResponseModel::createLog($Client);
if ($Account->hasErrors()) {
$AuthResponse->result = Json::encode($Account->getErrors());
} else {
$AuthResponse->result = (string) $Account->id;
$Account->pushSocialLink($Client);
AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id);
$SignInFormModel = \Yii::createObject(SignInForm::class);
User()->login($Account, $SignInFormModel::REMEMBER_TIME);
}
$AuthResponse->validate() && $AuthResponse->save();
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
}
return !$Account->hasErrors();
}
/**
* @param string $email
* @param string $name
* @param string $pass
* @return int
*/
public function actionAdd($email = '', $name = '', $pass = '')
{
if (empty($email)) {
$email = $this->prompt('Enter user email:', ['required' => true]);
}
if (empty($name)) {
$name = $this->prompt('Enter user name:', ['required' => true]);
}
if (empty($pass)) {
$pass = $this->prompt('Enter user password:'******'required' => true]);
}
$User = new \resources\Account(['name' => $name, 'email' => $email, 'password' => $pass, 'activated_at' => time()]);
$User->save();
if (!$User->hasErrors()) {
AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $User->id);
AuthManager()->assign(RbacFactory::Role(\common\Roles::ADMIN), $User->id);
$this->stdout("User have been successfully added\n", \yii\helpers\Console::FG_GREEN);
} else {
$this->stdout("ERROR creating user\n", \yii\helpers\Console::FG_RED);
$error = array_shift($User->getFirstErrors());
if (!empty($error)) {
$this->stdout("\t> {$error}\n", \yii\helpers\Console::FG_RED);
}
return static::EXIT_CODE_ERROR;
}
return static::EXIT_CODE_NORMAL;
}
/**
* @param \yii\authclient\ClientInterface $Client
* @return bool
* @throws \yii\base\InvalidConfigException
*/
public function save(\yii\authclient\ClientInterface $Client)
{
/** @var \cookyii\modules\Account\resources\Account $Account */
$Account = \Yii::createObject(\cookyii\modules\Account\resources\Account::className());
$Account->appendClientAttributes($Client);
$Account->setAttributes(['email' => $this->email, 'password' => Security()->generateRandomString(10)]);
$Account->validate() && $Account->save();
if (!$Account->hasErrors()) {
$Account->notificationHelper->sendSignUpEmail();
AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id);
$SignInFormModel = \Yii::createObject(SignInForm::className());
User()->login($Account, $SignInFormModel::REMEMBER_TIME);
}
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
}
return !$Account->hasErrors();
}
/**
* @return bool
*/
public function register()
{
/** @var \cookyii\modules\Account\resources\Account $Account */
$Account = \Yii::createObject(\cookyii\modules\Account\resources\Account::className());
$Account->setAttributes(['name' => $this->name, 'email' => $this->email, 'password' => $this->password, 'activated_at' => time()]);
$Account->validate() && $Account->save();
if (!$Account->hasErrors()) {
$Account->notificationHelper->sendSignUpEmail();
AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id);
if ($this->loginAfterRegister) {
$SignInFormModel = \Yii::createObject(SignInForm::className());
User()->login($Account, $SignInFormModel::REMEMBER_TIME);
}
}
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
}
return !$Account->hasErrors();
}
/**
* @return bool
*/
public function register()
{
/** @var Account\backend\Module $Module */
$Module = \Yii::$app->getModule($this->accountModule);
$roles = $Module->roles;
/** @var AccountModel $Account */
$Account = \Yii::createObject(AccountModel::class);
$Account->setAttributes(['name' => $this->name, 'email' => $this->email, 'password' => $this->password, 'activated_at' => time()]);
$Account->validate() && $Account->save();
if (!$Account->hasErrors()) {
$Account->notificationHelper->sendSignUpEmail();
AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id);
if ($this->loginAfterRegister) {
$SignInFormModel = \Yii::createObject(SignInForm::class);
User()->login($Account, $SignInFormModel::REMEMBER_TIME);
}
}
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
}
return !$Account->hasErrors();
}
/**
* @return array
* @throws \yii\web\BadRequestHttpException
* @throws \yii\web\NotFoundHttpException
*/
public function run()
{
$result = ['result' => false, 'message' => \Yii::t('account', 'Unknown error')];
$account_id = (int) Request()->post('account_id');
$roles = (array) Request()->getBodyParam('roles', []);
if (empty($account_id)) {
throw new \yii\web\BadRequestHttpException('Empty account id');
}
/** @var $modelClass \cookyii\modules\Account\resources\Account */
$modelClass = $this->modelClass;
$Account = $modelClass::find()->byId($account_id)->one();
if (empty($Account)) {
throw new \yii\web\NotFoundHttpException('Account not found');
}
AuthManager()->revokeAll($Account->id);
if (!empty($roles)) {
foreach ($roles as $role => $flag) {
if ($flag === true) {
AuthManager()->assign(RbacFactory::Role($role), $Account->id);
}
}
}
return ['result' => true, 'message' => \Yii::t('account', 'Roles successfully saved.')];
}
/**
* @inheritdoc
*/
public static function get()
{
return array_merge([RbacFactory::Permission(static::ACCESS, 'It has access to the frontend')], static::expandPermissions(static::$merge));
}
/**
* @return array
*/
public static function get()
{
return [RbacFactory::Permission(static::ACCESS, 'It has access to translation backend module')];
}
protected function permissions()
{
return [RbacFactory::Permission('project.access', 'Access project'), RbacFactory::Permission('project.create', 'Create project'), RbacFactory::Permission('project.update', 'Update project'), RbacFactory::Permission('project.delete', 'Delete project'), RbacFactory::Permission('issue.access', 'Access issue'), RbacFactory::Permission('issue.create', 'Create issue'), RbacFactory::Permission('issue.update', 'Update issue'), RbacFactory::Permission('issue.delete', 'Delete issue'), RbacFactory::Permission('user.admin', 'Administrate users')];
}
/**
* @param \yii\authclient\ClientInterface $Client
* @throws \yii\base\NotSupportedException
*/
public function authSuccessCallback(\yii\authclient\ClientInterface $Client)
{
$AuthResponse = new \resources\User\Auth\Response();
$AuthResponse->client = $Client->getId();
$attributes = $Client->getUserAttributes();
$AuthResponse->response = Json::encode($attributes);
$UserQuery = \resources\User::find();
switch ($Client->getId()) {
case 'facebook':
$UserQuery->byFacebookId($attributes['id']);
break;
case 'github':
$UserQuery->byGithubId($attributes['id']);
break;
case 'google':
$UserQuery->byGoogleId($attributes['id']);
break;
case 'linkedin':
$UserQuery->byLinkedinId($attributes['id']);
break;
case 'live':
$UserQuery->byLiveId($attributes['id']);
break;
case 'twitter':
$UserQuery->byTwitterId($attributes['id']);
break;
case 'vkontakte':
$UserQuery->byVkontakteId($attributes['id']);
break;
case 'yandex':
$UserQuery->byYandexId($attributes['id']);
break;
}
/** @var \resources\User $User */
$User = $UserQuery->one();
if ($User instanceof \resources\User) {
$AuthResponse->result = Json::encode($User->id);
} else {
$User = new \resources\User();
$User->appendClientAttributes($Client);
if ($User->save()) {
$User->createSocialLink($Client);
$AuthResponse->result = Json::encode($User->id);
AuthManager()->assign(RbacFactory::Role(\frontend\Permissions::ROLE_USER), $User->id);
} else {
$AuthResponse->result = Json::encode($User->getErrors());
}
}
$AuthResponse->save();
if ($User instanceof \resources\User && !$User->isNewRecord) {
$User->save();
User()->login($User, 86400);
}
}
/**
* @param \yii\authclient\ClientInterface $Client
* @throws \yii\web\ForbiddenHttpException
*/
public function socialAuthCallback(\yii\authclient\ClientInterface $Client)
{
/** @var Account\backend\Module $Module */
$Module = \Yii::$app->getModule($this->accountModule);
$roles = $Module->roles;
$AuthResponse = AccountAuthResponseModel::createLog($Client);
$attributes = $Client->getUserAttributes();
/** @var AccountModel $AccountModel */
$AccountModel = \Yii::createObject(AccountModel::class);
$AccountQuery = $AccountModel::find();
switch ($Client->getId()) {
case 'facebook':
$AccountQuery->byFacebookId($attributes['id']);
break;
case 'instagram':
$AccountQuery->byInstagramId($attributes['id']);
break;
case 'github':
$AccountQuery->byGithubId($attributes['id']);
break;
case 'google':
$AccountQuery->byGoogleId($attributes['id']);
break;
case 'linkedin':
$AccountQuery->byLinkedinId($attributes['id']);
break;
case 'live':
$AccountQuery->byLiveId($attributes['id']);
break;
case 'twitter':
$AccountQuery->byTwitterId($attributes['id']);
break;
case 'vkontakte':
$AccountQuery->byVkontakteId($attributes['id']);
break;
case 'yandex':
$AccountQuery->byYandexId($attributes['id']);
break;
case 'odnoklassniki':
$AccountQuery->byOdnoklassnikiId($attributes['id']);
break;
}
$Account = $AccountQuery->one();
if ($Account instanceof AccountModel) {
$Account->pushSocialLink($Client);
if (true !== ($reason = $Account->isAvailable())) {
switch ($reason) {
default:
case true:
break;
case 'not-activated':
$Account->addError('activated', \Yii::t('cookyii.account', 'Account is not activated.'));
break;
case 'deleted':
$Account->addError('deleted', \Yii::t('cookyii.account', 'Account removed.'));
break;
}
$AuthResponse->result = Json::encode($Account->getErrors());
} else {
$AuthResponse->result = Json::encode($Account->id);
}
} else {
$Account = $AccountModel;
$Account->appendClientAttributes($Client);
if (!empty($Account->email)) {
$SearchAccount = $AccountModel::find()->byEmail($Account->email)->one();
if (!empty($SearchAccount)) {
$Account = $SearchAccount;
$Account->appendClientAttributes($Client);
}
}
$Account->activated_at = time();
$Account->validate() && $Account->save(false);
if ($Account->hasErrors()) {
$AuthResponse->result = Json::encode($Account->getErrors());
} else {
$Account->pushSocialLink($Client);
$AuthResponse->result = Json::encode($Account->id);
if (!$Account->can($roles['user'])) {
AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id);
}
}
}
$AuthResponse->validate() && $AuthResponse->save();
if ($Account instanceof AccountModel && !$Account->isNewRecord && !$Account->hasErrors()) {
$Account->save();
User()->login($Account, 86400);
} else {
$errors = $Account->getFirstErrors();
if (isset($errors['activated'])) {
throw new \yii\web\ForbiddenHttpException($errors['activated']);
}
if (isset($errors['deleted'])) {
throw new \yii\web\ForbiddenHttpException($errors['deleted']);
}
}
}
protected function getNewPermissions()
{
return [RbacFactory::Permission('frontend.access', 'Имеет доступ к системе'), RbacFactory::Permission('backend.account.access', 'Имеет доступ к модулю пользователей'), RbacFactory::Permission('backend.account.approve', 'Может подтверждать юр.лица'), RbacFactory::Permission('backend.account.create', 'Может создавать пользователей'), RbacFactory::Permission('backend.account.update', 'Может обновлять пользователей'), RbacFactory::Permission('backend.account.delete', 'Может удалять пользователей'), RbacFactory::Permission('frontend.contract.access', 'Имеет доступ к модулю контрактов'), RbacFactory::Permission('frontend.contract.import', 'Имеет доступ к импорту контрактов'), RbacFactory::Permission('frontend.contract.create', 'Может создавать контракты'), RbacFactory::Permission('frontend.contract.update', 'Может обновлять все контракты'), RbacFactory::Permission('frontend.contract.update.own', 'Может обновлять свои контракты', 'frontend.contract.its-my'), RbacFactory::Permission('frontend.contract.delete', 'Может удалять все контракты'), RbacFactory::Permission('frontend.contract.delete.own', 'Может удалять свои контракты', 'frontend.contract.its-my'), RbacFactory::Permission('backend.deal.access', 'Может управлять всеми сделками'), RbacFactory::Permission('frontend.deal.create', 'Может создавать сделки'), RbacFactory::Permission('frontend.deal.buy', 'Может просматривать свои исходящие сделки (покупка)'), RbacFactory::Permission('frontend.deal.sell', 'Может просматривать свои входящие сделки (продажа)'), RbacFactory::Permission('backend.pages.access', 'Имеет доступ к модулю статических страниц'), RbacFactory::Permission('backend.pages.create', 'Может создавать статические страницы'), RbacFactory::Permission('backend.pages.update', 'Может обновлять статические страницы'), RbacFactory::Permission('backend.pages.delete', 'Может удалять статические страницы'), RbacFactory::Permission('frontend.pages.view', 'Может просматривать статические страницы'), RbacFactory::Permission('backend.settings.access', 'Имеет доступ к модулю настроек')];
}
/**
* @param \yii\authclient\ClientInterface $Client
* @throws \yii\web\ForbiddenHttpException
*/
public function authSuccessCallback(\yii\authclient\ClientInterface $Client)
{
$AuthResponse = new \cookyii\modules\Account\resources\Account\Auth\Response();
$AuthResponse->client = $Client->getId();
$attributes = $Client->getUserAttributes();
$AuthResponse->response = Json::encode($attributes);
/** @var \cookyii\modules\Account\resources\Account $AccountModel */
$AccountModel = \Yii::createObject(\cookyii\modules\Account\resources\Account::className());
$AccountQuery = $AccountModel::find();
switch ($Client->getId()) {
case 'facebook':
$AccountQuery->byFacebookId($attributes['id']);
break;
case 'github':
$AccountQuery->byGithubId($attributes['id']);
break;
case 'google':
$AccountQuery->byGoogleId($attributes['id']);
break;
case 'linkedin':
$AccountQuery->byLinkedinId($attributes['id']);
break;
case 'live':
$AccountQuery->byLiveId($attributes['id']);
break;
case 'twitter':
$AccountQuery->byTwitterId($attributes['id']);
break;
case 'vkontakte':
$AccountQuery->byVkontakteId($attributes['id']);
break;
case 'yandex':
$AccountQuery->byYandexId($attributes['id']);
break;
}
$Account = $AccountQuery->one();
if ($Account instanceof \cookyii\modules\Account\resources\Account) {
if (true !== ($reason = $Account->isAvailable())) {
switch ($reason) {
default:
case true:
break;
case 'not-activated':
$Account->addError('activated', \Yii::t('account', 'Account is not activated.'));
break;
case 'deleted':
$Account->addError('deleted', \Yii::t('account', 'Account removed.'));
break;
}
$AuthResponse->result = Json::encode($Account->getErrors());
} else {
$AuthResponse->result = Json::encode($Account->id);
}
} else {
$Account = $AccountModel;
$Account->appendClientAttributes($Client);
if (!empty($Account->email)) {
$SearchAccount = $AccountModel::find()->byEmail($Account->email)->one();
if (!empty($SearchAccount)) {
$Account = $SearchAccount;
$Account->appendClientAttributes($Client);
}
} else {
Session()->set('OAuthResponseClient', $Client);
Response()->redirect(['/account/sign/fill'])->send();
exit;
}
if ($Account->save()) {
$Account->createSocialLink($Client);
$AuthResponse->result = Json::encode($Account->id);
if (!$Account->can(\common\Roles::USER)) {
AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id);
}
} else {
$AuthResponse->result = Json::encode($Account->getErrors());
}
}
$AuthResponse->save();
if ($Account instanceof \cookyii\modules\Account\resources\Account && !$Account->isNewRecord && !$Account->hasErrors()) {
$Account->save();
User()->login($Account, 86400);
} else {
$errors = $Account->getFirstErrors();
if (isset($errors['activated'])) {
throw new \yii\web\ForbiddenHttpException($errors['activated']);
}
if (isset($errors['deleted'])) {
throw new \yii\web\ForbiddenHttpException($errors['deleted']);
}
}
}
/**
* @return array
*/
public static function get()
{
return [RbacFactory::Permission(static::ACCESS, 'It has access to page frontend module')];
}
/**
* @inheritdoc
*/
public static function get()
{
return [RbacFactory::Role(static::ADMIN, 'Administrator'), RbacFactory::Role(static::MANAGER, 'Manager'), RbacFactory::Role(static::CLIENT, 'Client'), RbacFactory::Role(static::USER, 'User')];
}
/**
* @param array $assignments
* $assignments = [
* 'user_id' => ['role_1', 'role_2', 'role_3'],
* '1' => ['admin', 'user'],
* '2' => ['client', 'user'],
* '3' => ['manager', 'seller', 'support', 'user'],
* ];
* @throws \yii\base\InvalidConfigException
*/
protected function restoreAssignments($assignments)
{
$useCache = $this->useCache === true;
foreach ($assignments as $user_id => $items) {
if (!empty($this->forceAssign)) {
if (!is_array($this->forceAssign)) {
$this->forceAssign = (array) $this->forceAssign;
}
foreach ($this->forceAssign as $role) {
$this->authManager->assign(RbacFactory::Role($role), $user_id);
echo sprintf(' > role `%s` force assigned to user id: %s.', $role, $user_id) . PHP_EOL;
}
}
if (!empty($items)) {
foreach ($items as $item) {
$item = isset($this->assignmentsMap[$item]) ? $this->assignmentsMap[$item] : $item;
if (empty($item) || in_array($item, (array) $this->forceAssign, true)) {
continue;
}
$this->authManager->assign(RbacFactory::Role($item), $user_id);
echo sprintf(' > role `%s` assigned to user id: %s.', $item, $user_id) . PHP_EOL;
}
}
}
if ($useCache) {
if ($this->cache->exists('assignments-0')) {
$this->cacheIterator(function ($key) {
$this->cache->delete($key);
});
}
}
}
/**
* @return \yii\rbac\Permission[]
*/
protected function permissions()
{
return [RF::Permission(P::ACCESS, 'Grant access')];
}
/**
* @return bool
*/
public function save()
{
$Account = $this->Account;
$Account->name = $this->name;
$Account->email = $this->email;
$Account->gender = $this->gender;
if ($Account->isNewRecord) {
$Account->activated_at = time();
}
if (!empty($this->new_password)) {
$Account->password = $this->new_password;
}
$result = $Account->validate() && $Account->save();
if ($Account->hasErrors()) {
$this->populateErrors($Account, 'name');
} else {
AuthManager()->revokeAll($Account->id);
$roles = $this->roles;
if (!empty($roles)) {
foreach ($roles as $role => $checked) {
if ($checked === true) {
AuthManager()->assign(RbacFactory::Role($role), $Account->id);
}
}
}
}
if (AuthManager() instanceof \yii\rbac\DbManager) {
AuthManager()->invalidateCache();
}
$this->Account = $Account;
return $result;
}
