/**
* Check if user has access to current route
*
* @param Action $action the action to be executed.
*
* @return boolean whether the action should continue to be executed.
*/
public function beforeAction($action)
{
if ($action->id == 'captcha') {
return true;
}
$route = '/' . $action->uniqueId;
if (Route::isFreeAccess($route, $action)) {
return true;
}
if (Yii::$app->user->isGuest) {
$this->denyAccess();
}
// If user has been deleted, then destroy session and redirect to home page
if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) {
Yii::$app->getSession()->destroy();
$this->denyAccess();
}
// Superadmin owns everyone
if (Yii::$app->user->isSuperadmin) {
return true;
}
if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) {
Yii::$app->user->logout();
Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl());
}
if (User::canRoute($route)) {
$modelId = Yii::$app->getRequest()->getQueryParam('id');
$modelClass = isset($this->owner->modelClass) ? $this->owner->modelClass : null;
//Check access for owners
if ($modelClass && YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()) && $modelId) {
$model = $modelClass::findOne(['id' => $modelId]);
if ($model && Yii::$app->user->identity->id == $model->{$modelClass::getOwnerField()}) {
return true;
}
} else {
return true;
}
}
if (isset($this->denyCallback)) {
call_user_func($this->denyCallback, null, $action);
} else {
$this->denyAccess();
}
return false;
}
/**
* Lists all models.
* @return mixed
*/
public function actionIndex()
{
$modelClass = $this->modelClass;
$searchModel = $this->modelSearchClass ? new $this->modelSearchClass() : null;
$searchLinkModel = $this->modelLinkSearchClass ? new $this->modelLinkSearchClass() : null;
$restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission());
if ($searchModel) {
$searchName = StringHelper::basename($searchModel::className());
$params = Yii::$app->request->getQueryParams();
if ($restrictAccess) {
$params[$searchName][$modelClass::getOwnerField()] = Yii::$app->user->identity->id;
}
$dataProvider = $searchModel->search($params);
} else {
$restrictParams = $restrictAccess ? [$modelClass::getOwnerField() => Yii::$app->user->identity->id] : [];
$dataProvider = new ActiveDataProvider(['query' => $modelClass::find()->where($restrictParams)]);
}
return $this->renderIsAjax('index', compact('dataProvider', 'searchModel', 'searchLinkModel'));
}
/**
* Creates data provider instance with search query applied
*
* @param array $params
*
* @return ActiveDataProvider
*/
public function search($params = [])
{
$queryParams = Yii::$app->request->getQueryParams();
$query = MenuLink::find()->joinWith('translations');
$dataProvider = new ActiveDataProvider(['query' => $query, 'pagination' => ['pageSize' => -1], 'sort' => ['defaultOrder' => ['order' => SORT_ASC]]]);
$this->load($queryParams);
foreach ($params as $key => $value) {
$this->{$key} = $value;
}
$restrictLinkAccess = YeeHelper::isImplemented(MenuLink::className(), OwnerAccess::CLASSNAME) && !User::hasPermission(MenuLink::getFullAccessPermission());
if (!$this->validate()) {
// uncomment the following line if you do not want to return any records when validation fails
// $query->where('0=1');
return $dataProvider;
}
if ($restrictLinkAccess) {
$query->andFilterWhere([MenuLink::getOwnerField() => Yii::$app->user->identity->id]);
}
$query->andWhere(['menu_id' => $this->menu_id])->andFilterWhere(['alwaysVisible' => $this->alwaysVisible])->andFilterWhere(['like', 'id', $this->id])->andWhere(['parent_id' => $this->parent_id]);
return $dataProvider;
}
/**
* Deactivate all selected grid items
*/
public function actionBulkDelete()
{
if (Yii::$app->request->post('selection')) {
$modelClass = $this->modelClass;
$restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission());
foreach (Yii::$app->request->post('selection', []) as $id) {
$where = ['id' => $id];
if ($restrictAccess) {
$where[$modelClass::getOwnerField()] = Yii::$app->user->identity->id;
}
$model = $modelClass::findOne($where);
if ($model) {
$model->delete();
}
}
}
}
/**
* Set default options
*/
protected function setDefaultOptions()
{
if (!$this->links) {
$model = $this->model;
$formName = $this->searchModel->formName();
if (!$this->options) {
$this->options = $this->defaultOptions;
if (is_array($this->labels)) {
$this->options = ArrayHelper::merge($this->options, self::addKeyToValue($this->labels, 'label'));
}
}
foreach ($this->options as $option) {
if ($this->showCount) {
if (YeeHelper::isImplemented($model, OwnerAccess::CLASSNAME) && !User::hasPermission($model::getFullAccessPermission())) {
$option['filterWhere'][$model::getOwnerField()] = Yii::$app->user->identity->id;
}
$count = $model::find()->filterWhere($option['filterWhere'])->count();
$count = " ({$count})";
}
$label = $option['label'] . ($count ? $count : '');
$url = [$this->action, $formName => $option['filterWhere']];
$this->links[$label] = $url;
}
}
}
