/**
* Denies the access of the user.
* @param string $message the message to display to the user.
* This method may be invoked when access check fails.
* @throws CHttpException when called unless login is required.
*/
public function accessDenied($message = null)
{
if ($message === null) {
$message = Rights::t('core', 'Bạn không được phép thực hiện hành động này.');
}
$user = Yii::app()->getUser();
if ($user->isGuest === true) {
$user->loginRequired();
} else {
throw new CHttpException(403, $message);
}
}
/**
* Denies the access of the user.
* @param string $message the message to display to the user.
* This method may be invoked when access check fails.
* @throws CHttpException when called unless login is required.
*/
public function accessDenied($message = null)
{
if ($message === null) {
$message = Rights::t('core', 'No sufficient permissions for current user to perform this action');
}
$user = Yii::app()->getUser();
if ($user->isGuest === true) {
$user->loginRequired();
} else {
throw new CHttpException(403, $message);
}
}
/**
* Denies the access of the user.
* @param string $message the message to display to the user.
* This method may be invoked when access check fails.
* @throws CHttpException when called unless login is required.
*/
public function accessDenied($message = null)
{
if ($message === null) {
$message = Rights::t('core', 'Anda tidak diotorisasi melakukan aksi ini, jika anda seharusnya punya hak akses, hubungi administrator, terima kasih.');
}
$user = Yii::app()->getUser();
if ($user->isGuest === true) {
$user->loginRequired();
} else {
throw new CHttpException(403, $message);
}
}
/**
* Denies the access of the user.
* @param string $message the message to display to the user.
* This method may be invoked when access check fails.
* @throws CHttpException when called unless login is required.
*/
public function accessDenied($message = null)
{
if ($message === null) {
$message = Rights::t('core', 'You are not authorized to perform this action.');
}
$user = Yii::app()->getUser();
if ($user->isGuest === true) {
$user->loginRequired();
} else {
throw new CHttpException(403, $message);
}
}
/**
* Initializes the installer.
* @throws CException if the authorization manager or the web user
* is not configured to use the correct class.
*/
public function init()
{
parent::init();
// Make sure the application is configured
// to use a valid authorization manager.
$authManager = Yii::app()->getAuthManager();
if ($authManager instanceof RDbAuthManager === false) {
throw new CException(Rights::t('install', 'Application authorization manager must extend the RDbAuthManager class.'));
}
// Make sure the application is configured
// to use a valid web user.
$user = Yii::app()->getUser();
//if( ($user instanceof RWebUser)===false )
// throw new CException(Rights::t('install', 'Application web user must extend the RWebUser class.'));
$this->_authManager = $authManager;
$this->db = $this->_authManager->db;
}
/**
* Installs the module.
* @throws CHttpException if the user is not logged in.
*/
public function actionRun()
{
// Make sure the user is not a guest.
if (Yii::app()->user->isGuest === false) {
// Make sure that the module is not already installed.
if (isset($_GET['confirm']) === true || $this->_installer->installed === false) {
// Run the installer and check for an error.
if ($this->_installer->run() === RInstaller::ERROR_NONE) {
// Mark the user to have superuser privileges.
Yii::app()->user->isSuperuser = true;
$this->redirect(array('install/ready'));
}
// Redirect to the error page.
$this->redirect(array('install/error'));
} else {
$this->redirect(array('install/confirm'));
}
} else {
$this->accessDenied(Rights::t('install', 'You must be logged in to install Rights.'));
}
}
/**
* Installs the module.
* @throws CHttpException if the user is not logged in.
*/
public function actionRun()
{
// Make sure the user is not a guest.
if (Yii::app()->user->isGuest === false) {
// Get the application web user.
$user = Yii::app()->getUser();
// Make sure that the module is not already installed.
if (isset($_GET['confirm']) === true || $this->_installer->installed === false) {
// Run the installer and check for an error.
if ($this->_installer->run(true) === true) {
// Mark the user to have superuser priviledges.
$user->isSuperuser = true;
$this->redirect(array('install/ready'));
}
// Set an error message.
$user->setFlash($this->module->flashErrorKey, Rights::t('install', 'Installation failed.'));
$this->redirect(Yii::app()->homeUrl);
} else {
$this->redirect(array('install/confirm'));
}
} else {
$this->accessDenied(Rights::t('install', 'You must be logged in to install Rights.'));
}
}
<?php
$this->breadcrumbs = array('Phân quyền' => Rights::getBaseUrl(), Rights::t('core', 'Assignments'));
?>
<div id="assignments">
<h2><?php
echo Rights::t('core', 'Assignments');
?>
</h2>
<p>
<?php
echo Rights::t('core', 'Here you can view which permissions has been assigned to each user.');
?>
</p>
<?php
$this->widget('zii.widgets.grid.CGridView', array('dataProvider' => $dataProvider, 'template' => "{items}\n{pager}", 'emptyText' => Rights::t('core', 'No users found.'), 'htmlOptions' => array('class' => 'grid-view assignment-table'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getAssignmentNameLink()'), array('name' => 'assignments', 'header' => Rights::t('core', 'Roles'), 'type' => 'raw', 'htmlOptions' => array('class' => 'role-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_ROLE)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Tasks'), 'type' => 'raw', 'htmlOptions' => array('class' => 'task-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_TASK)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Operations'), 'type' => 'raw', 'htmlOptions' => array('class' => 'operation-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_OPERATION)'))));
?>
</div>
/**
* Returns the markup for a inherited permission.
* @param array the parents for this item.
* @param boolean whether to display the parent item type.
* @return string the markup.
*/
public function getInheritedPermissionText($parents, $displayType = false)
{
$items = array();
foreach ($parents as $itemName => $item) {
$itemMarkup = $item->getNameText();
if ($displayType === true) {
$itemMarkup .= ' (' . Rights::getAuthItemTypeName($item->type) . ')';
}
$items[] = $itemMarkup;
}
return '<span class="inherited-item" title="' . implode('<br />', $items) . '">' . Rights::t('core', 'Inherited') . ' *</span>';
}
<?php $this->breadcrumbs = array(
'Rights'=>Rights::getBaseUrl(),
Rights::t('core', 'Create :type', array(':type'=>Rights::getAuthItemTypeName($_GET['type']))),
); ?>
<div class="createAuthItem">
<h2 style="color:#427FED;border-bottom:2px solid #ff503f;padding: 10px 1%;width: 98%;"><?php echo Rights::t('core', 'Create :type', array(
':type'=>Rights::getAuthItemTypeName($_GET['type']),
)); ?></h2>
<?php $this->renderPartial('_form', array('model'=>$formModel)); ?>
</div>
/**
* Returns the valid child item types for a specific type.
* @param string the authorization item type.
* @return array the valid types.
*/
public static function getValidChildTypes($type)
{
switch ((int) $type) {
// Roles can consist of any type of authorization items
case CAuthItem::TYPE_ROLE:
return null;
// Tasks can consist of other tasks and operations
// Tasks can consist of other tasks and operations
case CAuthItem::TYPE_TASK:
return array(CAuthItem::TYPE_TASK, CAuthItem::TYPE_OPERATION);
// Operations can consist of other operations
// Operations can consist of other operations
case CAuthItem::TYPE_OPERATION:
return array(CAuthItem::TYPE_OPERATION);
// Invalid type
// Invalid type
default:
throw new CException(Rights::t('core', 'Invalid authorization item type.'));
}
}
<?php
$this->breadcrumbs = array('Rights' => Rights::getBaseUrl(), Rights::t('core', 'Create :type', array(':type' => Rights::getAuthItemTypeName($_GET['type']))));
$this->title = '<h2>' . Rights::t('core', 'Create :type', array(':type' => Rights::getAuthItemTypeName($_GET['type']))) . '</h2>';
?>
<?php
echo $this->renderPartial('/_menu', array('list' => array()));
?>
<?php
$this->renderPartial('/_flash');
?>
<?php
$this->renderPartial('_form', array('model' => $formModel));
/**
* Declares attribute labels.
*/
public function attributeLabels()
{
return array('itemname' => Rights::t('core', 'Authorization item'));
}
<h3><?php
echo Rights::t('core', 'Меню');
?>
</h3>
<hr/>
<?php
$this->widget('zii.widgets.CMenu', array('activeCssClass' => 'active', 'items' => array(array('label' => Rights::t('core', 'Assignments'), 'url' => array('assignment/view'), 'itemOptions' => array('class' => 'item-assignments')), array('label' => Rights::t('core', 'Permissions'), 'url' => array('authItem/permissions'), 'itemOptions' => array('class' => 'item-permissions')), array('label' => Rights::t('core', 'Roles'), 'url' => array('authItem/roles'), 'itemOptions' => array('class' => 'item-roles')), array('label' => Rights::t('core', 'Tasks'), 'url' => array('authItem/tasks'), 'itemOptions' => array('class' => 'item-tasks')), array('label' => Rights::t('core', 'Operations'), 'url' => array('authItem/operations'), 'itemOptions' => array('class' => 'item-operations')))));
if (isset($this->clips['sidebarHelpText'])) {
echo '<div class="hint" style="margin-top:25px;padding-right:5px;">' . $this->clips['sidebarHelpText'] . '</div>';
}
<?php
if ($formModel !== null) {
?>
<div class="form">
<?php
$this->renderPartial('_form', array('model' => $formModel, 'itemnameSelectOptions' => $assignSelectOptions));
?>
</div>
<?php
} else {
?>
<p class="info"><?php
echo Rights::t('core', 'No assignments available to be assigned to this user.');
?>
<?php
}
?>
</div>
<?php
$this->endWidget();
?>
</div>
/**
* Makes sure that the business rule is not empty when data is specified.
* This is the 'bizRuleNotEmpty' validator as declared in rules().
*/
public function bizRuleNotEmpty($attribute, $params)
{
if (empty($this->data) === false && empty($this->bizRule) === true) {
$this->addError('data', Rights::t('core', 'Business rule cannot be empty.'));
}
}
<p class="info"><?php
echo Rights::t('core', 'No children available to be added to this item.');
?>
<?php
}
?>
</div>
<?php
} else {
?>
<p class="info">
<?php
echo Rights::t('core', 'No relations need to be set for the superuser role.');
?>
<br/>
<?php
echo Rights::t('core', 'Super users are always granted access implicitly.');
?>
</p>
<?php
}
?>
</div>
</div>
<?php if( Rights::module()->enableBizRule===true ): ?>
<div class="row">
<?php echo $form->labelEx($model, 'bizRule'); ?>
<?php echo $form->textField($model, 'bizRule', array('maxlength'=>255, 'class'=>'text-field')); ?>
<?php echo $form->error($model, 'bizRule'); ?>
<p class="hint"><?php echo Rights::t('core', 'Code that will be executed when performing access checking.'); ?></p>
</div>
<?php endif; ?>
<?php if( Rights::module()->enableBizRule===true && Rights::module()->enableBizRuleData ): ?>
<div class="row">
<?php echo $form->labelEx($model, 'data'); ?>
<?php echo $form->textField($model, 'data', array('maxlength'=>255, 'class'=>'text-field')); ?>
<?php echo $form->error($model, 'data'); ?>
<p class="hint"><?php echo Rights::t('core', 'Additional data available when executing the business rule.'); ?></p>
</div>
<?php endif; ?>
<div class="row buttons">
<?php echo CHtml::submitButton(Rights::t('core', 'Save'),array('class'=>'submit')); ?> <?php echo CHtml::link(Rights::t('core', 'Cancel'), Yii::app()->user->rightsReturnUrl, array('class'=>'btnCan')); ?>
</div>
<?php $this->endWidget(); ?>
</div>
<style>.pagination{margin:0}</style>
<section class="panel">
<header class="panel-heading"> <?php
echo Rights::t('core', 'Phân bổ vai trò');
?>
</header>
<div class="panel-body">
<div class="adv-table">
<div class="alert alert-warning fade in" style="margin-bottom: 0;">
<?php
echo Rights::t('core', 'Ở đây bạn có thể xem các điều khoản đã được chỉ định cho mỗi người dùng.');
?>
</div>
<?php
$this->widget('bootstrap.widgets.TbGridView', array('dataProvider' => $dataProvider, 'summaryText' => 'Hiển thị {start} đến {end} của {count} bản ghi', 'emptyText' => Rights::t('core', 'Không tìm thấy user nào.'), 'htmlOptions' => array('class' => 'grid-view assignment-table'), 'itemsCssClass' => 'display table table-bordered table-striped dataTable', 'pager' => array('header' => '', 'htmlOptions' => array('class' => 'pagination pagination-sm pull-right'), 'firstPageLabel' => '«', 'nextPageLabel' => '→', 'lastPageLabel' => '»', 'prevPageLabel' => '←', 'selectedPageCssClass' => 'active'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getAssignmentNameLink()'), array('name' => 'assignments', 'header' => Rights::t('core', 'Roles'), 'type' => 'raw', 'htmlOptions' => array('class' => 'role-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_ROLE)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Tasks'), 'type' => 'raw', 'htmlOptions' => array('class' => 'task-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_TASK)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Operations'), 'type' => 'raw', 'htmlOptions' => array('class' => 'operation-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_OPERATION)'))));
?>
</div>
</div>
</section>
<?php
$this->widget('bootstrap.widgets.TbMenu', array('type' => 'pills', 'stacked' => false, 'items' => array(array('label' => Rights::t('core', 'Assignments'), 'url' => array('/rights/assignment/view'), 'itemOptions' => array('class' => 'item-assignments')), array('label' => Rights::t('core', 'Permissions'), 'url' => array('/rights/authItem/permissions'), 'itemOptions' => array('class' => 'item-permissions')), array('label' => Rights::t('core', 'Roles'), 'url' => array('/rights/authItem/roles'), 'itemOptions' => array('class' => 'item-roles')), array('label' => Rights::t('core', 'Tasks'), 'url' => array('/rights/authItem/tasks'), 'itemOptions' => array('class' => 'item-tasks')), array('label' => Rights::t('core', 'Operations'), 'url' => array('/rights/authItem/operations'), 'itemOptions' => array('class' => 'item-operations')))));
?>
<?php
echo $form->textField($model, 'data', array('maxlength' => 255, 'class' => 'text-field'));
?>
<?php
echo $form->error($model, 'data');
?>
<p class="hint"><?php
echo Rights::t('core', 'Additional data available when executing the business rule.');
?>
</p>
</div>
<?php
}
?>
<div class="row buttons">
<?php
echo CHtml::submitButton(Rights::t('core', 'Save'));
?>
| <?php
echo CHtml::link(Rights::t('core', 'Cancel'), Yii::app()->user->rightsReturnUrl);
?>
</div>
<?php
$this->endWidget();
?>
</div>
</th></tr>
<?php
}
?>
<?php
if ($items['modules'] !== array()) {
?>
<?php
if ($displayModuleHeadingRow === true) {
?>
<tr><th class="module-heading-row" colspan="3"><?php
echo Rights::t('core', 'Modules');
?>
</th></tr>
<?php
}
?>
<?php
foreach ($items['modules'] as $moduleName => $moduleItems) {
?>
<tr><th class="module-row" colspan="3"><?php
echo ucfirst($moduleName) . 'Module';
?>
</th></tr>
/**
* Revokes an assignment from an user.
*/
public function actionRevoke()
{
// We only allow deletion via POST request
if (Yii::app()->request->isPostRequest === true) {
$itemName = $this->getItemName();
// Revoke the item from the user and load it
$this->_authorizer->authManager->revoke($itemName, $_GET['id']);
$item = $this->_authorizer->authManager->getAuthItem($itemName);
$item = $this->_authorizer->attachAuthItemBehavior($item);
// Set flash message for revoking the item
Yii::app()->user->setFlash($this->module->flashSuccessKey, Rights::t('core', 'Permission :name revoked.', array(':name' => $item->getNameText())));
// if AJAX request, we should not redirect the browser
if (isset($_POST['ajax']) === false) {
$this->redirect(array('assignment/user', 'id' => $_GET['id']));
}
} else {
throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
}
}
<?php
$form = $this->beginWidget('CActiveForm');
?>
<?php
echo $form->dropDownList($model, 'itemname', $itemnameSelectOptions);
?>
<?php
echo $form->error($model, 'itemname');
?>
<div class="row buttons">
<?php
echo CHtml::submitButton(Rights::t('core', 'Add'));
?>
</div>
<?php
$this->endWidget();
?>
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
*/
public function loadModel()
{
if ($this->_model === null) {
$itemName = $this->getItemName();
if ($itemName !== null) {
$this->_model = $this->_authorizer->authManager->getAuthItem($itemName);
$this->_model = $this->_authorizer->attachAuthItemBehavior($this->_model);
}
if ($this->_model === null) {
throw new CHttpException(404, Rights::t('core', 'The requested page does not exist.'));
}
}
return $this->_model;
}
<?php
$form = $this->beginWidget('CActiveForm');
?>
<div class="form-group">
<?php
echo $form->dropDownList($model, 'itemname', $itemnameSelectOptions, array('class' => 'form-control'));
?>
<?php
echo $form->error($model, 'itemname');
?>
</div>
<div class="form-action text-right">
<?php
echo CHtml::submitButton(Rights::t('core', 'Assign'), array('class' => 'btn btn-primary'));
?>
</div>
<?php
$this->endWidget();
$this->widget('bootstrap.widgets.TbExtendedGridView', array('dataProvider' => $dataProvider, 'type' => 'hover striped bordered', 'template' => '{items}', 'emptyText' => Rights::t('core', 'No authorization items found.'), 'htmlOptions' => array('class' => 'grid-view permission-table'), 'columns' => $columns));
?>
<p class="info">*) <?php
echo Rights::t('core', 'Hover to see from where the permission is inherited.');
?>
</p>
<script type="text/javascript">
/**
* Attach the tooltip to the inherited items.
*/
jQuery('.inherited-item').rightsTooltip({
title:'<?php
echo Rights::t('core', 'Source');
?>
: '
});
/**
* Hover functionality for rights' tables.
*/
$('#rights tbody tr').hover(function() {
$(this).addClass('hover'); // On mouse over
}, function() {
$(this).removeClass('hover'); // On mouse out
});
</script>
<h2><?php
echo Rights::t('core', 'Operations');
?>
</h2>
<p>
<?php
echo Rights::t('core', 'An operation is a permission to perform a single operation, for example accessing a certain controller action.');
?>
<br />
<?php
echo Rights::t('core', 'Operations exist below tasks in the authorization hierarchy and can therefore only inherit from other operations.');
?>
</p>
<p><?php
echo CHtml::link(Rights::t('core', 'Create a new operation'), array('authItem/create', 'type' => CAuthItem::TYPE_OPERATION), array('class' => 'add-operation-link'));
?>
</p>
<?php
$this->widget('zii.widgets.grid.CGridView', array('dataProvider' => $dataProvider, 'template' => '{items}', 'emptyText' => Rights::t('core', 'No operations found.'), 'htmlOptions' => array('class' => 'grid-view operation-table sortable-table'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getNameLink(false, true, true)'), array('name' => 'description', 'header' => Rights::t('core', 'Description'), 'type' => 'raw', 'htmlOptions' => array('class' => 'description-column')), array('name' => 'bizRule', 'header' => Rights::t('core', 'Business rule'), 'type' => 'raw', 'htmlOptions' => array('class' => 'bizrule-column'), 'visible' => Rights::module()->enableBizRule === true), array('name' => 'data', 'header' => Rights::t('core', 'Data'), 'type' => 'raw', 'htmlOptions' => array('class' => 'data-column'), 'visible' => Rights::module()->enableBizRuleData === true), array('header' => ' ', 'type' => 'raw', 'htmlOptions' => array('class' => 'actions-column'), 'value' => '$data->getDeleteOperationLink()'))));
?>
<p class="info"><?php
echo Rights::t('core', 'Values within square brackets tell how many children each item has.');
?>
</p>
</div>
</table>
</div>
<div class="row">
<?php
echo CHtml::link(Rights::t('core', 'Select all'), '#', array('onclick' => "jQuery('.generate-item-table').find(':checkbox').attr('checked', 'checked'); return false;", 'class' => 'selectAllLink'));
?>
/
<?php
echo CHtml::link(Rights::t('core', 'Select none'), '#', array('onclick' => "jQuery('.generate-item-table').find(':checkbox').removeAttr('checked'); return false;", 'class' => 'selectNoneLink'));
?>
</div>
<div class="row">
<?php
echo CHtml::submitButton(Rights::t('core', 'Generate'));
?>
</div>
<?php
$this->endWidget();
?>
</div>
</div>
/**
* Returns the users with superuser privileges.
* @return the superusers.
*/
public function getSuperusers()
{
$assignments = $this->_authManager->getAssignmentsByItemName(Rights::module()->superuserName);
$userIdList = array();
foreach ($assignments as $userId => $assignment) {
$userIdList[] = $userId;
}
$criteria = new CDbCriteria();
$criteria->addInCondition(Rights::module()->userIdColumn, $userIdList);
$userClass = Rights::module()->userClass;
$users = CActiveRecord::model($userClass)->findAll($criteria);
$users = $this->attachUserBehavior($users);
//percobaan
$userNameCol = Rights::module()->userNameColumn;
//
$superusers = array();
foreach ($users as $user) {
//$superusers[] = $user->name;
$superusers[] = $user->username;
}
// Make sure that we have superusers, otherwise we would allow full access to Rights
// if there for some reason is not any superusers.
if ($superusers === array()) {
throw new CHttpException(403, Rights::t('core', 'There must be at least one superuser!'));
}
return $superusers;
}
