/** * @general access control */ public function init() { $model = new Perm(); $permission = $model->getPerm(Yii::app()->session['rid']); $controller = Yii::app()->getController()->id; if ($permission['perm'] && !preg_match("/{$controller}/", $permission['perm'])) { die('你没有访问权限!'); } }
public function __construct($id, $name, $is_default, $owner, $syncable, $synced, $access, $read, $write, $admin) { $this->id = $id; $this->name = $name; $this->displayname = $name; $this->access = $access; $this->read = $read; $this->write = $write; if($GLOBALS['obm']) if((Perm::get_module_rights($entityType) & $GLOBALS['cright_write_admin']) == $GLOBALS['cright_write_admin']) $this->admin = 1; else $this->admin = $admin; $this->isDefault = $is_default; $this->owner = $owner; $this->syncable = TRUE; if ($this->name == 'public_contacts' && $this->isDefault) $this->syncable = FALSE; $this->synced = $synced; $this->db = new DB_OBM; $this->setQueryFilter(); }
/** * Returns the data model based on the primary key given in the GET variable. * If the data model is not found, an HTTP exception will be raised. * @param integer $id the ID of the model to be loaded * @return Perm the loaded model * @throws CHttpException */ public function loadModel($id) { $model = Perm::model()->findByPk($id); if ($model === null) { throw new CHttpException(404, 'The requested page does not exist.'); } return $model; }
public function init() { $model = new Perm(); $this->permission = $model->getPerm(Yii::app()->session['rid']); parent::init(); }
function doLogin() { $config = array('jwt' => array('key' => getenv('JWT_SECRET'), 'algorithm' => 'HS256'), 'serverName' => 'reachapp.com'); $username = $_POST['email']; $password = $_POST['password']; if ($username && $password) { try { $user = \User::where('email', '=', $username)->take(1)->get(); $user = $user[0]; if (true) { /* * Password was generated by password_hash(), so we need to use * password_verify() to check it. * * @see http://php.net/manual/en/ref.password.php */ if (md5($password) === $user->encrypted_password) { //setup the data for the jwt $random = mt_rand(0, 999999); $tokenId = base64_encode($random); //$tokenId = base64_encode(mcrypt_create_iv(32)); $issuedAt = time(); $notBefore = $issuedAt; //Adding 10 seconds $expire = $notBefore + 3600000; // Adding 60 seconds $serverName = $config['serverName']; $admins = array(); $employees = array(); $customers = array(); $roles = \Perm::where('user_id', '=', $user->id)->get(); $role_admin = \Perm::where(['user_id' => $user->id, 'role' => 'admin'])->get(); $role_emp = \Perm::where(['user_id' => $user->id, 'role' => 'employee'])->get(); $role_cust = \Perm::where(['user_id' => $user->id, 'role' => 'customer'])->get(); $role_super = $user->super_admin; if (sizeof($role_admin) > 0) { foreach ($role_admin as $role) { $admins[] = $role->company_id; } } if (sizeof($role_emp) > 0) { foreach ($role_emp as $role) { $employees[] = $role->company_id; } } if (sizeof($role_cust) > 0) { foreach ($role_cust as $role) { $customers[] = $role->company_id; } } /* * Create the token as an array */ $data = array('iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'nbf' => $notBefore, 'exp' => $expire, 'data' => array('userId' => $user->id, 'userName' => $username), 'role_admin' => $admins, 'role_employee' => $employees, 'role_customer' => $customers, 'role_super' => $role_super); //header('Content-type: application/json'); /* * Extract the key, which is coming from the config file. * * Best suggestion is the key to be a binary string and * store it in encoded in a config file. * * Can be generated with base64_encode(openssl_random_pseudo_bytes(64)); * * keep it secure! You'll need the exact key to verify the * token later. */ //$secretKey = base64_decode($config['jwt']['key']); $secretKey = $config['jwt']['key']; /* * Extract the algorithm from the config file too */ $algorithm = $config['jwt']['algorithm']; /* * Encode the array to a JWT string. * Second parameter is the key to encode the token. * * The output string can be validated at http://jwt.io/ */ $jwt = \Firebase\JWT\JWT::encode($data, $secretKey, $algorithm); $unencodedArray = array('jwt' => $jwt); //$app->response->setStatus(200); echo json_encode($unencodedArray); } else { header('HTTP/1.0 401 Unauthorized'); } } else { header('HTTP/1.0 404 Not Found'); } } catch (Exception $e) { header('HTTP/1.0 500 Internal Server Error'); } } else { header('HTTP/1.0 400 Bad Request'); } }