/**
  * check if the data sended is valid and the user is not trying to cheat
  * This is the 'noCheating' validator as declared in rules().
  */
 public function noCheating($attribute, $params)
 {
     // skip this check on installation
     if ($this->scenario === 'installation') {
         return true;
     }
     // check user_registration_group configuration value
     if ($this->rule === 'user_registration_group') {
         $group = UserGroupsGroup::model()->findByPk((int) $this->value);
         if ($group === NULL) {
             $this->addError('value', Yii::t('userGroupsModule.admin', 'This group does not exist'));
         } elseif ((int) $group->level >= (int) Yii::app()->user->level) {
             $this->addError('value', Yii::t('userGroupsModule.admin', 'You cannot set this value to a level equal or higher then your own'));
         }
     }
     // check valid input for bool options, const and others
     if ($this->options === 'BOOL' && $this->value !== 'FALSE' && $this->value !== 'TRUE') {
         $this->addError('value', Yii::t('userGroupsModule.admin', 'invalid value'));
     } elseif ($this->options === 'CONST' && $this->scenario !== 'module_update') {
         $this->addError('value', Yii::t('userGroupsModule.admin', 'You cannot change constant values'));
     } elseif (strpos($this->options, 'a:') === 0) {
         $options_array = unserialize($this->options);
         if (!isset($options_array[$this->value])) {
             $this->addError('value', Yii::t('userGroupsModule.admin', 'invalid value'));
         }
     }
 }
Example #2
0
<h1><?php 
echo Yii::t('userGroupsModule.general', 'Users');
?>
</h1>
<?php 
if (Yii::app()->user->hasFlash('user')) {
    ?>
    <div class="info">
        <?php 
    echo Yii::app()->user->getFlash('user');
    ?>
    </div>
<?php 
}
$this->widget('zii.widgets.grid.CGridView', array('dataProvider' => $userModel->search(), 'id' => 'user-groups-user-grid', 'enableSorting' => false, 'enablePagination' => false, 'filter' => $userModel, 'summaryText' => false, 'selectionChanged' => 'function(id) { getPermission("' . Yii::app()->baseUrl . '", "' . UserGroupsAccess::USER . '", $.fn.yiiGridView.getSelection(id))}', 'columns' => array('username', array('name' => 'status', 'value' => 'UserGroupsLookup::resolve("status",$data->status).
				((int)$data->status === UserGroupsUser::WAITING_ACTIVATION || (int)$data->status === UserGroupsUser::PASSWORD_CHANGE_REQUEST 
				? ": <b>".$data->activation_code."</b>" : NULL).
				((int)$data->status === UserGroupsUser::BANNED ? ": <b>".$data->ban."</b>" : NULL)', 'type' => 'raw', 'filter' => CHtml::dropDownList('UserGroupsUser[status]', $userModel->status, array_merge(array('null' => Yii::t('userGroupsModule.admin', 'all')), CHtml::listData(UserGroupsLookup::model()->findAll(), 'value', 'text')))), array('name' => 'group_name', 'filter' => CHtml::listData(UserGroupsGroup::model()->findAll(array('order' => 'level')), 'id', 'groupname')))));
if (Yii::app()->user->pbac('userGroups.admin.admin')) {
    echo CHtml::ajaxLink(Yii::t('userGroupsModule.admin', 'add user'), Yii::app()->createUrl('/userGroups/admin/accessList', array('what' => UserGroupsAccess::USER, 'id' => 'new')), array('success' => 'js: function(data){ $("#user-detail").slideUp("slow", function(){ $("#user-detail").html(data).slideDown();}); }'), array('id' => 'new-user-' . time()));
}
?>
<div id="user-detail" style="display:none;"></div>
 /**
  * check if the group assigned to the user has a lower
  * level then the one of the user who is creating or
  * updating the user
  * This is the 'levelCheck' validator as declared in rules().
  */
 public function levelCheck($attribute, $params)
 {
     $group = UserGroupsGroup::model()->findByPk((int) $this->group_id);
     if ($group->level >= Yii::app()->user->level) {
         $this->addError('level', Yii::t('userGroupsModule.admin', 'You cannot assign to a User a Group that has a Level equal or higher then the one you belong to'));
     }
 }
 /**
  * deletes the item from the database
  * @param Array $formData
  */
 private function itemDelete($formData)
 {
     // check if the user performing the action has the permission to do it
     if (!Yii::app()->user->pbac('admin')) {
         Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', 'You don\'t have the permission to delete any user/group'));
     } else {
         // check if the user is trying to delete a valid id
         if (Yii::app()->request->isPostRequest && $formData['id'] !== 'new' && (int) $formData['id'] !== UserGroupsUser::ROOT) {
             // load the item to delete
             if ((int) $formData['what'] === UserGroupsAccess::GROUP) {
                 $model = UserGroupsGroup::model()->findByPk((int) $formData['id']);
             } else {
                 if ((int) $formData['what'] === UserGroupsAccess::USER) {
                     $model = UserGroupsUser::model()->findByPk((int) $formData['id']);
                 }
             }
             if ($model) {
                 // check if your level is higher then the user/group you are about to delete
                 if ($model->level < Yii::app()->user->level) {
                     if ($model->delete() && UserGroupsAccess::model()->deleteAll('element = ' . $formData['what'] . ' AND element_id = ' . $formData['id'])) {
                         Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', '{what} deleted.', array('{what}' => ucfirst($formData['displayname']))));
                     } else {
                         Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', 'Impossible to delete the requested user/group. An Error Occurred'));
                     }
                 } else {
                     Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', 'You cannot delete a user/group with a higher level then yours.'));
                 }
             } else {
                 Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', 'The requested user/group does not exist and cannot be deleted.'));
             }
         } else {
             Yii::app()->user->setFlash((int) $formData['what'] === UserGroupsAccess::USER ? 'user' : 'group', Yii::t('userGroupsModule.admin', 'Invalid Request.'));
         }
     }
     $this->redirect(Yii::app()->baseUrl . '/userGroups/admin');
 }
Example #5
0
<?php 
#form used to ban user
if ((Yii::app()->user->pbac('userGroups.user.admin') || Yii::app()->user->pbac('userGroups.admin.admin')) && (int) $data->status === UserGroupsUser::ACTIVE && $data->relUserGroupsGroup->level < Yii::app()->user->level) {
    ?>
<div id="groups-group-container">
<?php 
    $form = $this->beginWidget('CActiveForm', array('id' => 'user-groups-group-form', 'enableAjaxValidation' => false));
    ?>

	<div class="row">
		<?php 
    echo $form->labelEx($data, 'group_id');
    ?>
		<?php 
    echo $form->dropDownList($data, 'group_id', CHtml::listData(UserGroupsGroup::model()->findAll(array('order' => 'level DESC')), 'id', 'groupname'));
    ?>
		<?php 
    echo $form->error($data, 'group_id');
    ?>
	</div>

<div class="row buttons">	
	<?php 
    echo CHtml::ajaxSubmitButton('Сохранить', Yii::app()->baseUrl . '/userGroups/user/changeGroup/id/' . $data->id, array('update' => '#userGroups-container'), array('id' => 'submit-mail' . $data->id . rand()));
    ?>
</div>

<?php 
    $this->endWidget();
    ?>
Example #6
0
<?php

$this->breadcrumbs = array(Yii::t('UserGroupsModule.general', 'User List'));
?>
<div id="userGroups-container">
	<div class="userGroupsMenu-container">
		<?php 
$this->renderPartial('/admin/menu', array('mode' => 'profile', 'list' => true));
?>
	</div>
	<h1>Users List</h1>

	<p>
	You may optionally enter a comparison operator (<b>&lt;</b>, <b>&lt;=</b>, <b>&gt;</b>, <b>&gt;=</b>, <b>&lt;&gt;</b>
	or <b>=</b>) at the beginning of each of your search values to specify how the comparison should be done.
	</p>
	
	<?php 
$this->widget('zii.widgets.grid.CGridView', array('id' => 'user-groups-user-grid', 'dataProvider' => $model->search(), 'filter' => $model, 'selectableRows' => 0, 'columns' => array(array('name' => 'username', 'value' => Yii::app()->user->pbac('userGroups.user.admin') || Yii::app()->user->pbac('userGroups.admin.admin') ? 'CHtml::link($data->username, Yii::app()->baseUrl ."/userGroups?u=".$data->id)' : '$data->username', 'type' => 'raw'), array('name' => 'group_name', 'filter' => CHtml::listData(UserGroupsGroup::model()->findAll(array('order' => 'level DESC')), 'groupname', 'groupname')), array('name' => 'email', 'visible' => Yii::app()->user->pbac('userGroups.user.admin')), array('name' => 'status', 'value' => '$data->status !=1 ? UserGroupsLookup::resolve("status",$data->status) : UserGroupsLookup::resolve("status",$data->status)."<br/>".CHtml::link("активировать", Array("/userGroups/user/adminActivate","id"=>$data->id), Array("class"=>"ajaxupdate"))', 'visible' => Yii::app()->user->pbac('userGroups.user.admin'), 'type' => 'raw', 'filter' => CHtml::dropDownList('UserGroupsUser[status]', $model->status, array_merge(array('null' => Yii::t('UserGroupsModule.admin', 'all')), CHtml::listData(UserGroupsLookup::model()->findAll(), 'value', 'text')))), array('class' => 'CButtonColumn', 'template' => '{delete}'))));
Yii::app()->clientScript->registerScript('ajaxupdate', "\r\n\t\$('#user-groups-user-grid a.ajaxupdate').live('click', function() {\r\n\t\t\t\$.fn.yiiGridView.update('user-groups-user-grid', {\r\n\t\t\t\t\ttype: 'POST',\r\n\t\t\t\t\turl: \$(this).attr('href'),\r\n\t\t\t\t\tsuccess: function() {\r\n\t\t\t\t\t\t\t\$.fn.yiiGridView.update('user-groups-user-grid');\r\n\t\t\t\t\t}\r\n\t\t\t});\r\n\t\t\treturn false;\r\n\t});\r\n");
?>
	
</div>