/** * @inheritdoc */ public function behaviors() { return ['access' => ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'actions' => ['index', 'create', 'update', 'delete', 'profile'], 'roles' => ['@'], 'matchCallback' => function ($rule, $action) { if (in_array($action->id, $this->adminActions)) { return User::isAdmin(); } return true; }]], 'denyCallback' => function ($rule, $action) { if (in_array($action->id, $this->adminActions)) { throw new ForbiddenHttpException('User must be logged in and have ADMIN permissions to access this page.'); } throw new ForbiddenHttpException('You are not allowed to perform this action.'); }], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]]]; }
/** * @param OrderPostRequest $request * @param $fileName * * @return ProofOfTransfer */ public static function proofOfTransferFromRequestWithoutImages(User $user, $request, $fileName, $amount, $isHq, $isMembership) { if (!$user->isAdmin() && !$user->referral_id && !$user->new_referral_id) { App::abort(500, 'Invalid user'); } $proofOfTransfers = new self(); $proofOfTransfers->payment_mode = $request->payment_mode; if ($proofOfTransfers->payment_mode == 'BankTransfer') { $proofOfTransfers->bank_name = $request->bank_name; } else { $proofOfTransfers->bank_name = $proofOfTransfers->payment_mode; } // date transfer if ($request->date_transfer) { $proofOfTransfers->date_transfer = $request->date_transfer; } if ($request->time_transfer) { $proofOfTransfers->time_transfer = $request->time_transfer; } if ($request->is_public_order) { $proofOfTransfers->is_public_order = $request->is_public_order; } assert($amount > 0); $proofOfTransfers->amount = $amount; $proofOfTransfers->user_id = $user->id; $proofOfTransfers->notes = $request->notes; $proofOfTransfers->order_notes = $request->order_notes; if ($isHq) { $proofOfTransfers->receiver_user_id = User::admin()->id; } else { assert($user->organization || $isMembership); if ($isMembership && !$user->organization) { // HACKHACK This will set receiver_user_id to admin - in RaniaDropshipMembershipOrderManager // We will undo this, and reset receiver_user_id to PL // Unit test this! $proofOfTransfers->receiver_user_id = User::admin()->id; } else { assert($user->organization); $proofOfTransfers->receiver_user_id = $user->organization->admin_id; } } if ($fileName) { $proofOfTransfers->image = $fileName; } $proofOfTransfers->save(); return $proofOfTransfers; }
/** * Grant all abilities to administrator. * * @param \App\Models\User $user * @param string $ability * @return bool */ public function before(User $user, $ability) { if ($user->isAdmin()) { return true; } }
}); Route::post('/admin/blogs/add', function () { if (!Auth::check() || !User::isAdmin(Auth::user())) { return redirect('login')->with('msg', "NOT LOGGED IN!"); } Article::create(array_add(Input::all(), 'user_id', Auth::user()->id)); return redirect('/admin/blogs'); }); Route::get("/admin/blog/confirm/{id}", function ($id) { if (!Auth::check() || !User::isAdmin(Auth::user())) { return redirect('login')->with('msg', "NOT LOGGED IN!"); } return view('admin/blogs/confirm', ['id' => $id]); }); Route::get('/admin/blog/delete/{id}', function ($id) { if (!Auth::check() || !User::isAdmin(Auth::user())) { return redirect('login')->with('msg', "NOT LOGGED IN!"); } $article = Article::find($id); $article->delete(); return redirect('/admin/blogs'); }); Route::get('/login', function () { return view('admin.login'); }); Route::post('/login', function () { if (Auth::check() || Auth::attempt(Input::only('email', 'password'))) { return redirect('admin'); } return view('admin.login', ['msg' => 'Failed to login!']); });
<span aria-hidden="true">×</span> </button>' . Yii::$app->session->getFlash($type) . ' </div>'; } $this->registerJs('setTimeout(function() { $(".alert").alert("close"); }, 4000);'); } ?> <div class="wrap"> <?php NavBar::begin(['brandLabel' => Yii::$app->name, 'brandUrl' => Yii::$app->homeUrl, 'options' => ['class' => 'navbar-inverse navbar-fixed-top']]); // User is Guest if (Yii::$app->user->isGuest) { $items = [['label' => 'Home', 'url' => ['/site/index']], ['label' => 'Login', 'url' => ['/site/login']]]; } else { $items = [['label' => 'Home', 'url' => ['/site/index']], ['label' => 'All the dropdowns', 'items' => ['<li class="dropdown-header">Stuff Area 1</li>', ['label' => 'Site Index', 'url' => ['/site/index']], '<li class="divider"></li>', '<li class="dropdown-header">Stuff Area 2</li>', ['label' => 'Site Index', 'url' => ['/site/index']]], 'activateParents' => true], ['label' => 'Users', 'url' => ['/user/index'], 'visible' => User::isAdmin()], ['label' => '<span class="glyphicon glyphicon-cog" style="font-size: large;" aria-hidden="true"></span>', 'items' => [['label' => 'Profile', 'url' => ['/user/profile']], ['label' => 'Logout (' . Yii::$app->user->identity->username . ')', 'url' => ['/site/logout'], 'linkOptions' => ['data-method' => 'post']]]]]; } echo Nav::widget(['options' => ['class' => 'navbar-nav navbar-right'], 'encodeLabels' => false, 'items' => $items]); NavBar::end(); ?> <div class="container"> <?php echo Breadcrumbs::widget(['links' => isset($this->params['breadcrumbs']) ? $this->params['breadcrumbs'] : []]); ?> <?php echo $content; ?> </div> </div>
public function update(User $current_user, User $resource_user) { // Everyone can update self // Admin can update other users that are 'owned' return $current_user->id === $resource_user->id || $current_user->isAdmin() && $current_user->owns($resource_user); }