/**
* @inheritdoc
*/
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'actions' => ['index', 'create', 'update', 'delete', 'profile'], 'roles' => ['@'], 'matchCallback' => function ($rule, $action) {
if (in_array($action->id, $this->adminActions)) {
return User::isAdmin();
}
return true;
}]], 'denyCallback' => function ($rule, $action) {
if (in_array($action->id, $this->adminActions)) {
throw new ForbiddenHttpException('User must be logged in and have ADMIN permissions to access this page.');
}
throw new ForbiddenHttpException('You are not allowed to perform this action.');
}], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]]];
}
/**
* @param OrderPostRequest $request
* @param $fileName
*
* @return ProofOfTransfer
*/
public static function proofOfTransferFromRequestWithoutImages(User $user, $request, $fileName, $amount, $isHq, $isMembership)
{
if (!$user->isAdmin() && !$user->referral_id && !$user->new_referral_id) {
App::abort(500, 'Invalid user');
}
$proofOfTransfers = new self();
$proofOfTransfers->payment_mode = $request->payment_mode;
if ($proofOfTransfers->payment_mode == 'BankTransfer') {
$proofOfTransfers->bank_name = $request->bank_name;
} else {
$proofOfTransfers->bank_name = $proofOfTransfers->payment_mode;
}
// date transfer
if ($request->date_transfer) {
$proofOfTransfers->date_transfer = $request->date_transfer;
}
if ($request->time_transfer) {
$proofOfTransfers->time_transfer = $request->time_transfer;
}
if ($request->is_public_order) {
$proofOfTransfers->is_public_order = $request->is_public_order;
}
assert($amount > 0);
$proofOfTransfers->amount = $amount;
$proofOfTransfers->user_id = $user->id;
$proofOfTransfers->notes = $request->notes;
$proofOfTransfers->order_notes = $request->order_notes;
if ($isHq) {
$proofOfTransfers->receiver_user_id = User::admin()->id;
} else {
assert($user->organization || $isMembership);
if ($isMembership && !$user->organization) {
// HACKHACK This will set receiver_user_id to admin - in RaniaDropshipMembershipOrderManager
// We will undo this, and reset receiver_user_id to PL
// Unit test this!
$proofOfTransfers->receiver_user_id = User::admin()->id;
} else {
assert($user->organization);
$proofOfTransfers->receiver_user_id = $user->organization->admin_id;
}
}
if ($fileName) {
$proofOfTransfers->image = $fileName;
}
$proofOfTransfers->save();
return $proofOfTransfers;
}
/**
* Grant all abilities to administrator.
*
* @param \App\Models\User $user
* @param string $ability
* @return bool
*/
public function before(User $user, $ability)
{
if ($user->isAdmin()) {
return true;
}
}
});
Route::post('/admin/blogs/add', function () {
if (!Auth::check() || !User::isAdmin(Auth::user())) {
return redirect('login')->with('msg', "NOT LOGGED IN!");
}
Article::create(array_add(Input::all(), 'user_id', Auth::user()->id));
return redirect('/admin/blogs');
});
Route::get("/admin/blog/confirm/{id}", function ($id) {
if (!Auth::check() || !User::isAdmin(Auth::user())) {
return redirect('login')->with('msg', "NOT LOGGED IN!");
}
return view('admin/blogs/confirm', ['id' => $id]);
});
Route::get('/admin/blog/delete/{id}', function ($id) {
if (!Auth::check() || !User::isAdmin(Auth::user())) {
return redirect('login')->with('msg', "NOT LOGGED IN!");
}
$article = Article::find($id);
$article->delete();
return redirect('/admin/blogs');
});
Route::get('/login', function () {
return view('admin.login');
});
Route::post('/login', function () {
if (Auth::check() || Auth::attempt(Input::only('email', 'password'))) {
return redirect('admin');
}
return view('admin.login', ['msg' => 'Failed to login!']);
});
<span aria-hidden="true">×</span>
</button>' . Yii::$app->session->getFlash($type) . '
</div>';
}
$this->registerJs('setTimeout(function() { $(".alert").alert("close"); }, 4000);');
}
?>
<div class="wrap">
<?php
NavBar::begin(['brandLabel' => Yii::$app->name, 'brandUrl' => Yii::$app->homeUrl, 'options' => ['class' => 'navbar-inverse navbar-fixed-top']]);
// User is Guest
if (Yii::$app->user->isGuest) {
$items = [['label' => 'Home', 'url' => ['/site/index']], ['label' => 'Login', 'url' => ['/site/login']]];
} else {
$items = [['label' => 'Home', 'url' => ['/site/index']], ['label' => 'All the dropdowns', 'items' => ['<li class="dropdown-header">Stuff Area 1</li>', ['label' => 'Site Index', 'url' => ['/site/index']], '<li class="divider"></li>', '<li class="dropdown-header">Stuff Area 2</li>', ['label' => 'Site Index', 'url' => ['/site/index']]], 'activateParents' => true], ['label' => 'Users', 'url' => ['/user/index'], 'visible' => User::isAdmin()], ['label' => '<span class="glyphicon glyphicon-cog" style="font-size: large;" aria-hidden="true"></span>', 'items' => [['label' => 'Profile', 'url' => ['/user/profile']], ['label' => 'Logout (' . Yii::$app->user->identity->username . ')', 'url' => ['/site/logout'], 'linkOptions' => ['data-method' => 'post']]]]];
}
echo Nav::widget(['options' => ['class' => 'navbar-nav navbar-right'], 'encodeLabels' => false, 'items' => $items]);
NavBar::end();
?>
<div class="container">
<?php
echo Breadcrumbs::widget(['links' => isset($this->params['breadcrumbs']) ? $this->params['breadcrumbs'] : []]);
?>
<?php
echo $content;
?>
</div>
</div>
public function update(User $current_user, User $resource_user)
{
// Everyone can update self
// Admin can update other users that are 'owned'
return $current_user->id === $resource_user->id || $current_user->isAdmin() && $current_user->owns($resource_user);
}
