public function actionAuth($accountId)
{
if (!empty($accountId)) {
$accountId = new MongoId($accountId);
$condition = ['accountId' => $accountId];
$attributes = ['$pull' => ['states' => 'product-goods']];
SensitiveOperation::updateAll($attributes, $condition);
$operation = new SensitiveOperation();
$operation->name = 'klp default';
$operation->users = [];
$operation->states = ['member-setting', 'product-edit-promotion', 'product-edit-promotion-{id}', 'product-create-goods', 'product-setting'];
$operation->actions = ['product/campaign/update', 'product/campaign/create', 'product/campaign/delete', 'product/goods/create', 'product/goods/update-goods-status', 'product/goods/delete', 'product/product-category/create', 'product/product-category/update', 'product/product-category/delete'];
$operation->isActivated = true;
$operation->accountId = $accountId;
$operation->save();
echo 'klp auth successfully' . PHP_EOL;
}
}
public function actionIndex()
{
$accounts = Account::findAll([]);
if (!empty($accounts)) {
foreach ($accounts as $account) {
$options = Yii::$app->params['sensitive_options'];
foreach ($options as $name => $options) {
SensitiveOperation::initOptions($name, $options, $account->_id);
}
}
}
echo "Fininsh init the sensitive operation.\n";
}
/**
* Update the selected user in sensitive operation
* @param string $id sensitive operation id
* @return boolean
*/
public function actionSelectUser($id)
{
$id = new \MongoId($id);
$users = [];
$params = $this->getParams('users');
if (!empty($params)) {
// convert string id to mongo id
foreach ($params as $userId) {
$userId = new \MongoId($userId);
array_push($users, $userId);
}
}
// update the users of sensitive options
$count = SensitiveOperation::updateAll(['users' => $users], ['_id' => $id]);
return (bool) $count;
}
/**
* do something after creating account
* @param Account $account
*/
public static function afterCreateAccount($account)
{
$options = Yii::$app->params['sensitive_options'];
foreach ($options as $name => $options) {
SensitiveOperation::initOptions($name, $options, $account->_id);
}
MessageTemplate::createStaffTemplate($account->_id);
}
/**
* create a user by email(generate-by-email)
*/
public function actionGenerateByEmail($email)
{
$email = mb_strtolower($email);
$user = User::getByEmail($email);
if (!empty($user)) {
echo 'email is used' . PHP_EOL;
return;
}
$name = Yii::$app->params['defaultName'];
$accountId = Account::create('', '', $name);
$attributes = ['status' => Account::STATUS_ACTIVATED, 'availableExtMods' => Yii::$app->params['extMods'], 'serviceStartAt' => new \MongoDate()];
Account::updateAll($attributes, ['_id' => $accountId]);
$salt = StringUtil::rndString(6);
$password = User::encryptPassword(md5(Yii::$app->params['defaultPwd']), $salt);
$user = new User();
$user->email = $email;
$user->accountId = $accountId;
$user->name = $name;
$user->role = User::ROLE_ADMIN;
$user->isActivated = User::ACTIVATED;
$user->avatar = Yii::$app->params['defaultAvatar'];
$user->language = Yii::$app->params['defaultLanguage'];
$user->salt = $salt;
$user->password = $password;
if (!$user->save()) {
Account::deleteAll(['_id' => $accountId]);
SensitiveOperation::deleteAll(['accountId' => $accountId]);
MessageTemplate::deleteAll(['accountId' => $accountId]);
echo 'create account fail' . PHP_EOL;
} else {
echo 'create account successfully' . PHP_EOL;
}
}
/**
* Get account modules config
*
* <b>Request Type </b>:GET
* <b>Request Endpoints </b>: http://{server-domain}/api/common/module/config
* <b>Content-type</b>: application/json<br/><br/>
* <b>Summary</b>: This api is used to get the account modules config.
*
* <b>Response Example</b>
* {
* "menus": {
* "content": [
* {
* "order": 1,
* "title": "graphics_content",
* "name": "graphics",
* "state": "content-graphics"
* },
* {
* "order": 2,
* "title": "webpage_content",
* "name": "webpage",
* "state": "content-webpage"
* }
* ],
* "analytic": [
* {
* "order": 1,
* "title": "analytic_followers_growth",
* "name": "growth",
* "state": "analytic-growth"
* },
* {
* "order": 2,
* "title": "analytic_followers_property",
* "name": "property",
* "state": "analytic-property"
* },
* {
* "order": 3,
* "title": "analytic_content_spread",
* "name": "content",
* "state": "analytic-content"
* },
* {
* "order": 4,
* "title": "analytic_store",
* "name": "store",
* "state": "analytic-score"
* }
* ]
* },
* "mods": [
* {
* "name": "channel",
* "order": 1,
* "stateUrl": ""
* },
* {
* "name": "customer",
* "order": 2,
* "stateUrl": "/customer/follower"
* },
* {
* "name": "helpdesk",
* "order": 1,
* "stateUrl": "/helpdesk/helpdesk"
* }
* ],
* "forbiddenStates": [
* "member-score",
* "product-edit-product",
* "product-edit-product-{id}"
* ]
* }
**/
public function actionConfig()
{
$accountId = $this->getAccountId();
$account = Account::findByPk($accountId);
$result = ['menus' => $account->menus, 'mods' => $account->mods];
$token = Token::getToken();
$forbiddenStates = [];
if (empty($token->role) || $token->role !== User::ROLE_ADMIN) {
$userId = empty($token->userId) ? '' : $token->userId;
$forbiddenStates = SensitiveOperation::getForbiddenStates($userId, $accountId);
}
$menus =& $result['menus'];
// Remove the forbidden menu
foreach ($menus as &$menu) {
foreach ($menu as $index => $subMenu) {
if (!empty($subMenu['state']) && in_array($subMenu['state'], $forbiddenStates)) {
array_splice($menu, $index, 1);
}
}
}
$mods =& $result['mods'];
foreach ($mods as $index => &$mod) {
// Get the first menu's state in this mod
if (!empty($menus[$mod['name']][0]['state'])) {
// Use first menu's state to generate the mod's stateUrl
$mod['stateUrl'] = $this->_state2Url($menus[$mod['name']][0]['state']);
} else {
// Remove the mod
array_splice($mods, $index, 1);
}
}
$result['forbiddenStates'] = $forbiddenStates;
// Sort the menus and mods
foreach ($result['menus'] as &$moduleItems) {
ArrayHelper::multisort($moduleItems, 'order', SORT_ASC);
}
ArrayHelper::multisort($result['mods'], 'order', SORT_ASC);
return $result;
}
public function checkAuth($module, $token)
{
$baseId = Yii::$app->id;
$moduleId = $module->id;
//init i18n configuration from user agent
Yii::$app->language = LanguageUtil::getBrowserLanguage();
if ($baseId === $moduleId) {
return true;
}
//accountId
$accountId = $this->getAccountIdFromCookies();
if (!empty($accountId) && $this->validateSignature()) {
return true;
}
if (!empty($token)) {
$info = Token::getToken($token);
if (!empty($info)) {
//set the language for i18n
Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language;
// If $module is a child module, use the parent module
if (!empty($module->module->id) && $module->module->id !== $baseId) {
$module = $module->module;
$moduleId = $module->id;
}
if (isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) {
if (isset($module->roleAccess) && !empty($roleAccess = $module->roleAccess) && in_array($info->role, $roleAccess) && in_array($moduleId, $info->enabledMods)) {
//set the current user
$userId = $this->getUserId();
$controllerId = $this->owner->id;
$actionId = $this->owner->action->id;
// the current route
// change 'POST product/products' to 'product/product/create'
$route = "{$moduleId}/{$controllerId}/{$actionId}";
// find the sensitive operation with route
$condition = ['isActivated' => true, 'actions' => $route, 'accountId' => $info->accountId];
$option = SensitiveOperation::findOne($condition);
if (!empty($option)) {
// admin has all sensitive operation access authority
if ($info->role !== User::ROLE_ADMIN) {
if ($info->role !== User::ROLE_OPERATOR) {
// other's role hasn't sensitive operation access authority
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
} else {
if (empty($option->users) || !in_array($info->userId, $option->users)) {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
}
}
}
define('CURRENT_USER_ID', $userId);
$info->expireTime = new \MongoDate(time() + Token::EXPIRE_TIME);
$updateResult = $info->update();
$this->updateAccessTokenExpire();
LogUtil::info(['tokenId' => $info->_id, 'updateResult' => $updateResult]);
return true;
} else {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
} else {
Yii::$app->language = LanguageUtil::getBrowserLanguage();
throw new UnauthorizedHttpException(Yii::t('common', 'login_timeout'));
}
}
}
throw new UnauthorizedHttpException(Yii::t('common', 'not_logined'));
}
