/** * @param string $email * @param string $name * @param string $pass * @return int */ public function actionAdd($email = '', $name = '', $pass = '') { /** @var Account\backend\Module $Module */ $Module = \Yii::$app->getModule($this->accountModule); $roles = $Module->roles; if (empty($email)) { $email = $this->prompt('Enter user email:', ['required' => true]); } if (empty($name)) { $name = $this->prompt('Enter user name:', ['required' => true]); } if (empty($pass)) { $pass = $this->prompt('Enter user password:'******'required' => true]); } /** @var AccountModel $Account */ $Account = \Yii::createObject(AccountModel::class); $Account->setAttributes(['name' => $name, 'email' => $email, 'password' => $pass, 'activated_at' => time()]); $Account->save(); if (!$Account->hasErrors()) { AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id); AuthManager()->assign(RbacFactory::Role($roles['admin']), $Account->id); $this->stdout("User have been successfully added\n", Console::FG_GREEN); } else { $this->stdout("ERROR creating user\n", Console::FG_RED); $error = array_shift($Account->getFirstErrors()); if (!empty($error)) { $this->stdout("\t> {$error}\n", Console::FG_RED); } return static::EXIT_CODE_ERROR; } return static::EXIT_CODE_NORMAL; }
/** * метод создает пользователя и назначает его админом * @param string $email * @param string $name * @param string $pass * @return int */ public function actionAdd($email = '', $name = '', $pass = '') { if (empty($email)) { $email = $this->prompt('Enter user email:', ['required' => true]); } if (empty($name)) { $name = $this->prompt('Enter user name:', ['required' => true]); } if (empty($pass)) { $pass = $this->prompt('Enter user password:'******'required' => true]); } $User = new \resources\User(['name' => $name, 'email' => $email, 'password' => $pass, 'activated' => \resources\User::ACTIVATED, 'deleted' => \resources\User::NOT_DELETED]); $User->save(); if (!$User->hasErrors()) { AuthManager()->assign(RF::Role(\frontend\Permissions::ROLE_USER), $User->id); AuthManager()->assign(RF::Role(\frontend\Permissions::ROLE_ADMIN), $User->id); $this->stdout("User have been successfully added\n", \yii\helpers\Console::FG_GREEN); } else { $this->stdout("ERROR creating user\n", \yii\helpers\Console::FG_RED); $error = array_shift($User->getFirstErrors()); if (!empty($error)) { $this->stdout("\t> {$error}\n", \yii\helpers\Console::FG_RED); } return static::EXIT_CODE_ERROR; } return static::EXIT_CODE_NORMAL; }
/** * @param \yii\authclient\ClientInterface $Client * @return bool * @throws \yii\base\InvalidConfigException */ public function save(\yii\authclient\ClientInterface $Client) { /** @var Account\backend\Module $Module */ $Module = \Yii::$app->getModule($this->accountModule); $roles = $Module->roles; /** @var AccountModel $Account */ $Account = \Yii::createObject(AccountModel::class); $Account->appendClientAttributes($Client); $Account->setAttributes(['email' => $this->email]); $Account->validate() && $Account->save(); $AuthResponse = AccountAuthResponseModel::createLog($Client); if ($Account->hasErrors()) { $AuthResponse->result = Json::encode($Account->getErrors()); } else { $AuthResponse->result = (string) $Account->id; $Account->pushSocialLink($Client); AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id); $SignInFormModel = \Yii::createObject(SignInForm::class); User()->login($Account, $SignInFormModel::REMEMBER_TIME); } $AuthResponse->validate() && $AuthResponse->save(); if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } return !$Account->hasErrors(); }
/** * @param string $email * @param string $name * @param string $pass * @return int */ public function actionAdd($email = '', $name = '', $pass = '') { if (empty($email)) { $email = $this->prompt('Enter user email:', ['required' => true]); } if (empty($name)) { $name = $this->prompt('Enter user name:', ['required' => true]); } if (empty($pass)) { $pass = $this->prompt('Enter user password:'******'required' => true]); } $User = new \resources\Account(['name' => $name, 'email' => $email, 'password' => $pass, 'activated_at' => time()]); $User->save(); if (!$User->hasErrors()) { AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $User->id); AuthManager()->assign(RbacFactory::Role(\common\Roles::ADMIN), $User->id); $this->stdout("User have been successfully added\n", \yii\helpers\Console::FG_GREEN); } else { $this->stdout("ERROR creating user\n", \yii\helpers\Console::FG_RED); $error = array_shift($User->getFirstErrors()); if (!empty($error)) { $this->stdout("\t> {$error}\n", \yii\helpers\Console::FG_RED); } return static::EXIT_CODE_ERROR; } return static::EXIT_CODE_NORMAL; }
/** * @param \yii\authclient\ClientInterface $Client * @return bool * @throws \yii\base\InvalidConfigException */ public function save(\yii\authclient\ClientInterface $Client) { /** @var \cookyii\modules\Account\resources\Account $Account */ $Account = \Yii::createObject(\cookyii\modules\Account\resources\Account::className()); $Account->appendClientAttributes($Client); $Account->setAttributes(['email' => $this->email, 'password' => Security()->generateRandomString(10)]); $Account->validate() && $Account->save(); if (!$Account->hasErrors()) { $Account->notificationHelper->sendSignUpEmail(); AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id); $SignInFormModel = \Yii::createObject(SignInForm::className()); User()->login($Account, $SignInFormModel::REMEMBER_TIME); } if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } return !$Account->hasErrors(); }
/** * @return bool */ public function register() { /** @var \cookyii\modules\Account\resources\Account $Account */ $Account = \Yii::createObject(\cookyii\modules\Account\resources\Account::className()); $Account->setAttributes(['name' => $this->name, 'email' => $this->email, 'password' => $this->password, 'activated_at' => time()]); $Account->validate() && $Account->save(); if (!$Account->hasErrors()) { $Account->notificationHelper->sendSignUpEmail(); AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id); if ($this->loginAfterRegister) { $SignInFormModel = \Yii::createObject(SignInForm::className()); User()->login($Account, $SignInFormModel::REMEMBER_TIME); } } if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } return !$Account->hasErrors(); }
/** * @return bool */ public function register() { /** @var Account\backend\Module $Module */ $Module = \Yii::$app->getModule($this->accountModule); $roles = $Module->roles; /** @var AccountModel $Account */ $Account = \Yii::createObject(AccountModel::class); $Account->setAttributes(['name' => $this->name, 'email' => $this->email, 'password' => $this->password, 'activated_at' => time()]); $Account->validate() && $Account->save(); if (!$Account->hasErrors()) { $Account->notificationHelper->sendSignUpEmail(); AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id); if ($this->loginAfterRegister) { $SignInFormModel = \Yii::createObject(SignInForm::class); User()->login($Account, $SignInFormModel::REMEMBER_TIME); } } if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } return !$Account->hasErrors(); }
/** * @return array * @throws \yii\web\BadRequestHttpException * @throws \yii\web\NotFoundHttpException */ public function run() { $result = ['result' => false, 'message' => \Yii::t('account', 'Unknown error')]; $account_id = (int) Request()->post('account_id'); $roles = (array) Request()->getBodyParam('roles', []); if (empty($account_id)) { throw new \yii\web\BadRequestHttpException('Empty account id'); } /** @var $modelClass \cookyii\modules\Account\resources\Account */ $modelClass = $this->modelClass; $Account = $modelClass::find()->byId($account_id)->one(); if (empty($Account)) { throw new \yii\web\NotFoundHttpException('Account not found'); } AuthManager()->revokeAll($Account->id); if (!empty($roles)) { foreach ($roles as $role => $flag) { if ($flag === true) { AuthManager()->assign(RbacFactory::Role($role), $Account->id); } } } return ['result' => true, 'message' => \Yii::t('account', 'Roles successfully saved.')]; }
/** * @inheritdoc */ public static function get() { return array_merge([RbacFactory::Permission(static::ACCESS, 'It has access to the frontend')], static::expandPermissions(static::$merge)); }
/** * @return array */ public static function get() { return [RbacFactory::Permission(static::ACCESS, 'It has access to translation backend module')]; }
protected function permissions() { return [RbacFactory::Permission('project.access', 'Access project'), RbacFactory::Permission('project.create', 'Create project'), RbacFactory::Permission('project.update', 'Update project'), RbacFactory::Permission('project.delete', 'Delete project'), RbacFactory::Permission('issue.access', 'Access issue'), RbacFactory::Permission('issue.create', 'Create issue'), RbacFactory::Permission('issue.update', 'Update issue'), RbacFactory::Permission('issue.delete', 'Delete issue'), RbacFactory::Permission('user.admin', 'Administrate users')]; }
/** * @param \yii\authclient\ClientInterface $Client * @throws \yii\base\NotSupportedException */ public function authSuccessCallback(\yii\authclient\ClientInterface $Client) { $AuthResponse = new \resources\User\Auth\Response(); $AuthResponse->client = $Client->getId(); $attributes = $Client->getUserAttributes(); $AuthResponse->response = Json::encode($attributes); $UserQuery = \resources\User::find(); switch ($Client->getId()) { case 'facebook': $UserQuery->byFacebookId($attributes['id']); break; case 'github': $UserQuery->byGithubId($attributes['id']); break; case 'google': $UserQuery->byGoogleId($attributes['id']); break; case 'linkedin': $UserQuery->byLinkedinId($attributes['id']); break; case 'live': $UserQuery->byLiveId($attributes['id']); break; case 'twitter': $UserQuery->byTwitterId($attributes['id']); break; case 'vkontakte': $UserQuery->byVkontakteId($attributes['id']); break; case 'yandex': $UserQuery->byYandexId($attributes['id']); break; } /** @var \resources\User $User */ $User = $UserQuery->one(); if ($User instanceof \resources\User) { $AuthResponse->result = Json::encode($User->id); } else { $User = new \resources\User(); $User->appendClientAttributes($Client); if ($User->save()) { $User->createSocialLink($Client); $AuthResponse->result = Json::encode($User->id); AuthManager()->assign(RbacFactory::Role(\frontend\Permissions::ROLE_USER), $User->id); } else { $AuthResponse->result = Json::encode($User->getErrors()); } } $AuthResponse->save(); if ($User instanceof \resources\User && !$User->isNewRecord) { $User->save(); User()->login($User, 86400); } }
/** * @param \yii\authclient\ClientInterface $Client * @throws \yii\web\ForbiddenHttpException */ public function socialAuthCallback(\yii\authclient\ClientInterface $Client) { /** @var Account\backend\Module $Module */ $Module = \Yii::$app->getModule($this->accountModule); $roles = $Module->roles; $AuthResponse = AccountAuthResponseModel::createLog($Client); $attributes = $Client->getUserAttributes(); /** @var AccountModel $AccountModel */ $AccountModel = \Yii::createObject(AccountModel::class); $AccountQuery = $AccountModel::find(); switch ($Client->getId()) { case 'facebook': $AccountQuery->byFacebookId($attributes['id']); break; case 'instagram': $AccountQuery->byInstagramId($attributes['id']); break; case 'github': $AccountQuery->byGithubId($attributes['id']); break; case 'google': $AccountQuery->byGoogleId($attributes['id']); break; case 'linkedin': $AccountQuery->byLinkedinId($attributes['id']); break; case 'live': $AccountQuery->byLiveId($attributes['id']); break; case 'twitter': $AccountQuery->byTwitterId($attributes['id']); break; case 'vkontakte': $AccountQuery->byVkontakteId($attributes['id']); break; case 'yandex': $AccountQuery->byYandexId($attributes['id']); break; case 'odnoklassniki': $AccountQuery->byOdnoklassnikiId($attributes['id']); break; } $Account = $AccountQuery->one(); if ($Account instanceof AccountModel) { $Account->pushSocialLink($Client); if (true !== ($reason = $Account->isAvailable())) { switch ($reason) { default: case true: break; case 'not-activated': $Account->addError('activated', \Yii::t('cookyii.account', 'Account is not activated.')); break; case 'deleted': $Account->addError('deleted', \Yii::t('cookyii.account', 'Account removed.')); break; } $AuthResponse->result = Json::encode($Account->getErrors()); } else { $AuthResponse->result = Json::encode($Account->id); } } else { $Account = $AccountModel; $Account->appendClientAttributes($Client); if (!empty($Account->email)) { $SearchAccount = $AccountModel::find()->byEmail($Account->email)->one(); if (!empty($SearchAccount)) { $Account = $SearchAccount; $Account->appendClientAttributes($Client); } } $Account->activated_at = time(); $Account->validate() && $Account->save(false); if ($Account->hasErrors()) { $AuthResponse->result = Json::encode($Account->getErrors()); } else { $Account->pushSocialLink($Client); $AuthResponse->result = Json::encode($Account->id); if (!$Account->can($roles['user'])) { AuthManager()->assign(RbacFactory::Role($roles['user']), $Account->id); } } } $AuthResponse->validate() && $AuthResponse->save(); if ($Account instanceof AccountModel && !$Account->isNewRecord && !$Account->hasErrors()) { $Account->save(); User()->login($Account, 86400); } else { $errors = $Account->getFirstErrors(); if (isset($errors['activated'])) { throw new \yii\web\ForbiddenHttpException($errors['activated']); } if (isset($errors['deleted'])) { throw new \yii\web\ForbiddenHttpException($errors['deleted']); } } }
protected function getNewPermissions() { return [RbacFactory::Permission('frontend.access', 'Имеет доступ к системе'), RbacFactory::Permission('backend.account.access', 'Имеет доступ к модулю пользователей'), RbacFactory::Permission('backend.account.approve', 'Может подтверждать юр.лица'), RbacFactory::Permission('backend.account.create', 'Может создавать пользователей'), RbacFactory::Permission('backend.account.update', 'Может обновлять пользователей'), RbacFactory::Permission('backend.account.delete', 'Может удалять пользователей'), RbacFactory::Permission('frontend.contract.access', 'Имеет доступ к модулю контрактов'), RbacFactory::Permission('frontend.contract.import', 'Имеет доступ к импорту контрактов'), RbacFactory::Permission('frontend.contract.create', 'Может создавать контракты'), RbacFactory::Permission('frontend.contract.update', 'Может обновлять все контракты'), RbacFactory::Permission('frontend.contract.update.own', 'Может обновлять свои контракты', 'frontend.contract.its-my'), RbacFactory::Permission('frontend.contract.delete', 'Может удалять все контракты'), RbacFactory::Permission('frontend.contract.delete.own', 'Может удалять свои контракты', 'frontend.contract.its-my'), RbacFactory::Permission('backend.deal.access', 'Может управлять всеми сделками'), RbacFactory::Permission('frontend.deal.create', 'Может создавать сделки'), RbacFactory::Permission('frontend.deal.buy', 'Может просматривать свои исходящие сделки (покупка)'), RbacFactory::Permission('frontend.deal.sell', 'Может просматривать свои входящие сделки (продажа)'), RbacFactory::Permission('backend.pages.access', 'Имеет доступ к модулю статических страниц'), RbacFactory::Permission('backend.pages.create', 'Может создавать статические страницы'), RbacFactory::Permission('backend.pages.update', 'Может обновлять статические страницы'), RbacFactory::Permission('backend.pages.delete', 'Может удалять статические страницы'), RbacFactory::Permission('frontend.pages.view', 'Может просматривать статические страницы'), RbacFactory::Permission('backend.settings.access', 'Имеет доступ к модулю настроек')]; }
/** * @param \yii\authclient\ClientInterface $Client * @throws \yii\web\ForbiddenHttpException */ public function authSuccessCallback(\yii\authclient\ClientInterface $Client) { $AuthResponse = new \cookyii\modules\Account\resources\Account\Auth\Response(); $AuthResponse->client = $Client->getId(); $attributes = $Client->getUserAttributes(); $AuthResponse->response = Json::encode($attributes); /** @var \cookyii\modules\Account\resources\Account $AccountModel */ $AccountModel = \Yii::createObject(\cookyii\modules\Account\resources\Account::className()); $AccountQuery = $AccountModel::find(); switch ($Client->getId()) { case 'facebook': $AccountQuery->byFacebookId($attributes['id']); break; case 'github': $AccountQuery->byGithubId($attributes['id']); break; case 'google': $AccountQuery->byGoogleId($attributes['id']); break; case 'linkedin': $AccountQuery->byLinkedinId($attributes['id']); break; case 'live': $AccountQuery->byLiveId($attributes['id']); break; case 'twitter': $AccountQuery->byTwitterId($attributes['id']); break; case 'vkontakte': $AccountQuery->byVkontakteId($attributes['id']); break; case 'yandex': $AccountQuery->byYandexId($attributes['id']); break; } $Account = $AccountQuery->one(); if ($Account instanceof \cookyii\modules\Account\resources\Account) { if (true !== ($reason = $Account->isAvailable())) { switch ($reason) { default: case true: break; case 'not-activated': $Account->addError('activated', \Yii::t('account', 'Account is not activated.')); break; case 'deleted': $Account->addError('deleted', \Yii::t('account', 'Account removed.')); break; } $AuthResponse->result = Json::encode($Account->getErrors()); } else { $AuthResponse->result = Json::encode($Account->id); } } else { $Account = $AccountModel; $Account->appendClientAttributes($Client); if (!empty($Account->email)) { $SearchAccount = $AccountModel::find()->byEmail($Account->email)->one(); if (!empty($SearchAccount)) { $Account = $SearchAccount; $Account->appendClientAttributes($Client); } } else { Session()->set('OAuthResponseClient', $Client); Response()->redirect(['/account/sign/fill'])->send(); exit; } if ($Account->save()) { $Account->createSocialLink($Client); $AuthResponse->result = Json::encode($Account->id); if (!$Account->can(\common\Roles::USER)) { AuthManager()->assign(RbacFactory::Role(\common\Roles::USER), $Account->id); } } else { $AuthResponse->result = Json::encode($Account->getErrors()); } } $AuthResponse->save(); if ($Account instanceof \cookyii\modules\Account\resources\Account && !$Account->isNewRecord && !$Account->hasErrors()) { $Account->save(); User()->login($Account, 86400); } else { $errors = $Account->getFirstErrors(); if (isset($errors['activated'])) { throw new \yii\web\ForbiddenHttpException($errors['activated']); } if (isset($errors['deleted'])) { throw new \yii\web\ForbiddenHttpException($errors['deleted']); } } }
/** * @return array */ public static function get() { return [RbacFactory::Permission(static::ACCESS, 'It has access to page frontend module')]; }
/** * @inheritdoc */ public static function get() { return [RbacFactory::Role(static::ADMIN, 'Administrator'), RbacFactory::Role(static::MANAGER, 'Manager'), RbacFactory::Role(static::CLIENT, 'Client'), RbacFactory::Role(static::USER, 'User')]; }
/** * @param array $assignments * $assignments = [ * 'user_id' => ['role_1', 'role_2', 'role_3'], * '1' => ['admin', 'user'], * '2' => ['client', 'user'], * '3' => ['manager', 'seller', 'support', 'user'], * ]; * @throws \yii\base\InvalidConfigException */ protected function restoreAssignments($assignments) { $useCache = $this->useCache === true; foreach ($assignments as $user_id => $items) { if (!empty($this->forceAssign)) { if (!is_array($this->forceAssign)) { $this->forceAssign = (array) $this->forceAssign; } foreach ($this->forceAssign as $role) { $this->authManager->assign(RbacFactory::Role($role), $user_id); echo sprintf(' > role `%s` force assigned to user id: %s.', $role, $user_id) . PHP_EOL; } } if (!empty($items)) { foreach ($items as $item) { $item = isset($this->assignmentsMap[$item]) ? $this->assignmentsMap[$item] : $item; if (empty($item) || in_array($item, (array) $this->forceAssign, true)) { continue; } $this->authManager->assign(RbacFactory::Role($item), $user_id); echo sprintf(' > role `%s` assigned to user id: %s.', $item, $user_id) . PHP_EOL; } } } if ($useCache) { if ($this->cache->exists('assignments-0')) { $this->cacheIterator(function ($key) { $this->cache->delete($key); }); } } }
/** * @return \yii\rbac\Permission[] */ protected function permissions() { return [RF::Permission(P::ACCESS, 'Grant access')]; }
/** * @return bool */ public function save() { $Account = $this->Account; $Account->name = $this->name; $Account->email = $this->email; $Account->gender = $this->gender; if ($Account->isNewRecord) { $Account->activated_at = time(); } if (!empty($this->new_password)) { $Account->password = $this->new_password; } $result = $Account->validate() && $Account->save(); if ($Account->hasErrors()) { $this->populateErrors($Account, 'name'); } else { AuthManager()->revokeAll($Account->id); $roles = $this->roles; if (!empty($roles)) { foreach ($roles as $role => $checked) { if ($checked === true) { AuthManager()->assign(RbacFactory::Role($role), $Account->id); } } } } if (AuthManager() instanceof \yii\rbac\DbManager) { AuthManager()->invalidateCache(); } $this->Account = $Account; return $result; }