/**
* Check if user is binded to IP and compare it with his actual IP
*/
public function validateIP()
{
$user = $this->getUser();
if ($user and $user->bind_to_ip) {
$ips = explode(',', $user->bind_to_ip);
$ips = array_map('trim', $ips);
if (!in_array(YeeHelper::getRealIp(), $ips)) {
$this->addError('password', Yii::t('yee/auth', "You could not login from this IP"));
}
}
}
/**
* Save new record in DB and write unique token in session
*
* @param int $userId
*/
public static function newVisitor($userId)
{
$browser = new Browser();
$model = new self();
$model->user_id = $userId;
$model->token = uniqid();
$model->ip = YeeHelper::getRealIp();
$model->language = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : null;
$model->browser = $browser->getBrowser();
$model->os = $browser->getPlatform();
$model->user_agent = $browser->getUserAgent();
$model->visit_time = time();
$model->save(false);
Yii::$app->session->set(self::SESSION_TOKEN, $model->token);
}
/**
* Check if user has access to current route
*
* @param Action $action the action to be executed.
*
* @return boolean whether the action should continue to be executed.
*/
public function beforeAction($action)
{
if ($action->id == 'captcha') {
return true;
}
$route = '/' . $action->uniqueId;
if (Route::isFreeAccess($route, $action)) {
return true;
}
if (Yii::$app->user->isGuest) {
$this->denyAccess();
}
// If user has been deleted, then destroy session and redirect to home page
if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) {
Yii::$app->getSession()->destroy();
$this->denyAccess();
}
// Superadmin owns everyone
if (Yii::$app->user->isSuperadmin) {
return true;
}
if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) {
Yii::$app->user->logout();
Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl());
}
if (User::canRoute($route)) {
$modelId = Yii::$app->getRequest()->getQueryParam('id');
$modelClass = isset($this->owner->modelClass) ? $this->owner->modelClass : null;
//Check access for owners
if ($modelClass && YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()) && $modelId) {
$model = $modelClass::findOne(['id' => $modelId]);
if ($model && Yii::$app->user->identity->id == $model->{$modelClass::getOwnerField()}) {
return true;
}
} else {
return true;
}
}
if (isset($this->denyCallback)) {
call_user_func($this->denyCallback, null, $action);
} else {
$this->denyAccess();
}
return false;
}
public function actionFlush()
{
$frontendAssetPath = Yii::getAlias('@frontend') . '/web/assets/';
$backendAssetPath = Yii::getAlias('@backend') . '/web/assets/';
YeeHelper::recursiveDelete($frontendAssetPath);
YeeHelper::recursiveDelete($backendAssetPath);
if (!is_dir($frontendAssetPath)) {
@mkdir($frontendAssetPath);
}
if (!is_dir($backendAssetPath)) {
@mkdir($backendAssetPath);
}
if (Yii::$app->cache->flush()) {
Yii::$app->session->setFlash('crudMessage', 'Cache has been flushed.');
} else {
Yii::$app->session->setFlash('crudMessage', 'Failed to flush cache.');
}
return Yii::$app->getResponse()->redirect(Yii::$app->getRequest()->referrer);
}
/**
* Lists all models.
* @return mixed
*/
public function actionIndex()
{
$modelClass = $this->modelClass;
$searchModel = $this->modelSearchClass ? new $this->modelSearchClass() : null;
$searchLinkModel = $this->modelLinkSearchClass ? new $this->modelLinkSearchClass() : null;
$restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission());
if ($searchModel) {
$searchName = StringHelper::basename($searchModel::className());
$params = Yii::$app->request->getQueryParams();
if ($restrictAccess) {
$params[$searchName][$modelClass::getOwnerField()] = Yii::$app->user->identity->id;
}
$dataProvider = $searchModel->search($params);
} else {
$restrictParams = $restrictAccess ? [$modelClass::getOwnerField() => Yii::$app->user->identity->id] : [];
$dataProvider = new ActiveDataProvider(['query' => $modelClass::find()->where($restrictParams)]);
}
return $this->renderIsAjax('index', compact('dataProvider', 'searchModel', 'searchLinkModel'));
}
/**
* Creates data provider instance with search query applied
*
* @param array $params
*
* @return ActiveDataProvider
*/
public function search($params = [])
{
$queryParams = Yii::$app->request->getQueryParams();
$query = MenuLink::find()->joinWith('translations');
$dataProvider = new ActiveDataProvider(['query' => $query, 'pagination' => ['pageSize' => -1], 'sort' => ['defaultOrder' => ['order' => SORT_ASC]]]);
$this->load($queryParams);
foreach ($params as $key => $value) {
$this->{$key} = $value;
}
$restrictLinkAccess = YeeHelper::isImplemented(MenuLink::className(), OwnerAccess::CLASSNAME) && !User::hasPermission(MenuLink::getFullAccessPermission());
if (!$this->validate()) {
// uncomment the following line if you do not want to return any records when validation fails
// $query->where('0=1');
return $dataProvider;
}
if ($restrictLinkAccess) {
$query->andFilterWhere([MenuLink::getOwnerField() => Yii::$app->user->identity->id]);
}
$query->andWhere(['menu_id' => $this->menu_id])->andFilterWhere(['alwaysVisible' => $this->alwaysVisible])->andFilterWhere(['like', 'id', $this->id])->andWhere(['parent_id' => $this->parent_id]);
return $dataProvider;
}
/**
* Make sure user will not deactivate himself and superadmin could not demote himself
* Also don't let non-superadmin edit superadmin
*
* @inheritdoc
*/
public function beforeSave($insert)
{
if ($insert) {
if (php_sapi_name() != 'cli') {
$this->registration_ip = YeeHelper::getRealIp();
}
$this->generateAuthKey();
} else {
// Console doesn't have Yii::$app->user, so we skip it for console
if (php_sapi_name() != 'cli') {
if (Yii::$app->user->id == $this->id) {
// Make sure user will not deactivate himself
$this->status = static::STATUS_ACTIVE;
// Superadmin could not demote himself
if (Yii::$app->user->isSuperadmin and $this->superadmin != 1) {
$this->superadmin = 1;
}
}
// Don't let non-superadmin edit superadmin
if (!Yii::$app->user->isSuperadmin and $this->oldAttributes['superadmin'] == 1) {
return false;
}
}
}
// If password has been set, than create password hash
if ($this->password) {
$this->setPassword($this->password);
}
return parent::beforeSave($insert);
}
/**
* Deactivate all selected grid items
*/
public function actionBulkDelete()
{
if (Yii::$app->request->post('selection')) {
$modelClass = $this->modelClass;
$restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission());
foreach (Yii::$app->request->post('selection', []) as $id) {
$where = ['id' => $id];
if ($restrictAccess) {
$where[$modelClass::getOwnerField()] = Yii::$app->user->identity->id;
}
$model = $modelClass::findOne($where);
if ($model) {
$model->delete();
}
}
}
}
<div class="row">
<div class="col-md-<?php
echo $col3;
?>
">
<?php
echo $form->field($model, 'birth_day')->textInput(['maxlength' => 2]);
?>
</div>
<div class="col-md-<?php
echo $col3;
?>
">
<?php
echo $form->field($model, 'birth_month')->dropDownList(YeeHelper::getMonthsList());
?>
</div>
<div class="col-md-<?php
echo $col3;
?>
">
<?php
echo $form->field($model, 'birth_year')->textInput(['maxlength' => 4]);
?>
</div>
</div>
<div class="row">
<div class="col-md-<?php
echo $col6;
/**
* Set default options
*/
protected function setDefaultOptions()
{
if (!$this->links) {
$model = $this->model;
$formName = $this->searchModel->formName();
if (!$this->options) {
$this->options = $this->defaultOptions;
if (is_array($this->labels)) {
$this->options = ArrayHelper::merge($this->options, self::addKeyToValue($this->labels, 'label'));
}
}
foreach ($this->options as $option) {
if ($this->showCount) {
if (YeeHelper::isImplemented($model, OwnerAccess::CLASSNAME) && !User::hasPermission($model::getFullAccessPermission())) {
$option['filterWhere'][$model::getOwnerField()] = Yii::$app->user->identity->id;
}
$count = $model::find()->filterWhere($option['filterWhere'])->count();
$count = " ({$count})";
}
$label = $option['label'] . ($count ? $count : '');
$url = [$this->action, $formName => $option['filterWhere']];
$this->links[$label] = $url;
}
}
}
