public static function checkUserPermission($controller, $action) { $controller = strtoupper($controller . 'Controller'); if (Yii::app()->user->name === 'admin') { return true; } if (!isset(Yii::app()->user->role)) { return false; } $userId = Yii::app()->user->getId(); $group_id = Yii::app()->user->role; /*get group permission*/ $permission = AGroupPermission::model()->findAll('group_id = :group_id', array(':group_id' => $group_id)); $arrayGroupPermission = array(); foreach ($permission as $row) { $arrayGroupPermission[strtoupper($row['controller'])] = unserialize($row['permission']); } /*get user permission*/ $uerPermission = ASystemUserPermission::model()->findAll('user_id = :user_id', array(':user_id' => $userId)); $arrayUserPermission = array(); if (is_array($uerPermission)) { foreach ($uerPermission as $row) { $arrayUserPermission[strtoupper($row['controller'])] = unserialize($row['permission']); } } $resutUserPermission = array_merge($arrayGroupPermission, $arrayUserPermission); if (is_array($resutUserPermission)) { if (isset($resutUserPermission[$controller]) && in_array($action, $resutUserPermission[$controller])) { return true; } } return false; }
public function actionPermission() { $user = $this->loadModel($_REQUEST['id']); /*get group permission*/ $permission = AGroupPermission::model()->findAll('group_id = :group_id', array(':group_id' => $user->group_id)); $arrayGroupPermission = array(); foreach ($permission as $row) { $arrayGroupPermission[$row['controller']] = unserialize($row['permission']); } $arrayController = array(); $declaredClasses = get_declared_classes(); foreach (glob(Yii::getPathOfAlias('application.adm.controllers') . "/*Controller.php") as $controller) { $class = basename($controller, ".php"); //check exist user permission $objBSystemUserPermission = ASystemUserPermission::model()->find(array('select' => 'permission', 'condition' => 'user_id = :userId AND controller = :controller', 'params' => array(':userId' => $_REQUEST['id'], ':controller' => $class))); if (isset($_REQUEST[$class])) { if ($objBSystemUserPermission) { if (unserialize($objBSystemUserPermission->permission) === $_REQUEST[$class]) { } else { //update ASystemUserPermission::model()->updateAll(array('permission' => serialize($_REQUEST[$class])), 'user_id = :user_id AND controller = :controller', array(':user_id' => $_REQUEST['id'], ':controller' => $class)); } } else { /*get user permission*/ $uerPermission = ASystemUserPermission::model()->findAll('user_id = :user_id', array(':user_id' => $_REQUEST['id'])); $arrayUserPermission = array(); if (is_array($uerPermission)) { foreach ($uerPermission as $row) { $arrayUserPermission[$row['controller']] = unserialize($row['permission']); } } if (isset($arrayUserPermission[$class]) && $arrayUserPermission[$class] === $_REQUEST[$class]) { } else { //insert $bSystemUserPermission = new ASystemUserPermission(); $bSystemUserPermission->controller = $class; $bSystemUserPermission->user_id = $_REQUEST['id']; $bSystemUserPermission->permission = serialize($_REQUEST[$class]); $bSystemUserPermission->insert(); } } } else { if (isset($arrayGroupPermission[$class])) { if (!$objBSystemUserPermission) { $bSystemUserPermission = new ASystemUserPermission(); $bSystemUserPermission->controller = $class; $bSystemUserPermission->user_id = $_REQUEST['id']; $bSystemUserPermission->permission = serialize(array()); $bSystemUserPermission->insert(); } else { ASystemUserPermission::model()->updateAll(array('permission' => serialize(array())), 'user_id = :user_id AND controller = :controller', array(':user_id' => $_REQUEST['id'], ':controller' => $class)); } } else { $aSystemUserPermission = ASystemUserPermission::model()->find('user_id = :user_id AND controller = :controller', array(':user_id' => $_REQUEST['id'], ':controller' => $class)); if ($aSystemUserPermission === null) { $aSystemUserPermission = new ASystemUserPermission(); $aSystemUserPermission->user_id = $_REQUEST['id']; $aSystemUserPermission->controller = $class; $aSystemUserPermission->permission = serialize(array()); $aSystemUserPermission->save(); } else { ASystemUserPermission::model()->updateAll(array('permission' => serialize(array())), 'user_id = :user_id AND controller = :controller', array(':user_id' => $_REQUEST['id'], ':controller' => $class)); } } } } Yii::app()->user->setFlash('success', "Bạn đã sửa quyền thành công"); $this->redirect(array('view', 'id' => $_REQUEST['id'])); }