Exemple #1
0
 public function before()
 {
     Cache::$default = 'memcache';
     $controller = $this->request->controller();
     $action = $this->request->action();
     if (!Auth::instance()->logged_in()) {
         if (!in_array($action, ['login', 'logout']) && $_SERVER['REQUEST_URI'] != '/') {
             $this->redirect('/');
         }
         $this->template = 'not_auth';
     } else {
         if ($controller == 'Index' && $action == 'index') {
             $this->redirect('/clients');
         }
         //подключаем меню
         $menu = Kohana::$config->load('menu');
         $content = View::factory('includes/menu')->bind('menu', $menu);
         View::set_global('menu', $content);
     }
     parent::before();
     $allow = Access::allow(strtolower($controller . '_' . $action));
     //если не аяксовый запрос
     if (!$this->request->is_ajax()) {
         if ($allow == false) {
             throw new HTTP_Exception_403();
         }
         //рендерим шаблон страницы
         if (!in_array($controller, ['Index'])) {
             $this->tpl = View::factory('pages/' . strtolower($controller) . '/' . $action);
         }
         $this->_checkCustomDesign();
         $this->_appendFilesBefore();
     }
     //если все таки аякс
     if ($allow == false) {
         echo '<script>alert("У вас недостаточно прав доступа");</script>';
         die;
     }
 }
Exemple #2
0
<div class="tabs_vertical_block tabs_switcher">
    <div class="tabs_v">
        <div class="tab_v active" tab="1"><div>
                <a href="#"><span class="icon-dailes f20"></span> Повседневные</a>
            </div></div>
        <?if(Access::allow('view_balance_sheet')){?>
        <div class="tab_v" tab="4"><div>
                <a href="#"><span class="icon-dailes f20"></span> Оборотно-сальдовая ведомость</a>
            </div></div>
        <?}?>
        <?/*div class="tab_v" tab="2"><div>
                <a href="#"><span class="icon-summary f20"></span> Итоговые</a>
            </div></div>
        <div class="tab_v" tab="3"><div>
                <a href="#"><span class="icon-analytics f20"></span> Аналитические</a>
            </div></div*/?>
    </div>
    <div class="tabs_v_content">
        <div class="tab_v_content active" tab_content="1">
            <table form_report="daily">
                <tr>
                    <td class="gray right" width="160">Период:</td>
                    <td>
                        <input type="text" name="fr_date_start" class="input_big datepicker" readonly value="<?php 
echo date('01.m.Y');
?>
"> -
                        <input type="text" name="fr_date_end" class="input_big datepicker" readonly value="<?php 
echo date('d.m.Y');
?>
">
Exemple #3
0
?>
                </td>
            </tr>
        <?}?>
    </table>
<?}else{?><div class="gray">Не указаны</div><?}?>
<br>

<div class="ajax_block_operations_history_<?php 
echo $card['CARD_ID'];
?>
_out">
    <b class="f18">История операций:</b>
</div>

<?if(Access::allow('clients_card_edit')){?>
    <?php 
echo $popupCardEdit;
?>
<?}?>

<script>
    $(function(){
        paginationAjax('/clients/card_operations_history/<?php 
echo $card['CARD_ID'];
?>
', 'ajax_block_operations_history_<?php 
echo $card['CARD_ID'];
?>
', renderAjaxPaginationOperationsHistory);
    });
Exemple #4
0
echo $contract['DATE_BEGIN'];
?>
 <?if($contract['DATE_END'] != '31.12.2099'){?>до <?php 
echo $contract['DATE_END'];
?>
<?}?></option>
    <?}}?>
</select>

<?if(Access::allow('clients_contract_add')){?>
    &nbsp;&nbsp;&nbsp;<a href="#contract_add" class="btn fancy">+ Создать договор</a>

    <?php 
echo $popupContractAdd;
?>
<?}?>

<?if(Access::allow('client_cabinet_create')){?>
    <?php 
echo $popupCabinetCreate;
?>
<?}?>

<div class="ajax_contract_block"></div>

<script>
    var clientId = <?php 
echo $client['CLIENT_ID'];
?>
;
</script>
Exemple #5
0
    $(function(){
        renderElements();

        $("select[name=scheme]").on('change', function(){
            var t = $(this);

            if(t.val() == 1){ //безлимит
                $("[name=AUTOBLOCK_LIMIT]").val(0).prop('disabled', true);
            }else if(t.val() == 2){ //предоплата
                $("[name=AUTOBLOCK_LIMIT]").val(0).prop('disabled', true);
            }else{ //порог отключения
                $("[name=AUTOBLOCK_LIMIT]").prop('disabled', false);
            }
        });

        <?if(Access::allow('clients_contract_edit')){?>
            $(".btn_contract_save").on('click', function(){
                var params = {
                    contract:{
                        CONTRACT_NAME:  $("[name=CONTRACT_NAME]").val(),
                        DATE_BEGIN:     $("[name=DATE_BEGIN]").val(),
                        DATE_END:       $("[name=DATE_END]").val(),
                        STATE_ID:       $("[name=STATE_ID]").val()
                    },
                    settings:{
                        TARIF_ONLINE:           $("[name=TARIF_ONLINE]").val(),
                        TARIF_OFFLINE:          $("[name=TARIF_OFFLINE]").val(),
                        AUTOBLOCK_LIMIT:        $("[name=AUTOBLOCK_LIMIT]").val(),
                        PENALTIES:              $("[name=PENALTIES]").val(),
                        OVERDRAFT:              $("[name=OVERDRAFT]").val(),
                        INVOICE_PERIOD_TYPE:    $("[name=INVOICE_PERIOD_TYPE]").val(),
Exemple #6
0
<h1>
    Новости

    <?if(Access::allow('news_news_edit')){?>
        <a href="#news_edit" class="btn fancy">Добавить новость</a>
    <?}?>
</h1>

<div class="block list">
    <div class="ajax_block_news_out">

    </div>
</div>

<?if(Access::allow('news_news_edit')){?>
    <?php 
echo $popupNewsAdd;
?>
<?}?>

<script>
    $(function(){
        paginationAjax('/news/', 'ajax_block_news', renderAjaxPaginationNews);
    });

    function renderAjaxPaginationNews(data, block)
    {
        for(var i in data){
            var tpl = $('<div class="news_elem"><div class="n_img" /><a class="n_title"></a><div class="n_date gray"></div><div class="n_body" /><div class="n_link"><a>Читать подробнее</a></div></div>');
            tpl.find('.n_title').text(data[i]['TITLE']).attr('href', '/news/' + data[i].NEWS_ID);
            tpl.find('.n_date').text(data[i]['DATE_CREATE_WEB']);
Exemple #7
0
        </div>
        <div tab_content="clients" class="tab_content" manager_id="<?php 
echo $managerId;
?>
">
            <div class="clients_btn">
                <a href="#manager_add_clients" class="fancy btn">Добавить клиентов</a>
            </div>
            <div class="client_list"></div>
        </div>
    </div>
</div>

<script>
    <?if(Access::allow('manager_toggle')) {?>
    function managerStateToggle(managerId, t)
    {
        var comment = '';

        if(t.hasClass('btn_red')){
            comment = prompt('Причина блокировки:');
        }

        if(comment != null) {
            var params = {
                manager_id: managerId,
                comment: comment
            };

            $.post('/managers/manager_toggle', {params:params}, function (data) {
Exemple #8
0
 function run($f3)
 {
     $test = new \Test();
     //Default policy: allow
     $access = new \Access();
     $access->policy('allow');
     $access->deny('/back', '*');
     $access->allow('/back', 'admin,prod');
     $access->deny('/back/users', 'prod');
     $test->expect($access::ALLOW == $access->policy(), 'Default policy: ' . $access::ALLOW);
     $test->expect($access->granted('GET /blog', 'client'), 'Access granted by default');
     $test->expect(!$access->granted('GET /back', 'client'), 'Access to a specific path denied to all');
     $test->expect($access->granted('GET /back', 'prod'), 'Access to a path granted to a specific subject');
     $test->expect(!$access->granted('GET /back/users', 'prod'), 'Access to a subpath denied to a specific subject');
     //Default policy: deny
     $access = new \Access();
     $access->policy('deny');
     $access->allow('/admin', 'admin,prod');
     $access->deny('/admin/part2', '*');
     $access->allow('/admin/part2', 'admin');
     $test->expect($access::DENY == $access->policy(), 'Default policy: ' . $access::DENY);
     $test->expect(!$access->granted('GET /blog', 'client'), 'Access denied by default');
     $test->expect(!$access->granted('GET /admin', 'client') && $access->granted('GET /admin', 'admin') && $access->granted('GET /admin', 'prod'), 'Access to a specific path granted to specific subjects');
     $test->expect($access->granted('GET /admin/part2', 'admin'), 'Access to a subpath granted to a specific subject (subpath precedence)');
     $test->expect(!$access->granted('GET /admin/part2', 'prod'), 'Access to a subpath denied to others (subpath precedence)');
     //Wildcards
     $access = new \Access();
     $access->policy('allow');
     $access->deny('/admin*');
     $access->allow('/admin*', 'admin');
     $test->expect(!$access->granted('/admin') && !$access->granted('/admin/foo/bar') && $access->granted('/admin', 'admin') && $access->granted('/admin/foo/bar', 'admin'), 'Wildcard suffix');
     $access->deny('/*/edit');
     $access->allow('/*/edit', 'admin');
     $test->expect(!$access->granted('/blog/entry/edit') && $access->granted('/blog/entry/edit', 'admin'), 'Wildcard prefix');
     $access->allow('/admin');
     $access->allow('/admin/special/path');
     $test->expect($access->granted('/admin') && !$access->granted('/admin/foo/bar') && $access->granted('/admin', 'admin') && $access->granted('/admin/foo/bar', 'admin') && $access->granted('/admin/special/path') && $access->granted('/admin/special/path', 'admin'), 'Wildcard precedence order');
     //Tokens
     $access = new \Access();
     $access->deny('/@lang/foo');
     $test->expect(!$access->granted('/en/foo') && $access->granted('/en/bar/foo'), 'Route tokens support');
     $access->deny('/foo/@/baz');
     $test->expect(!$access->granted('/foo/bar/baz') && $access->granted('/foo/bar/baz/bis'), 'Route tokens optional naming');
     //Named routes
     $f3->route('GET @blog_entry:/blog/@id/@slug', 'Blog->Entry');
     $access->deny('@blog_entry');
     $test->expect(!$access->granted('/blog/1/hello') && $access->granted('/blog/1/hello/form') && $access->granted('/blog/1'), 'Named routes support');
     //Verb-level control
     $access = new \Access();
     $access->policy('allow');
     $access->deny('POST|PUT|DELETE /blog/entry', '*');
     $access->allow('* /blog/entry', 'admin');
     $test->expect($access->granted('GET /blog/entry', 'client') && !$access->granted('PUT /blog/entry', 'client') && $access->granted('PUT /blog/entry', 'admin'), 'Verb-level access control');
     //Multiple subjects
     $test->expect($access->granted('GET /blog/entry', array('client', 'customer')) && !$access->granted('PUT /blog/entry', array('client', 'customer')) && $access->granted('PUT /blog/entry', array('client', 'admin')), 'Check access for a set of subjects');
     //Authorize method
     $f3->HALT = FALSE;
     $f3->VERB = 'GET';
     $f3->PATH = '/blog/entry';
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect($access->authorize() && !$f3->get('ERROR.code'), 'Authorize an unidentified subject');
     $f3->VERB = 'POST';
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect(!$access->authorize() && $f3->get('ERROR.code') == 401, 'Unauthorize an unidentified subject (401 error)');
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect($access->authorize('admin') && !$f3->get('ERROR.code'), 'Authorize an identified subject');
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect(!$access->authorize('client') && $f3->get('ERROR.code') == 403, 'Unauthorize an identified subject (403 error)');
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect($access->authorize(array('client', 'admin')) && !$f3->get('ERROR.code'), 'Authorize a set of identified subjects');
     $f3->clear('ERROR');
     $f3->ONERROR = function ($f3) {
     };
     //do nothing
     $test->expect(!$access->authorize(array('client', 'customer')) && $f3->get('ERROR.code') == 403, 'Unauthorize a set of identified subjects');
     //Config variable
     $f3->HALT = TRUE;
     $f3->ONERROR = NULL;
     $f3->set('ACCESS.policy', 'deny');
     $f3->set('ACCESS.rules', array('ALLOW * /foo' => '*', 'DENY DELETE /foo' => '*', 'ALLOW DELETE /foo' => 'admin'));
     $access = new \Access();
     $test->expect(!$access->granted('/') && !$access->granted('/', 'admin'), 'ACCESS.default config variable');
     $test->expect($access->granted('GET /foo') && !$access->granted('DELETE /foo') && $access->granted('DELETE /foo', 'admin'), 'ACCESS.rules config variable');
     $f3->set('results', $test->results());
 }
Exemple #9
0
?>
<?}?>
<?if(Access::allow('clients_bill_add')){?>
    <?php 
echo $popupContractBillAdd;
?>
<?}?>
<?if(Access::allow('clients_bill_print')){?>
    <?php 
echo $popupContractBillPrint;
?>
<?}?>

<script>
    $(function(){
        <?if(Access::allow('clients_payment_del')){?>
            $(document).off('click', '.link_del_contract_payment').on('click', '.link_del_contract_payment', function(){
                var t = $(this);
                var row = t.closest('[guid]');

                if(!confirm('Удалить платеж ' + row.find('b.line_inner_150').text())){
                    return false;
                }

                var params = {
                    contract_id:    $('[name=contracts_list]').val(),
                    guid:           row.attr('guid')
                };

                $.post('/clients/contract_payment_delete', {params:params}, function(data){
                    if(data.success){