public function authenticate() { $record = User::model()->findByAttributes(array('username' => $this->username)); if ($record === null) { $this->errorCode = self::ERROR_USERNAME_INVALID; } else { if (!CPasswordHelper::verifyPassword($this->password, $record->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { $access = AccessGlobal::getAction($record->role == 'superadmin' ? '0' : '1'); if ($record->role == 'user') { $access['site'] = array_intersect($access['site'], AccessGlobal::getActionFromArrayId(AccessUser::getActionIdFromUser($record->user_id))); } if ($record->role == 'admin') { $access['site'] = array_intersect($access['site'], AccessGlobal::getActionFromArrayId(AccessUser::getActionIdFromUser($record->user_id))); } $this->_id = $record->user_id; $this->setState('role', $record->role); $this->setState('name', $this->username); $this->setState('access', $access); $this->errorCode = self::ERROR_NONE; } } return !$this->errorCode; }
public function actionUser() { $user = User::model()->findByPk(isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : null); if (is_null($user)) { $user = new User(); } $criteria = new CDbCriteria(); $criteria->compare('controller', Yii::app()->params['controllers'][2]); $criteria->compare('enable', '1'); $criteria->addNotInCondition('action', AccessGlobal::getDefaultAction()); $criteria->order = "action asc"; $actions = AccessGlobal::model()->findAll($criteria); if (Yii::app()->request->isPostRequest && isset($_POST['User'])) { $user->attributes = $_POST['User']; $user->pass = $_POST['User']['pass']; if ($user->save()) { AccessUser::model()->deleteAllByAttributes(array('user_id' => $user->user_id)); $accessForUser = array_merge($_POST['access'] ? $_POST['access'] : array(), AccessGlobal::getIdDefaultAction()); foreach ($accessForUser as $val) { $access = new AccessUser(); $access->user_id = $user->user_id; $access->action_id = $val; $access->save(); } $this->redirect($this->createUrl('superadmin/users')); } } $this->render('user', array('user' => $user, 'actions' => $actions, 'access' => AccessUser::getActionIdFromUser($user->user_id))); }