public static function Verification($permission_name, $crud = __CanRead__) { session_start(); $account_name = $_SESSION['login']; if (!is_null($account_name)) { $account = AccountService::GetByName($account_name, true); if (!is_null($account)) { $roles = UserRoleService::GetByUserId($account->account_id); $permission = PermissionService::GetByName($permission_name); $res = false; for ($i = 0; $i < count($roles); $i++) { $rps = RolePermissionService::GetByRoleIdPermissionId($roles[$i]->role_id, $permission->permission_id); foreach ($rps as $value) { $rr = PermissionHelper::setPermissionFlag(__CanCreate__, $value->cancreate) | PermissionHelper::setPermissionFlag(__CanRead__, $value->canread) | PermissionHelper::setPermissionFlag(__CanUpdate__, $value->canupdate) | PermissionHelper::setPermissionFlag(__CanRemove__, $value->canremove); if (($rr & $crud) == $crud) { $res = true; } } } } } else { header('Location: /account/permission'); } if (!$res) { header('Location: /account/permission'); } }
function action_Remove() { PermissionHelper::Verification('Editor'); $unit_id = $_GET['id']; $unit = UnitService::GetById($unit_id); UnitService::Delete($unit); header("Location: /Unit/item"); }
function action_Remove() { PermissionHelper::Verification('Editor'); $section_id = $_GET['id']; $section = SectionService::GetById($section_id); CatalogueService::Delete($section); header("Location: /section/item"); }
public function action_remove() { PermissionHelper::Verification('Editor'); $id = $_GET['id']; $review = ReviewService::GetById($id); ReviewService::Delete($review); header("Location: /Review/item"); }
function action_Remove() { PermissionHelper::Verification('Editor'); $group_id = $_GET['id']; $group = AttributeGroupService::GetById($group_id); AttributeGroupService::Delete($group); header("Location: /AttributeGroup/item"); }
public function action_new() { PermissionHelper::Verification('Editor'); $roleName = $_POST['roleName']; $userName = $_POST['userName']; $model = new UserRole(); $model->user_id = UserService::GetByName($userName)->user_id; $model->role_id = RoleService::GetByName($roleName)->role_id; UserRoleService::Create($model); header('Location: /Role/item'); }
public function action_NewStatus() { PermissionHelper::Verification('Editor'); $name = $_POST['InputStatus']; $order_id = $_POST['id']; $order = OrderService::GetById($order_id); $oldStatus = $order->statusorder_id; $order->statusorder_id = StatusService::GetByName($name)->statusorder_id; OrderService::Save($order); header("Location: /Order/Item?id=" . $oldStatus); }
function action_new() { PermissionHelper::Verification('Editor'); $name = $_POST['inputName']; $sectionName = $_POST['inputSection']; $attribute = $_POST['attributes']; $catalogue = new Catalogue(); $catalogue->name = $name; $catalogue->section_id = SectionService::GetByName($sectionName)->section_id; CatalogueService::Create($catalogue); $catalogue = CatalogueService::GetByName($name); for ($i = 0; $i < count($attribute); $i++) { $value = new CatalogueAttribute(); $value->catalogue_id = $catalogue->catalogue_id; $value->attribute_id = AttributeService::GetByName(trim($attribute[$i]))->attribute_id; CatalogueAttributeService::Create($value); } header("Location: /Catalog/Item"); }
function action_remove() { PermissionHelper::Verification('Editor'); $tovarId = $_GET['tovarId']; ProductService::Delete(ProductService::GetById($tovarId)); header("Location: /product/itemadmin"); }
include_once "comun/inc.template_pop_arriba.php"; } } // Si el usuario no esta logueado y no se esta solicitando la ejecucion de ningun proceso // se guarda la URL para aplicar el patron ReturnTo luego del logueo. if (!RegistryHelper::isUserLogged() && $action_name != 'Login') { //Codigo de ReturnTo if (isset($_GET['accion']) && $_GET['accion'] != 'logout') { $params['returnAction'] = urlencode($_SERVER["QUERY_STRING"]); } Application::Go("Login", "", $params); } // Se valida que el usuario logueado tenga el permiso para ejecutar la accion solitada // segun su rol. $rol = RegistryHelper::getRolUsuario(); if ($action_name != 'Login' && !PermissionHelper::validateAccess($action_name, $rol->descripcion)) { Application::Go("PermisoDenegado"); } // Si el usuario esta logueado y se solicita LOGIN, redirigir a INICIO if (RegistryHelper::isUserLogged() && $action_name == 'Login') { Application::Go("Inicio", "", $params); } // Incluir el archivo con la clase include_once 'acciones/' . $modulo . '/accion.' . $class_name . '.php'; // Crear la clase de la accion correspondiente eval('$actionController = new $class_name;'); ?> <div class='aplicacion'> <?php $actionController->ejecutarCiclo(); ?>
<?php require_once __ROOT__ . '/application/Service/UserRoleService.php'; if (isset($_SESSION['login'])) { if (PermissionHelper::VerificationBool('Editor')) { ?> <div class="btn-group"> <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Каталог <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a href="/Catalog/Create">Добавить каталог</a></li> <li><a href="/Catalog/Item">Список каталогов</a></li> </ul> </div> <div class="btn-group"> <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Разделы <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a href="/Section/Create">Добавить раздел каталога</a></li> <li><a href="/Section/Item">Список разделов</a></li> </ul> </div> <div class="btn-group"> <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Группы атрибутов <span class="caret"></span> </button>
public function action_Remove() { PermissionHelper::Verification('Editor'); $id = $_GET['id']; AttributeService::Delete(AttributeService::GetById($id)); header("Location: /Attribute/Item"); }