Esempio n. 1
0
 /**
  * Creates a new model.
  * If creation is successful, the browser will be redirected to the 'view' page.
  */
 public function actionCreate($idTree)
 {
     $modelTree = Tree::model()->find('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, ':module' => 'news', ':organization' => Yii::app()->session['code_no']));
     if ($modelTree === null) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree))) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $model = new News();
     $model->id_tree = $idTree;
     $model->flag_enable = true;
     $model->date_start_pub = date('d.m.Y');
     $model->date_end_pub = date('01.m.Y', PHP_INT_MAX);
     $model->author = Yii::app()->user->name;
     $model->general_page = 0;
     // Uncomment the following line if AJAX validation is needed
     // $this->performAjaxValidation($model);
     if (isset($_POST['News'])) {
         $model->attributes = $_POST['News'];
         $model->log_change = LogChange::setLog($model->log_change, 'создание');
         if ($model->save()) {
             // сохраняем файлы
             $model->saveFiles($model->id, $idTree);
             // сохраняем изображения
             $model->saveImages($model->id, $idTree);
             // сохраняем миниатюра изображения
             $model->saveThumbailForNews($model);
             $this->redirect(array('view', 'id' => $model->id, 'idTree' => $idTree));
         }
     }
     $this->render('create', array('model' => $model, 'idTree' => $idTree));
 }
Esempio n. 2
0
 /**
  * 返回access 里面name
  */
 function access($access_id = null)
 {
     $model = Access::model()->findAll();
     if (!$access_id) {
         $access_id = $this->access_id;
     }
     $t = \ArrHelper::parentTree($model, $access_id);
     unset($s);
     foreach ($t as $v) {
         $s .= $v . ".";
     }
     return substr($s, 0, -1);
 }
Esempio n. 3
0
 /** 
         Функция возвращает массив с правами пользователей
         на разделы в зависимости от выбранного режима section->use_organization = true|false
             если true - возвращает права по организациям access_organization->right_(view|create|edit|delete)
             если false - возвращает права на текущий раздел access->right_(view|create|edit|delete) 
         Передаваемые параметры:
             $section_id (обязательный) - ИД Раздела (Section->id)
             $org_id (не обязательный, по умолчанию = 0) - ИД
         Результат:
             array('allow|deny'
                 {,actions=array('index'|,'admin'|,'create'|,'edit'|,'delete')}
                 ,users=>array('имя текущего пользователя')
             )
     **/
 public static function getAccessRight($section_id, $org_id = 0)
 {
     if (Yii::app()->user->role_admin) {
         return array('allow', 'users' => array(Yii::app()->user->name));
     }
     $result_array = array('users' => array(Yii::app()->user->name));
     $result_actions = array();
     $modelSection = Section::model()->findByPk($section_id);
     if (count($modelSection) == 0) {
         return $result_array;
     }
     $tableAccess = Access::model()->tableSchema->rawName;
     $tableAccessOrganization = Yii::app()->db->tablePrefix . 'access_organization';
     $tableGroupUser = Yii::app()->db->tablePrefix . 'group_user';
     $model = Yii::app()->db->createCommand()->select('t.id,t.date_create,t.date_modification,' . (!$modelSection->use_organization ? 't.right_view,t.right_create,t.right_edit,t.right_delete' : ($org_id == 0 && $modelSection->use_organization ? 'a_o.right_view,' : 'a_o.right_view,') . 'a_o.right_view,a_o.right_create,a_o.right_edit,a_o.right_delete'))->from('{{access}} t')->leftJoin($tableAccessOrganization . ' a_o', '[t].[id]=[a_o].[id_access]' . (!($org_id == 0 && $modelSection->use_organization) ? ' AND [a_o].[id_organization]=' . $org_id : ''))->where('[t].[id_section]=' . $section_id . ' AND ([t].[id_user]=' . Yii::app()->user->id . ' OR ' . '[t].[id_group] IN (select [g_u].[id_group] from ' . $tableGroupUser . ' [g_u] ' . 'where [g_u].[id_user]=' . Yii::app()->user->id . '))')->queryAll();
     foreach ($model as $value) {
         if ($value['right_view'] == true) {
             if (!in_array('index', $result_actions)) {
                 $result_actions[] = 'index';
             }
             if (!in_array('admin', $result_actions)) {
                 $result_actions[] = 'admin';
             }
         }
         if (!($modelSection->use_organization && $org_id == 0)) {
             if ($value['right_create'] == true) {
                 if (!in_array('create', $result_actions)) {
                     $result_actions[] = 'create';
                 }
             }
             if ($value['right_edit'] == true) {
                 if (!in_array('edit', $result_actions)) {
                     $result_actions[] = 'edit';
                 }
             }
             if ($value['right_delete'] == true) {
                 if (!in_array('delete', $result_actions)) {
                     $result_actions[] = 'delete';
                 }
             }
         }
     }
     if (count($result_actions)) {
         $result_array = array_merge($result_array, array('allow', 'actions' => $result_actions));
     } else {
         $result_array = array_merge($result_array, array('deny'));
     }
     return $result_array;
 }
Esempio n. 4
0
 public static function checkAccess()
 {
     //find module and controller
     $module = Yii::app()->getController()->getModule();
     if (!empty($module)) {
         $module = Yii::app()->getController()->getModule()->getId();
     }
     $controller = Yii::app()->getController()->id;
     //if the user is trying to login, allow
     if ($module == 'user' && $controller == 'login') {
         return true;
     }
     $access = Access::model()->findByAttributes(array('module' => $module, 'controller' => $controller, 'action' => Yii::app()->getController()->getAction()->id, 'enabled' => 1));
     //if there's no rule, allow everyone
     if (!$access) {
         return true;
     }
     if ($access->all) {
         return true;
     }
     if ($access->loggedIn && Yii::app()->user->id) {
         return true;
     }
     if ($access->guest && Yii::app()->user->isGuest) {
         return true;
     }
     //find the user
     $userId = Yii::app()->user->id;
     //if the user isn't logged in, and we already know guests aren't allowed here
     if (!$userId) {
         return false;
     }
     //find the user roles and allowed roles
     $userRoles = User::model()->findByPk($userId)->roles;
     if (array_intersect($access->roles, $userRoles)) {
         return true;
     }
     return false;
 }
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id, $idTree)
 {
     if (!Tree::model()->exists('id=:id AND module=:module', array(':id' => $idTree, 'module' => 'jornalRequest'))) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree))) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $model = JornalRequest::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, 'The requested page does not exist.');
     }
     return $model;
 }
Esempio n. 6
0
 public function loadModel($id)
 {
     $model = Access::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, Yii::t('app', 'The requested page does not exist.'));
     }
     return $model;
 }
Esempio n. 7
0
 option').prop('selected', true);
        }                
                        
    </script>           
    
    <div id="content_permission" class="well">  
        <h5 style="background-color: white;" class="well">Доступ</h5>
        <p><?php 
echo $form->checkBoxRow($model, 'useParentRight', $model->isNewRecord ? array('checked' => 'checked') : array());
?>
        </p>
        <table style="border: 0;" id="table_group_user">
        <tr><td>
            <?php 
// ГРУППЫ //
echo $form->dropDownListRow($model, 'permissionGroup', CHtml::listData(Access::model()->with('group')->findAll(array('order' => 'group.code_no,group.name', 'condition' => 't.id_tree=:id_tree AND t.is_group=1', 'params' => array(':id_tree' => $model->id))), 'group.id', 'group.name'), array('multiple' => true, 'style' => 'width: 300px; height: 200px;'));
?>
            <br />
            <?php 
$this->widget('bootstrap.widgets.TbButton', array('label' => 'Добавить', 'url' => 'javascript:;', 'htmlOptions' => array('data-toggle' => 'modal', 'data-target' => '#userGroupModal', 'onclick' => 'getListGroups();')));
?>
            <?php 
$this->widget('bootstrap.widgets.TbButton', array('label' => 'Удалить', 'url' => 'javascript:;', 'htmlOptions' => array('onclick' => '$(\'#' . CHtml::activeId($model, 'permissionGroup') . ' option:selected\').remove();')));
?>
                        
        </td>
        <td>
           <?php 
// ПОЛЬЗОВАТЕЛИ //
echo $form->dropDownListRow($model, 'permissionUser', User::model()->getUsersByTreeAccess($model->id), array('multiple' => true, 'style' => 'width: 300px; height: 200px;'));
?>
Esempio n. 8
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id)
 {
     //$model=Tree::model()->findByPk($id);
     $model = Tree::model()->find(array('condition' => 'id=:id AND organization=:organization' . (!Yii::app()->user->admin && !Access::model()->checkAccessUserForTree($id) ? ' AND 1<>1' : ''), 'params' => array(':id' => $id, ':organization' => Yii::app()->session['code_no'])));
     if ($model === null || !Tree::model()->checkParentRight($model->id_parent)) {
         throw new CHttpException(404, 'Запрашиваемая страница не существует.');
     }
     return $model;
 }
Esempio n. 9
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id, $idTree)
 {
     if (Tree::model()->find('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, 'module' => 'news', ':organization' => Yii::app()->session['code_no'])) === null) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $delDate = Yii::app()->user->admin ? '' : ' AND date_delete is null';
     $model = News::model()->findByPk($id, 'id_tree=:id_tree ' . $delDate, array(':id_tree' => $idTree));
     if ($model === null) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     return $model;
 }
Esempio n. 10
0
 /** Построение дерева структуры сайта НА ГЛАВНОЙ СТРАНИЦЕ
  *      относительно текущего НО (Yii::app()->session['code_no'])
  * */
 public function getTreeForMain($id = 0, $parent_id = 0)
 {
     $criteria = new CDbCriteria();
     $criteria->addCondition('id_parent=' . $parent_id);
     $criteria->addCondition('id<>' . $id);
     $criteria->addCondition("organization='" . Yii::app()->session['code_no'] . "'");
     if (!Yii::app()->user->admin) {
         $criteria->addCondition('date_delete IS NULL');
     }
     $orgData = Tree::model()->findAll($criteria);
     $data = array();
     foreach ($orgData as $value) {
         if (Yii::app()->user->admin || Access::model()->checkAccessUserForTree($value->id)) {
             $data[] = array('id' => $value->id, 'text' => '<div style="margin-top:-2px;"><i class="icon-folder-open"></i>&nbsp;' . ($value->module != '' ? CHtml::link($value->name, array($value->module . '/admin', 'idTree' => $value->id)) : $value->name) . '</div>', 'children' => $this->getTreeForMain($id, $value->id), 'htmlOptions' => array('style' => 'font-weight:bold;'));
         } else {
             $data = array_merge($data, $this->getTreeForMain($id, $value->id));
         }
     }
     return $data;
 }
Esempio n. 11
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer $id the ID of the model to be loaded
  * @return Telephone the loaded model
  * @throws CHttpException
  */
 public function loadModel($id, $idTree)
 {
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $criteria = new CDbCriteria();
     $criteria->compare('id', $id);
     $criteria->addInCondition('ifns_code', CHtml::listData(Telephone::model()->listOrganizations($idTree), 'code', 'code'));
     $model = Telephone::model()->find($criteria);
     //$model=Telephone::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     return $model;
 }
Esempio n. 12
0
 /** Дерево меню для DropDownList **/
 public function getMenuDropDownList($type_menu, $id = 0, $parent_id = 0, $level = 1)
 {
     $criteria = new CDbCriteria();
     $criteria->addCondition('id_parent=' . $parent_id);
     $criteria->addCondition('id<>' . $id);
     $criteria->addCondition('type_menu=' . $type_menu);
     $data = array();
     $orgData = Menu::model()->findAll($criteria);
     foreach ($orgData as $value) {
         if (Yii::app()->user->admin || Access::model()->checkAccessUserForTree($value->id)) {
             $item = array($value->id => str_repeat('--', $level) . ' ' . $value->name);
             $flagLevel = 1;
         } else {
             $item = array();
             $flagLevel = 0;
         }
         $data = $data + $item + $this->getMenuDropDownList($type_menu, $id, $value->id, $level + $flagLevel);
     }
     return $data;
 }
Esempio n. 13
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id, $idTree)
 {
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $model = UpdateEod::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, 'The requested page does not exist.');
     }
     return $model;
 }
Esempio n. 14
0
<?php

echo CHtml::dropDownList('Tree[AccessGroup]', '', CHtml::listData(Access::model()->with('group')->findAll(array('condition' => 't.id_tree=:id_tree AND t.is_group=1', 'params' => array(':id_tree' => $model->id), 'order' => 'group.name')), 'group.id', 'group.name'), array('ajax' => array('type' => 'GET', 'url' => $this->createUrl('/admin/telephone/ajaxTreeAccess', array('id' => $model->id)), 'update' => '#ajaxTreeGroup', 'data' => array('identity' => 'js:this.value', 'is_group' => 1))));
Yii::app()->clientScript->registerScript('update-module-on-tree-access-group', '$(document).ready(function() {
            $("#' . CHtml::getIdByName('Tree[AccessGroup]') . '").change();
        });');
?>

<div id="ajaxTreeGroup"></div>
Esempio n. 15
0
 /**
  **/
 public function getUsersByTreeAccess($id_tree)
 {
     $record = Access::model()->with('user')->findAll(array('order' => 'user.home_no,user.last_name,user.first_name,user.middle_name', 'condition' => 't.id_tree=:id_tree AND is_group=0', 'params' => array(':id_tree' => $id_tree)));
     $resultArray = array();
     foreach ($record as $value) {
         $resultArray[$value->user->id] = $value->user->login . ' (' . $value->user->last_name . ' ' . $value->user->first_name . ' ' . $value->user->middle_name . ')';
     }
     return $resultArray;
 }
Esempio n. 16
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id, $idTree)
 {
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $delDate = Yii::app()->user->admin ? '' : ' AND date_delete is null';
     $model = News::model()->findByPk($id, 'id_tree=:id_tree ' . $delDate, array(':id_tree' => $idTree));
     if ($model === null) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     return $model;
 }
Esempio n. 17
0
 /**
  * Returns the data model based on the primary key given in the GET variable.
  * If the data model is not found, an HTTP exception will be raised.
  * @param integer the ID of the model to be loaded
  */
 public function loadModel($id, $idTree)
 {
     if (!Tree::model()->exists('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, 'module' => 'vksUfns', ':organization' => Yii::app()->session['code_no']))) {
         throw new CHttpException(404, 'Страница не найдена.');
     }
     if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree)) || !Tree::model()->checkParentRight($idTree)) {
         throw new CHttpException(403, 'Доступ запрещен.');
     }
     $model = VksUfns::model()->findByPk($id);
     if ($model === null) {
         throw new CHttpException(404, 'The requested page does not exist.');
     }
     return $model;
 }
Esempio n. 18
0
<?php

echo CHtml::dropDownList('Tree[AccessUser]', '', CHtml::listData(Access::model()->with('user')->findAll(array('condition' => 't.id_tree=:id_tree AND t.is_group=0', 'params' => array(':id_tree' => $model->id), 'order' => 'user.last_name,user.first_name,user.middle_name')), 'user.id', 'user.concatened'), array('ajax' => array('type' => 'GET', 'url' => $this->createUrl('/admin/telephone/ajaxTreeAccess', array('id' => $model->id)), 'update' => '#ajaxTreeUser', 'data' => array('identity' => 'js:this.value', 'is_group' => 0))));
Yii::app()->clientScript->registerScript('update-module-on-tree-access-user', '$(document).ready(function() {
            $("#' . CHtml::getIdByName('Tree[AccessUser]') . '").change();
        });');
?>

<div id="ajaxTreeUser"></div>