public function authenticate()
{
$record = User::model()->findByAttributes(array('username' => $this->username));
if ($record === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
if (!CPasswordHelper::verifyPassword($this->password, $record->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$access = AccessGlobal::getAction($record->role == 'superadmin' ? '0' : '1');
if ($record->role == 'user') {
$access['site'] = array_intersect($access['site'], AccessGlobal::getActionFromArrayId(AccessUser::getActionIdFromUser($record->user_id)));
}
if ($record->role == 'admin') {
$access['site'] = array_intersect($access['site'], AccessGlobal::getActionFromArrayId(AccessUser::getActionIdFromUser($record->user_id)));
}
$this->_id = $record->user_id;
$this->setState('role', $record->role);
$this->setState('name', $this->username);
$this->setState('access', $access);
$this->errorCode = self::ERROR_NONE;
}
}
return !$this->errorCode;
}
public function actionIndex()
{
$checkAccess = Yii::app()->user->access['site'];
$defAccess = AccessGlobal::getDefaultAction();
foreach ($defAccess as $access) {
unset($checkAccess[array_search($access, $checkAccess)]);
}
$access = $checkAccess ? array_shift($checkAccess) : 'Logout';
$this->redirect($this->createUrl('site/' . $access));
}
public static function getIdDefaultAction()
{
$res = array();
$defAction = AccessGlobal::getDefaultAction();
foreach ($defAction as $key => $action) {
$res[$key] = AccessGlobal::getActionIdForController($action, 'Site');
}
return $res;
}
public function actionUser()
{
$user = User::model()->findByPk(isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : null);
if (is_null($user)) {
$user = new User();
}
$criteria = new CDbCriteria();
$criteria->compare('controller', Yii::app()->params['controllers'][2]);
$criteria->compare('enable', '1');
$criteria->addNotInCondition('action', AccessGlobal::getDefaultAction());
$criteria->order = "action asc";
$actions = AccessGlobal::model()->findAll($criteria);
if (Yii::app()->request->isPostRequest && isset($_POST['User'])) {
$user->attributes = $_POST['User'];
$user->pass = $_POST['User']['pass'];
if ($user->save()) {
AccessUser::model()->deleteAllByAttributes(array('user_id' => $user->user_id));
$accessForUser = array_merge($_POST['access'] ? $_POST['access'] : array(), AccessGlobal::getIdDefaultAction());
foreach ($accessForUser as $val) {
$access = new AccessUser();
$access->user_id = $user->user_id;
$access->action_id = $val;
$access->save();
}
$this->redirect($this->createUrl('admin/users'));
}
}
$this->render('user', array('user' => $user, 'actions' => $actions, 'access' => AccessUser::getActionIdFromUser($user->user_id)));
}
public function actionAccessChange()
{
$id = intval($_REQUEST['id']);
$access = AccessGlobal::model()->findByPk(isset($id) ? intval($id) : null);
if (!is_null($access)) {
$access->attributes = array('enable' => $access->enable == '1' ? '0' : '1');
$access->save();
}
$this->redirect($this->createUrl('superadmin/access'));
}
