public function CanView() { $superuser = Generic::isSuperAdmin(); $user_role = Generic::getUserRole(); if ($superuser || $user_role >= 5) { return true; } return false; }
/** * Determines whether access to specific action is allowed or not. * @param string $action the action to which the access is validated * @return boolean true if access to specific action is allowed; false otherwise */ private function CanAccess($action = "") { $superuser = Generic::isSuperAdmin(); $user_role = Generic::getUserRole(); $allowed = false; if ($user_role >= 5) { $allowed = true; } if ($action == 'index') { } else { if ($action == 'admin') { } else { if ($action == 'create') { } else { if ($action == 'update') { } else { if ($action == 'delete') { } else { if ($action == 'view') { } else { if ($action == 'activate') { } else { if ($action == 'deactivate') { } else { if ($action == 'import') { if (!$superuser) { $allowed = false; } } else { if ($action == 'export') { if (!$superuser) { $allowed = false; } } } } } } } } } } } return $allowed; }
<div class="navbar navbar-inverse navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <?php $superuser = Generic::isSuperAdmin(); $user_role = Generic::getUserRole(); $is_coordinator = false; if ($user_role >= 5) { $is_coordinator = Generic::isCoordinator(); } $selectedCompany = null; if (Yii::app()->user->getState("currentCompany")) { // s$selectedCompany = Company::model()->findByPk(Yii::app()->user->getState("currentCompany")); } $leftMenu = array(); $rightMenu = array(); $showSystem = false; if ($superuser == 1) { $showSystem = true; } if ($user_role != null && $user_role > 0) { if ($superuser == 0) { if ($user_role == 10) { $country_admin = Country::model()->search(); $showSystem = true; } /* $modelData = Company::model()->search(); foreach ($modelData->getData() as $company) {
/** * Retrieves a list of models based on the current search/filter conditions. * @return CActiveDataProvider the data provider that can return the models based on the search/filter conditions. */ public function search($show_all = false) { // Warning: Please modify the following code to remove attributes that // should not be searched. $criteria = new CDbCriteria(); if ($this->level_of_education == 0) { $this->level_of_education = NULL; } $criteria->compare('id', $this->id); $criteria->compare('active', $this->active); $criteria->compare('country_id', $this->country_id); $criteria->compare('name', $this->name, true); $criteria->compare('level_of_education', $this->level_of_education); $criteria->compare('class_from', $this->class_from); $criteria->compare('class_to', $this->class_to); $criteria->together = true; $criteria->with = array('country'); $criteria->compare('`country`.`country`', $this->country_search, true); $superuser = Generic::isSuperAdmin(); $user_role = Generic::getUserRole(); if ($superuser) { // ok } else { if ($user_role == 10) { // $countryAministrator = CountryAdministrator::model()->findAll('user_id=:user_id', array(':user_id' => Yii::app()->user->id)); $criteria->with[] = 'country.countryAdministrators'; $criteria->compare('`countryAdministrators`.`user_id`', Yii::app()->user->id); $criteria->together = true; } } $pagination = true; if ($show_all) { $pagination = false; } $options = array('criteria' => $criteria, 'sort' => array('attributes' => array('country_search' => array('asc' => 'country.name', 'desc' => 'country.name DESC'), '*'))); if ($pagination == false) { $options['pagination'] = false; } return new CActiveDataProvider($this, $options); }
public function actionGet() { $starttime = microtime(true); if ($this->CanAccess('get')) { $keys = array_keys($_GET); if (count($keys) == 0) { die; } $question_id = $keys[0]; $superuser = Generic::isSuperAdmin(); $user_role = Generic::getUserRole(); $allow = false; if ($superuser || $user_role >= 10) { $allow = true; } $competition_user_id = isset(Yii::app()->session['competition_user_id']) ? Yii::app()->session['competition_user_id'] : 0; Yii::app()->session->close(); $criteria = new CDbCriteria(); $criteria->limit = 1; $criteria->join = 'INNER JOIN competition_question on t.competition_question_id = competition_question.id'; $criteria->condition = 't.competition_user_id = :competition_user_id AND competition_question.question_id = :question_id'; $criteria->params = array(':question_id' => $question_id, ':competition_user_id' => $competition_user_id); $competition_user_question = CompetitionUserQuestion::model()->find($criteria); //$competition_user_question = CompetitionUserQuestion::model()->with('competitionQuestion')->find('competitionQuestion.question_id=:question_id and t.competition_user_id=:competition_user_id', array(':question_id' => $question_id, ':competition_user_id' => $competition_user_id)); if ($competition_user_question != null) { $allow = true; } if ($allow) { $path = ''; foreach ($_GET as $key => $value) { $path .= $key . '/'; if ($value != '') { $path .= $value . '/'; } } $path = trim(mb_substr($path, mb_strpos($path, '/', 0, 'UTF-8') + 1, mb_strlen($path, 'UTF-8'), 'UTF-8'), '/'); $filename = trim(mb_substr($path, mb_strrpos($path, '/', 0, 'UTF-8'), mb_strlen($path, 'UTF-8'), 'UTF-8'), '/'); $language_code = mb_substr($path, 0, mb_strpos($path, '/', 0, 'UTF-8'), 'UTF-8'); $path = ltrim(mb_substr($path, mb_strpos($path, '/', 0, 'UTF-8'), mb_strrpos($path, '/', 0, 'UTF-8') - mb_strpos($path, '/', 0, 'UTF-8'), 'UTF-8'), '/'); if ($path != '') { $path .= '/'; } /* echo "<pre>"; echo "Question ID: "; print_r($question_id); echo "\n"; echo "Language code: "; print_r($language_code); echo "\n"; var_dump($path); echo "\n"; print_r($filename); echo "</pre>"; die(); */ $cache_id = 'bober-' . $question_id . '-' . $language_code . '-' . $path . '-' . $filename; $questionResourceArray = Yii::app()->cache->get($cache_id); if ($questionResourceArray === false) { $questionResource = QuestionResource::model()->with('language')->find('question_id=:question_id and language.short=:language_code and path=:path and filename=:filename', array(':question_id' => $question_id, ':filename' => $filename, ':path' => $path, ':language_code' => $language_code)); if ($questionResource == null) { $questionResource = new QuestionResource(); die; } $questionResourceArray = array('data' => $questionResource->data, 'file_type' => $questionResource->file_type, 'length' => strlen($questionResource->data)); if ($questionResourceArray['length'] > 1000000) { // cannot go to memcache } else { Yii::app()->cache->set($cache_id, $questionResourceArray, 1800); } } if (isset($questionResourceArray['length'])) { header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . $questionResourceArray['length']); header('Content-Type: ' . $questionResourceArray['file_type']); header('X-Content-Type-Options: nosniff'); header('X-Frame-Options: SAMEORIGIN'); header('Connection: close'); echo $questionResourceArray['data']; } die; } else { die; } } else { die; } }