/**
* @param string $id
* @return Action
* @throws \Exception
*/
public function getAction($id)
{
if (!array_key_exists($id, $this->actions) || $this->access && !$this->access->isVisible($id)) {
throw new \Exception("Action [{$id}] is not registered.");
}
return $this->actions[$id];
}
public static function factory($data)
{
if (is_a($data, "Phidias\\Api\\AccessControl")) {
return $data;
}
$retval = new AccessControl();
if ($data === "full") {
return $retval->allowFull();
}
if (!is_array($data)) {
return $retval;
}
if (isset($data["allow-origin"])) {
$retval->allowOrigin($data["allow-origin"]);
}
if (isset($data["allow-credentials"])) {
$retval->allowCredentials($data["allow-credentials"]);
}
if (isset($data["allow-headers"])) {
$retval->allowHeaders((array) $data["allow-headers"]);
}
if (isset($data["allow-methods"])) {
$retval->allowMethods((array) $data["allow-methods"]);
}
if (isset($data["expose-headers"])) {
$retval->exposeHeaders((array) $data["expose-headers"]);
}
return $retval;
}
public function beforeFilter()
{
// Check If Error Page
if ($this->name == 'CakeError') {
return;
}
if ($this->CaseRecordSystem->userLogged()) {
$acl = new AccessControl();
if (!$acl->hasAccess($this->CaseRecordSystem->getLoggedUser(), "controller_" . $this->params->controller, $this->params->action)) {
throw new UnauthorizedException('Bu işlem için yetkiniz yok');
}
}
}
public function main()
{
$this->load_pool_config();
if ($this->pool_config->is_empty()) {
$this->pool_config->add_group('default', 0, 0);
}
$rig_names = array();
$available_miners = array();
foreach ($this->config->rigs as $rig => $rig_data) {
if (!empty($rig_data['shortname'])) {
$rig_names[] = $rig_data['shortname'];
} else {
$rig_names[] = $rig;
}
foreach ($this->get_rpc($rig)->get_available_miners() as $miner) {
$available_miners[$miner] = $miner;
}
}
$pools = array();
foreach ($this->pool_config->get_groups() as $group) {
if ($group === 'donate') {
continue;
}
$groupdata = $this->pool_config->get_group($group);
$groupdata['id'] = preg_replace("/[^a-zA-Z0-9]/", "_", $group);
$pools[$group] = array('group' => $groupdata, 'pools' => $this->pool_config->get_pools($group));
}
$this->js_config('pools', $pools);
$this->js_config('can_change', AccessControl::getInstance()->has_permission(AccessControl::PERM_CHANGE_POOL_GROUP));
$this->js_config('rig_names', $rig_names);
$this->js_config('available_miners', $available_miners);
}
/**
* constructor
*/
public function __construct()
{
parent::__construct();
if (!AccessControl::canAccessProductsPage(Core::getRole())) {
die('You do NOT have access to this page');
}
}
/**
* (non-PHPdoc)
* @see BPCPageAbstract::onLoad()
*/
public function onLoad($param)
{
parent::onLoad($param);
if (!AccessControl::canAccessStockAdjustPage(Core::getRole())) {
die('You do NOT have access to this page.');
}
}
/**
* constructor
*/
public function __construct()
{
if (!AccessControl::canAccessPriceMatchPage(Core::getRole())) {
die('You have no access to this page!');
}
parent::__construct();
}
/**
* constructor
*/
public function __construct()
{
if (!AccessControl::canAccessUsersPage(Core::getRole())) {
die(BPCPageAbstract::show404Page('Access Denied', 'You have no access to this page!'));
}
parent::__construct();
}
/**
* (non-PHPdoc)
* @see BPCPageAbstract::onLoad()
*/
public function onLoad($param)
{
parent::onLoad($param);
if (!AccessControl::canAccessPriceMatchPage(Core::getRole())) {
die(BPCPageAbstract::show404Page('Access Denied', 'You do NOT have the access to this page!'));
}
}
/**
* @param string $fileName
* @param string $uploadPath
* @param string $imgFlag
* @param number $maxSize
* @param array $dontallowExt
* @param array $dontallowMime
*/
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'only' => [], 'rules' => [['allow' => true, 'actions' => ['login'], 'roles' => ['?']], ['actions' => [], 'allow' => true, 'roles' => ['@'], 'matchCallback' => function ($rule, $action) {
return Yii::$app->user->identity->status == 1;
}], ['actions' => [], 'allow' => true, 'roles' => ['@'], 'matchCallback' => function ($rule, $action) {
return Yii::$app->user->identity->status == 2;
}]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['logout' => ['post']]]];
}
public function behaviors()
{
return ['acess' => ['class' => AccessControl::className(), 'only' => ['create', 'index', 'update', 'view', 'delete'], 'rules' => [['actions' => ['create', 'index', 'update', 'view', 'delete'], 'allow' => true, 'matchCallback' => function ($rule, $action) {
if (!Yii::$app->user->isGuest) {
return Yii::$app->user->identity->perfil == 1;
// Só adms podem acessar esse controller
}
}]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]]];
}
/**
* Getting The end javascript
*
* @return string
*/
protected function _getEndJs()
{
$js = parent::_getEndJs();
if (!isset($this->Request['id'])) {
die('System ERR: no param passed in!');
}
if (trim($this->Request['id']) === 'new') {
$order = new Order();
} else {
if (!($order = Order::get($this->Request['id'])) instanceof Order) {
die('Invalid Order!');
}
}
if ($order instanceof Order && trim($order->getType()) === Order::TYPE_INVOICE) {
header('Location: /orderdetails/' . $order->getId() . '.html?' . $_SERVER['QUERY_STRING']);
die;
}
$cloneOrder = null;
if (isset($_REQUEST['cloneorderid']) && !($cloneOrder = Order::get(trim($_REQUEST['cloneorderid']))) instanceof Order) {
die('Invalid Order to clone from');
}
$paymentMethods = array_map(create_function('$a', 'return $a->getJson();'), PaymentMethod::getAll(true, null, DaoQuery::DEFAUTL_PAGE_SIZE, array('name' => 'asc')));
$shippingMethods = array_map(create_function('$a', 'return $a->getJson();'), Courier::getAll(true, null, DaoQuery::DEFAUTL_PAGE_SIZE, array('name' => 'asc')));
$customer = isset($_REQUEST['customerid']) && ($customer = Customer::get(trim($_REQUEST['customerid']))) instanceof Customer ? $customer->getJson() : null;
$js .= "pageJs";
$js .= ".setHTMLID('itemDiv', 'detailswrapper')";
$js .= ".setHTMLID('searchPanel', 'search_panel')";
$js .= ".setCallbackId('searchCustomer', '" . $this->searchCustomerBtn->getUniqueID() . "')";
$js .= ".setCallbackId('searchProduct', '" . $this->searchProductBtn->getUniqueID() . "')";
$js .= ".setCallbackId('saveOrder', '" . $this->saveOrderBtn->getUniqueID() . "')";
$js .= ".setCallbackId('cancelOrder', '" . $this->cancelOrderBtn->getUniqueID() . "')";
$js .= ".setPaymentMethods(" . json_encode($paymentMethods) . ")";
$js .= ".setShippingMethods(" . json_encode($shippingMethods) . ")";
$js .= ".setOrderTypes(" . json_encode(Order::getAllTypes()) . ")";
if ($cloneOrder instanceof Order) {
$clonOrderArray = $cloneOrder->getJson();
$clonOrderArray['items'] = array_map(create_function('$a', 'return $a->getJson();'), OrderItem::getAllByCriteria('orderId = ?', array($cloneOrder->getId())));
$js .= ".setOriginalOrder(" . json_encode($clonOrderArray) . ")";
}
if ($order instanceof Order && trim($order->getId()) !== '') {
$orderArray = $order->getJson();
$orderArray['items'] = array_map(create_function('$a', 'return $a->getJson();'), OrderItem::getAllByCriteria('orderId = ?', array($order->getId())));
$js .= ".setOrder(" . json_encode($orderArray) . ")";
}
$js .= ".init(" . json_encode($customer) . ")";
if (!AccessControl::canAccessCreateOrderPage(Core::getRole())) {
$js .= ".disableEverything(" . (in_array(Core::getRole()->getId(), array(Role::ID_ACCOUNTING, Role::ID_SALES, Role::ID_PURCHASING)) ? 'true' : '') . ")";
} else {
if ($order instanceof Order && trim($order->getId()) !== '' && intval($order->getStatus()->getId()) === OrderStatus::ID_CANCELLED) {
$js .= ".disableEverything()";
$js .= ".showModalBox('<h4>Error</h4>', '<h4>This " . $order->getType() . " has been " . $order->getStatus()->getName() . "!</h4><h4>No one can edit it anymore</h4>')";
}
}
$js .= ";";
return $js;
}
/**
* Ajax request to save new configuration settings.
*/
public function save_settings()
{
AccessControl::check_permission(AccessControl::PERM_CHANGE_NOTIFICATION_SETTINGS);
$params = new ParamStruct();
$params->add_required_param('settings', PDT_ARR);
$params->fill();
if (!$params->is_valid()) {
AjaxModul::return_code(AjaxModul::ERROR_INVALID_PARAMETER);
}
db::getInstance()->begin();
foreach ($params->settings as $key => $val) {
$this->config->set_value($key, $val, 'notify');
}
db::getInstance()->commit();
AjaxModul::return_code(AjaxModul::SUCCESS);
}
/**
* Getting The end javascript
*
* @return string
*/
protected function _getEndJs()
{
$btnIdnewPO = isset($_REQUEST['btnidnewpo']) && trim($_REQUEST['btnidnewpo']) !== '' ? trim($_REQUEST['btnidnewpo']) : null;
$manufacturers = array_map(create_function('$a', 'return $a->getJson();'), Manufacturer::getAll());
$suppliers = array_map(create_function('$a', 'return $a->getJson();'), Supplier::getAll());
$statuses = array_map(create_function('$a', 'return $a->getJson();'), ProductStatus::getAll());
$priceTypes = array_map(create_function('$a', 'return $a->getJson();'), ProductPriceType::getAll());
$codeTypes = array_map(create_function('$a', 'return $a->getJson();'), ProductCodeType::getAll());
$locationTypes = array_map(create_function('$a', 'return $a->getJson();'), PreferredLocationType::getAll());
$accountingCodes = array_map(create_function('$a', 'return array("id"=> $a->getId(), "code"=> $a->getCode(), "description"=> $a->getDescription(), "type"=> $a->getTypeId());'), AccountingCode::getAll());
$js = parent::_getEndJs();
$js .= "pageJs.setPreData(" . json_encode($manufacturers) . ", " . json_encode($suppliers) . ", " . json_encode($statuses) . ", " . json_encode($priceTypes) . ", " . json_encode($codeTypes) . ", " . json_encode($locationTypes) . ", " . json_encode($btnIdnewPO) . ", " . json_encode($accountingCodes) . ")";
$js .= ".setCallbackId('getCategories', '" . $this->getCategoriesBtn->getUniqueID() . "')";
$js .= ".setCallbackId('validateSKU', '" . $this->validateSKUBtn->getUniqueID() . "')";
$js .= ".load()";
$js .= ".bindAllEventNObjects()";
$js .= "._loadChosen();";
if (!AccessControl::canEditProduct(Core::getRole())) {
$js .= "pageJs.readOnlyMode();";
}
return $js;
}
/**
* Load all needed things (configs, api).
* @throws PHPMinerException
*/
public function setup_controller()
{
global $system_conf;
// Process updates.
new Update();
if (isset($system_conf['directory'])) {
$this->assign('docroot', $system_conf['directory']);
$this->js_config('docroot', $system_conf['directory']);
}
// Get the own config.
$this->config = Config::getInstance();
$this->access_control = AccessControl::getInstance();
// We only enable access control in a real web request, from cron we have to let it disabled.
if ($this->config->enable_access_control && !defined('IS_CRON')) {
$this->access_control->enable();
if (!$this->access_control->get_config()->is_empty() && !$this->access_control->check_login()) {
$this->fatal_error('You are not logged in. Access denied!');
}
}
if ($this->controller_name === 'access' && !$this->access_control->is_enabled()) {
$this->fatal_error('Access control is disabled, to view this page you have to enable it first under main settings. If you run this on your local machine and only you have access, this is not required.', Controller::MESSAGE_TYPE_ERROR);
}
$this->assign('current_version', implode('.', $system_conf['version']));
if (isset($system_conf['directory']) && !empty($this->config->latest_version) && $system_conf['version'] !== $this->config->latest_version) {
$this->add_message('A new version is available, current version <b>' . implode('.', $system_conf['version']) . '</b> - latest version <b>' . implode('.', $this->config->latest_version) . '</b>. <a href="https://phpminer.com" target="_blank">Download</a>. After updating to a new version, do not forget to copy the new index.php from the phpminer_rpcclient and restart the service."', Controller::MESSAGE_TYPE_INFO);
}
if (empty($this->config->cron_last_run)) {
$this->add_message('The cronjob never ran! If you configurated it correctly, just wait 1 or 2 minutes, after the cronjob was executed, this message will disappear. If not configurated please have a look at the <a href="' . $system_conf['directory'] . '/README.md" target="_blank">Readme</a>', Controller::MESSAGE_TYPE_INFO);
} else {
if (round((TIME_NOW - $this->config->cron_last_run) / 60) > 5) {
$this->add_message('The cronjob has not been executed since 5 minutes. Please check your cronjob config.', Controller::MESSAGE_TYPE_INFO);
}
}
// We can not process as a normal controller action when we check for connection within the setup or in case of disconnected connection while reconnecting.
if ($this->controller_name === 'main' && ($this->action_name === 'check_connection' || $this->action_name === 'connection_reconnect')) {
return;
}
}
?>
/><label for="enable_paging"></label></div></td>
</tr>
</tbody>
<tfoot>
<tr>
<td></td><td style="border-left:0px;"><div class="btn btn-primary" id="save_config">Save config</div></td>
</tr>
</tfoot>
</table>
</td>
<?php
}
?>
<?php
if (AccessControl::getInstance()->has_permission(AccessControl::PERM_CHANGE_MINER_SETTINGS)) {
?>
<?php
$rigs = $this->get_variable('rigs');
?>
<td style="width:50%">
<h2>CGMiner/SGMiner config per rig</h2>
<div class="tabs">
<?php
if (empty($rigs)) {
?>
No rigs are configurated, please configurate at least one rig.
<?php
} else {
?>
<?php
/**
@fn tableCRUD($ac, $tbl, $asAdmin?=false)
对象型接口的入口。
也可直接被调用,常与setParam一起使用, 提供一些定制的操作。
@param $asAdmin 默认根据用户身份自动选择"AC_"类; 如果为true, 则以超级管理员身份调用,即使用"AC0_"类。
设置$asAdmin=true好处是对于超级管理员权限来说,即使未定义"AC0_"类,默认也可以访问所有内容。
假如有Rating(订单评价)对象,不想通过对象型接口来查询,而是通过函数型接口来定制输出,接口设计为:
queryRating(storeId, cond?) -> tbl(id, score, dscr, tm, orderDscr)
查询店铺storeId的订单评价。
应用逻辑:
- 按时间tm倒排序
底层利用tableCRUD实现它,这样便于保留分页、参数cond/gres等特性:
function api_queryRating()
{
$storeId = mparam("storeId");
// 定死输出内容。
setParam("res", "id, score, dscr, tm, orderDscr");
// 相当于AccessControl框架中调用 addCond,用Obj.query接口的内部参数cond2以保证用户还可以使用cond参数。
setParam("cond2", ["o.storeId=$storeId"]);
// 定死排序条件
setParam("orderby", "tm DESC");
$ret = tableCRUD("query", "Rating", true);
return $ret;
}
注意:
- 以上示例中的设计不可取,应使用标准对象接口来实现这个需求。
@see setParam
*/
function tableCRUD($ac1, $tbl, $asAdmin = false)
{
$accessCtl = AccessControl::create($tbl, $asAdmin);
$accessCtl->before($ac1);
$tbl = $accessCtl->getTable();
$ignoreAfter = false;
if ($ac1 == "add") {
$keys = '';
$values = '';
# var_dump($_POST);
$id = $accessCtl->genId();
if ($id != 0) {
$keys = "id";
$values = (string) $id;
}
foreach ($_POST as $k => $v) {
$k = htmlEscape($k);
if ($k === "id") {
continue;
}
// ignore non-field param
if (substr($k, 0, 2) === "p_") {
continue;
}
if ($v === "") {
continue;
}
# TODO: check meta
if (!preg_match('/^\\w+$/', $k)) {
throw new MyException(E_PARAM, "bad key {$k}");
}
if ($keys !== '') {
$keys .= ", ";
$values .= ", ";
}
$keys .= $k;
$values .= Q(htmlEscape($v));
}
if (strlen($keys) == 0) {
throw new MyException(E_PARAM, "no field found to be added");
}
$sql = sprintf("INSERT INTO %s (%s) VALUES (%s)", $tbl, $keys, $values);
# var_dump($sql);
$id = execOne($sql, true);
$res = param("res");
if (isset($res)) {
setParam("id", $id);
$ret = tableCRUD("get", $tbl);
} else {
$ret = $id;
}
} elseif ($ac1 == "set") {
$id = mparam("id", $_GET);
$kv = "";
foreach ($_POST as $k => $v) {
$k = htmlEscape($k);
if ($k === 'id') {
continue;
}
// ignore non-field param
if (substr($k, 0, 2) === "p_") {
continue;
}
# TODO: check meta
if (!preg_match('/^\\w+$/', $k)) {
throw new MyException(E_PARAM, "bad key {$k}");
}
if ($kv !== '') {
$kv .= ", ";
}
// 空串或null置空;empty设置空字符串
if ($v === "" || $v === "null") {
$kv .= "{$k}=null";
} else {
if ($v === "empty") {
$kv .= "{$k}=''";
} else {
if (startsWith($k, "flag_") || startsWith($k, "prop_")) {
$kv .= flag_getExpForSet($k, $v);
} else {
$kv .= "{$k}=" . Q(htmlEscape($v));
}
}
}
}
if (strlen($kv) == 0) {
addLog("no field found to be set");
} else {
$sql = sprintf("UPDATE %s SET %s WHERE id=%d", $tbl, $kv, $id);
$cnt = execOne($sql);
}
$ret = "OK";
} elseif ($ac1 === "get" || $ac1 === "query") {
$forGet = $ac1 === "get";
$wantArray = param("wantArray/b");
$sqlConf = $accessCtl->sqlConf;
$enablePaging = true;
if ($forGet || $wantArray) {
$enablePaging = false;
}
if ($forGet) {
$id = mparam("id");
array_unshift($sqlConf["cond"], "t0.id={$id}");
} else {
$pagesz = param("_pagesz/i");
$pagekey = param("_pagekey/i");
// support jquery-easyui
if (!isset($pagesz) && !isset($pagekey)) {
$pagesz = param("rows/i");
$pagekey = param("page/i");
if (isset($pagekey)) {
$enableTotalCnt = true;
$enablePartialQuery = false;
}
}
if ($pagesz == 0) {
$pagesz = 20;
}
$maxPageSz = min($accessCtl->getMaxPageSz(), PAGE_SZ_LIMIT);
if ($pagesz < 0 || $pagesz > $maxPageSz) {
$pagesz = $maxPageSz;
}
if (isset($sqlConf["gres"])) {
$enablePartialQuery = false;
}
}
$orderSql = $sqlConf["orderby"];
// setup cond for partialQuery
if ($enablePaging) {
if ($orderSql == null) {
$orderSql = $accessCtl->getDefaultSort();
}
if (!isset($enableTotalCnt)) {
$enableTotalCnt = false;
if ($pagekey === 0) {
$enableTotalCnt = true;
}
}
// 如果未指定orderby或只用了id(以后可放宽到唯一性字段), 则可以用partialQuery机制(性能更好更精准), _pagekey表示该字段的最后值;否则_pagekey表示下一页页码。
if (!isset($enablePartialQuery)) {
$enablePartialQuery = false;
if (preg_match('/^(t0\\.)?id\\b/', $orderSql)) {
$enablePartialQuery = true;
if ($pagekey) {
if (preg_match('/\\bid DESC/i', $orderSql)) {
$partialQueryCond = "t0.id<{$pagekey}";
} else {
$partialQueryCond = "t0.id>{$pagekey}";
}
// setup res for partialQuery
if ($partialQueryCond) {
// if (isset($sqlConf["res"][0]) && !preg_match('/\bid\b/',$sqlConf["res"][0])) {
// array_unshift($sqlConf["res"], "t0.id");
// }
array_unshift($sqlConf["cond"], $partialQueryCond);
}
}
}
}
if (!$pagekey) {
$pagekey = 1;
}
}
if (!isset($sqlConf["res"][0])) {
$sqlConf["res"][0] = "t0.*";
} else {
if ($sqlConf["res"][0] === "") {
array_shift($sqlConf["res"]);
}
}
$resSql = join(",", $sqlConf["res"]);
if ($resSql == "") {
$resSql = "t0.id";
}
if (@$sqlConf["distinct"]) {
$resSql = "DISTINCT {$resSql}";
}
$tblSql = "{$tbl} t0";
if (count($sqlConf["join"]) > 0) {
$tblSql .= "\n" . join("\n", $sqlConf["join"]);
}
$condSql = "";
foreach ($sqlConf["cond"] as $cond) {
if ($cond == null) {
continue;
}
if (strlen($condSql) > 0) {
$condSql .= " AND ";
}
if (stripos($cond, " and ") !== false || stripos($cond, " or ") !== false) {
$condSql .= "({$cond})";
} else {
$condSql .= $cond;
}
}
/*
foreach ($_POST as $k=>$v) {
# skip sys param which generally starts with "_"
if (substr($k, 0, 1) === "_")
continue;
# TODO: check meta
if (! preg_match('/^\w+$/', $k))
throw new MyException(E_PARAM, "bad key $k");
if ($condSql !== '') {
$condSql .= " AND ";
}
$condSql .= KVtoCond($k, $v);
}
*/
$sql = "SELECT {$resSql} FROM {$tblSql}";
if ($condSql) {
flag_handleCond($condSql);
$sql .= "\nWHERE {$condSql}";
}
if (isset($sqlConf["union"])) {
$sql .= "\nUNION\n" . $sqlConf["union"];
}
if ($sqlConf["gres"]) {
$sql .= "\nGROUP BY {$sqlConf['gres']}";
}
if ($orderSql) {
$sql .= "\nORDER BY " . $orderSql;
}
if ($enablePaging) {
if ($enableTotalCnt) {
$cntSql = "SELECT COUNT(*) FROM {$tblSql}";
if ($condSql) {
$cntSql .= "\nWHERE {$condSql}";
}
$totalCnt = queryOne($cntSql);
}
if ($enablePartialQuery) {
$sql .= "\nLIMIT " . $pagesz;
} else {
$sql .= "\nLIMIT " . ($pagekey - 1) * $pagesz . "," . $pagesz;
}
} else {
if ($pagesz) {
$sql .= "\nLIMIT " . $pagesz;
}
}
if ($forGet) {
$ret = queryOne($sql, PDO::FETCH_ASSOC);
if ($ret === false) {
throw new MyException(E_PARAM, "not found `{$tbl}.id`=`{$id}`");
}
handleSubObj($sqlConf["subobj"], $id, $ret);
} else {
$ret = queryAll($sql, PDO::FETCH_ASSOC);
if ($ret === false) {
$ret = [];
}
if ($wantArray) {
foreach ($ret as &$mainObj) {
$id1 = $mainObj["id"];
handleSubObj($sqlConf["subobj"], $id1, $mainObj);
}
} else {
// Note: colCnt may be changed in after().
$fixedColCnt = count($ret) == 0 ? 0 : count($ret[0]);
$accessCtl->after($ret);
$ignoreAfter = true;
if ($enablePaging && $pagesz == count($ret)) {
// 还有下一页数据, 添加nextkey
if ($enablePartialQuery) {
$nextkey = $ret[count($ret) - 1]["id"];
} else {
$nextkey = $pagekey + 1;
}
}
$ret = objarr2table($ret, $fixedColCnt);
if (isset($nextkey)) {
$ret["nextkey"] = $nextkey;
}
if (isset($totalCnt)) {
$ret["total"] = $totalCnt;
}
handleFormat($ret, $tbl);
}
}
} elseif ($ac1 == "del") {
$id = mparam("id");
$sql = sprintf("DELETE FROM %s WHERE id=%d", $tbl, $id);
$cnt = execOne($sql);
if ($cnt != 1) {
throw new MyException(E_PARAM, "not found id={$id}");
}
$ret = "OK";
}
if (!$ignoreAfter) {
$accessCtl->after($ret);
}
return $ret;
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'only' => ['logout', 'signup'], 'rules' => [['actions' => ['signup'], 'allow' => true, 'roles' => ['?']], ['actions' => ['logout'], 'allow' => true, 'roles' => ['@']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['logout' => ['post']]]];
}
/**
* Add/Change a group.
*/
public function group_add()
{
AccessControl::check_permission(AccessControl::PERM_MANAGE_USERS);
$params = new ParamStruct();
$params->add_param('old_name', PDT_STRING, '');
$params->add_required_param('name', PDT_STRING);
$params->add_param('permissions', PDT_ARR, array());
$params->fill();
if (!$params->is_valid()) {
AjaxModul::return_code(AjaxModul::ERROR_INVALID_PARAMETER);
}
$old = $params->old_name;
if ($params->name !== $old && AccessControl::getInstance()->get_config()->group_exists($params->name)) {
AjaxModul::return_code(AjaxModul::ERROR_INVALID_PARAMETER, null, true, 'This group already exists.');
}
if (empty($old)) {
$result = $this->access_control->get_config()->group_add($params->name);
} else {
$this->access_control->get_config()->group_revoke_all_permission($old);
$result = $this->access_control->get_config()->group_change($old, $params->name);
}
foreach ($params->permissions as $permission) {
$this->access_control->get_config()->group_grant_permission($params->name, $permission);
}
if ($result) {
AjaxModul::return_code(AjaxModul::SUCCESS);
}
AjaxModul::return_code(AjaxModul::ERROR_DEFAULT, null, true, 'Could not add or update the user');
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'rules' => [['actions' => ['login', 'error'], 'allow' => true], ['actions' => ['index', 'view', 'create', 'update', 'delete', 'locationlist'], 'allow' => true, 'roles' => ['@']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]]];
}
private function validate($class, $func, $args)
{
// handle if $class not exist or $class doesnt have $func or number of $args not equals
if (!class_exists($class) || !method_exists(new $class(), $func) || count((new \ReflectionMethod($class, $func))->getParameters()) != count($args)) {
return $this->notFoundException();
}
// check permissions
$rules = (new $class())->rules();
if (isset($rules['accessControl']) && AccessControl::validate($rules['accessControl']) == false) {
return $this->forbiddenException();
}
return true;
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'roles' => ['@']]]]];
}
public function getUserCanPostAttribute()
{
return AccessControl::check($this, 'create_threads', false);
}
/**
* Enables access control.
*/
public static function enable()
{
self::$session = new Session();
self::$enabled = true;
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'only' => ['create', 'update', 'delete', 'view', 'index'], 'rules' => [['allow' => true, 'roles' => ['moder']], ['allow' => false, 'roles' => ['?']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['POST']]]];
}
/**
* @inheritdoc
*/
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'rules' => [['actions' => ['login', 'error'], 'allow' => true], ['actions' => ['logout', 'index'], 'allow' => true, 'roles' => ['@']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['logout' => ['post']]]];
}
public function getAccesscontrol()
{
return $this->accessControl ? AccessControl::factory($this->accessControl) : null;
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'only' => ['index', 'create', 'view'], 'ruleConfig' => ['class' => AccessRule::className()], 'rules' => [['actions' => ['index'], 'allow' => false, 'roles' => [User::ROLE_USER, User::ROLE_EMPLOYEE, User::ROLE_ADMIN]], ['actions' => ['login'], 'allow' => false, 'roles' => [User::ROLE_EMPLOYEE, User::ROLE_ADMIN]], ['actions' => ['view'], 'allow' => true, 'roles' => [User::ROLE_USER, User::ROLE_EMPLOYEE, User::ROLE_ADMIN]]]]];
}
public function behaviors()
{
return ['access' => ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'roles' => ['@']]]], 'verbs' => ['class' => VerbFilter::className(), 'actions' => ['delete' => ['post']]]];
}
public function getMenuItems()
{
$pageItem = trim($this->getPage()->menuItem);
$array = array('' => array('url' => '/', 'name' => 'Home', 'icon' => '<span class="glyphicon glyphicon-home"></span>'), 'Orders' => array('icon' => '<span class="glyphicon glyphicon-search"></span>', 'order' => array('url' => '/order.html', 'name' => 'Orders', 'icon' => '<span class="glyphicon glyphicon-search"></span>')));
/*if(AccessControl::canAccessPriceMatchPage(Core::getRole()) )
$array['priceMatch'] = array('url' => '/pricematch.html', 'name' => 'Price Match', 'icon' => '<span class="glyphicon glyphicon-usd"></span>' );*/
if (AccessControl::canAccessCreateOrderPage(Core::getRole())) {
$array['Orders']['neworder'] = array('url' => '/order/new.html', 'name' => 'New Order', 'icon' => '<span class="glyphicon glyphicon-plus"></span>');
}
if (AccessControl::canAccessOrderItemsPage(Core::getRole())) {
$array['Orders']['orderitems'] = array('url' => '/orderitems.html', 'name' => 'OrderItems');
}
if (AccessControl::canAccessOrderItemsPage(Core::getRole())) {
$array['Orders']['priceMatch'] = array('url' => '/pricematch.html', 'name' => 'Price Match', 'icon' => '<span class="glyphicon glyphicon-usd"></span>');
}
if (AccessControl::canAccessProductsPage(Core::getRole())) {
$array['Products'] = array('icon' => '<span class="glyphicon glyphicon-th-list"></span>', 'products' => array('url' => '/products.html', 'name' => 'Products', 'icon' => '<span class="glyphicon glyphicon-th-list"></span>'), 'serialNumbers' => array('url' => '/serialnumbers.html', 'name' => 'Serial Numbers', 'icon' => '<span class="glyphicon glyphicon-search"></span>'), 'manufacturers' => array('url' => '/manufacturers.html', 'name' => 'Manufactures'), 'suppliers' => array('url' => '/suppliers.html', 'name' => 'Suppliers'), 'productcodetypes' => array('url' => '/productcodetypes.html', 'name' => 'Product Code Types', 'icon' => '<span class="glyphicon glyphicon-barcode"></span>'), 'productcategories' => array('url' => '/productcategories.html', 'name' => 'Product Categories'));
if (AccessControl::canAccessStockAdjustPage(Core::getRole())) {
$array['Products']['stockadjustment'] = array('url' => '/stockadjustment.html', 'name' => 'Stock Adjustment', 'icon' => '<span class=""></span>');
}
$array['Products']['productquantitylog'] = array('url' => '/productqtylog.html', 'name' => 'Qty Log', 'icon' => '<span class=""></span>');
$array['Products']['accounting'] = array('url' => '/accounting.html', 'name' => 'Accounting Info', 'icon' => '<span class=""></span>');
$array['Products']['importer'] = array('url' => '/importer/new.html', 'name' => 'Importer', 'icon' => '<span class="fa fa-bars"></span>');
$array['Products']['ageingreport'] = array('url' => '/productageing.html', 'name' => 'Ageing Report (beta)', 'icon' => '<span class="glyphicon glyphicon-eye-open"></span>');
$array['Products']['systembuilds'] = array('url' => '/build.html', 'name' => 'System Builds');
}
if (AccessControl::canAccessPurcahseOrdersPage(Core::getRole())) {
$array['Purchase'] = array('icon' => '<span class="glyphicon glyphicon-shopping-cart"></span>', 'PurchaseOrder' => array('url' => '/purchase.html', 'name' => 'Purchase Orders', 'icon' => '<span class="glyphicon glyphicon-shopping-cart"></span>'), 'NEW PO' => array('url' => '/purchase/new.html', 'name' => 'NEW PO', 'icon' => '<span class="glyphicon glyphicon-plus"></span>'), 'NEW PO Credit' => array('url' => '/purchase/credit/new.html', 'name' => 'NEW PO Credit', 'icon' => '<span class="glyphicon glyphicon-plus"></span>'), 'Receiving' => array('url' => '/receiving.html', 'name' => 'Receiving PO', 'icon' => '<span class="fa fa-home"></span>'), 'serialNumbers' => array('url' => '/serialnumbers.html', 'name' => 'Serial Numbers', 'icon' => '<span class="glyphicon glyphicon-search"></span>'), 'priceMatch' => array('url' => '/pricematch.html', 'name' => 'Price Match', 'icon' => '<span class="glyphicon glyphicon-usd"></span>'));
}
if (AccessControl::canAccessOrderItemsPage(Core::getRole())) {
$array['Customers'] = array('url' => '/customer.html', 'name' => 'Customers', 'icon' => '<span class="glyphicon glyphicon-user"></span>');
}
if (AccessControl::canAccessAccountsPage(Core::getRole())) {
$array['Accounts'] = array('icon' => '<span class="glyphicon glyphicon-time"></span>', 'PaymentMethod' => array('url' => '/paymentmethod.html', 'name' => 'Payment Method', 'icon' => '<span class="glyphicon glyphicon-record"></span>'), 'Bill' => array('url' => '/bills.html', 'name' => 'Bills', 'icon' => '<span class="glyphicon glyphicon-usd"></span>'), 'accounting' => array('url' => '/accounting.html', 'name' => 'Accounting Info', 'icon' => '<span class=""></span>'), 'report' => array('url' => '/report.html', 'name' => 'Report', 'icon' => '<span class=""></span>'), 'CreditNote' => array('url' => '/creditnote.html', 'name' => 'Credit Note', 'icon' => '<span class=""></span>'), 'RMA' => array('url' => '/rma.html', 'name' => 'RMA', 'icon' => '<span class=""></span>'), 'importer' => array('url' => '/importer/new.html', 'name' => 'Importer', 'icon' => '<span class="fa fa-bars"></span>'));
}
if (AccessControl::canAccessLogisticsPage(Core::getRole())) {
$array['Logistics'] = array('icon' => '<span class="fa fa-arrows"></span>', 'PurchaseOrder' => array('url' => '/purchase.html', 'name' => 'Purchase Orders', 'icon' => '<span class="glyphicon glyphicon-shopping-cart"></span>'), 'Receiving' => array('url' => '/receiving.html', 'name' => 'Receiving Products', 'icon' => '<span class="fa fa-home"></span>'), 'serialNumbers' => array('url' => '/serialnumbers.html', 'name' => 'Serial Numbers', 'icon' => '<span class="glyphicon glyphicon-search"></span>'), 'Locations' => array('url' => '/locations.html', 'name' => 'Locations', 'icon' => '<span class="fa fa-arrows"></span>'), 'PreferLocationTypes' => array('url' => '/locationtypes.html', 'name' => 'Prefer Location Types', 'icon' => '<span class="glyphicon glyphicon-tasks"></span>'));
if (AccessControl::canAccessStockAdjustPage(Core::getRole())) {
$array['Logistics']['stockadjustment'] = array('url' => '/stockadjustment.html', 'name' => 'Stock Adjustment', 'icon' => '<span class=""></span>');
}
$array['Logistics']['courier'] = array('url' => '/courier.html', 'name' => 'Courier', 'icon' => '<span class=""></span>');
$array['Logistics']['Bill'] = array('url' => '/bills.html', 'name' => 'Supplier Invoices', 'icon' => '<span class="glyphicon glyphicon-usd"></span>');
}
if (AccessControl::canAccessWorkShopPage(Core::getRole())) {
$array['Workshop'] = array('icon' => '<span class="glyphicon glyphicon-wrench"></span>', 'newTask' => array('url' => '/task/new.html', 'name' => 'New Task', 'icon' => '<span class="glyphicon glyphicon-plus"></span>'), 'tasks' => array('url' => '/tasks.html', 'name' => 'Tasks', 'icon' => '<span class="glyphicon glyphicon-align-left"></span>'), 'newKit' => array('url' => '/kit/new.html', 'name' => 'Build a Kit', 'icon' => '<span class="fa fa-gavel"></span>'), 'kits' => array('url' => '/kits.html', 'name' => 'Kits', 'icon' => '<span class="glyphicon glyphicon-search"></span>'));
}
if (AccessControl::canAccessReportsPage(Core::getRole())) {
$array['Reports'] = array('icon' => '<span class="fa fa-area-chart"></span>', 'Run Rates' => array('url' => '/report/runrate.html', 'name' => 'Run Rate', 'icon' => '<span class="glyphicon glyphicon-plus"></span>'));
}
if (AccessControl::canAccessUsersPage(Core::getRole())) {
$array['Systems'] = array('icon' => '<span class="glyphicon glyphicon-cog"></span>', 'users' => array('url' => '/users.html', 'name' => 'Users', 'icon' => '<span class="glyphicon glyphicon-user"></span>'), 'messages' => array('url' => '/messages.html', 'name' => 'Messages', 'icon' => '<span class="glyphicon glyphicon-envelope"></span>'), 'logs' => array('url' => '/logs.html', 'name' => 'Logs', 'icon' => '<span class="fa fa-book"></span>'), 'systemsettings' => array('url' => '/systemsettings.html', 'name' => 'Settings', 'icon' => '<span class="glyphicon glyphicon-cog"></span>'));
}
$html = "<ul class='nav navbar-nav'>";
foreach ($array as $key => $item) {
$hasNextLevel = !isset($item['name']) && is_array($item) && count($item) > 0;
$activeClass = $pageItem === $key || array_key_exists($pageItem, $item) ? 'active' : '';
$html .= "<li class='" . $activeClass . " visible-xs visible-sm visible-md visible-lg'>";
$html .= "<a href='" . ($hasNextLevel === true ? '#' : $item['url']) . "' " . ($hasNextLevel === true ? 'class="dropdown-toggle" data-toggle="dropdown"' : '') . ">";
$html .= (isset($item['icon']) ? $item['icon'] . ' ' : '') . ($hasNextLevel === true ? $key . '<span class="caret"></span>' : $item['name']);
$html .= "</a>";
if ($hasNextLevel === true) {
$html .= "<ul class='dropdown-menu'>";
foreach ($item as $k => $i) {
if (is_string($i) || !isset($i['url'])) {
continue;
}
$html .= "<li class='" . ($pageItem === $k ? 'active' : '') . "'><a href='" . $i['url'] . "'>" . (isset($i['icon']) ? $i['icon'] . ' ' : '') . $i['name'] . "</a></li>";
}
$html .= "</ul>";
}
$html .= "</li>";
}
$html .= "</ul>";
return $html;
}
