/** * Check if user is binded to IP and compare it with his actual IP */ public function validateIP() { $user = $this->getUser(); if ($user and $user->bind_to_ip) { $ips = explode(',', $user->bind_to_ip); $ips = array_map('trim', $ips); if (!in_array(YeeHelper::getRealIp(), $ips)) { $this->addError('password', Yii::t('yee/auth', "You could not login from this IP")); } } }
/** * Save new record in DB and write unique token in session * * @param int $userId */ public static function newVisitor($userId) { $browser = new Browser(); $model = new self(); $model->user_id = $userId; $model->token = uniqid(); $model->ip = YeeHelper::getRealIp(); $model->language = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : null; $model->browser = $browser->getBrowser(); $model->os = $browser->getPlatform(); $model->user_agent = $browser->getUserAgent(); $model->visit_time = time(); $model->save(false); Yii::$app->session->set(self::SESSION_TOKEN, $model->token); }
/** * Check if user has access to current route * * @param Action $action the action to be executed. * * @return boolean whether the action should continue to be executed. */ public function beforeAction($action) { if ($action->id == 'captcha') { return true; } $route = '/' . $action->uniqueId; if (Route::isFreeAccess($route, $action)) { return true; } if (Yii::$app->user->isGuest) { $this->denyAccess(); } // If user has been deleted, then destroy session and redirect to home page if (!Yii::$app->user->isGuest and Yii::$app->user->identity === null) { Yii::$app->getSession()->destroy(); $this->denyAccess(); } // Superadmin owns everyone if (Yii::$app->user->isSuperadmin) { return true; } if (Yii::$app->user->identity and Yii::$app->user->identity->status != User::STATUS_ACTIVE) { Yii::$app->user->logout(); Yii::$app->getResponse()->redirect(Yii::$app->getHomeUrl()); } if (User::canRoute($route)) { $modelId = Yii::$app->getRequest()->getQueryParam('id'); $modelClass = isset($this->owner->modelClass) ? $this->owner->modelClass : null; //Check access for owners if ($modelClass && YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()) && $modelId) { $model = $modelClass::findOne(['id' => $modelId]); if ($model && Yii::$app->user->identity->id == $model->{$modelClass::getOwnerField()}) { return true; } } else { return true; } } if (isset($this->denyCallback)) { call_user_func($this->denyCallback, null, $action); } else { $this->denyAccess(); } return false; }
public function actionFlush() { $frontendAssetPath = Yii::getAlias('@frontend') . '/web/assets/'; $backendAssetPath = Yii::getAlias('@backend') . '/web/assets/'; YeeHelper::recursiveDelete($frontendAssetPath); YeeHelper::recursiveDelete($backendAssetPath); if (!is_dir($frontendAssetPath)) { @mkdir($frontendAssetPath); } if (!is_dir($backendAssetPath)) { @mkdir($backendAssetPath); } if (Yii::$app->cache->flush()) { Yii::$app->session->setFlash('crudMessage', 'Cache has been flushed.'); } else { Yii::$app->session->setFlash('crudMessage', 'Failed to flush cache.'); } return Yii::$app->getResponse()->redirect(Yii::$app->getRequest()->referrer); }
/** * Lists all models. * @return mixed */ public function actionIndex() { $modelClass = $this->modelClass; $searchModel = $this->modelSearchClass ? new $this->modelSearchClass() : null; $searchLinkModel = $this->modelLinkSearchClass ? new $this->modelLinkSearchClass() : null; $restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()); if ($searchModel) { $searchName = StringHelper::basename($searchModel::className()); $params = Yii::$app->request->getQueryParams(); if ($restrictAccess) { $params[$searchName][$modelClass::getOwnerField()] = Yii::$app->user->identity->id; } $dataProvider = $searchModel->search($params); } else { $restrictParams = $restrictAccess ? [$modelClass::getOwnerField() => Yii::$app->user->identity->id] : []; $dataProvider = new ActiveDataProvider(['query' => $modelClass::find()->where($restrictParams)]); } return $this->renderIsAjax('index', compact('dataProvider', 'searchModel', 'searchLinkModel')); }
/** * Creates data provider instance with search query applied * * @param array $params * * @return ActiveDataProvider */ public function search($params = []) { $queryParams = Yii::$app->request->getQueryParams(); $query = MenuLink::find()->joinWith('translations'); $dataProvider = new ActiveDataProvider(['query' => $query, 'pagination' => ['pageSize' => -1], 'sort' => ['defaultOrder' => ['order' => SORT_ASC]]]); $this->load($queryParams); foreach ($params as $key => $value) { $this->{$key} = $value; } $restrictLinkAccess = YeeHelper::isImplemented(MenuLink::className(), OwnerAccess::CLASSNAME) && !User::hasPermission(MenuLink::getFullAccessPermission()); if (!$this->validate()) { // uncomment the following line if you do not want to return any records when validation fails // $query->where('0=1'); return $dataProvider; } if ($restrictLinkAccess) { $query->andFilterWhere([MenuLink::getOwnerField() => Yii::$app->user->identity->id]); } $query->andWhere(['menu_id' => $this->menu_id])->andFilterWhere(['alwaysVisible' => $this->alwaysVisible])->andFilterWhere(['like', 'id', $this->id])->andWhere(['parent_id' => $this->parent_id]); return $dataProvider; }
/** * Make sure user will not deactivate himself and superadmin could not demote himself * Also don't let non-superadmin edit superadmin * * @inheritdoc */ public function beforeSave($insert) { if ($insert) { if (php_sapi_name() != 'cli') { $this->registration_ip = YeeHelper::getRealIp(); } $this->generateAuthKey(); } else { // Console doesn't have Yii::$app->user, so we skip it for console if (php_sapi_name() != 'cli') { if (Yii::$app->user->id == $this->id) { // Make sure user will not deactivate himself $this->status = static::STATUS_ACTIVE; // Superadmin could not demote himself if (Yii::$app->user->isSuperadmin and $this->superadmin != 1) { $this->superadmin = 1; } } // Don't let non-superadmin edit superadmin if (!Yii::$app->user->isSuperadmin and $this->oldAttributes['superadmin'] == 1) { return false; } } } // If password has been set, than create password hash if ($this->password) { $this->setPassword($this->password); } return parent::beforeSave($insert); }
/** * Deactivate all selected grid items */ public function actionBulkDelete() { if (Yii::$app->request->post('selection')) { $modelClass = $this->modelClass; $restrictAccess = YeeHelper::isImplemented($modelClass, OwnerAccess::CLASSNAME) && !User::hasPermission($modelClass::getFullAccessPermission()); foreach (Yii::$app->request->post('selection', []) as $id) { $where = ['id' => $id]; if ($restrictAccess) { $where[$modelClass::getOwnerField()] = Yii::$app->user->identity->id; } $model = $modelClass::findOne($where); if ($model) { $model->delete(); } } } }
<div class="row"> <div class="col-md-<?php echo $col3; ?> "> <?php echo $form->field($model, 'birth_day')->textInput(['maxlength' => 2]); ?> </div> <div class="col-md-<?php echo $col3; ?> "> <?php echo $form->field($model, 'birth_month')->dropDownList(YeeHelper::getMonthsList()); ?> </div> <div class="col-md-<?php echo $col3; ?> "> <?php echo $form->field($model, 'birth_year')->textInput(['maxlength' => 4]); ?> </div> </div> <div class="row"> <div class="col-md-<?php echo $col6;
/** * Set default options */ protected function setDefaultOptions() { if (!$this->links) { $model = $this->model; $formName = $this->searchModel->formName(); if (!$this->options) { $this->options = $this->defaultOptions; if (is_array($this->labels)) { $this->options = ArrayHelper::merge($this->options, self::addKeyToValue($this->labels, 'label')); } } foreach ($this->options as $option) { if ($this->showCount) { if (YeeHelper::isImplemented($model, OwnerAccess::CLASSNAME) && !User::hasPermission($model::getFullAccessPermission())) { $option['filterWhere'][$model::getOwnerField()] = Yii::$app->user->identity->id; } $count = $model::find()->filterWhere($option['filterWhere'])->count(); $count = " ({$count})"; } $label = $option['label'] . ($count ? $count : ''); $url = [$this->action, $formName => $option['filterWhere']]; $this->links[$label] = $url; } } }