public function actionDeleteCollateral($id)
{
$model = AppFormCollateralAccount::findOne($id);
$model->delete = Dict::DELETE_YES;
$model->save();
$appFormModel = AppForm::find()->andWhere(['id_application' => $model->id_application])->one();
$appFormModel->save(false);
return $this->redirect(['collateral-information', 'id_application' => $model->id_application]);
}
public function beforeAction($action)
{
// ID
$ctrl_id = $action->controller->id;
$action_id = $action->id;
$behaviour = $ctrl_id . '/' . $action_id;
if (parent::beforeAction($action)) {
// 判断 id_application 权限
if (isset($_GET['id_application']) && !isset($_GET['id_app_task'])) {
$application = Application::findOne($_GET['id_application']);
if (!$application->checkOnwerAccess($this->user->id_user)) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT) {
$this->AUTH = Dict::AUTH_READ;
$app_task = AppTask::findOne(['id_application' => $application->id_application, 'id_app_task_type' => DictTask::TYPE_APPLICATION_FORM]);
if (($app_task->status != DictTask::STATUS_ACTIVE || $app_task->application->id_application_status != DictApplication::STATUS_ACTIVE) && !in_array($behaviour, ['task-sign/close', 'task-supplemental-information/view-file'])) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT || $this->user->id_user_role == Dict::USER_ROLE_ADVISOR) {
$this->redirect(['/application/view', 'id' => $app_task->id_application]);
} else {
if ($this->user->id_user_role == Dict::USER_ROLE_CLIENT) {
$this->redirect(['/loan/application']);
}
}
return false;
}
} else {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
}
} else {
// app-form 特殊判断
if ($ctrl_id == 'app-form') {
$app_task = AppTask::findOne(['id_application' => $application->id_application, 'id_app_task_type' => DictTask::TYPE_APPLICATION_FORM]);
if ($app_task->status != DictTask::STATUS_ACTIVE || $app_task->application->id_application_status != DictApplication::STATUS_ACTIVE) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT || $this->user->id_user_role == Dict::USER_ROLE_ADVISOR) {
$this->redirect(['/application/view', 'id' => $app_task->id_application]);
} else {
if ($this->user->id_user_role == Dict::USER_ROLE_CLIENT) {
$this->redirect(['/loan/application']);
}
}
return false;
}
if ($app_task->owner_type == DictTask::$userRoleToOwner[$this->user->id_user_role]) {
$this->AUTH = Dict::AUTH_OPERATE;
} else {
$this->AUTH = Dict::AUTH_READ;
}
} else {
if ($behaviour == 'task-sign/close') {
$betterdebt = Betterdebt::findOne(['id_user' => $this->user->id_user]);
if ($betterdebt->is_in_service_team == Dict::BD_SERVICE_TEAM_YES) {
$this->AUTH = Dict::AUTH_OPERATE;
} else {
$this->AUTH = Dict::AUTH_READ;
}
} else {
$this->AUTH = Dict::AUTH_READ;
}
}
}
}
// 判断 id_app_task 权限
if (isset($_GET['id_app_task'])) {
$app_task = AppTask::findOne($_GET['id_app_task']);
if ($app_task->application->checkOnwerAccess($this->user->id_user)) {
if (!AppTask::checkOnwerAccess($app_task, $behaviour)) {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
} else {
if (in_array($behaviour, ['task-sign/close', 'task/assign-to', 'task-sign/remind'])) {
$this->AUTH = Dict::AUTH_OPERATE;
} else {
if (DictTask::$ownerToUserRole[$app_task->owner_type] == $this->user->id_user_role) {
$this->AUTH = Dict::AUTH_OPERATE;
} else {
$this->AUTH = Dict::AUTH_READ;
}
}
}
} else {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT) {
$this->AUTH = Dict::AUTH_READ;
} else {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
}
}
$loan = Loan::findOne(['id_application' => $app_task->id_application]);
// 如果任务不是正在进行中,则跳转
if ($app_task->status != DictTask::STATUS_ACTIVE || $app_task->application->id_application_status != DictApplication::STATUS_ACTIVE || isset($loan) && $loan->status == Dict::LOAN_STATUS_CLOSED) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT || $this->user->id_user_role == Dict::USER_ROLE_ADVISOR) {
$this->redirect(['/application/view', 'id' => $app_task->id_application]);
} else {
if ($this->user->id_user_role == Dict::USER_ROLE_CLIENT) {
$this->redirect(['/loan/application']);
}
}
return false;
}
}
// 判断 id_app_form_collateral_account 权限
if (isset($_GET['id_app_form_collateral_account'])) {
$collateral_account = AppFormCollateralAccount::findOne($_GET['id_app_form_collateral_account']);
if (!$collateral_account->application->checkOnwerAccess($this->user->id_user)) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT) {
$this->AUTH = Dict::AUTH_READ;
} else {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
}
} else {
$this->AUTH = Dict::AUTH_OPERATE;
}
}
// 判断 id_app_task_checkpoint 权限
if (isset($_GET['id_app_task_checkpoint'])) {
$checkpoint = AppTaskCheckpoint::findOne($_GET['id_app_task_checkpoint']);
if (!$checkpoint->appTask->application->checkOnwerAccess($this->user->id_user) || !AppTask::checkOnwerAccess($checkpoint->appTask, $behaviour)) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT) {
$this->AUTH = Dict::AUTH_READ;
} else {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
}
} else {
$this->AUTH = Dict::AUTH_OPERATE;
}
}
}
return true;
}
