public function beforeAction($action)
{
if (parent::beforeAction($action)) {
if (isset($_GET['id_application'])) {
$appTaskModel = AppTask::find()->andWhere(['id_application' => $_GET['id_application'], 'id_app_task_type' => 1])->one();
$this->appTaskModel = $appTaskModel;
}
return true;
}
}
public function beforeAction($action)
{
parent::beforeAction($action);
if ($action->id == 'create' && $this->user->id_user_role != Dict::USER_ROLE_ADVISOR) {
throw new BadRequestHttpException('Permission denied');
}
if ($action->id == 'view' && $this->user->id_user_role == Dict::USER_ROLE_CLIENT) {
throw new BadRequestHttpException('Permission denied');
}
if (isset($_GET['id'])) {
$this->application = $this->findModel($_GET['id']);
if (!$this->application->checkOnwerAccess($this->user->id_user)) {
if ($this->user->id_user_role == Dict::USER_ROLE_BETTERDEBT) {
$this->AUTH = Dict::AUTH_READ;
} else {
throw new UnauthorizedHttpException("Sorry, you don't have permission to access this page.");
}
} else {
$this->AUTH = Dict::AUTH_OPERATE;
}
}
return true;
}
