private function __construct()
{
$mode = isset($_GET['mode']) ? $_GET['mode'] : false;
require 'core/models/class.Access.php';
switch ($mode) {
case 'login':
$login = new Access();
$login->Login();
break;
case 'reg':
if (isset($_POST['faccion'])) {
$reg = new Access();
$reg->Register();
} else {
$lng = new Lang();
$template = new Smarty();
$template->assign(array('x_user' => $lng->x_user, 'x_pass' => $lng->x_pass, 'x_email' => $lng->x_email, 'x_registrarme' => $lng->x_registrarme));
$template->display('public/registro.xnv');
}
break;
default:
$lng = new Lang();
$template = new Smarty();
$template->assign(array('x_user' => $lng->x_user, 'x_pass' => $lng->x_pass, 'x_recordar' => $lng->x_recordar, 'x_submit' => $lng->x_submit));
$template->display('public/index.xnv');
break;
}
unset($lng, $template);
}
public function delete()
{
$Access = new Access($this->data->id);
$Access->delete();
$go = '>auth/Access/formFind';
$this->renderPrompt('information', "Access [{$this->data->idAccess}] removido.", $go);
}
public function getNoParentRootTeam()
{
$query = " SELECT * ";
$query .= " FROM utenti ";
$query .= " WHERE parent > " . BASE_PARENT_ROOT;
$query .= " AND active = '" . VALUE_YES . "'";
$query .= " ORDER BY parent,cognome ASC ";
$acc = new Access();
$res = $acc->select($query);
return $res;
}
public static function init()
{
$config = Config::load('modules');
self::$default_modules = $config['default'];
$db = DB::get();
$modules = array();
$enabled_modules = array();
if (!empty($config['table'])) {
$table = new $config['table']();
$modules = $table->whereBy('module_enabled', 'Y')->column('module_key');
$enabled_modules = array_merge($enabled_modules, $modules);
}
self::$enabled_modules = array_merge(self::$default_modules, $enabled_modules);
$app = App::get();
Access::reset();
self::$paths = array();
foreach (self::$enabled_modules as $v) {
$cl = 'Pina\\Modules\\' . $v . '\\' . $v . 'Module';
$path = '';
if (class_exists($cl)) {
$c = new $cl();
$path = $c->path();
} else {
$path = App::path() . '/default/Modules/' . $v;
}
self::$paths[$v] = $path;
}
foreach (self::$paths as $base) {
$path = $base . '/' . $app . '/init.php';
if (is_file($path)) {
include_once $path;
}
}
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionCreate($idTree)
{
$modelTree = Tree::model()->find('id=:id AND module=:module AND organization=:organization', array(':id' => $idTree, ':module' => 'news', ':organization' => Yii::app()->session['code_no']));
if ($modelTree === null) {
throw new CHttpException(404, 'Страница не найдена.');
}
if (!(Yii::app()->user->admin || Access::model()->checkAccessUserForTree($idTree))) {
throw new CHttpException(403, 'Доступ запрещен.');
}
$model = new News();
$model->id_tree = $idTree;
$model->flag_enable = true;
$model->date_start_pub = date('d.m.Y');
$model->date_end_pub = date('01.m.Y', PHP_INT_MAX);
$model->author = Yii::app()->user->name;
$model->general_page = 0;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if (isset($_POST['News'])) {
$model->attributes = $_POST['News'];
$model->log_change = LogChange::setLog($model->log_change, 'создание');
if ($model->save()) {
// сохраняем файлы
$model->saveFiles($model->id, $idTree);
// сохраняем изображения
$model->saveImages($model->id, $idTree);
// сохраняем миниатюра изображения
$model->saveThumbailForNews($model);
$this->redirect(array('view', 'id' => $model->id, 'idTree' => $idTree));
}
}
$this->render('create', array('model' => $model, 'idTree' => $idTree));
}
/**
* 用户组绑定权限
*/
public function actionIndex($id)
{
$id = (int) $id;
$model = Group::model()->findByPk($id);
if ($model->access) {
foreach ($model->access as $g) {
$access[] = $g->access_id;
}
}
$cache = cache('auth_controller_file');
if (!$cache) {
$d = $this->_get_modules(\Yii::getPathOfAlias('application.modules'));
if ($d) {
Access::generate($d);
}
DirHelper::$kep_list_file = false;
cache('auth_controller_file', true);
}
$rows = DB::all('access', array('select' => "id,name,pid"));
foreach ($rows as $v) {
$out[$v['id']] = $v;
}
$rows = ArrHelper::_tree_id($rows);
if ($_POST) {
$auth = $_POST['auth'];
GroupAccess::saveAccess($id, $auth);
cache('acl', false);
flash('success', __('set access success'));
$this->redirect(url('admin/auth/index', array('id' => $id)));
}
return $this->render('index', array('rows' => $rows, 'out' => $out, 'model' => $model, 'id' => $id, 'access' => $access));
}
function studentController()
{
if (!Access::check('student')) {
abort404();
}
view('students');
}
public static function load($blog_id = null, $user_id = null, $include_count = true, $offset = 0, $limit = BLOG_DISPLAY_LIMIT)
{
$filters = array();
$current_user = \Warden::current_user();
$result = array('data' => array(), 'count' => 0);
if (empty($blog_id)) {
if (empty($user_id)) {
$filters['public_flag'] = true;
//only load public blogs if not loading a specific user's blog
if (!$current_user || !\Access::can('publicize_any_blog', $current_user)) {
$filters['publish_flag'] = true;
//only load published blogs if the user is not privileged to publicize any blog
}
} else {
if (!$current_user || $user_id != $current_user->id) {
$filters['publish_flag'] = true;
//only load published blogs if the user is loading a blog that's not their own
}
$filters['user_id'] = $user_id;
//load blogs for the specified user only
}
$result['data'] = static::get_where($filters, $offset, $limit);
} else {
$result['data'] = static::get_where(array('id' => $blog_id, 0, 1));
}
if (!empty($result['data'])) {
$result['count'] = $include_count ? static::get_count($filters) : count($result['data']);
}
return $result;
}
public function getAdminEntitiesIDs($entity_name)
{
if (\Auth::check()) {
return array_flatten(\Access::where('user_id', \Auth::user()->id)->where('entity_name', $entity_name)->get(['entity_id'])->toArray());
}
return [];
}
function teacherController()
{
if (!Access::check('teacher')) {
abort404();
}
view('teachers');
}
public function action_delete()
{
$result = array('status' => false, 'error' => array());
try {
$input = Input::post();
if (empty($input) || empty($input['id'])) {
throw new Exception('You must specify a blog to delete.');
}
$blog = Model_Blog::find($input['id']);
if (!$blog) {
throw new Exception('Blog not found.');
}
if (!\Access::can('delete_any_blog', $this->user) && (!\Access::can('delete_own_blog', $this->user) || !Model_Agency_Contact::is_confirmed($blog->user_id, $this->user))) {
throw new Exception('You are not authorized to delete this blog');
}
try {
$blog->delete();
$result['status'] = true;
} catch (\Orm\ValidationFailed $ex) {
$result['error'] = $ex->getMessage();
} catch (Exception $ex) {
$msg = $ex->getMessage();
$result['error'] = $msg ? $msg : 'Oops, something went wrong.';
}
} catch (Exception $ex) {
$result['error'] = $ex->getMessage();
}
return $this->response($result);
}
/**
* 返回access 里面name
*/
function access()
{
$model = Access::find()->all();
$t = \app\core\Arr::parentTree($model, $this->access_id);
unset($s);
foreach ($t as $v) {
$s .= $v . ".";
}
return substr($s, 0, -1);
}
/**
* has_access
* This function returns true or false if the current user
* has access to this playlist
*/
public function has_access()
{
if (!Access::check('interface', '25')) {
return false;
}
if ($this->user == $GLOBALS['user']->id) {
return true;
} else {
return Access::check('interface', '100');
}
}
function checkPass($chave)
{
session::delete('id_user');
if (!Access::where('accesskey', $chave)->exists()) {
return true;
} else {
$a = Access::where('accesskey', $chave)->get();
session::set('id_user', $a[0]->id_user);
return false;
}
}
function update_preferences($pref_id = 0)
{
/* Get current keys */
$sql = "SELECT `id`,`name`,`type` FROM `preference`";
/* If it isn't the System Account's preferences */
if ($pref_id != '-1') {
$sql .= " WHERE `catagory` != 'system'";
}
$db_results = Dba::read($sql);
$results = array();
// Collect the current possible keys
while ($r = Dba::fetch_assoc($db_results)) {
$results[] = array('id' => $r['id'], 'name' => $r['name'], 'type' => $r['type']);
}
// end collecting keys
/* Foreach through possible keys and assign them */
foreach ($results as $data) {
/* Get the Value from POST/GET var called $data */
$name = $data['name'];
$apply_to_all = 'check_' . $data['name'];
$new_level = 'level_' . $data['name'];
$id = $data['id'];
$value = scrub_in($_REQUEST[$name]);
/* Some preferences require some extra checks to be performed */
switch ($name) {
case 'transcode_bitrate':
$value = Stream::validate_bitrate($value);
break;
default:
break;
}
if (preg_match('/_pass$/', $name)) {
if ($value == '******') {
unset($_REQUEST[$name]);
} else {
if (preg_match('/md5_pass$/', $name)) {
$value = md5($value);
}
}
}
/* Run the update for this preference only if it's set */
if (isset($_REQUEST[$name])) {
Preference::update($id, $pref_id, $value, $_REQUEST[$apply_to_all]);
}
if (Access::check('interface', '100') && $_REQUEST[$new_level]) {
Preference::update_level($id, $_REQUEST[$new_level]);
}
}
// end foreach preferences
// Now that we've done that we need to invalidate the cached preverences
Preference::clear_from_session();
}
/**
* страница работы с клиентом
*/
public function action_client()
{
$clientId = $this->request->param('id');
Access::check('client', $clientId);
$client = Model_Client::getClient($clientId);
$contracts = Model_Contract::getContracts($clientId);
if (empty($client)) {
throw new HTTP_Exception_404();
}
$popupContractAdd = Common::popupForm('Добавление нового договора', 'contract/add');
$popupCabinetCreate = Common::popupForm('Создание личного кабинета', 'client/cabinet_create');
$this->tpl->bind('client', $client)->bind('contracts', $contracts)->bind('popupContractAdd', $popupContractAdd)->bind('popupCabinetCreate', $popupCabinetCreate);
}
/**
* @covers Xoops\Core\Cache\Access::clear
* @covers Xoops\Core\Cache\Access::write
* @covers Xoops\Core\Cache\Access::read
*/
public function testClear()
{
$key = 'offhand/name';
$value = 'Fred';
$ret = $this->object->write($key, $value);
$this->assertTrue($ret);
$ret = $this->object->read($key);
$this->assertSame($ret, $value);
$ret = $this->object->clear();
$this->assertTrue($ret);
$ret = $this->object->read($key);
$this->assertFalse($ret);
}
/**
* 返回access 里面name
*/
function access($access_id = null)
{
$model = Access::model()->findAll();
if (!$access_id) {
$access_id = $this->access_id;
}
$t = \ArrHelper::parentTree($model, $access_id);
unset($s);
foreach ($t as $v) {
$s .= $v . ".";
}
return substr($s, 0, -1);
}
/**
* 2007-2015 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <*****@*****.**>
* @copyright 2007-2015 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
function ps_1702_right_management()
{
$actions = array('CREATE', 'READ', 'UPDATE', 'DELETE');
/**
* Add roles
*/
foreach (array('TAB', 'MODULE') as $element) {
foreach ($actions as $action) {
Db::getInstance()->execute('
INSERT INTO `' . _DB_PREFIX_ . 'authorization_role`
(`slug`)
SELECT CONCAT("ROLE_MOD_' . $element . '_", UCASE(`class_name`), "_' . $action . '")
FROM `' . _DB_PREFIX_ . strtolower($element) . '`
');
}
}
/**
* Add access
*/
$accessObject = new Access();
// Tabs
$oldAccess = Db::getInstance()->executeS('SELECT * FROM `' . _DB_PREFIX_ . 'access_old`');
foreach ($oldAccess as $currOldAccess) {
foreach (array('view', 'add', 'edit', 'delete') as $action) {
if (array_key_exists($action, $currOldAccess) && $currOldAccess[$action] == '1') {
$accessObject->updateLgcAccess($currOldAccess['id_profile'], $currOldAccess['id_tab'], $action, true);
}
}
}
// Modules
$oldAccess = Db::getInstance()->executeS('SELECT * FROM `' . _DB_PREFIX_ . 'module_access_old`');
foreach ($oldAccess as $currOldAccess) {
foreach (array('configure', 'view', 'uninstall') as $action) {
if (array_key_exists($action, $currOldAccess) && $currOldAccess[$action] == '1') {
$accessObject->updateLgcAccess($currOldAccess['id_profile'], $currOldAccess['id_tab'], $action, true);
}
}
}
}
private function configuration()
{
Assets::$test = TRUE;
// Delete in real
$this->fc = FrontController::getInstance();
$this->controller = strtolower(str_replace('Controller', '', $this->fc->getController()));
$this->action = strtolower(str_replace('Action', '', $this->fc->getAction()));
$this->view = new View();
$this->params = $this->fc->getParams();
if ($this->controller == 'error') {
return;
}
// Users and Access
$this->mu = M_Users::Instance();
$this->user = $this->mu->GetUser();
$accessByIp = IpAccess::isAccess($_SERVER['REMOTE_ADDR']);
if ((!$accessByIp || $this->user->locked) && $this->controller != 'authorization') {
$expire = time() + 3600 * 24 * 100;
setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
$this->redirect(array('authorization', 'login'));
exit;
}
$access = new Access();
$access->fillFromUser($this->user);
$access->setAccessParams($this->controller, $this->action);
$sectionAccess = $access->sectionAccess();
$actionAccess = $access->actionAccess();
if (!$sectionAccess || !$actionAccess) {
if ($this->user->isGuest) {
$expire = time() + 3600 * 24 * 100;
setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
$this->redirect(array('authorization', 'login'));
}
$pageArr = $access->UserAccessPage;
$redirectArray = $pageArr ? $pageArr : array('error', '');
$this->redirect($redirectArray);
}
$this->access = $access;
$sInfo = $access->actionAccess(array('service', 'info')) ? true : false;
$this->fc->setSInfo($sInfo);
unset($access);
$this->pageTitle = __('pageTitle');
$array = array('access' => $this->access, 'controller' => $this->controller, 'action' => $this->action, 'user' => $this->user);
$this->setMainVars($array);
if (!empty($_POST)) {
$_POST = AF::clearDataArray($_POST);
}
// Set user
AF::setUser($this->user);
AF::setUserAccess($this->access);
//$sectionID = ( isset($this->params['id']) && is_numeric($this->params['id']) ) ? $this->params['id'] : '';
//Log::createLog($this->user->user_id, $this->action."Action", $this->controller, $sectionID);
}
public function action_login()
{
$this->template->title = 'User » Login';
$this->template->content = $this->action_get_login_form();
$post = Input::post();
if (!empty($post)) {
//get the destination path to redirect to upon login
$destination = empty($_REQUEST['destination']) ? '/welcome' : $_REQUEST['destination'];
$this->template->content->destination = $destination;
//add server-side validation
$validation = $this->template->content->validation;
$validation->add_field('username_or_email', 'Username or Email', 'required');
$validation->add_field('password', 'Password', 'required');
if ($validation->run()) {
try {
$authenticated_flag = false;
if ($this->user && \Access::can('impersonate_any_user', $this->user)) {
Warden::logout();
$authenticated_flag = Warden::force_login($validation->validated('username_or_email'), true);
} else {
$authenticated_flag = Warden::authenticate($validation->validated('username_or_email'), $validation->validated('password'), Input::post('remember_me'));
}
if ($authenticated_flag) {
Response::redirect(Uri::create($destination, array(), array(), false));
} else {
Session::set_flash('error', 'Invalid username/email or password entered.');
}
} catch (Warden\Failure $failure) {
switch ($failure->reason()) {
case 'unconfirmed':
//user is unconfirmed - let them know they need to confirm and activate their account
Session::set_flash('error', $failure->getMessage());
$this->template->content = View::forge('user/unconfirmed');
$this->template->content->user = $failure->get_user();
$this->template->content->user->send_confirmation_instructions();
break;
case 'locked':
Session::set_flash('error', array('Your account has been locked due to too many consecutive failed login attempts.', 'Check your email for instructions on unlocking your account. Or you can wait a few days and try again.'));
break;
default:
Session::set_flash('error', $failure->getMessage());
}
} catch (Exception $ex) {
Session::set_flash('error', $ex->getMessage());
}
} else {
Session::set_flash('error', 'Invalid username/email or password entered.');
}
}
}
/**
Функция возвращает массив с правами пользователей
на разделы в зависимости от выбранного режима section->use_organization = true|false
если true - возвращает права по организациям access_organization->right_(view|create|edit|delete)
если false - возвращает права на текущий раздел access->right_(view|create|edit|delete)
Передаваемые параметры:
$section_id (обязательный) - ИД Раздела (Section->id)
$org_id (не обязательный, по умолчанию = 0) - ИД
Результат:
array('allow|deny'
{,actions=array('index'|,'admin'|,'create'|,'edit'|,'delete')}
,users=>array('имя текущего пользователя')
)
**/
public static function getAccessRight($section_id, $org_id = 0)
{
if (Yii::app()->user->role_admin) {
return array('allow', 'users' => array(Yii::app()->user->name));
}
$result_array = array('users' => array(Yii::app()->user->name));
$result_actions = array();
$modelSection = Section::model()->findByPk($section_id);
if (count($modelSection) == 0) {
return $result_array;
}
$tableAccess = Access::model()->tableSchema->rawName;
$tableAccessOrganization = Yii::app()->db->tablePrefix . 'access_organization';
$tableGroupUser = Yii::app()->db->tablePrefix . 'group_user';
$model = Yii::app()->db->createCommand()->select('t.id,t.date_create,t.date_modification,' . (!$modelSection->use_organization ? 't.right_view,t.right_create,t.right_edit,t.right_delete' : ($org_id == 0 && $modelSection->use_organization ? 'a_o.right_view,' : 'a_o.right_view,') . 'a_o.right_view,a_o.right_create,a_o.right_edit,a_o.right_delete'))->from('{{access}} t')->leftJoin($tableAccessOrganization . ' a_o', '[t].[id]=[a_o].[id_access]' . (!($org_id == 0 && $modelSection->use_organization) ? ' AND [a_o].[id_organization]=' . $org_id : ''))->where('[t].[id_section]=' . $section_id . ' AND ([t].[id_user]=' . Yii::app()->user->id . ' OR ' . '[t].[id_group] IN (select [g_u].[id_group] from ' . $tableGroupUser . ' [g_u] ' . 'where [g_u].[id_user]=' . Yii::app()->user->id . '))')->queryAll();
foreach ($model as $value) {
if ($value['right_view'] == true) {
if (!in_array('index', $result_actions)) {
$result_actions[] = 'index';
}
if (!in_array('admin', $result_actions)) {
$result_actions[] = 'admin';
}
}
if (!($modelSection->use_organization && $org_id == 0)) {
if ($value['right_create'] == true) {
if (!in_array('create', $result_actions)) {
$result_actions[] = 'create';
}
}
if ($value['right_edit'] == true) {
if (!in_array('edit', $result_actions)) {
$result_actions[] = 'edit';
}
}
if ($value['right_delete'] == true) {
if (!in_array('delete', $result_actions)) {
$result_actions[] = 'delete';
}
}
}
}
if (count($result_actions)) {
$result_array = array_merge($result_array, array('allow', 'actions' => $result_actions));
} else {
$result_array = array_merge($result_array, array('deny'));
}
return $result_array;
}
/**
* Loads default home page.
*/
public function index($lang = 'ch')
{
if (!file_exists('application/views/' . $lang . '/index.php')) {
// Whoops, we don't have a page for that!
show_404();
}
$this->load->model('video_model', 'video');
$data['video'] = $this->video->get_last_video(Access::isLoggedIn());
$this->load->library('javascript_plugins');
$plugins = $this->javascript_plugins;
$footer_data['js_plugins'] = $plugins->generate(array($plugins::FlowPlayer));
$this->loadHeader($lang);
$this->load->view($lang . '/index', $data);
$this->load->view('templates/footer', $footer_data);
}
/**
* Loads prayer history page.
*/
public function prayerhistory($lang = 'ch')
{
if (!Access::hasPrivilege(Access::PRI_READ_PRAYER)) {
// TODO: show authentication error.
show_404();
}
if (!file_exists('application/views/' . $lang . '/request/requesthistory.php')) {
// Whoops, we don't have a page for that!
show_404();
}
$this->load->model('request_model', 'request');
$data['requests'] = $this->request->get_requests($lang);
$this->loadHeader($lang);
$this->load->view($lang . '/request/requesthistory', $data);
$this->load->view('templates/footer');
}
public static function account_validate($username, $firstname, $lastname, $email)
{
$user = new Access();
if (empty($username)) {
validate::$er_message = '<i style="color: red;">Username field cannot be left empty</i><br/>';
return false;
}
if (empty($email)) {
validate::$er_message .= '<i style="color: red;">Email field cannot be left empty</i><br/>';
return false;
}
if (empty($firstname)) {
return true;
}
if (strlen($firstname) > 10 || strlen($firstname) < 2) {
validate::$er_message = '<i style="color: red;">First name must be greater the 2 characters and less the 10 characters long! </i><br/>';
return false;
}
if (is_numeric($firstname)) {
validate::$er_message = '<i style="color: red;">First name must be letters only!</i><br/>';
return false;
}
if (empty($lastname)) {
return true;
}
if (strlen($lastname) > 10 || strlen($lastname) < 2) {
validate::$er_message = '<i style="color: red;">Last name must be greater the 2 characters and less the 10 characters long! </i><br/>';
return false;
}
if (is_numeric($lastname)) {
validate::$er_message = '<i style="color: red;">Last name must be letters only!</i><br/>';
return false;
}
if (User::ifUserExist($email) == true && $email == $user->get_email($_SESSION['uid'])) {
return true;
} elseif (User::ifUserExist($email) == true && $email !== $user->get_email($_SESSION['uid'])) {
validate::$er_message = '<i style="color: red;">Someone else is already using that email address!</i><br/>';
return false;
}
if (Validate::is_valid_email($email) == false) {
validate::$er_message .= '<i style="color: red;">Please enter a valid email address!</i><br/>';
return false;
} else {
return true;
}
}
public function __construct()
{
parent::__construct();
$this->session = Session::instance();
require Kohana::find_file('vendor', 'classTextile');
require Kohana::find_file('vendor', 'Markdown');
$this->auth = Auth::instance();
$this->access = Access::instance();
$this->filebrowser = Filebrowser::instance();
$this->filekind = FileKind::instance();
Subfolio::set_filebrowser($this->filebrowser);
Subfolio::set_auth($this->auth);
Subfolio::set_template($this->template);
Subfolio::set_filekind($this->filekind);
$this->template->site_title = Kohana::config('filebrowser.site_name');
$this->template->page_title = "";
}
public function deleteAcesso($delete)
{
try {
$transaction = $this->beginTransaction();
if (is_array($delete)) {
foreach ($delete as $id) {
Access::create($id)->delete();
}
} else {
Access::create($delete)->delete();
}
$transaction->commit();
} catch (Exception $e) {
$transaction->rollback();
throw new EModelException('Error');
}
}
public function __construct()
{
$this->usr_id = Auth::getUserID();
if (!Access::canAccessReports($this->usr_id)) {
throw new LogicException('Invalid role');
}
$this->prj_id = Auth::getCurrentProject();
$this->activity_types = !empty($_REQUEST['activity_types']) ? (array) $_REQUEST['activity_types'] : array();
$this->report_type = isset($_REQUEST['report_type']) ? (string) $_REQUEST['report_type'] : null;
$this->unit = $this->getParam('unit', array('hour', 'day'));
$this->amount = isset($_REQUEST['amount']) ? $_REQUEST['amount'] : null;
$this->developer = isset($_REQUEST['developer']) ? $_REQUEST['developer'] : null;
$this->start_date = $this->parseDate(isset($_POST['start']) ? $_POST['start'] : null);
$this->end_date = $this->parseDate(isset($_POST['end']) ? $_POST['end'] : null);
$this->sort_order = $this->getParam('sort_order', array('ASC', 'DESC'));
if (CRM::hasCustomerIntegration($this->prj_id)) {
$this->crm = CRM::getInstance($this->prj_id);
}
}
public function LogarAction()
{
$this->view->setFile('index');
$this->load('Storage\\Session');
$data = $this->request->post();
if (!$this->session->exists('attemptAccess')) {
$this->session->set('attemptAccess', 0);
$this->session->set('accessUser', $data['username']);
} else {
if ($this->session->get('accessUser') !== $data['username']) {
$this->session->set('attemptAccess', 0);
$this->session->set('accessUser', $data['username']);
}
}
$access = Access::start_processing($data, $this);
if (!is_null($access->user) and !$access->error and $access->status) {
Access::end_processing($access, $this);
}
$this->load('Helpers\\Alert', $access->errors[0]);
}
function privilegeAction()
{
$model = new User();
$model->allFIelds = true;
$id = AF::get($this->params, 'id', 0);
if (!$id) {
throw new AFHttpException(0, 'no_id');
}
if (!$model->setByID($id)) {
throw new AFHttpException(0, 'incorrect_id');
}
$access = new Access();
$access->fillFromUser($model);
$userAccess = $access->getUserUpdateAccess();
ksort($userAccess);
if (isset($_POST['ajax'])) {
$newAcces = AF::get($_POST, 'array');
if ($newAcces) {
$access->setUserAccess($newAcces);
// hack to get the uesrs_access table to update instead of insert
$msql = SafeMySQL::getInstance();
$sql = "SELECT * FROM ?n WHERE user_id = ?i";
$result = $msql->getRow($sql, $access->tableName(), $access->user_id);
if (!empty($result)) {
$access->setIsNewRecord(0);
}
if ($access->save()) {
$model->user_id_updated = $this->user->user_id;
$model->updated = 'NOW():sql';
$model->IsNewRecord = false;
$model->save();
Message::echoJsonSuccess(__('user_access_updated'));
} else {
Message::echoJsonError(__('user_access_not_updated'));
}
} else {
Message::echoJsonError(__('user_access_not_updated'));
}
}
Assets::js('jquery.form');
$this->addToPageTitle('User privilege');
$this->render('privilege', array('userAccess' => $userAccess, 'model' => $model));
}