/** * filterUserAdminControl * * @param mixed $filterChain * @return void */ public function filterUserAdminControl($filterChain) { // Get login action url if (is_array(Yii::app()->user->loginUrl)) { $loginUrl = trim(Yii::app()->user->loginUrl[0], '/'); } else { $loginUrl = trim(Yii::app()->user->loginUrl, '/'); } $errorAction = trim(Yii::app()->errorHandler->errorAction, '/'); // If it's not error or login action if (strtolower($this->route) === strtolower($loginUrl) or strtolower($this->route) === strtolower($errorAction)) { $filterChain->run(); } elseif ($this->freeAccess === true or in_array($this->action->id, $this->freeAccessActions)) { $filterChain->run(); } elseif (Yii::app()->user->isGuest) { if ($this->_isRouteAllowed($this->_getGuestAllowedRoutes())) { $filterChain->run(); } else { Yii::app()->user->returnUrl = array('/' . $this->route); $this->redirect(Yii::app()->user->loginUrl); } } elseif (User::checkRole('isSuperAdmin')) { $filterChain->run(); } else { if ($this->_isRouteAllowed(array_merge($this->_getAllowedUserRoutes(), $this->_getGuestAllowedRoutes()))) { $filterChain->run(); } else { throw new CHttpException(403, Yii::t("UserAdminModule.front", "You are not authorized to perform this action.")); } } }
/** * This is the default 'index' action that is invoked * when an action is not explicitly requested by users. */ public function actionIndex() { // renders the view file 'protected/views/site/index.php' // using the default layout 'protected/views/layouts/main.php' //$this->render('index'); if (!Yii::app()->user->isGuest && !User::checkRole('isSuperAdmin')) { if (!empty(User::getCurrentUserHomePage())) { $currentUserHomePage = Yii::app()->request->baseUrl . "/index.php/" . User::getCurrentUserHomePage(); } else { $currentUserHomePage = Yii::app()->request->baseUrl . "/index.php/UserAdmin/user/admin"; } } else { $currentUserHomePage = Yii::app()->request->baseUrl . "/index.php/UserAdmin/user/admin"; } $this->redirect($currentUserHomePage); }
/** * checkTask * * @param string $task * @param boolean $superAdminHasAccess - will return "true" if user has $task or he is superAdmin * * @return boolean */ public static function checkTask($task, $superAdminHasAccess = true) { if ($superAdminHasAccess and User::checkRole('isSuperAdmin')) { return true; } if (!Yii::app()->user->isGuest and $task and in_array($task, Yii::app()->user->tasks)) { return true; } else { return false; } }
/** * _checkAccessLevel * * Check if accessed user is not superadmin * and if he is, than accessor also should be a superadmin * * @param CActiveRecord $model - User * * @throw CHttpException 403 */ private function _checkAccessLevel($model) { if ($model->is_superadmin == 1 and !User::checkRole('isSuperAdmin')) { throw new CHttpException(403, Yii::t("UserAdminModule.front", "You are not authorized to perform this action.")); } }
?> <div class='controls'> <?php echo $form->dropDownList($model, 'active', array('1' => 'On', '0' => 'Off'), array('class' => 'input-small')); ?> <?php echo $form->error($model, 'active'); ?> </div> </div> <?php } ?> <?php if (User::checkRole('isSuperAdmin') and Yii::app()->user->id != $model->id) { ?> <div class='control-group'> <?php echo $form->labelEx($model, 'is_superadmin', array('class' => 'control-label')); ?> <div class='controls'> <?php echo $form->dropDownList($model, 'is_superadmin', User::getIsSuperAdminList(false), array('empty' => '', 'class' => 'input-small')); ?> <?php echo $form->error($model, 'is_superadmin'); ?> </div> </div> <?php
<body> <div class="container" id="page"> <!--<div id="header"> <div id="logo"><?php echo CHtml::encode(Yii::app()->name); ?> </div> </div><!-- header --> <?php $logged_user = User::getCurrentUser(); if ($logged_user) { //var_dump(($logged_user->login!=''?'true':'false'),$logged_user); $this->widget('bootstrap.widgets.TbNavbar', array('brandLabel' => 'Inventory Management System', 'collapse' => true, 'items' => array(array('class' => 'bootstrap.widgets.TbNav', 'items' => array(array('label' => 'Home', 'url' => array('/site/index')), array('label' => "Users", 'url' => array('/UserAdmin/user/admin'), 'visible' => User::checkRole('isSuperAdmin'), 'items' => array(array('label' => "Users", 'url' => array('/UserAdmin/user/admin')), array('label' => "Roles", 'url' => array('/UserAdmin/userRole/admin')), array('label' => "Tasks", 'url' => array('/UserAdmin/userTask/admin')))), array('label' => "Processing", 'url' => array('#'), 'visible' => true, 'items' => array(array('label' => "Create Product", 'url' => array('/product/create')), array('label' => "Manage Product", 'url' => array('/product/admin')), array('label' => "Create Product List", 'url' => array('/ProductList/create'), 'visible' => User::checkTask('createproductlist')), array('label' => "Manage Product List", 'url' => array('/ProductList/admin'), 'visible' => User::checkTask('manageproductlist')), array('label' => "Create Transaction", 'url' => array('/transaction/create')), array('label' => "Manage Transaction", 'url' => array('/transaction/admin')))), array('label' => "Miscellenous", 'url' => array('#'), 'visible' => true, 'items' => array(array('label' => "Create Producer", 'url' => array('/producer/create')), array('label' => "Manage Producer", 'url' => array('/producer/admin')), array('label' => "Create Location", 'url' => array('/location/create')), array('label' => "Manage Location", 'url' => array('/location/admin')))), array('label' => $logged_user->login, 'url' => array('#'), 'visible' => $logged_user->login != '' ? '1' : '0', 'items' => array(array('label' => "Login", 'url' => array('/UserAdmin/auth/login'), 'visible' => $logged_user->login != '' ? '0' : '1'), array('label' => "Logout", 'url' => array('/UserAdmin/auth/logout'), 'visible' => $logged_user->login != '' ? '1' : '0', 'id' => 'D283e'), array('label' => "Profile", 'url' => array('/UserAdmin/profile/personal'), 'visible' => $logged_user->login != '' ? '1' : '0')))))))); } ?> <?php if (isset($this->breadcrumbs)) { ?> <?php $this->widget('zii.widgets.CBreadcrumbs', array('links' => $this->breadcrumbs)); ?> <!-- breadcrumbs --> <?php } ?> <?php echo $content; ?>
$pageSize = Yii::app()->user->getState("pageSize", 20); ?> <h2><?php echo Yii::t('UserAdminModule.admin', 'User management'); ?> </h2> <?php echo CHtml::link('<i class="icon-plus-sign icon-white"></i> ' . Yii::t('UserAdminModule.admin', 'Create'), array('create'), array('class' => 'btn btn-info')); ?> <?php $form = $this->beginWidget("CActiveForm"); ?> <?php $this->widget('zii.widgets.grid.CGridView', array('id' => 'user-grid', 'dataProvider' => $model->search(), 'ajaxUpdate' => false, 'filter' => $model, 'columns' => array(array('header' => '№', 'value' => '$this->grid->dataProvider->pagination->currentPage * $this->grid->dataProvider->pagination->pageSize + ($row+1)', 'htmlOptions' => array('width' => '25', 'class' => 'centered')), array('name' => 'login', 'value' => 'CHtml::link($data->login, array("view", "id"=>$data->id))', 'type' => 'raw'), array('name' => 'findByRole', 'filter' => CHtml::listData(UserRole::model()->findAll(), 'code', 'name'), 'value' => 'User::getRoles($data->roles)'), array('name' => 'is_superadmin', 'filter' => User::getIsSuperAdminList(false), 'value' => 'User::getIsSuperAdminValue($data->is_superadmin)', 'type' => 'raw', 'visible' => User::checkRole('isSuperAdmin'), 'htmlOptions' => array('width' => '55', 'style' => 'text-align:center')), array('name' => 'active', 'filter' => array(1 => 'On', 0 => 'Off'), 'value' => 'UHelper::attributeToggler($data, "active")', 'type' => 'raw', 'htmlOptions' => array('width' => '55', 'style' => 'text-align:center')), array('id' => 'autoId', 'class' => 'CCheckBoxColumn', 'selectableRows' => 2), array('class' => 'CButtonColumn', 'buttons' => array('delete' => array('visible' => '($data->id != Yii::app()->user->id)')), 'header' => CHtml::dropDownList('pageSize', $pageSize, array(20 => 20, 50 => 50, 100 => 100, 200 => 200), array('onchange' => "\$.fn.yiiGridView.update('user-grid',{ data:{pageSize: \$(this).val() }})", 'style' => 'width:50px')))), 'itemsCssClass' => 'table table-hover table-striped table-bordered table-condensed')); ?> <script> function reloadGrid(data) { $.fn.yiiGridView.update('user-grid'); } </script> <?php echo CHtml::ajaxSubmitButton("", array(), array(), array("style" => "visibility:hidden;")); echo CHtml::ajaxSubmitButton(Yii::t("UserAdminModule.admin", "Delete selected"), array("deleteSelected"), array("success" => "reloadGrid"), array("class" => "btn btn-small pull-right", "confirm" => Yii::t("UserAdminModule.admin", "Delete selected elements ?"))); $this->endWidget();