private function configuration()
{
Assets::$test = TRUE;
// Delete in real
$this->fc = FrontController::getInstance();
$this->controller = strtolower(str_replace('Controller', '', $this->fc->getController()));
$this->action = strtolower(str_replace('Action', '', $this->fc->getAction()));
$this->view = new View();
$this->params = $this->fc->getParams();
if ($this->controller == 'error') {
return;
}
// Users and Access
$this->mu = M_Users::Instance();
$this->user = $this->mu->GetUser();
$accessByIp = IpAccess::isAccess($_SERVER['REMOTE_ADDR']);
if ((!$accessByIp || $this->user->locked) && $this->controller != 'authorization') {
$expire = time() + 3600 * 24 * 100;
setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
$this->redirect(array('authorization', 'login'));
exit;
}
$access = new Access();
$access->fillFromUser($this->user);
$access->setAccessParams($this->controller, $this->action);
$sectionAccess = $access->sectionAccess();
$actionAccess = $access->actionAccess();
if (!$sectionAccess || !$actionAccess) {
if ($this->user->isGuest) {
$expire = time() + 3600 * 24 * 100;
setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
$this->redirect(array('authorization', 'login'));
}
$pageArr = $access->UserAccessPage;
$redirectArray = $pageArr ? $pageArr : array('error', '');
$this->redirect($redirectArray);
}
$this->access = $access;
$sInfo = $access->actionAccess(array('service', 'info')) ? true : false;
$this->fc->setSInfo($sInfo);
unset($access);
$this->pageTitle = __('pageTitle');
$array = array('access' => $this->access, 'controller' => $this->controller, 'action' => $this->action, 'user' => $this->user);
$this->setMainVars($array);
if (!empty($_POST)) {
$_POST = AF::clearDataArray($_POST);
}
// Set user
AF::setUser($this->user);
AF::setUserAccess($this->access);
//$sectionID = ( isset($this->params['id']) && is_numeric($this->params['id']) ) ? $this->params['id'] : '';
//Log::createLog($this->user->user_id, $this->action."Action", $this->controller, $sectionID);
}
function privilegeAction()
{
$model = new User();
$model->allFIelds = true;
$id = AF::get($this->params, 'id', 0);
if (!$id) {
throw new AFHttpException(0, 'no_id');
}
if (!$model->setByID($id)) {
throw new AFHttpException(0, 'incorrect_id');
}
$access = new Access();
$access->fillFromUser($model);
$userAccess = $access->getUserUpdateAccess();
ksort($userAccess);
if (isset($_POST['ajax'])) {
$newAcces = AF::get($_POST, 'array');
if ($newAcces) {
$access->setUserAccess($newAcces);
// hack to get the uesrs_access table to update instead of insert
$msql = SafeMySQL::getInstance();
$sql = "SELECT * FROM ?n WHERE user_id = ?i";
$result = $msql->getRow($sql, $access->tableName(), $access->user_id);
if (!empty($result)) {
$access->setIsNewRecord(0);
}
if ($access->save()) {
$model->user_id_updated = $this->user->user_id;
$model->updated = 'NOW():sql';
$model->IsNewRecord = false;
$model->save();
Message::echoJsonSuccess(__('user_access_updated'));
} else {
Message::echoJsonError(__('user_access_not_updated'));
}
} else {
Message::echoJsonError(__('user_access_not_updated'));
}
}
Assets::js('jquery.form');
$this->addToPageTitle('User privilege');
$this->render('privilege', array('userAccess' => $userAccess, 'model' => $model));
}