Пример #1
0
 private function configuration()
 {
     Assets::$test = TRUE;
     // Delete in real
     $this->fc = FrontController::getInstance();
     $this->controller = strtolower(str_replace('Controller', '', $this->fc->getController()));
     $this->action = strtolower(str_replace('Action', '', $this->fc->getAction()));
     $this->view = new View();
     $this->params = $this->fc->getParams();
     if ($this->controller == 'error') {
         return;
     }
     // Users and Access
     $this->mu = M_Users::Instance();
     $this->user = $this->mu->GetUser();
     $accessByIp = IpAccess::isAccess($_SERVER['REMOTE_ADDR']);
     if ((!$accessByIp || $this->user->locked) && $this->controller != 'authorization') {
         $expire = time() + 3600 * 24 * 100;
         setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
         $this->redirect(array('authorization', 'login'));
         exit;
     }
     $access = new Access();
     $access->fillFromUser($this->user);
     $access->setAccessParams($this->controller, $this->action);
     $sectionAccess = $access->sectionAccess();
     $actionAccess = $access->actionAccess();
     if (!$sectionAccess || !$actionAccess) {
         if ($this->user->isGuest) {
             $expire = time() + 3600 * 24 * 100;
             setcookie('rUrl', $_SERVER['REQUEST_URI'], $expire, "/");
             $this->redirect(array('authorization', 'login'));
         }
         $pageArr = $access->UserAccessPage;
         $redirectArray = $pageArr ? $pageArr : array('error', '');
         $this->redirect($redirectArray);
     }
     $this->access = $access;
     $sInfo = $access->actionAccess(array('service', 'info')) ? true : false;
     $this->fc->setSInfo($sInfo);
     unset($access);
     $this->pageTitle = __('pageTitle');
     $array = array('access' => $this->access, 'controller' => $this->controller, 'action' => $this->action, 'user' => $this->user);
     $this->setMainVars($array);
     if (!empty($_POST)) {
         $_POST = AF::clearDataArray($_POST);
     }
     // Set user
     AF::setUser($this->user);
     AF::setUserAccess($this->access);
     //$sectionID = ( isset($this->params['id']) && is_numeric($this->params['id']) ) ? $this->params['id'] : '';
     //Log::createLog($this->user->user_id, $this->action."Action", $this->controller, $sectionID);
 }
Пример #2
0
 function privilegeAction()
 {
     $model = new User();
     $model->allFIelds = true;
     $id = AF::get($this->params, 'id', 0);
     if (!$id) {
         throw new AFHttpException(0, 'no_id');
     }
     if (!$model->setByID($id)) {
         throw new AFHttpException(0, 'incorrect_id');
     }
     $access = new Access();
     $access->fillFromUser($model);
     $userAccess = $access->getUserUpdateAccess();
     ksort($userAccess);
     if (isset($_POST['ajax'])) {
         $newAcces = AF::get($_POST, 'array');
         if ($newAcces) {
             $access->setUserAccess($newAcces);
             // hack to get the uesrs_access table to update instead of insert
             $msql = SafeMySQL::getInstance();
             $sql = "SELECT * FROM ?n WHERE user_id = ?i";
             $result = $msql->getRow($sql, $access->tableName(), $access->user_id);
             if (!empty($result)) {
                 $access->setIsNewRecord(0);
             }
             if ($access->save()) {
                 $model->user_id_updated = $this->user->user_id;
                 $model->updated = 'NOW():sql';
                 $model->IsNewRecord = false;
                 $model->save();
                 Message::echoJsonSuccess(__('user_access_updated'));
             } else {
                 Message::echoJsonError(__('user_access_not_updated'));
             }
         } else {
             Message::echoJsonError(__('user_access_not_updated'));
         }
     }
     Assets::js('jquery.form');
     $this->addToPageTitle('User privilege');
     $this->render('privilege', array('userAccess' => $userAccess, 'model' => $model));
 }