Пример #1
0
 public function get_permission($arrParam = null)
 {
     $module = empty($arrParam['module']) ? $this->_arrParam['module'] : $arrParam['module'];
     $controller = empty($arrParam['controller']) ? $this->_arrParam['controller'] : $arrParam['controller'];
     $action = empty($arrParam['action']) ? $this->_arrParam['action'] : $arrParam['action'];
     return \Auth::has_access('module_' . $module . '.' . $controller . '.[' . $action . ']');
 }
Пример #2
0
 public function action_senior($center = null)
 {
     if (Auth::has_access('reports.all_centers')) {
         $view_all = TRUE;
     } else {
         $view_all = FALSE;
     }
     $all_call_centers = Model_Call_Center::find('all');
     $this->template->title = 'Senior Leaderboard';
     $this->template->content = View::forge('leaderboard/senior', array('view_all' => $view_all, 'all_call_centers' => $all_call_centers, 'center' => $center, 'url' => !is_null($center) ? '/reports/get_senior_report/' . $center . '.json' : '/reports/get_senior_report.json'));
 }
Пример #3
0
 public function get_get_view()
 {
     if (Auth::has_access('user.view')) {
         $users = Model_User::find('all');
         $user_parse = array();
         foreach ($users as $user) {
             $user_parse[] = array('<img src="https://secure.gravatar.com/avatar/' . md5(strtolower(trim($user->email))) . '?d=mm" alt="Gravatar Image" height="40" width="40">', $user->name, $user->username, Auth_Group_SimpleGroup::instance()->get_name($user->group), $user->email, $user->call_center->title, strlen($user->last_login) > 2 ? date("M j, Y g:i A", (int) $user->last_login) : "No previous Login");
         }
         $this->response(array("aaData" => $user_parse, "aoColumnDefs" => array(array("iDataSort" => 6, "asSorting" => array("desc"), "aTargets" => array(0))), "aoColumns" => array(array("mDataProp" => "id", "bSortable" => false), array("mDataProp" => "name", "sTitle" => "Name", "sType" => "string"), array("mDataProp" => "username", "sTitle" => "Username", "sType" => "string"), array("mDataProp" => "group", "sTitle" => "Group", "sType" => "string"), array("mDataProp" => "email", "sTitle" => "E-mail", "sType" => "string"), array("mDataProp" => "call_center", "sTitle" => "Call Center", "sType" => "string"), array("mDataProp" => "last_login", "sTitle" => "Last Login", "sType" => "date"))));
     } else {
         $this->response(array("error" => "You are not authorised to view this content!"));
     }
 }
Пример #4
0
 public function action_delete($id = null)
 {
     if (!Auth::has_access('news.delete')) {
         Session::set_flash('warning', 'You don\'t have the right to delete a news');
         Response::redirect('admin');
     }
     if ($news = Model_News::find($id)) {
         $news->delete();
         Session::set_flash('success', 'Deleted news #' . $id);
     } else {
         Session::set_flash('error', 'Could not delete news #' . $id);
     }
     Response::redirect('news');
 }
Пример #5
0
 public function action_delete($id = null)
 {
     if (Auth::has_access('country.delete') == false) {
         Session::set_flash("error", "Only admins may delete countries!");
         Response::redirect("country/") and die;
     }
     if ($country = Model_Country::find($id)) {
         $country->delete();
         Session::set_flash('success', 'Deleted country #' . $id);
     } else {
         Session::set_flash('error', 'Could not delete country #' . $id);
     }
     Response::redirect('country');
 }
Пример #6
0
 public function action_add()
 {
     if (Auth::has_access('ppi.admin')) {
         if (Input::method() == "POST") {
             \Crm\Creditor\Creditor_model::addCreditor(array('name' => \Input::post('name', ""), 'department_id' => \Input::post('department_id', ""), 'street_and_number' => \Input::post('street_and_number', ""), 'area' => \Input::post('area', ""), 'district' => \Input::post('district', ""), 'town' => \Input::post('town', ""), 'county' => \Input::post('county', ""), 'post_code' => \Input::post('post_code', ""), 'telephone' => \Input::post('telephone', ""), 'fax' => \Input::post('fax', ""), 'email' => \Input::post('email', ""), 'payee_name' => \Input::post('payee_name', ""), 'bacs_account_number' => \Input::post('bacs_account_number', ""), 'bacs_sortcode' => \Input::post('bacs_sortcode', ""), 'notes' => \Input::post('notes', "")));
             \Session::set_flash('success', "Creditor named " . \Input::post('name', "") . " has been added!");
             \Response::redirect('crm/creditor/add');
         } else {
             $this->template->title = "Add Creditor";
             $this->template->content = View::forge(static::$_viewPath . '/add.php');
         }
     } else {
         \Session::set_flash('fail', "You do not have access to this section. This has been logged!");
         \Response::redirect('/');
     }
 }
Пример #7
0
 public function before()
 {
     parent::before();
     if (\Auth::check()) {
         $access = Auth::has_access(\Request::active()->controller . "." . \Request::active()->action);
         if ($access) {
             $this->user_id = Auth::instance()->get_user_id();
             $this->user_id = $this->user_id[1];
             View::set_global('usuario', Auth::instance()->get_screen_name());
         } else {
             Response::redirect('welcome/404');
         }
     } else {
         Response::redirect('user/login');
     }
 }
Пример #8
0
 public function action_create()
 {
     //assumption: this will only be called using ajax
     if (!Input::is_ajax()) {
         return Response::forge("Access forbidden, only AJAX calls allowed", 403);
     }
     if (!Auth::has_access("location.create")) {
         return Response::forge("Only admins allowed here", 403);
     }
     if (Input::post("location_title", null) != null) {
         $loc = Model_Orm_Location::forge();
         $loc->title = Input::post("location_title");
         $loc->save();
         $ret = array("id" => $loc->id);
         return Response::forge(Format::forge()->to_json($ret), 200, array("Content-Type" => "application/json"));
     }
 }
Пример #9
0
 public static function _init()
 {
     // static::$_properties = \Arr::merge(static::$_properties, array(
     // 	'default_id' => array(
     // 		'form' => array(
     // 			'options' => function($model) {
     // 				$model->items;
     // 				$model = $model->to_array();
     // 				return \Arr::pluck($model['items'], 'name', 'id');
     // 			}
     // 		)
     // 	),
     // ));
     if (\Auth::has_access('enum.enum[all]')) {
         \Arr::set(static::$_properties, 'read_only.form', array('type' => 'checkbox', 'template' => 'switch', 'options' => array(gettext('No'), gettext('Yes'))));
     }
 }
Пример #10
0
 public function action_disposition()
 {
     $this->template->title = "PPI Disposition Report";
     if (\Auth::has_access('reports.all_centers')) {
         $center = \Input::post('center');
         $view_all = TRUE;
     } else {
         $view_all = FALSE;
         list($driver, $user_id) = \Auth::get_user_id();
         $this_user = \Model_User::find($user_id);
         $center = $this_user->call_center_id;
     }
     $all_call_centers = \Model_Call_Center::find('all');
     $hourlyStatsReport = array('Referrals' => \Crm\Reports\Model_Ppi::perPeriod('referral', $center, \Input::post('startdate'), \Input::post('enddate')), 'Pack Outs' => \Crm\Reports\Model_Ppi::perPeriod('packOut', $center, \Input::post('startdate'), \Input::post('enddate')), 'Pack In' => \Crm\Reports\Model_Ppi::perPeriod('packIn', $center, \Input::post('startdate'), \Input::post('enddate')));
     $quickView = array(array('No Contacts' => count(\Crm\Reports\Model_Ppi::simpleStats('noContact', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Referrals' => count(\Crm\Reports\Model_Ppi::simpleStats('referral', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Pack Outs' => count(\Crm\Reports\Model_Ppi::simpleStats('packOut', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Pack Ins' => count(\Crm\Reports\Model_Ppi::packIns($center, \Input::post('startdate'), \Input::post('enddate')))));
     $report = Report\Create::forge(array('hourlyStats' => array('reportResults' => $hourlyStatsReport, 'displayType' => 'chart'), 'noContacts' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('noContact', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'referrals' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('referral', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'packOuts' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('packOut', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'packIns' => array('reportResults' => \Crm\Reports\Model_Ppi::packIns($center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'quickView' => array('reportResults' => $quickView, 'options' => array('direction' => 'vertical'))), 3600);
     $this->template->content = View::forge(static::$_viewPath . 'ppi/disposition.php', array('reports' => $report->generate(), 'all_call_centers' => $all_call_centers, 'center' => $center, 'start_date' => \Input::post('startdate'), 'end_date' => \Input::post('enddate'), 'view_all' => $view_all));
 }
Пример #11
0
 /**
  * Creation of new events.
  * Works on both the first load, which is typically 
  * a GET request as on later requests, which are POST.
  * When POST-ing, a validation is run on input data.
  * Validation rules taken from "Event" model.
  */
 public function action_create()
 {
     if (!Auth::has_access('event.create')) {
         //if ($this->_user_id == 0){
         Session::set_flash("error", __('ERR_CREATE_AUTH'));
         Response::redirect("/") and die;
     }
     $data = array();
     //to be passed into the view
     if (Input::method() == "POST") {
         $val = Model_Orm_Event::validate('create');
         if ($val->run()) {
             $newEvent = new Model_Orm_Event();
             $newEvent->title = $val->validated("title");
             $newEvent->start = $val->validated("start");
             $newEvent->description = $val->validated("description");
             $location = Model_Orm_Location::find(Input::post("location"));
             $newEvent->location = $location;
             //first, we save the item without attachments
             $newEvent->save();
             $errors = $this->try_get_attachments($newEvent);
             Session::set_flash("success", __('ACTION_CREATE_CREATED') . $val->validated("title"));
             Response::redirect("event/view/" . $newEvent->id);
         } else {
             //validation did not work.
             //But still, there may be uploaded files!
             $errors = $this->try_get_attachments();
             Session::set_flash("error", array_merge($val->error(), $errors));
         }
         $this->template->title = __("ACTION_CREATE_TITLE");
         $data["form_key"] = Input::post("form_key");
     } else {
         //the first GET request
         $this->template->title = __("ACTION_CREATE_TITLE");
         //we assign a random value to the form
         $data["form_key"] = md5(mt_rand(1000, 10000));
     }
     $data["locations"] = Model_Orm_Location::get_locations();
     $this->add_rich_form_scripts();
     $this->template->page_content = View::forge("event/create", $data);
 }
Пример #12
0
 public function check_auth()
 {
     if (!Auth::has_access(array($this->request->controller, $this->request->action))) {
         if (Auth::check()) {
             $this->set_user();
             Session::set_flash('error', 'Permission Denied.');
             Response::redirect('');
         } else {
             Session::set_flash('error', "Not Logged in.");
             $request_uri = urlencode($this->request->uri->uri);
             if (preg_match('/Controller_Admin/', $this->request->controller)) {
                 Response::redirect('admin/login/?uri=' . $request_uri);
             } else {
                 Response::redirect('users/login');
             }
         }
     } else {
         if (Auth::check()) {
             $this->set_user();
         }
     }
 }
Пример #13
0
 public static function check_exists_accessible_uri($paths)
 {
     if (!is_array($paths)) {
         if (!$paths) {
             return true;
         }
         if ($paths == '/') {
             return true;
         }
         return \Auth::has_access(\Site_Util::get_acl_path($paths) . '.GET');
     }
     foreach ($paths as $name => $path) {
         if (is_array($path)) {
             if (isset($path['href']) && isset($path['method']) && \Auth::has_access(\Site_Util::get_acl_path($path['href']) . '.' . $path['method'])) {
                 return true;
             }
         } else {
             if (\Auth::has_access(\Site_Util::get_acl_path($path) . '.GET')) {
                 return true;
             }
         }
     }
     return false;
 }
Пример #14
0
 protected function check_acl($is_return_true_for_not_auth_action = true)
 {
     if ($is_return_true_for_not_auth_action && $this->check_not_auth_action()) {
         return true;
     }
     return \Auth::has_access(sprintf('%s.%s', \Site_Util::get_action_path(), \Input::method()));
 }
Пример #15
0
function anchor($href, $text, $is_admin = false, $attr = array(), $is_absolute_ext_uri = false, $acl_method = 'GET')
{
    if (is_null($attr)) {
        $attr = array();
    }
    if ($is_absolute_ext_uri || ($is_ext_url = Site_Util::check_ext_uri($href, $is_admin))) {
        $attr['target'] = '_blank';
        $text .= ' ' . icon('new-window');
    }
    if ($is_admin && !$is_ext_url) {
        if (Auth::check() && !Auth::has_access(Site_Util::get_acl_path($href) . '.' . $acl_method)) {
            $attr['class'] = empty($attr['class']) ? '' : $attr['class'] . ' ';
            $attr['class'] .= 'disabled';
            return html_tag('span', $attr, $text);
        }
    }
    return Html::anchor($href, $text, $attr);
}
Пример #16
0
function check_acl($acl_path, $method = 'GET', $is_convert_acl_path = false)
{
    if ($is_convert_acl_path) {
        $acl_path = Site_Util::get_acl_path($acl_path);
    }
    return Auth::has_access($acl_path . '.' . $method);
}
Пример #17
0
?>
<div class="row">
    <div class="col-xs-12">
        <div class="alert alert-danger" style="display:none; text-align: center; font-size:20px;" id="ajaxResult"></div>
        <!-- PAGE CONTENT BEGINS -->
        <form class="form-horizontal" method="post" role="form">

            <h4 class="header purple">
                <i class="ace-icon fa fa-tachometer purple"></i>
                公众号基础信息
                <small>基本信息</small>
            </h4>

            <!-- #section:elements.form -->
            <?php 
if (Auth::has_access('admin.wxaccount[show_seller]')) {
    ?>
                <div class="form-group">
                    <label class="col-sm-3 control-label no-padding-right" for="seller_id"> 所属商户 </label>
                    <div class="col-sm-9">
                        <input type="text" class="col-xs-10 col-sm-5 col-md-7" id="seller_id" name="seller_id" placeholder="商户ID" value="<?php 
    echo isset($item) && $item ? $item->seller_id : '';
    ?>
">
                    </div>
                </div>
            <?php 
}
?>
            <div class="form-group">
                <label class="col-sm-3 control-label no-padding-right" for="nickname"> 公众号名称 </label>
Пример #18
0
			<p>
			<?php 
    echo implode('</p><p>', e((array) Session::get_flash('success')));
    ?>
			</p>
		</div>
		<?php 
}
?>
	
		<?php 
echo $content;
?>
		
		<?php 
if (Auth::has_access('user.view')) {
    ?>
		<div>
			<p style="color: silver; font-weight: bold; text-align: right;">Intranet: <?php 
    echo exec('git describe --tags --long');
    ?>
 (<?php 
    echo exec('git rev-parse --abbrev-ref HEAD');
    ?>
) - Fuel: <?php 
    echo e(Fuel::VERSION);
    ?>
 - Render Time: {exec_time}s - Memory Use: {mem_usage}mb</p>
		</div>
		<?php 
}
Пример #19
0
    ?>
	<?php 
    echo Form::input('username', $username, array('placeholder' => 'Username / Email', 'autofocus'));
    ?>
	<?php 
    echo Form::password('password', $password, array('placeholder' => 'Password'));
    ?>
	<?php 
    echo Form::submit('submit', 'Connect', array('class' => 'btn success'));
    ?>
	<?php 
    echo Form::close();
    ?>
</div>
<?php 
} elseif (Auth::has_access('admin.read')) {
    echo 'admin panel';
    ?>
<br />
<div id='news'>
	List of news
	<ul>
		<?php 
    foreach ($news as $new) {
        ?>
		<?php 
        echo '<li>' . Html::anchor('news/view/' . $new->id, $new->title) . '</li>';
        ?>
		<?php 
    }
    ?>
Пример #20
0
">
	   <?php 
    echo __('LINK_SHOW_AGENDA');
    ?>
    </div>
    <!--ul>
	<?php 
    foreach ($event->agendas as $agenda) {
        ?>
	    <li><?php 
        echo $agenda->title;
        ?>
</li>
	    <?php 
    }
    //foreach agenda item
    ?>
    </ul-->
<?php 
}
//foreach event
if (Auth::has_access("event.create")) {
    ?>
    <p>
	<?php 
    echo Html::anchor("/event/create/", __("ADD_EVENT_LINK"), array("class" => "btn btn-primary"));
    ?>

    </p>
 <?php 
}
Пример #21
0
<div style="text-align: left; margin-bottom: 30px;">
  <a href="/crm/view_client/<?php 
echo $clientID;
?>
">Return to Client View</a>
</div>

<?php 
// -- Only PPI Admin can view this page
// ------------------------------------
if (!Auth::has_access('ppi.admin')) {
    ?>
  <div class="notification error">
	  <a href="#" class="close-notification" title="Hide Notification" rel="tooltip">x</a>
	  <p><strong>Error notification</strong> You do not have permission to view this page. If you feel that you should, then please contact your manager.</p>
  </div>
  <?php 
    return;
}
?>

<article class="full-block clearfix">
	<section>
    <article class="half-block">
      <header>
        <h2>Claim Information</h2>
        
        <nav>
			    <a href="#" class="button" id="editClaim" rel="">Edit Claim</a>
        </nav>
      </header>
Пример #22
0
            echo Html::anchor('news/view/' . $new->id, 'View', array("class" => "btn primary"));
            ?>
			<?php 
        }
        ?>
			<?php 
        if (Auth::has_access('news.update')) {
            ?>
				 <?php 
            echo Html::anchor('news/edit/' . $new->id, 'Edit', array("class" => "btn success"));
            ?>
			<?php 
        }
        ?>
			<?php 
        if (Auth::has_access('news.delete')) {
            ?>
				<?php 
            echo Html::anchor('news/delete/' . $new->id, 'Delete', array('onclick' => "return confirm('Are you sure?')", 'class' => 'btn danger'));
            ?>
			<?php 
        }
        ?>

			</td>

		</tr>
<?php 
    }
    ?>
	
Пример #23
0
 public function get_dispositions()
 {
     if (strtotime($this->param('enddate')) - strtotime($this->param('startdate')) < -2678400) {
         $this->response(array('status' => 'FAIL', 'message' => 'Sorry, you cannot get a disposition report for a larger period than one month!'));
     } else {
         $this->response(Controller_Reports::generate_disposition_report($this->param('center'), Auth::has_access('reports.disposition'), Auth::has_access('reports.all_centers'), $this->param('startdate'), $this->param('enddate')));
     }
 }
Пример #24
0
 public function router($method, $args)
 {
     if (in_array(\Uri::string(), static::$ignore_login)) {
         return call_user_func_array(array($this, 'action_' . $method), $args);
     }
     $right = $this->app . '.[' . str_replace(array('edit', 'view'), array('update', 'read'), $method) . ']';
     if (\Auth::has_access($right)) {
         return call_user_func_array(array($this, 'action_' . $method), $args);
     }
     \Session::delete('redirect_url');
     \Response::redirect($this->app . '/not_allow');
 }
Пример #25
0
	
	   <!-- End -->
  <?php 
}
?>
	</section>
	
</article>

<article class="full-block clearfix">
	<section>
	
		<article class="half-block">
			<section>
				<?php 
if ($isActive === true && $packCompleted == 'no' || Auth::has_access('ppi.admin')) {
    ?>
          <button id="cancelPPIClient" class="btn btn-alt btn-large btn-primary" type="submit" rel="<?php 
    echo $clientDetails['clientID'];
    ?>
" title="Cancel Client's PPI Account">Cancel Client</button>
          <?php 
}
?>
			</section>
		</article>		

	</section>
</article>

<!--- Create Claims -->
Пример #26
0
        echo Html::anchor('country/delete/' . $country->id, 'Delete', array('onclick' => "return confirm('Are you sure?')"));
        ?>

			</td>
		</tr>
<?php 
    }
    ?>
	</tbody>
</table>

<?php 
} else {
    ?>
<p>No Countries.</p>

<?php 
}
?>

<?php 
if (Auth::has_access("country.create")) {
    ?>
<p>
	<?php 
    echo Html::anchor('country/create', 'Add new Country', array('class' => 'btn btn-success'));
    ?>

</p>
<?php 
}