/** * Denies the access of the user. * @param string $message the message to display to the user. * This method may be invoked when access check fails. * @throws CHttpException when called unless login is required. */ public function accessDenied($message = null) { if ($message === null) { $message = Rights::t('core', 'Bạn không được phép thực hiện hành động này.'); } $user = Yii::app()->getUser(); if ($user->isGuest === true) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }
/** * Denies the access of the user. * @param string $message the message to display to the user. * This method may be invoked when access check fails. * @throws CHttpException when called unless login is required. */ public function accessDenied($message = null) { if ($message === null) { $message = Rights::t('core', 'No sufficient permissions for current user to perform this action'); } $user = Yii::app()->getUser(); if ($user->isGuest === true) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }
/** * Denies the access of the user. * @param string $message the message to display to the user. * This method may be invoked when access check fails. * @throws CHttpException when called unless login is required. */ public function accessDenied($message = null) { if ($message === null) { $message = Rights::t('core', 'Anda tidak diotorisasi melakukan aksi ini, jika anda seharusnya punya hak akses, hubungi administrator, terima kasih.'); } $user = Yii::app()->getUser(); if ($user->isGuest === true) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }
/** * Denies the access of the user. * @param string $message the message to display to the user. * This method may be invoked when access check fails. * @throws CHttpException when called unless login is required. */ public function accessDenied($message = null) { if ($message === null) { $message = Rights::t('core', 'You are not authorized to perform this action.'); } $user = Yii::app()->getUser(); if ($user->isGuest === true) { $user->loginRequired(); } else { throw new CHttpException(403, $message); } }
/** * Initializes the installer. * @throws CException if the authorization manager or the web user * is not configured to use the correct class. */ public function init() { parent::init(); // Make sure the application is configured // to use a valid authorization manager. $authManager = Yii::app()->getAuthManager(); if ($authManager instanceof RDbAuthManager === false) { throw new CException(Rights::t('install', 'Application authorization manager must extend the RDbAuthManager class.')); } // Make sure the application is configured // to use a valid web user. $user = Yii::app()->getUser(); //if( ($user instanceof RWebUser)===false ) // throw new CException(Rights::t('install', 'Application web user must extend the RWebUser class.')); $this->_authManager = $authManager; $this->db = $this->_authManager->db; }
/** * Installs the module. * @throws CHttpException if the user is not logged in. */ public function actionRun() { // Make sure the user is not a guest. if (Yii::app()->user->isGuest === false) { // Make sure that the module is not already installed. if (isset($_GET['confirm']) === true || $this->_installer->installed === false) { // Run the installer and check for an error. if ($this->_installer->run() === RInstaller::ERROR_NONE) { // Mark the user to have superuser privileges. Yii::app()->user->isSuperuser = true; $this->redirect(array('install/ready')); } // Redirect to the error page. $this->redirect(array('install/error')); } else { $this->redirect(array('install/confirm')); } } else { $this->accessDenied(Rights::t('install', 'You must be logged in to install Rights.')); } }
/** * Installs the module. * @throws CHttpException if the user is not logged in. */ public function actionRun() { // Make sure the user is not a guest. if (Yii::app()->user->isGuest === false) { // Get the application web user. $user = Yii::app()->getUser(); // Make sure that the module is not already installed. if (isset($_GET['confirm']) === true || $this->_installer->installed === false) { // Run the installer and check for an error. if ($this->_installer->run(true) === true) { // Mark the user to have superuser priviledges. $user->isSuperuser = true; $this->redirect(array('install/ready')); } // Set an error message. $user->setFlash($this->module->flashErrorKey, Rights::t('install', 'Installation failed.')); $this->redirect(Yii::app()->homeUrl); } else { $this->redirect(array('install/confirm')); } } else { $this->accessDenied(Rights::t('install', 'You must be logged in to install Rights.')); } }
<?php $this->breadcrumbs = array('Phân quyền' => Rights::getBaseUrl(), Rights::t('core', 'Assignments')); ?> <div id="assignments"> <h2><?php echo Rights::t('core', 'Assignments'); ?> </h2> <p> <?php echo Rights::t('core', 'Here you can view which permissions has been assigned to each user.'); ?> </p> <?php $this->widget('zii.widgets.grid.CGridView', array('dataProvider' => $dataProvider, 'template' => "{items}\n{pager}", 'emptyText' => Rights::t('core', 'No users found.'), 'htmlOptions' => array('class' => 'grid-view assignment-table'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getAssignmentNameLink()'), array('name' => 'assignments', 'header' => Rights::t('core', 'Roles'), 'type' => 'raw', 'htmlOptions' => array('class' => 'role-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_ROLE)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Tasks'), 'type' => 'raw', 'htmlOptions' => array('class' => 'task-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_TASK)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Operations'), 'type' => 'raw', 'htmlOptions' => array('class' => 'operation-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_OPERATION)')))); ?> </div>
/** * Returns the markup for a inherited permission. * @param array the parents for this item. * @param boolean whether to display the parent item type. * @return string the markup. */ public function getInheritedPermissionText($parents, $displayType = false) { $items = array(); foreach ($parents as $itemName => $item) { $itemMarkup = $item->getNameText(); if ($displayType === true) { $itemMarkup .= ' (' . Rights::getAuthItemTypeName($item->type) . ')'; } $items[] = $itemMarkup; } return '<span class="inherited-item" title="' . implode('<br />', $items) . '">' . Rights::t('core', 'Inherited') . ' *</span>'; }
<?php $this->breadcrumbs = array( 'Rights'=>Rights::getBaseUrl(), Rights::t('core', 'Create :type', array(':type'=>Rights::getAuthItemTypeName($_GET['type']))), ); ?> <div class="createAuthItem"> <h2 style="color:#427FED;border-bottom:2px solid #ff503f;padding: 10px 1%;width: 98%;"><?php echo Rights::t('core', 'Create :type', array( ':type'=>Rights::getAuthItemTypeName($_GET['type']), )); ?></h2> <?php $this->renderPartial('_form', array('model'=>$formModel)); ?> </div>
/** * Returns the valid child item types for a specific type. * @param string the authorization item type. * @return array the valid types. */ public static function getValidChildTypes($type) { switch ((int) $type) { // Roles can consist of any type of authorization items case CAuthItem::TYPE_ROLE: return null; // Tasks can consist of other tasks and operations // Tasks can consist of other tasks and operations case CAuthItem::TYPE_TASK: return array(CAuthItem::TYPE_TASK, CAuthItem::TYPE_OPERATION); // Operations can consist of other operations // Operations can consist of other operations case CAuthItem::TYPE_OPERATION: return array(CAuthItem::TYPE_OPERATION); // Invalid type // Invalid type default: throw new CException(Rights::t('core', 'Invalid authorization item type.')); } }
<?php $this->breadcrumbs = array('Rights' => Rights::getBaseUrl(), Rights::t('core', 'Create :type', array(':type' => Rights::getAuthItemTypeName($_GET['type'])))); $this->title = '<h2>' . Rights::t('core', 'Create :type', array(':type' => Rights::getAuthItemTypeName($_GET['type']))) . '</h2>'; ?> <?php echo $this->renderPartial('/_menu', array('list' => array())); ?> <?php $this->renderPartial('/_flash'); ?> <?php $this->renderPartial('_form', array('model' => $formModel));
/** * Declares attribute labels. */ public function attributeLabels() { return array('itemname' => Rights::t('core', 'Authorization item')); }
<h3><?php echo Rights::t('core', 'Меню'); ?> </h3> <hr/> <?php $this->widget('zii.widgets.CMenu', array('activeCssClass' => 'active', 'items' => array(array('label' => Rights::t('core', 'Assignments'), 'url' => array('assignment/view'), 'itemOptions' => array('class' => 'item-assignments')), array('label' => Rights::t('core', 'Permissions'), 'url' => array('authItem/permissions'), 'itemOptions' => array('class' => 'item-permissions')), array('label' => Rights::t('core', 'Roles'), 'url' => array('authItem/roles'), 'itemOptions' => array('class' => 'item-roles')), array('label' => Rights::t('core', 'Tasks'), 'url' => array('authItem/tasks'), 'itemOptions' => array('class' => 'item-tasks')), array('label' => Rights::t('core', 'Operations'), 'url' => array('authItem/operations'), 'itemOptions' => array('class' => 'item-operations'))))); if (isset($this->clips['sidebarHelpText'])) { echo '<div class="hint" style="margin-top:25px;padding-right:5px;">' . $this->clips['sidebarHelpText'] . '</div>'; }
<?php if ($formModel !== null) { ?> <div class="form"> <?php $this->renderPartial('_form', array('model' => $formModel, 'itemnameSelectOptions' => $assignSelectOptions)); ?> </div> <?php } else { ?> <p class="info"><?php echo Rights::t('core', 'No assignments available to be assigned to this user.'); ?> <?php } ?> </div> <?php $this->endWidget(); ?> </div>
/** * Makes sure that the business rule is not empty when data is specified. * This is the 'bizRuleNotEmpty' validator as declared in rules(). */ public function bizRuleNotEmpty($attribute, $params) { if (empty($this->data) === false && empty($this->bizRule) === true) { $this->addError('data', Rights::t('core', 'Business rule cannot be empty.')); } }
<p class="info"><?php echo Rights::t('core', 'No children available to be added to this item.'); ?> <?php } ?> </div> <?php } else { ?> <p class="info"> <?php echo Rights::t('core', 'No relations need to be set for the superuser role.'); ?> <br/> <?php echo Rights::t('core', 'Super users are always granted access implicitly.'); ?> </p> <?php } ?> </div> </div>
<?php if( Rights::module()->enableBizRule===true ): ?> <div class="row"> <?php echo $form->labelEx($model, 'bizRule'); ?> <?php echo $form->textField($model, 'bizRule', array('maxlength'=>255, 'class'=>'text-field')); ?> <?php echo $form->error($model, 'bizRule'); ?> <p class="hint"><?php echo Rights::t('core', 'Code that will be executed when performing access checking.'); ?></p> </div> <?php endif; ?> <?php if( Rights::module()->enableBizRule===true && Rights::module()->enableBizRuleData ): ?> <div class="row"> <?php echo $form->labelEx($model, 'data'); ?> <?php echo $form->textField($model, 'data', array('maxlength'=>255, 'class'=>'text-field')); ?> <?php echo $form->error($model, 'data'); ?> <p class="hint"><?php echo Rights::t('core', 'Additional data available when executing the business rule.'); ?></p> </div> <?php endif; ?> <div class="row buttons"> <?php echo CHtml::submitButton(Rights::t('core', 'Save'),array('class'=>'submit')); ?> <?php echo CHtml::link(Rights::t('core', 'Cancel'), Yii::app()->user->rightsReturnUrl, array('class'=>'btnCan')); ?> </div> <?php $this->endWidget(); ?> </div>
<style>.pagination{margin:0}</style> <section class="panel"> <header class="panel-heading"> <?php echo Rights::t('core', 'Phân bổ vai trò'); ?> </header> <div class="panel-body"> <div class="adv-table"> <div class="alert alert-warning fade in" style="margin-bottom: 0;"> <?php echo Rights::t('core', 'Ở đây bạn có thể xem các điều khoản đã được chỉ định cho mỗi người dùng.'); ?> </div> <?php $this->widget('bootstrap.widgets.TbGridView', array('dataProvider' => $dataProvider, 'summaryText' => 'Hiển thị {start} đến {end} của {count} bản ghi', 'emptyText' => Rights::t('core', 'Không tìm thấy user nào.'), 'htmlOptions' => array('class' => 'grid-view assignment-table'), 'itemsCssClass' => 'display table table-bordered table-striped dataTable', 'pager' => array('header' => '', 'htmlOptions' => array('class' => 'pagination pagination-sm pull-right'), 'firstPageLabel' => '«', 'nextPageLabel' => '→', 'lastPageLabel' => '»', 'prevPageLabel' => '←', 'selectedPageCssClass' => 'active'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getAssignmentNameLink()'), array('name' => 'assignments', 'header' => Rights::t('core', 'Roles'), 'type' => 'raw', 'htmlOptions' => array('class' => 'role-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_ROLE)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Tasks'), 'type' => 'raw', 'htmlOptions' => array('class' => 'task-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_TASK)'), array('name' => 'assignments', 'header' => Rights::t('core', 'Operations'), 'type' => 'raw', 'htmlOptions' => array('class' => 'operation-column'), 'value' => '$data->getAssignmentsText(CAuthItem::TYPE_OPERATION)')))); ?> </div> </div> </section>
<?php $this->widget('bootstrap.widgets.TbMenu', array('type' => 'pills', 'stacked' => false, 'items' => array(array('label' => Rights::t('core', 'Assignments'), 'url' => array('/rights/assignment/view'), 'itemOptions' => array('class' => 'item-assignments')), array('label' => Rights::t('core', 'Permissions'), 'url' => array('/rights/authItem/permissions'), 'itemOptions' => array('class' => 'item-permissions')), array('label' => Rights::t('core', 'Roles'), 'url' => array('/rights/authItem/roles'), 'itemOptions' => array('class' => 'item-roles')), array('label' => Rights::t('core', 'Tasks'), 'url' => array('/rights/authItem/tasks'), 'itemOptions' => array('class' => 'item-tasks')), array('label' => Rights::t('core', 'Operations'), 'url' => array('/rights/authItem/operations'), 'itemOptions' => array('class' => 'item-operations')))));
?> <?php echo $form->textField($model, 'data', array('maxlength' => 255, 'class' => 'text-field')); ?> <?php echo $form->error($model, 'data'); ?> <p class="hint"><?php echo Rights::t('core', 'Additional data available when executing the business rule.'); ?> </p> </div> <?php } ?> <div class="row buttons"> <?php echo CHtml::submitButton(Rights::t('core', 'Save')); ?> | <?php echo CHtml::link(Rights::t('core', 'Cancel'), Yii::app()->user->rightsReturnUrl); ?> </div> <?php $this->endWidget(); ?> </div>
</th></tr> <?php } ?> <?php if ($items['modules'] !== array()) { ?> <?php if ($displayModuleHeadingRow === true) { ?> <tr><th class="module-heading-row" colspan="3"><?php echo Rights::t('core', 'Modules'); ?> </th></tr> <?php } ?> <?php foreach ($items['modules'] as $moduleName => $moduleItems) { ?> <tr><th class="module-row" colspan="3"><?php echo ucfirst($moduleName) . 'Module'; ?> </th></tr>
/** * Revokes an assignment from an user. */ public function actionRevoke() { // We only allow deletion via POST request if (Yii::app()->request->isPostRequest === true) { $itemName = $this->getItemName(); // Revoke the item from the user and load it $this->_authorizer->authManager->revoke($itemName, $_GET['id']); $item = $this->_authorizer->authManager->getAuthItem($itemName); $item = $this->_authorizer->attachAuthItemBehavior($item); // Set flash message for revoking the item Yii::app()->user->setFlash($this->module->flashSuccessKey, Rights::t('core', 'Permission :name revoked.', array(':name' => $item->getNameText()))); // if AJAX request, we should not redirect the browser if (isset($_POST['ajax']) === false) { $this->redirect(array('assignment/user', 'id' => $_GET['id'])); } } else { throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.')); } }
<?php $form = $this->beginWidget('CActiveForm'); ?> <?php echo $form->dropDownList($model, 'itemname', $itemnameSelectOptions); ?> <?php echo $form->error($model, 'itemname'); ?> <div class="row buttons"> <?php echo CHtml::submitButton(Rights::t('core', 'Add')); ?> </div> <?php $this->endWidget(); ?>
/** * Returns the data model based on the primary key given in the GET variable. * If the data model is not found, an HTTP exception will be raised. */ public function loadModel() { if ($this->_model === null) { $itemName = $this->getItemName(); if ($itemName !== null) { $this->_model = $this->_authorizer->authManager->getAuthItem($itemName); $this->_model = $this->_authorizer->attachAuthItemBehavior($this->_model); } if ($this->_model === null) { throw new CHttpException(404, Rights::t('core', 'The requested page does not exist.')); } } return $this->_model; }
<?php $form = $this->beginWidget('CActiveForm'); ?> <div class="form-group"> <?php echo $form->dropDownList($model, 'itemname', $itemnameSelectOptions, array('class' => 'form-control')); ?> <?php echo $form->error($model, 'itemname'); ?> </div> <div class="form-action text-right"> <?php echo CHtml::submitButton(Rights::t('core', 'Assign'), array('class' => 'btn btn-primary')); ?> </div> <?php $this->endWidget();
$this->widget('bootstrap.widgets.TbExtendedGridView', array('dataProvider' => $dataProvider, 'type' => 'hover striped bordered', 'template' => '{items}', 'emptyText' => Rights::t('core', 'No authorization items found.'), 'htmlOptions' => array('class' => 'grid-view permission-table'), 'columns' => $columns)); ?> <p class="info">*) <?php echo Rights::t('core', 'Hover to see from where the permission is inherited.'); ?> </p> <script type="text/javascript"> /** * Attach the tooltip to the inherited items. */ jQuery('.inherited-item').rightsTooltip({ title:'<?php echo Rights::t('core', 'Source'); ?> : ' }); /** * Hover functionality for rights' tables. */ $('#rights tbody tr').hover(function() { $(this).addClass('hover'); // On mouse over }, function() { $(this).removeClass('hover'); // On mouse out }); </script>
<h2><?php echo Rights::t('core', 'Operations'); ?> </h2> <p> <?php echo Rights::t('core', 'An operation is a permission to perform a single operation, for example accessing a certain controller action.'); ?> <br /> <?php echo Rights::t('core', 'Operations exist below tasks in the authorization hierarchy and can therefore only inherit from other operations.'); ?> </p> <p><?php echo CHtml::link(Rights::t('core', 'Create a new operation'), array('authItem/create', 'type' => CAuthItem::TYPE_OPERATION), array('class' => 'add-operation-link')); ?> </p> <?php $this->widget('zii.widgets.grid.CGridView', array('dataProvider' => $dataProvider, 'template' => '{items}', 'emptyText' => Rights::t('core', 'No operations found.'), 'htmlOptions' => array('class' => 'grid-view operation-table sortable-table'), 'columns' => array(array('name' => 'name', 'header' => Rights::t('core', 'Name'), 'type' => 'raw', 'htmlOptions' => array('class' => 'name-column'), 'value' => '$data->getNameLink(false, true, true)'), array('name' => 'description', 'header' => Rights::t('core', 'Description'), 'type' => 'raw', 'htmlOptions' => array('class' => 'description-column')), array('name' => 'bizRule', 'header' => Rights::t('core', 'Business rule'), 'type' => 'raw', 'htmlOptions' => array('class' => 'bizrule-column'), 'visible' => Rights::module()->enableBizRule === true), array('name' => 'data', 'header' => Rights::t('core', 'Data'), 'type' => 'raw', 'htmlOptions' => array('class' => 'data-column'), 'visible' => Rights::module()->enableBizRuleData === true), array('header' => ' ', 'type' => 'raw', 'htmlOptions' => array('class' => 'actions-column'), 'value' => '$data->getDeleteOperationLink()')))); ?> <p class="info"><?php echo Rights::t('core', 'Values within square brackets tell how many children each item has.'); ?> </p> </div>
</table> </div> <div class="row"> <?php echo CHtml::link(Rights::t('core', 'Select all'), '#', array('onclick' => "jQuery('.generate-item-table').find(':checkbox').attr('checked', 'checked'); return false;", 'class' => 'selectAllLink')); ?> / <?php echo CHtml::link(Rights::t('core', 'Select none'), '#', array('onclick' => "jQuery('.generate-item-table').find(':checkbox').removeAttr('checked'); return false;", 'class' => 'selectNoneLink')); ?> </div> <div class="row"> <?php echo CHtml::submitButton(Rights::t('core', 'Generate')); ?> </div> <?php $this->endWidget(); ?> </div> </div>
/** * Returns the users with superuser privileges. * @return the superusers. */ public function getSuperusers() { $assignments = $this->_authManager->getAssignmentsByItemName(Rights::module()->superuserName); $userIdList = array(); foreach ($assignments as $userId => $assignment) { $userIdList[] = $userId; } $criteria = new CDbCriteria(); $criteria->addInCondition(Rights::module()->userIdColumn, $userIdList); $userClass = Rights::module()->userClass; $users = CActiveRecord::model($userClass)->findAll($criteria); $users = $this->attachUserBehavior($users); //percobaan $userNameCol = Rights::module()->userNameColumn; // $superusers = array(); foreach ($users as $user) { //$superusers[] = $user->name; $superusers[] = $user->username; } // Make sure that we have superusers, otherwise we would allow full access to Rights // if there for some reason is not any superusers. if ($superusers === array()) { throw new CHttpException(403, Rights::t('core', 'There must be at least one superuser!')); } return $superusers; }