public function run() { $query = Project::find(); if ($this->ownerId !== null) { $query->byOwnerId($this->ownerId); } return $query->with('owner')->all(); }
public function testRemove() { $projectId = null; \Yii::$app->on(Project::EVENT_REMOVED, function ($event) use(&$projectId) { $projectId = $event->project->getId(); }); $project = Project::find()->byId(1)->one(); $this->assertInstanceOf(Project::class, $project); $this->assertTrue($project->remove()); $this->assertEquals($project->getId(), $projectId); $this->assertNull(Project::find()->byId(1)->one()); }
/** @inheritdoc */ protected function beforeCreate($data) { /** @var ProjectRole $role */ $role = ProjectRole::find()->byId($data['role_id'])->one(); /** @var Project $project */ $project = Project::find()->byId($data['project_id'])->one(); if ($role->getProjectId() != $project->getId()) { throw new ForbiddenHttpException("Role '{$role->getId()}' doesn't owned by project '{$project->getId()}'."); // todo-rbac } elseif ($project->getOwnerId() == $data['user_id']) { throw new ForbiddenHttpException("Owner cannot be the member."); // todo-rbac } return true; }
/** * @param int $project_id * @return ProjectMember * @throws ModelValidateException * @throws ForbiddenHttpException */ public function actionCreate($project_id) { $project = Project::find()->byId($project_id)->oneOrThrow(); if ($project->getOwnerId() != \Yii::$app->getUser()->getId()) { throw new ForbiddenHttpException(); // todo-rbac } $data = \Yii::$app->getRequest()->post(); $data['project_id'] = $project_id; $member = new ProjectMember(); if ($member->create($data)) { return $member; } else { throw new ModelValidateException($member); } }
/** * @param int $project_id * @param int $role_id * @return ProjectRole * @throws ModelValidateException * @throws NotFoundHttpException * @throws ForbiddenHttpException */ public function actionUpdate($project_id, $role_id) { $project = Project::find()->byId($project_id)->oneOrThrow(); if ($project->getOwnerId() != \Yii::$app->getUser()->getId()) { throw new ForbiddenHttpException(); // todo-rbac } $data = \Yii::$app->getRequest()->post(); $role = ProjectRole::find()->byId($role_id)->oneOrThrow(); if ($project->getId() != $role->getProjectId()) { throw new ForbiddenHttpException(); } if ($role->modify($data)) { return $role; } else { throw new ModelValidateException($role); } }
/** * @param int $id * @throws ModelValidateException * @throws NotFoundHttpException * @throws ForbiddenHttpException */ public function actionDelete($id) { $project = Project::find()->byId($id)->oneOrThrow(); if ($project->getOwnerId() != \Yii::$app->getUser()->getId()) { throw new ForbiddenHttpException(); // todo-rbac } if ($project->remove()) { return; } else { throw new ModelValidateException($project); } }