public function actionAuth($accountId) { if (!empty($accountId)) { $accountId = new MongoId($accountId); $condition = ['accountId' => $accountId]; $attributes = ['$pull' => ['states' => 'product-goods']]; SensitiveOperation::updateAll($attributes, $condition); $operation = new SensitiveOperation(); $operation->name = 'klp default'; $operation->users = []; $operation->states = ['member-setting', 'product-edit-promotion', 'product-edit-promotion-{id}', 'product-create-goods', 'product-setting']; $operation->actions = ['product/campaign/update', 'product/campaign/create', 'product/campaign/delete', 'product/goods/create', 'product/goods/update-goods-status', 'product/goods/delete', 'product/product-category/create', 'product/product-category/update', 'product/product-category/delete']; $operation->isActivated = true; $operation->accountId = $accountId; $operation->save(); echo 'klp auth successfully' . PHP_EOL; } }
public function actionIndex() { $accounts = Account::findAll([]); if (!empty($accounts)) { foreach ($accounts as $account) { $options = Yii::$app->params['sensitive_options']; foreach ($options as $name => $options) { SensitiveOperation::initOptions($name, $options, $account->_id); } } } echo "Fininsh init the sensitive operation.\n"; }
/** * Update the selected user in sensitive operation * @param string $id sensitive operation id * @return boolean */ public function actionSelectUser($id) { $id = new \MongoId($id); $users = []; $params = $this->getParams('users'); if (!empty($params)) { // convert string id to mongo id foreach ($params as $userId) { $userId = new \MongoId($userId); array_push($users, $userId); } } // update the users of sensitive options $count = SensitiveOperation::updateAll(['users' => $users], ['_id' => $id]); return (bool) $count; }
/** * do something after creating account * @param Account $account */ public static function afterCreateAccount($account) { $options = Yii::$app->params['sensitive_options']; foreach ($options as $name => $options) { SensitiveOperation::initOptions($name, $options, $account->_id); } MessageTemplate::createStaffTemplate($account->_id); }
/** * create a user by email(generate-by-email) */ public function actionGenerateByEmail($email) { $email = mb_strtolower($email); $user = User::getByEmail($email); if (!empty($user)) { echo 'email is used' . PHP_EOL; return; } $name = Yii::$app->params['defaultName']; $accountId = Account::create('', '', $name); $attributes = ['status' => Account::STATUS_ACTIVATED, 'availableExtMods' => Yii::$app->params['extMods'], 'serviceStartAt' => new \MongoDate()]; Account::updateAll($attributes, ['_id' => $accountId]); $salt = StringUtil::rndString(6); $password = User::encryptPassword(md5(Yii::$app->params['defaultPwd']), $salt); $user = new User(); $user->email = $email; $user->accountId = $accountId; $user->name = $name; $user->role = User::ROLE_ADMIN; $user->isActivated = User::ACTIVATED; $user->avatar = Yii::$app->params['defaultAvatar']; $user->language = Yii::$app->params['defaultLanguage']; $user->salt = $salt; $user->password = $password; if (!$user->save()) { Account::deleteAll(['_id' => $accountId]); SensitiveOperation::deleteAll(['accountId' => $accountId]); MessageTemplate::deleteAll(['accountId' => $accountId]); echo 'create account fail' . PHP_EOL; } else { echo 'create account successfully' . PHP_EOL; } }
/** * Get account modules config * * <b>Request Type </b>:GET * <b>Request Endpoints </b>: http://{server-domain}/api/common/module/config * <b>Content-type</b>: application/json<br/><br/> * <b>Summary</b>: This api is used to get the account modules config. * * <b>Response Example</b> * { * "menus": { * "content": [ * { * "order": 1, * "title": "graphics_content", * "name": "graphics", * "state": "content-graphics" * }, * { * "order": 2, * "title": "webpage_content", * "name": "webpage", * "state": "content-webpage" * } * ], * "analytic": [ * { * "order": 1, * "title": "analytic_followers_growth", * "name": "growth", * "state": "analytic-growth" * }, * { * "order": 2, * "title": "analytic_followers_property", * "name": "property", * "state": "analytic-property" * }, * { * "order": 3, * "title": "analytic_content_spread", * "name": "content", * "state": "analytic-content" * }, * { * "order": 4, * "title": "analytic_store", * "name": "store", * "state": "analytic-score" * } * ] * }, * "mods": [ * { * "name": "channel", * "order": 1, * "stateUrl": "" * }, * { * "name": "customer", * "order": 2, * "stateUrl": "/customer/follower" * }, * { * "name": "helpdesk", * "order": 1, * "stateUrl": "/helpdesk/helpdesk" * } * ], * "forbiddenStates": [ * "member-score", * "product-edit-product", * "product-edit-product-{id}" * ] * } **/ public function actionConfig() { $accountId = $this->getAccountId(); $account = Account::findByPk($accountId); $result = ['menus' => $account->menus, 'mods' => $account->mods]; $token = Token::getToken(); $forbiddenStates = []; if (empty($token->role) || $token->role !== User::ROLE_ADMIN) { $userId = empty($token->userId) ? '' : $token->userId; $forbiddenStates = SensitiveOperation::getForbiddenStates($userId, $accountId); } $menus =& $result['menus']; // Remove the forbidden menu foreach ($menus as &$menu) { foreach ($menu as $index => $subMenu) { if (!empty($subMenu['state']) && in_array($subMenu['state'], $forbiddenStates)) { array_splice($menu, $index, 1); } } } $mods =& $result['mods']; foreach ($mods as $index => &$mod) { // Get the first menu's state in this mod if (!empty($menus[$mod['name']][0]['state'])) { // Use first menu's state to generate the mod's stateUrl $mod['stateUrl'] = $this->_state2Url($menus[$mod['name']][0]['state']); } else { // Remove the mod array_splice($mods, $index, 1); } } $result['forbiddenStates'] = $forbiddenStates; // Sort the menus and mods foreach ($result['menus'] as &$moduleItems) { ArrayHelper::multisort($moduleItems, 'order', SORT_ASC); } ArrayHelper::multisort($result['mods'], 'order', SORT_ASC); return $result; }
public function checkAuth($module, $token) { $baseId = Yii::$app->id; $moduleId = $module->id; //init i18n configuration from user agent Yii::$app->language = LanguageUtil::getBrowserLanguage(); if ($baseId === $moduleId) { return true; } //accountId $accountId = $this->getAccountIdFromCookies(); if (!empty($accountId) && $this->validateSignature()) { return true; } if (!empty($token)) { $info = Token::getToken($token); if (!empty($info)) { //set the language for i18n Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language; // If $module is a child module, use the parent module if (!empty($module->module->id) && $module->module->id !== $baseId) { $module = $module->module; $moduleId = $module->id; } if (isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) { if (isset($module->roleAccess) && !empty($roleAccess = $module->roleAccess) && in_array($info->role, $roleAccess) && in_array($moduleId, $info->enabledMods)) { //set the current user $userId = $this->getUserId(); $controllerId = $this->owner->id; $actionId = $this->owner->action->id; // the current route // change 'POST product/products' to 'product/product/create' $route = "{$moduleId}/{$controllerId}/{$actionId}"; // find the sensitive operation with route $condition = ['isActivated' => true, 'actions' => $route, 'accountId' => $info->accountId]; $option = SensitiveOperation::findOne($condition); if (!empty($option)) { // admin has all sensitive operation access authority if ($info->role !== User::ROLE_ADMIN) { if ($info->role !== User::ROLE_OPERATOR) { // other's role hasn't sensitive operation access authority throw new ForbiddenHttpException(Yii::t('common', 'no_permission')); } else { if (empty($option->users) || !in_array($info->userId, $option->users)) { throw new ForbiddenHttpException(Yii::t('common', 'no_permission')); } } } } define('CURRENT_USER_ID', $userId); $info->expireTime = new \MongoDate(time() + Token::EXPIRE_TIME); $updateResult = $info->update(); $this->updateAccessTokenExpire(); LogUtil::info(['tokenId' => $info->_id, 'updateResult' => $updateResult]); return true; } else { throw new ForbiddenHttpException(Yii::t('common', 'no_permission')); } } else { Yii::$app->language = LanguageUtil::getBrowserLanguage(); throw new UnauthorizedHttpException(Yii::t('common', 'login_timeout')); } } } throw new UnauthorizedHttpException(Yii::t('common', 'not_logined')); }