/** * * @desc */ public function actionEdit() { $this->checkAccess('RbacViewer', true); $model = new AuthItem(); if (empty($_POST)) { if (isset($_GET['item'])) { if (in_array($_GET['item'], $this->protectedItems)) { $this->messageErrors[] = "Warning! Item is protected by Controller"; } $model->attributes = $_GET; if ($model->validate()) { $name = urldecode($_GET['item']); if ($item = $model->findByAttributes(array('name' => $name))) { // display edit Item box $this->editItem = $item; $this->actionIndex(); } else { $this->messageErrors[] = "The Item you want to edit does not exist"; } } else { $this->messageErrors[] = "Unsecure Data detected. Please mail the Siteadmin if this Problem returns."; } } else { //ignore missing item and display index $this->actionIndex(); } } else { $this->checkAccess('RbacEditor', true); // filter names $_POST['editItem']['name'] = $this->filterString($_POST['editItem']['name'], $this->filterNames); $model->attributes = $_POST['editItem']; $oldName = $_POST['oldName']; if (in_array($oldName, $this->protectedItems) || in_array($_POST['editItem']['name'], $this->protectedItems)) { $this->messageErrors[] = "Sorry, Item is protected by Controller"; $this->actionIndex(); } if ($model->validate()) { if (isset($_POST['updateItem'])) { $this->_updateItem($_POST['editItem'], $oldName); } elseif (isset($_POST['createItem'])) { if (!AuthItem::model()->findByAttributes(array('name' => $_POST['editItem']['name']))) { $model->setIsNewRecord(true); $model->save(); $this->messageSuccess[] = "Item {$_POST['editItem']['name']} successfull created."; } else { $this->messageErrors[] = "Create Error: New Item <i>{$_POST['editItem']['name']}</i> already exists"; $this->editItem = $model; $this->actionIndex(); } } elseif (isset($_POST['deleteItem'])) { AuthItem::model()->deleteAllByAttributes(array('name' => $oldName)); AuthItemChild::model()->deleteAllByAttributes(array('parent' => $oldName)); AuthItemChild::model()->deleteAllByAttributes(array('child' => $oldName)); AuthAssignment::model()->deleteAllByAttributes(array('itemname' => $oldName)); $this->messageSuccess[] = "Item {$oldName} successfull deleted."; } else { // ignore not existing submit option and render page } $this->actionIndex(); } else { //use Yii error system $model->setIsNewRecord(true); $this->editItem = $model; $this->actionIndex(); } } }