add role checking to controllers

2015-11-05 17:24:09 +01:00
parent 43d5598f23
commit cc83ccf761
39 changed files with 362 additions and 78 deletions
--- a/backend/controllers/AccountController.php
+++ b/backend/controllers/AccountController.php
@@ -14,6 +14,32 @@ use yii\filters\VerbFilter;
 */
 class AccountController extends \backend\controllers\BackendController
 {
+	
+	
+	public function behaviors()
+	{
+		return [
+			'access' => [
+				'class' => \yii\filters\AccessControl::className(),
+					'rules' => [
+					// allow authenticated users
+						[
+						'actions' => [ 'index','view' ],
+						'allow' => true,
+						'roles' => ['employee','admin','reception'],
+						],
+						// allow authenticated users
+						[
+						'actions' => [ 'create', 'update'],
+						'allow' => true,
+						'roles' => ['admin'],
+						],
+				// everything else is denied
+				],
+			],
+		];
+	}
+	

    /**
     * Lists all Account models.
--- a/backend/controllers/BackendController.php
+++ b/backend/controllers/BackendController.php
@@ -28,7 +28,7 @@ class BackendController extends Controller
        						[
        								'actions' => ['create','index','view','update'],
        								'allow' => true,
-        								'roles' => ['@'],
+        								'roles' => ['admin','employee','reception'],
        						],
        						// everything else is denied
        				],
--- a/backend/controllers/CollectionController.php
+++ b/backend/controllers/CollectionController.php
@@ -47,7 +47,7 @@ class CollectionController extends \backend\controllers\BackendController
        $searchModel->accounts = Account::read();
        $searchModel->accountMap = Account::toAccaountMap($searchModel->accounts);
        
-        $searchModel->users = User::find()->all(    );
+        $searchModel->users = User::read();
        
        $dataProvider = $searchModel->search(Yii::$app->request->queryParams);
        $searchModel->searchTotal();
--- a/backend/controllers/DiscountController.php
+++ b/backend/controllers/DiscountController.php
@@ -14,6 +14,30 @@ use yii\filters\VerbFilter;
 */
 class DiscountController  extends \backend\controllers\BackendController
 {
+	
+	public function behaviors()
+	{
+		return [
+			'access' => [
+				'class' => \yii\filters\AccessControl::className(),
+				'rules' => [
+					// allow authenticated users
+					[
+					'actions' => [ 'index','view' ],
+					'allow' => true,
+					'roles' => ['admin','employee','reception'],
+					],
+					[
+					'actions' => ['create','update'],
+					'allow' => true,
+					'roles' => ['admin'  ],
+					],
+					// everything else is denied
+			],
+			],
+		];
+	}
+	

    /**
     * Lists all Discount models.
--- a/backend/controllers/ProcurementController.php
+++ b/backend/controllers/ProcurementController.php
@@ -11,6 +11,7 @@ use yii\filters\VerbFilter;
 use common\models\Warehouse;
 use common\models\Product;
 use common\models\User;
+use common\components\Helper;

 /**
 * ProcurementController implements the CRUD actions for Procurement model.
@@ -118,14 +119,21 @@ class ProcurementController  extends \backend\controllers\BackendController
        			$transaction->commit();
        		} else {
        			$transaction->rollback();
+        			Helper::flash('error', "Hiba történt!");
+        			throw new NotFoundHttpException( Yii::t('common/procurement' ,'Failed to fullfill procurement.' ));
        		}
+        		Helper::flash('success', Yii::t('backend/procurement', 'Beszerzés mentve'));
        	} catch (\Exception $e) {
        		$transaction->rollback();
        		throw $e;
        	}
        	
        	
-            return $this->redirect(['index' ]);
+        	if ( isset($_POST['_next'])){
+            	return $this->redirect(['create' ]);
+        	}else{
+	            return $this->redirect(['index' ]);
+        	}
        } else {
            return $this->render('create', [
                'model' => $model,
--- a/backend/controllers/ProductController.php
+++ b/backend/controllers/ProductController.php
@@ -55,7 +55,7 @@ class ProductController extends \backend\controllers\BackendController
        $model = new Product();
        $model->stock = 0;
        $model->status = Product::STATUS_ACTIVE;
-		$accounts = Account::readAccounts(null);
+		$accounts = Account::read(null);
 		$categories = ProductCategory::read(null);
        
        if ($model->load(Yii::$app->request->post()) && $model->save()) {
--- a/backend/controllers/TicketTypeController.php
+++ b/backend/controllers/TicketTypeController.php
@@ -15,6 +15,31 @@ use common\models\Account;
 */
 class TicketTypeController extends \backend\controllers\BackendController
 {
+	
+	
+	public function behaviors()
+	{
+		return [
+		'access' => [
+			'class' => \yii\filters\AccessControl::className(),
+				'rules' => [
+					// allow authenticated users
+					[
+						'actions' => [ 'index','view'],
+						'allow' => true,
+						'roles' => ['admin','employee','reception'],
+					],
+					[
+						'actions' => ['create' , 'update'],
+						'allow' => true,
+						'roles' => ['admin' ],
+					],
+					// everything else is denied
+				],
+			],
+		];
+	}
+	

    /**
     * Lists all TicketType models.
--- a/backend/controllers/TransferController.php
+++ b/backend/controllers/TransferController.php
@@ -25,7 +25,7 @@ class TransferController extends \backend\controllers\BackendController
 	        						[
 	        								'actions' => [ 'index','view' ],
 	        								'allow' => true,
-	        								'roles' => ['@'],
+	        								'roles' => ['admin','employee','reception'],
 	        						],
 	        						// everything else is denied
 	        				],
@@ -43,7 +43,7 @@ class TransferController extends \backend\controllers\BackendController
        $searchModel = new TransferSearch();
        $dataProvider = $searchModel->search(Yii::$app->request->queryParams);
        
-        $accounts = Account::readAccounts();
+        $accounts = Account::read();
        
        $searchModel->totalsTransfers();
       	
@@ -54,7 +54,6 @@ class TransferController extends \backend\controllers\BackendController
            'dataProvider' => $dataProvider,
        	'accounts' => $accounts,
        	'users' => $users,
-//         	'totals' =>$totals
        ]);
    }

--- a/backend/controllers/UserController.php
+++ b/backend/controllers/UserController.php
@@ -13,6 +13,7 @@ use yii\base\Object;
 use backend\models\UserUpdate;
 use common\models\Account;
 use common\models\UserAccountAssignment;
+use common\components\RoleDefinition;

 /**
 * UserController implements the CRUD actions for User model.
@@ -21,6 +22,31 @@ class UserController extends \backend\controllers\BackendController
 {
 	

+	public function behaviors()
+	{
+		return [
+			'access' => [
+				'class' => \yii\filters\AccessControl::className(),
+				'rules' => [
+					// allow authenticated users
+					[
+					'actions' => [ 'index','view' ],
+					'allow' => true,
+					'roles' => ['employee','admin','reception'],
+					],
+					// allow authenticated users
+					[
+					'actions' => [ 'create', 'update'],
+					'allow' => true,
+					'roles' => ['admin'],
+					],
+				// everything else is denied
+				],
+			],
+		];
+	}
+	
+	
    /**
     * Lists all User models.
     * @return mixed
@@ -99,6 +125,14 @@ class UserController extends \backend\controllers\BackendController
    {
        $model =  UserUpdate::findOne(['id' => $id]);
        
+        if ( Yii::$app->authManager->checkAccess($model->id, 'admin')){
+        	$model->role = 'admin';
+        } else if ( Yii::$app->authManager->checkAccess($model->id, 'employee')){
+        	$model->role = 'employee';
+        }else if ( Yii::$app->authManager->checkAccess($model->id, 'reception')){
+        	$model->role = 'reception';
+        }
+        
        if ( $model == null ){
        	throw new NotFoundHttpException('The requested page does not exist.');
        }