add role checking to controllers

backend/controllers/UserController.php

@@ -13,6 +13,7 @@ use yii\base\Object;
 use backend\models\UserUpdate;
 use common\models\Account;
 use common\models\UserAccountAssignment;
+use common\components\RoleDefinition;
 
 /**
  * UserController implements the CRUD actions for User model.
@@ -21,6 +22,31 @@ class UserController extends \backend\controllers\BackendController
 {
 	
 
+	public function behaviors()
+	{
+		return [
+			'access' => [
+				'class' => \yii\filters\AccessControl::className(),
+				'rules' => [
+					// allow authenticated users
+					[
+					'actions' => [ 'index','view' ],
+					'allow' => true,
+					'roles' => ['employee','admin','reception'],
+					],
+					// allow authenticated users
+					[
+					'actions' => [ 'create', 'update'],
+					'allow' => true,
+					'roles' => ['admin'],
+					],
+				// everything else is denied
+				],
+			],
+		];
+	}
+	
+	
     /**
      * Lists all User models.
      * @return mixed
@@ -99,6 +125,14 @@ class UserController extends \backend\controllers\BackendController
     {
         $model =  UserUpdate::findOne(['id' => $id]);
         
+        if ( Yii::$app->authManager->checkAccess($model->id, 'admin')){
+        	$model->role = 'admin';
+        } else if ( Yii::$app->authManager->checkAccess($model->id, 'employee')){
+        	$model->role = 'employee';
+        }else if ( Yii::$app->authManager->checkAccess($model->id, 'reception')){
+        	$model->role = 'reception';
+        }
+        
         if ( $model == null ){
         	throw new NotFoundHttpException('The requested page does not exist.');
         }