rschneider/fitness-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add role checking to controllers

Browse Source
This commit is contained in:
rocho
2015-11-05 17:24:09 +01:00
parent 43d5598f23
commit cc83ccf761
39 changed files with 362 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/models/AccountSearch.php
View File

@@ -6,6 +6,7 @@ use Yii;
use yii\base\Model;
use yii\data\ActiveDataProvider;
use common\models\Account;
use common\components\RoleDefinition;
/**
* AccountSearch represents the model behind the search form about `common\models\Account`.
@@ -43,6 +44,12 @@ class AccountSearch extends Account
{
$query = Account::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'account.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);

7
backend/models/AccountStateSearch.php
View File

@@ -6,6 +6,7 @@ use Yii;
use yii\base\Model;
use yii\data\ActiveDataProvider;
use common\models\AccountState;
use common\components\RoleDefinition;
/**
* AccountStateSearch represents the model behind the search form about `common\models\AccountState`.
@@ -53,6 +54,12 @@ class AccountStateSearch extends AccountState
{
$query = AccountState::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'account_state.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([
'query' => $query,
'sort' => false,

13
backend/models/CollectionSearch.php
View File

@@ -7,6 +7,7 @@ use yii\base\Model;
use yii\data\ActiveDataProvider;
use common\models\Collection;
use common\components\Helper;
use common\components\RoleDefinition;
/**
* CollectionSearch represents the model behind the search form about `common\models\Collection`.
@@ -31,7 +32,7 @@ class CollectionSearch extends Collection
{
return [
[[ 'start', ], 'date', 'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampStart' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
[[ 'end' , ], 'date' ,'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
[[ 'end' , ], 'date' ,'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
[['id_account','id_user'],'integer']
];
}
@@ -56,6 +57,12 @@ class CollectionSearch extends Collection
{
$query = Collection::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'collection.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);
@@ -69,8 +76,8 @@ class CollectionSearch extends Collection
}
$query->andFilterWhere([
'id_user' => $this->id_user,
'id_account' => $this->id_account,
'collection.id_user' => $this->id_user,
'collection.id_account' => $this->id_account,
]);
Helper::inInterval($query, 'collection.end', $this->timestampStart, $this->timestampEnd);

5
backend/models/ProcurementSearch.php
View File

@@ -6,6 +6,7 @@ use Yii;
use yii\base\Model;
use yii\data\ActiveDataProvider;
use common\models\Procurement;
use common\components\RoleDefinition;
/**
* ProcurementSearch represents the model behind the search form about `common\models\Procurement`.
@@ -55,6 +56,10 @@ class ProcurementSearch extends Procurement
'query' => $query,
]);
if ( RoleDefinition::isReception()){
$query->andWhere(['id_user' => Yii::$app->user->id ]);
}
$this->load($params);
if (!$this->validate()) {

12
backend/models/ProductSearch.php
View File

@@ -6,6 +6,7 @@ use Yii;
use yii\base\Model;
use yii\data\ActiveDataProvider;
use common\models\Product;
use common\components\RoleDefinition;
/**
* ProductSearch represents the model behind the search form about `common\models\Product`.
@@ -43,6 +44,11 @@ class ProductSearch extends Product
{
$query = Product::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'product.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);
@@ -56,9 +62,9 @@ class ProductSearch extends Product
}
$query->andFilterWhere([
'id_product_category' => $this->id_product_category,
'id_account' => $this->id_account,
'status' => $this->status,
'product.id_product_category' => $this->id_product_category,
'product.id_account' => $this->id_account,
'product.status' => $this->status,
]);
$query->andFilterWhere(['like', 'product_number', $this->product_number])

9
backend/models/TransferSearch.php
View File

@@ -12,6 +12,7 @@ use yii\db\Query;
use yii\helpers\ArrayHelper;
use common\models\Account;
use common\components\Helper;
use common\components\RoleDefinition;
/**
* TransferSearch represents the model behind the search form about `common\models\Transfer`.
@@ -67,6 +68,12 @@ class TransferSearch extends Transfer
{
$query = Transfer::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'transfer.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([
'query' => $query,
]);
@@ -105,7 +112,7 @@ class TransferSearch extends Transfer
];
$accounts = Account::find()->orderBy("name asc")->all();
$accounts = Account::read();
$accountMap = ArrayHelper::map( $accounts ,'id_account','name' );
$idUser = Yii::$app->user->id;