add role checking to controllers

backend/models/CollectionSearch.php

@@ -7,6 +7,7 @@ use yii\base\Model;
 use yii\data\ActiveDataProvider;
 use common\models\Collection;
 use common\components\Helper;
+use common\components\RoleDefinition;
 
 /**
  * CollectionSearch represents the model behind the search form about `common\models\Collection`.
@@ -31,7 +32,7 @@ class CollectionSearch extends Collection
     {
          return [
             [[ 'start',  ], 'date', 'format' =>Yii::$app->formatter->datetimeFormat  , 'timestampAttribute' => 'timestampStart' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
-        	[[ 'end' , ], 'date'  ,'format' =>Yii::$app->formatter->datetimeFormat  , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
+        	[[ 'end' , ],   'date'  ,'format' =>Yii::$app->formatter->datetimeFormat  , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
 			[['id_account','id_user'],'integer']
 		];
     }
@@ -56,6 +57,12 @@ class CollectionSearch extends Collection
     {
         $query = Collection::find();
 
+        
+        if ( !RoleDefinition::isAdmin() ){
+        	$query->innerJoin("user_account_assignment",'collection.id_account = user_account_assignment.id_account' );
+        	$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
+        }
+        
         $dataProvider = new ActiveDataProvider([
             'query' => $query,
         ]);
@@ -69,8 +76,8 @@ class CollectionSearch extends Collection
         }
 
         $query->andFilterWhere([
-            'id_user' => $this->id_user,
-            'id_account' => $this->id_account,
+            'collection.id_user' => $this->id_user,
+            'collection.id_account' => $this->id_account,
         ]);
         
         Helper::inInterval($query, 'collection.end', $this->timestampStart, $this->timestampEnd);