add role checking to controllers
This commit is contained in:
@@ -5,8 +5,8 @@ use yii\base\Widget;
|
||||
|
||||
class AccountTotalWidget extends Widget{
|
||||
|
||||
public $totalHeading = 'Össesen';
|
||||
public $panelHeading = 'Össesen';
|
||||
public $totalHeading = 'Összesen';
|
||||
public $panelHeading = 'Összesen';
|
||||
public $panelType = 'panel-info';
|
||||
|
||||
public $statistic = ['total' => 0, 'accounts' => [] ];
|
||||
|
||||
@@ -45,6 +45,10 @@ class Helper
|
||||
];
|
||||
}
|
||||
|
||||
public static function flash($mode,$message){
|
||||
\Yii::$app->session->setFlash($mode, $message );
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
@@ -60,6 +60,49 @@ class RoleDefinition{
|
||||
return $result;
|
||||
}
|
||||
|
||||
public static function can($role){
|
||||
$result = false;
|
||||
if ( !Yii::$app->user->isGuest ){
|
||||
if ( isset( $role)){
|
||||
if ( is_array($role)){
|
||||
foreach ($role as $r){
|
||||
$result |= Yii::$app->user->can($r);
|
||||
}
|
||||
}else if ( is_string($role)){
|
||||
$result = Yii::$app->user->can($role);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
public static function isAdmin(){
|
||||
return self::can('admin');
|
||||
}
|
||||
|
||||
public static function isReception(){
|
||||
return self::can('reception');
|
||||
}
|
||||
|
||||
public static function isEmployee(){
|
||||
return self::can('employee');
|
||||
}
|
||||
|
||||
/*
|
||||
* [
|
||||
* 'role1' => 'template1',
|
||||
* 'role2' => 'template2,
|
||||
* ]
|
||||
* */
|
||||
public static function getRoleTemplate($templates){
|
||||
$result = "";
|
||||
foreach ($templates as $role => $template ){
|
||||
if ( Yii::$app->user->can($role)){
|
||||
$result = $template;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -131,6 +131,7 @@ class Account extends \yii\db\ActiveRecord
|
||||
public static function read($forceIncludeAccount = null){
|
||||
$accounts = null;
|
||||
$query = Account::find();
|
||||
|
||||
$query->innerJoinWith('userAccountAssignments');
|
||||
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id]);
|
||||
if ( $forceIncludeAccount == null){
|
||||
|
||||
@@ -9,6 +9,7 @@ use yii\helpers\ArrayHelper;
|
||||
use yii\behaviors\TimestampBehavior;
|
||||
use yii\db\Query;
|
||||
use yii\db\Expression;
|
||||
use common\components\RoleDefinition;
|
||||
|
||||
/**
|
||||
* This is the model class for table "collection".
|
||||
@@ -115,6 +116,11 @@ public static function mkTotalQuery($mode = 'reception', $start,$end,$idUser,$ty
|
||||
|
||||
$query = new Query();
|
||||
|
||||
if ( !RoleDefinition::isAdmin() ){
|
||||
$query->innerJoin("user_account_assignment",'collection.id_account = user_account_assignment.id_account' );
|
||||
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
|
||||
}
|
||||
|
||||
$query->addSelect( [
|
||||
new Expression( ' collection.id_account as account'),
|
||||
new Expression( ' COALESCE(sum( collection.money ) ,0) as money /** collections total money */' )
|
||||
@@ -126,8 +132,8 @@ public static function mkTotalQuery($mode = 'reception', $start,$end,$idUser,$ty
|
||||
'id_account' => $idAccount,
|
||||
]);
|
||||
|
||||
$query->andFilterWhere(['id_user' => $idUser]);
|
||||
$query->andFilterWhere(['in' ,'type', $types]);
|
||||
$query->andFilterWhere(['collection.id_user' => $idUser]);
|
||||
$query->andFilterWhere(['in' ,'collection.type', $types]);
|
||||
self::inInterval($query, 'collection.end' , $start, $end);
|
||||
|
||||
$query->groupBy('collection.id_account');
|
||||
|
||||
@@ -12,6 +12,7 @@ use common\components\DiscountAwareBehavior;
|
||||
use common\components\CustomerAwareBehavior;
|
||||
use yii\db\Query;
|
||||
use yii\db\Expression;
|
||||
use common\components\RoleDefinition;
|
||||
|
||||
/**
|
||||
* This is the model class for table "transfer".
|
||||
@@ -488,18 +489,23 @@ class Transfer extends \common\models\BaseFitnessActiveRecord
|
||||
|
||||
$query->addSelect( [
|
||||
new Expression( 'transfer.id_account as account'),
|
||||
new Expression( ' COALESCE(sum( ( case when direction = '.Transfer::DIRECTION_OUT.' then -1 else 1 end )* transfer.money ),0) as money /** '. $mode.'*/' )
|
||||
new Expression( ' COALESCE(sum( ( case when direction = '.Transfer::DIRECTION_OUT.' then -1 else 1 end )* transfer.money ),0) as money /** --'. $mode.'*/' )
|
||||
|
||||
]);
|
||||
$query->from('transfer');
|
||||
|
||||
if ( !RoleDefinition::isAdmin() ){
|
||||
$query->innerJoin("user_account_assignment", 'transfer.id_account = user_account_assignment.id_account' );
|
||||
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
|
||||
}
|
||||
|
||||
$query->andFilterWhere([
|
||||
'id_account' => $idAccount,
|
||||
'transfer.id_account' => $idAccount,
|
||||
]);
|
||||
|
||||
$query->andFilterWhere(['id_user' => $idUser]);
|
||||
$query->andFilterWhere(['transfer.id_user' => $idUser]);
|
||||
|
||||
$query->andFilterWhere(['in' ,'type', $types]);
|
||||
$query->andFilterWhere(['in' ,'transfer.type', $types]);
|
||||
|
||||
|
||||
if ( $mode == 'created_at'){
|
||||
|
||||
@@ -214,6 +214,7 @@ class User extends ActiveRecord implements IdentityInterface
|
||||
'email' => Yii::t('backend/user', 'E-Mail'),
|
||||
'created_at' => Yii::t('backend/user', 'Created at'),
|
||||
'role' => Yii::t('backend/user', 'Role'),
|
||||
'statusHuman' => Yii::t('backend/user', 'Status'),
|
||||
];
|
||||
}
|
||||
|
||||
@@ -239,15 +240,20 @@ class User extends ActiveRecord implements IdentityInterface
|
||||
* $param int $forceIncludeAccount id warehouse, that should be included in list, even if it is inactive
|
||||
* */
|
||||
public static function read($forceIncludeObjectWithId = null){
|
||||
$warehouses = null;
|
||||
|
||||
$users = null;
|
||||
$query = User::find();
|
||||
|
||||
if ( RoleDefinition::isReception()){
|
||||
$query->andWhere(['id' => Yii::$app->user->id ]);
|
||||
}
|
||||
|
||||
if ( $forceIncludeObjectWithId == null){
|
||||
$warehouses = User::find()->andWhere(['status' => User::STATUS_ACTIVE])->all();
|
||||
$users = $query->andWhere(['status' => User::STATUS_ACTIVE])->all();
|
||||
}else{
|
||||
$warehouses = User::find()->andWhere( ['or', ['status' => User::STATUS_ACTIVE], ['id' => $forceIncludeObjectWithId ] ])->all();
|
||||
$users = $query->andWhere( ['or', ['status' => User::STATUS_ACTIVE], ['id' => $forceIncludeObjectWithId ] ])->all();
|
||||
}
|
||||
|
||||
return $warehouses;
|
||||
return $users;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ class UserSoldItem extends \yii\db\ActiveRecord
|
||||
new Expression( ' COALESCE(sum( transfer.money ) ,0) as money /** total unpaid reception cart */' )
|
||||
|
||||
]);
|
||||
$query->innerJoin('transfer',['user_sold_item.id_transfer' =>'transfer.id_transfer']);
|
||||
$query->innerJoin('transfer','user_sold_item.id_transfer = transfer.id_transfer');
|
||||
|
||||
$query->from('user_sold_item');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user