add role checking to controllers

common/models/Transfer.php

@@ -12,6 +12,7 @@ use common\components\DiscountAwareBehavior;
 use common\components\CustomerAwareBehavior;
 use yii\db\Query;
 use yii\db\Expression;
+use common\components\RoleDefinition;
 
 /**
  * This is the model class for table "transfer".
@@ -488,18 +489,23 @@ class Transfer extends \common\models\BaseFitnessActiveRecord
     	
     	$query->addSelect( [
     			new Expression( 'transfer.id_account as account'),
-    			new Expression( ' COALESCE(sum(  ( case when direction =  '.Transfer::DIRECTION_OUT.' then  -1 else  1 end )*  transfer.money ),0) as money /** '. $mode.'*/' )
+    			new Expression( ' COALESCE(sum(  ( case when direction =  '.Transfer::DIRECTION_OUT.' then  -1 else  1 end )*  transfer.money ),0) as money /** --'. $mode.'*/' )
     	
     	]);
     	$query->from('transfer');
     	
+    	if ( !RoleDefinition::isAdmin() ){
+    		$query->innerJoin("user_account_assignment", 'transfer.id_account = user_account_assignment.id_account' );
+    		$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
+    	}
+    	
     	$query->andFilterWhere([
-    			'id_account' => $idAccount,
+    			'transfer.id_account' => $idAccount,
     			]);
 
-    	$query->andFilterWhere(['id_user' => $idUser]);
+    	$query->andFilterWhere(['transfer.id_user' => $idUser]);
     	
-    	$query->andFilterWhere(['in' ,'type', $types]);
+    	$query->andFilterWhere(['in' ,'transfer.type', $types]);
     	
     	
     	if ( $mode == 'created_at'){