rschneider/fitness-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add role checking to controllers

Browse Source
This commit is contained in:
rocho 2015-11-05 17:24:09 +01:00
parent 43d5598f23
commit cc83ccf761
39 changed files with 362 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/components/AdminMenuStructure.php
View File

@ -53,7 +53,7 @@ class AdminMenuStructure{
$items[] = ['label' => 'Beszerzések', 'url' => ['/procurement/index'] ]; $items[] = ['label' => 'Beszerzések', 'url' => ['/procurement/index'] ];
$items[] = ['label' => 'Vendégek', 'url' => ['/customer/index'] ]; $items[] = ['label' => 'Vendégek', 'url' => ['/customer/index'] ];
$items[] = ['label' => 'Bérletkártyák', 'url' => ['/card/index'] ]; $items[] = ['label' => 'Bérletkártyák', 'url' => ['/card/index'] ];
$items[] = ['label' => 'Pénznem', 'url' => ['/currency/index'] ]; // $items[] = ['label' => 'Pénznem', 'url' => ['/currency/index'] ];
$items[] = ['label' => 'Tranzakciók', 'url' => ['/transfer/index' , 'TransferSearch[start]' =>$today,'TransferSearch[end]' => $tomorrow ] ]; $items[] = ['label' => 'Tranzakciók', 'url' => ['/transfer/index' , 'TransferSearch[start]' =>$today,'TransferSearch[end]' => $tomorrow ] ];
$items[] = ['label' => 'Kassza müveletek', 'url' => ['/account-state/index'] ]; $items[] = ['label' => 'Kassza müveletek', 'url' => ['/account-state/index'] ];

26
backend/controllers/AccountController.php
View File

@ -15,6 +15,32 @@ use yii\filters\VerbFilter;
class AccountController extends \backend\controllers\BackendController class AccountController extends \backend\controllers\BackendController
{ {
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
// allow authenticated users
[
'actions' => [ 'index','view' ],
'allow' => true,
'roles' => ['employee','admin','reception'],
],
// allow authenticated users
[
'actions' => [ 'create', 'update'],
'allow' => true,
'roles' => ['admin'],
],
// everything else is denied
],
],
];
}
/** /**
* Lists all Account models. * Lists all Account models.
* @return mixed * @return mixed

2
backend/controllers/BackendController.php
View File

@ -28,7 +28,7 @@ class BackendController extends Controller
[ [
'actions' => ['create','index','view','update'], 'actions' => ['create','index','view','update'],
'allow' => true, 'allow' => true,
'roles' => ['@'], 'roles' => ['admin','employee','reception'],
], ],
// everything else is denied // everything else is denied
], ],

2
backend/controllers/CollectionController.php
View File

@ -47,7 +47,7 @@ class CollectionController extends \backend\controllers\BackendController
$searchModel->accounts = Account::read(); $searchModel->accounts = Account::read();
$searchModel->accountMap = Account::toAccaountMap($searchModel->accounts); $searchModel->accountMap = Account::toAccaountMap($searchModel->accounts);
$searchModel->users = User::find()->all( ); $searchModel->users = User::read();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams); $dataProvider = $searchModel->search(Yii::$app->request->queryParams);
$searchModel->searchTotal(); $searchModel->searchTotal();

24
backend/controllers/DiscountController.php
View File

@ -15,6 +15,30 @@ use yii\filters\VerbFilter;
class DiscountController extends \backend\controllers\BackendController class DiscountController extends \backend\controllers\BackendController
{ {
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
// allow authenticated users
[
'actions' => [ 'index','view' ],
'allow' => true,
'roles' => ['admin','employee','reception'],
],
[
'actions' => ['create','update'],
'allow' => true,
'roles' => ['admin' ],
],
// everything else is denied
],
],
];
}
/** /**
* Lists all Discount models. * Lists all Discount models.
* @return mixed * @return mixed

10
backend/controllers/ProcurementController.php
View File

@ -11,6 +11,7 @@ use yii\filters\VerbFilter;
use common\models\Warehouse; use common\models\Warehouse;
use common\models\Product; use common\models\Product;
use common\models\User; use common\models\User;
use common\components\Helper;
/** /**
* ProcurementController implements the CRUD actions for Procurement model. * ProcurementController implements the CRUD actions for Procurement model.
@ -118,14 +119,21 @@ class ProcurementController extends \backend\controllers\BackendController
$transaction->commit(); $transaction->commit();
} else { } else {
$transaction->rollback(); $transaction->rollback();
Helper::flash('error', "Hiba történt!");
throw new NotFoundHttpException( Yii::t('common/procurement' ,'Failed to fullfill procurement.' ));
} }
Helper::flash('success', Yii::t('backend/procurement', 'Beszerzés mentve'));
} catch (\Exception $e) { } catch (\Exception $e) {
$transaction->rollback(); $transaction->rollback();
throw $e; throw $e;
} }
return $this->redirect(['index' ]); if ( isset($_POST['_next'])){
return $this->redirect(['create' ]);
}else{
return $this->redirect(['index' ]);
}
} else { } else {
return $this->render('create', [ return $this->render('create', [
'model' => $model, 'model' => $model,

2
backend/controllers/ProductController.php
View File

@ -55,7 +55,7 @@ class ProductController extends \backend\controllers\BackendController
$model = new Product(); $model = new Product();
$model->stock = 0; $model->stock = 0;
$model->status = Product::STATUS_ACTIVE; $model->status = Product::STATUS_ACTIVE;
$accounts = Account::readAccounts(null); $accounts = Account::read(null);
$categories = ProductCategory::read(null); $categories = ProductCategory::read(null);
if ($model->load(Yii::$app->request->post()) && $model->save()) { if ($model->load(Yii::$app->request->post()) && $model->save()) {

25
backend/controllers/TicketTypeController.php
View File

@ -16,6 +16,31 @@ use common\models\Account;
class TicketTypeController extends \backend\controllers\BackendController class TicketTypeController extends \backend\controllers\BackendController
{ {
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
// allow authenticated users
[
'actions' => [ 'index','view'],
'allow' => true,
'roles' => ['admin','employee','reception'],
],
[
'actions' => ['create' , 'update'],
'allow' => true,
'roles' => ['admin' ],
],
// everything else is denied
],
],
];
}
/** /**
* Lists all TicketType models. * Lists all TicketType models.
* @return mixed * @return mixed

5
backend/controllers/TransferController.php
View File

@ -25,7 +25,7 @@ class TransferController extends \backend\controllers\BackendController
[ [
'actions' => [ 'index','view' ], 'actions' => [ 'index','view' ],
'allow' => true, 'allow' => true,
'roles' => ['@'], 'roles' => ['admin','employee','reception'],
], ],
// everything else is denied // everything else is denied
], ],
@ -43,7 +43,7 @@ class TransferController extends \backend\controllers\BackendController
$searchModel = new TransferSearch(); $searchModel = new TransferSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams); $dataProvider = $searchModel->search(Yii::$app->request->queryParams);
$accounts = Account::readAccounts(); $accounts = Account::read();
$searchModel->totalsTransfers(); $searchModel->totalsTransfers();
@ -54,7 +54,6 @@ class TransferController extends \backend\controllers\BackendController
'dataProvider' => $dataProvider, 'dataProvider' => $dataProvider,
'accounts' => $accounts, 'accounts' => $accounts,
'users' => $users, 'users' => $users,
// 'totals' =>$totals
]); ]);
} }

34
backend/controllers/UserController.php
View File

@ -13,6 +13,7 @@ use yii\base\Object;
use backend\models\UserUpdate; use backend\models\UserUpdate;
use common\models\Account; use common\models\Account;
use common\models\UserAccountAssignment; use common\models\UserAccountAssignment;
use common\components\RoleDefinition;
/** /**
* UserController implements the CRUD actions for User model. * UserController implements the CRUD actions for User model.
@ -21,6 +22,31 @@ class UserController extends \backend\controllers\BackendController
{ {
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
// allow authenticated users
[
'actions' => [ 'index','view' ],
'allow' => true,
'roles' => ['employee','admin','reception'],
],
// allow authenticated users
[
'actions' => [ 'create', 'update'],
'allow' => true,
'roles' => ['admin'],
],
// everything else is denied
],
],
];
}
/** /**
* Lists all User models. * Lists all User models.
* @return mixed * @return mixed
@ -99,6 +125,14 @@ class UserController extends \backend\controllers\BackendController
{ {
$model = UserUpdate::findOne(['id' => $id]); $model = UserUpdate::findOne(['id' => $id]);
if ( Yii::$app->authManager->checkAccess($model->id, 'admin')){
$model->role = 'admin';
} else if ( Yii::$app->authManager->checkAccess($model->id, 'employee')){
$model->role = 'employee';
}else if ( Yii::$app->authManager->checkAccess($model->id, 'reception')){
$model->role = 'reception';
}
if ( $model == null ){ if ( $model == null ){
throw new NotFoundHttpException('The requested page does not exist.'); throw new NotFoundHttpException('The requested page does not exist.');
} }

7
backend/models/AccountSearch.php
View File

@ -6,6 +6,7 @@ use Yii;
use yii\base\Model; use yii\base\Model;
use yii\data\ActiveDataProvider; use yii\data\ActiveDataProvider;
use common\models\Account; use common\models\Account;
use common\components\RoleDefinition;
/** /**
* AccountSearch represents the model behind the search form about `common\models\Account`. * AccountSearch represents the model behind the search form about `common\models\Account`.
@ -43,6 +44,12 @@ class AccountSearch extends Account
{ {
$query = Account::find(); $query = Account::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'account.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([ $dataProvider = new ActiveDataProvider([
'query' => $query, 'query' => $query,
]); ]);

7
backend/models/AccountStateSearch.php
View File

@ -6,6 +6,7 @@ use Yii;
use yii\base\Model; use yii\base\Model;
use yii\data\ActiveDataProvider; use yii\data\ActiveDataProvider;
use common\models\AccountState; use common\models\AccountState;
use common\components\RoleDefinition;
/** /**
* AccountStateSearch represents the model behind the search form about `common\models\AccountState`. * AccountStateSearch represents the model behind the search form about `common\models\AccountState`.
@ -53,6 +54,12 @@ class AccountStateSearch extends AccountState
{ {
$query = AccountState::find(); $query = AccountState::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'account_state.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([ $dataProvider = new ActiveDataProvider([
'query' => $query, 'query' => $query,
'sort' => false, 'sort' => false,

13
backend/models/CollectionSearch.php
View File

@ -7,6 +7,7 @@ use yii\base\Model;
use yii\data\ActiveDataProvider; use yii\data\ActiveDataProvider;
use common\models\Collection; use common\models\Collection;
use common\components\Helper; use common\components\Helper;
use common\components\RoleDefinition;
/** /**
* CollectionSearch represents the model behind the search form about `common\models\Collection`. * CollectionSearch represents the model behind the search form about `common\models\Collection`.
@ -31,7 +32,7 @@ class CollectionSearch extends Collection
{ {
return [ return [
[[ 'start', ], 'date', 'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampStart' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ], [[ 'start', ], 'date', 'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampStart' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
[[ 'end' , ], 'date' ,'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ], [[ 'end' , ], 'date' ,'format' =>Yii::$app->formatter->datetimeFormat , 'timestampAttribute' => 'timestampEnd' ,'timestampAttributeFormat' => 'yyyy-MM-dd HH:mm' ,'timeZone' => 'UTC' ],
[['id_account','id_user'],'integer'] [['id_account','id_user'],'integer']
]; ];
} }
@ -56,6 +57,12 @@ class CollectionSearch extends Collection
{ {
$query = Collection::find(); $query = Collection::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'collection.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([ $dataProvider = new ActiveDataProvider([
'query' => $query, 'query' => $query,
]); ]);
@ -69,8 +76,8 @@ class CollectionSearch extends Collection
} }
$query->andFilterWhere([ $query->andFilterWhere([
'id_user' => $this->id_user, 'collection.id_user' => $this->id_user,
'id_account' => $this->id_account, 'collection.id_account' => $this->id_account,
]); ]);
Helper::inInterval($query, 'collection.end', $this->timestampStart, $this->timestampEnd); Helper::inInterval($query, 'collection.end', $this->timestampStart, $this->timestampEnd);

5
backend/models/ProcurementSearch.php
View File

@ -6,6 +6,7 @@ use Yii;
use yii\base\Model; use yii\base\Model;
use yii\data\ActiveDataProvider; use yii\data\ActiveDataProvider;
use common\models\Procurement; use common\models\Procurement;
use common\components\RoleDefinition;
/** /**
* ProcurementSearch represents the model behind the search form about `common\models\Procurement`. * ProcurementSearch represents the model behind the search form about `common\models\Procurement`.
@ -55,6 +56,10 @@ class ProcurementSearch extends Procurement
'query' => $query, 'query' => $query,
]); ]);
if ( RoleDefinition::isReception()){
$query->andWhere(['id_user' => Yii::$app->user->id ]);
}
$this->load($params); $this->load($params);
if (!$this->validate()) { if (!$this->validate()) {

12
backend/models/ProductSearch.php
View File

@ -6,6 +6,7 @@ use Yii;
use yii\base\Model; use yii\base\Model;
use yii\data\ActiveDataProvider; use yii\data\ActiveDataProvider;
use common\models\Product; use common\models\Product;
use common\components\RoleDefinition;
/** /**
* ProductSearch represents the model behind the search form about `common\models\Product`. * ProductSearch represents the model behind the search form about `common\models\Product`.
@ -43,6 +44,11 @@ class ProductSearch extends Product
{ {
$query = Product::find(); $query = Product::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'product.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([ $dataProvider = new ActiveDataProvider([
'query' => $query, 'query' => $query,
]); ]);
@ -56,9 +62,9 @@ class ProductSearch extends Product
} }
$query->andFilterWhere([ $query->andFilterWhere([
'id_product_category' => $this->id_product_category, 'product.id_product_category' => $this->id_product_category,
'id_account' => $this->id_account, 'product.id_account' => $this->id_account,
'status' => $this->status, 'product.status' => $this->status,
]); ]);
$query->andFilterWhere(['like', 'product_number', $this->product_number]) $query->andFilterWhere(['like', 'product_number', $this->product_number])

9
backend/models/TransferSearch.php
View File

@ -12,6 +12,7 @@ use yii\db\Query;
use yii\helpers\ArrayHelper; use yii\helpers\ArrayHelper;
use common\models\Account; use common\models\Account;
use common\components\Helper; use common\components\Helper;
use common\components\RoleDefinition;
/** /**
* TransferSearch represents the model behind the search form about `common\models\Transfer`. * TransferSearch represents the model behind the search form about `common\models\Transfer`.
@ -67,6 +68,12 @@ class TransferSearch extends Transfer
{ {
$query = Transfer::find(); $query = Transfer::find();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'transfer.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$dataProvider = new ActiveDataProvider([ $dataProvider = new ActiveDataProvider([
'query' => $query, 'query' => $query,
]); ]);
@ -105,7 +112,7 @@ class TransferSearch extends Transfer
]; ];
$accounts = Account::find()->orderBy("name asc")->all(); $accounts = Account::read();
$accountMap = ArrayHelper::map( $accounts ,'id_account','name' ); $accountMap = ArrayHelper::map( $accounts ,'id_account','name' );
$idUser = Yii::$app->user->id; $idUser = Yii::$app->user->id;

5
backend/views/account/index.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\grid\GridView; use yii\grid\GridView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $searchModel backend\models\AccountSearch */ /* @var $searchModel backend\models\AccountSearch */
@ -15,9 +16,11 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php // echo $this->render('_search', ['model' => $searchModel]); ?> <?php // echo $this->render('_search', ['model' => $searchModel]); ?>
<?php if ( RoleDefinition::isAdmin()) {?>
<p> <p>
<?= Html::a(Yii::t('common/account', 'Create Account'), ['create'], ['class' => 'btn btn-success']) ?> <?= Html::a(Yii::t('common/account', 'Create Account'), ['create'], ['class' => 'btn btn-success']) ?>
</p> </p>
<?php }?>
<?= GridView::widget([ <?= GridView::widget([
'dataProvider' => $dataProvider, 'dataProvider' => $dataProvider,
@ -35,7 +38,7 @@ $this->params['breadcrumbs'][] = $this->title;
'updated_at:datetime', 'updated_at:datetime',
['class' => 'yii\grid\ActionColumn', ['class' => 'yii\grid\ActionColumn',
'template' => '{view} {update}' 'template' => RoleDefinition::getRoleTemplate( ['admin' => '{view} {update}','employee' => '{view}' , 'reception' => '{view}']),
], ],
], ],

12
backend/views/account/view.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\widgets\DetailView; use yii\widgets\DetailView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $model common\models\Account */ /* @var $model common\models\Account */
@ -14,18 +15,11 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php if ( RoleDefinition::isAdmin() ){?>
<p> <p>
<?= Html::a(Yii::t('common/account', 'Update'), ['update', 'id' => $model->id_account], ['class' => 'btn btn-primary']) ?> <?= Html::a(Yii::t('common/account', 'Update'), ['update', 'id' => $model->id_account], ['class' => 'btn btn-primary']) ?>
<?php
/*Html::a(Yii::t('common/account', 'Delete'), ['delete', 'id' => $model->id_account], [
'class' => 'btn btn-danger',
'data' => [
'confirm' => Yii::t('common/account', 'Are you sure you want to delete this item?'),
'method' => 'post',
],
]) */
?>
</p> </p>
<?php }?>
<?= DetailView::widget([ <?= DetailView::widget([
'model' => $model, 'model' => $model,

5
backend/views/discount/index.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\grid\GridView; use yii\grid\GridView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $searchModel backend\models\DiscountSearch */ /* @var $searchModel backend\models\DiscountSearch */
@ -15,9 +16,11 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php // echo $this->render('_search', ['model' => $searchModel]); ?> <?php // echo $this->render('_search', ['model' => $searchModel]); ?>
<?php if ( RoleDefinition::isAdmin() ) {?>
<p> <p>
<?= Html::a(Yii::t('common/discount', 'Create Discount'), ['create'], ['class' => 'btn btn-success']) ?> <?= Html::a(Yii::t('common/discount', 'Create Discount'), ['create'], ['class' => 'btn btn-success']) ?>
</p> </p>
<?php }?>
<?= GridView::widget([ <?= GridView::widget([
'dataProvider' => $dataProvider, 'dataProvider' => $dataProvider,
@ -37,7 +40,7 @@ $this->params['breadcrumbs'][] = $this->title;
[ [
'class' => 'yii\grid\ActionColumn', 'class' => 'yii\grid\ActionColumn',
'template' => '{view} {update}' 'template' => RoleDefinition::getRoleTemplate( ['admin' => '{view} {update}','employee' => '{view}' , 'reception' => '{view}']),
], ],
], ],
]); ?> ]); ?>

18
backend/views/discount/view.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\widgets\DetailView; use yii\widgets\DetailView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $model common\models\Discount */ /* @var $model common\models\Discount */
@ -14,18 +15,11 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<p> <?php if ( RoleDefinition::isAdmin()) {?>
<?= Html::a(Yii::t('common/discount', 'Update'), ['update', 'id' => $model->id_discount], ['class' => 'btn btn-primary']) ?> <p>
<?php <?= Html::a(Yii::t('common/discount', 'Update'), ['update', 'id' => $model->id_discount], ['class' => 'btn btn-primary']) ?>
/* Html::a(Yii::t('common/discount', 'Delete'), ['delete', 'id' => $model->id_discount], [ </p>
'class' => 'btn btn-danger', <?php }?>
'data' => [
'confirm' => Yii::t('common/discount', 'Are you sure you want to delete this item?'),
'method' => 'post',
],
])*/
?>
</p>
<?= DetailView::widget([ <?= DetailView::widget([
'model' => $model, 'model' => $model,

10
backend/views/layouts/main.php
View File

@ -10,6 +10,7 @@ use yii\bootstrap\NavBar;
use yii\widgets\Breadcrumbs; use yii\widgets\Breadcrumbs;
use common\widgets\Alert; use common\widgets\Alert;
use backend\components\AdminMenuStructure; use backend\components\AdminMenuStructure;
use kartik\widgets\AlertBlock;
AppAsset::register($this); AppAsset::register($this);
@ -49,7 +50,14 @@ $items = $adminMenu->run();
<?= Breadcrumbs::widget([ <?= Breadcrumbs::widget([
'links' => isset($this->params['breadcrumbs']) ? $this->params['breadcrumbs'] : [], 'links' => isset($this->params['breadcrumbs']) ? $this->params['breadcrumbs'] : [],
]) ?> ]) ?>
<?= Alert::widget() ?> <?php //echo Alert::widget() ?>
<?php
echo AlertBlock::widget([
'useSessionFlash' => true,
'type' => AlertBlock::TYPE_GROWL,
'delay' => '1'
]);
?>
<?= $content ?> <?= $content ?>
</div> </div>
</div> </div>

1
backend/views/procurement/_form.php
View File

@ -31,6 +31,7 @@ $warehouseOptions = ArrayHelper::map($warehouses, 'id_warehouse', 'name') ;
<div class="form-group"> <div class="form-group">
<?= Html::submitButton($model->isNewRecord ? Yii::t('common/procurement', 'Create') : Yii::t('common/procurement', 'Update'), ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?> <?= Html::submitButton($model->isNewRecord ? Yii::t('common/procurement', 'Create') : Yii::t('common/procurement', 'Update'), ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
<?= Html::submitButton( Yii::t('common/procurement', 'Save/Next'), [ 'class' => 'btn btn-primary' ,'name' => '_next']) ?>
</div> </div>
<?php ActiveForm::end(); ?> <?php ActiveForm::end(); ?>

2
backend/views/product/_search.php
View File

@ -23,7 +23,7 @@ $statusOptions = mkOptions( Product::statuses() );
$productCategories = mkOptions( ArrayHelper::map( ProductCategory::read(null) ,'id_product_category','name') ); $productCategories = mkOptions( ArrayHelper::map( ProductCategory::read(null) ,'id_product_category','name') );
$accounts = mkOptions( ArrayHelper::map( Account::readAccounts(null) ,'id_account','name')); $accounts = mkOptions( ArrayHelper::map( Account::read(null) ,'id_account','name'));
?> ?>
<div class="product-search"> <div class="product-search">

6
backend/views/ticket-type/index.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\grid\GridView; use yii\grid\GridView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $searchModel backend\models\TicketTypeSearch */ /* @var $searchModel backend\models\TicketTypeSearch */
@ -13,11 +14,12 @@ $this->params['breadcrumbs'][] = $this->title;
<div class="ticket-type-index"> <div class="ticket-type-index">
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php // echo $this->render('_search', ['model' => $searchModel]); ?>
<?php if ( RoleDefinition::isAdmin()) {?>
<p> <p>
<?= Html::a(Yii::t('common/ticket_type', 'Create Ticket Type'), ['create'], ['class' => 'btn btn-success']) ?> <?= Html::a(Yii::t('common/ticket_type', 'Create Ticket Type'), ['create'], ['class' => 'btn btn-success']) ?>
</p> </p>
<?php }?>
<?= GridView::widget([ <?= GridView::widget([
'dataProvider' => $dataProvider, 'dataProvider' => $dataProvider,
@ -51,7 +53,7 @@ $this->params['breadcrumbs'][] = $this->title;
[ [
'class' => 'yii\grid\ActionColumn', 'class' => 'yii\grid\ActionColumn',
'template' =>'{view} {update}' 'template' => RoleDefinition::getRoleTemplate( ['admin' => '{view} {update}','employee' => '{view}' , 'reception' => '{view}']),
], ],
], ],

14
backend/views/ticket-type/view.php
View File

@ -2,6 +2,7 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\widgets\DetailView; use yii\widgets\DetailView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $model common\models\TicketType */ /* @var $model common\models\TicketType */
@ -14,20 +15,11 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php if ( RoleDefinition::isAdmin()) {?>
<p> <p>
<?= Html::a(Yii::t('common/ticket_type', 'Update'), ['update', 'id' => $model->id_ticket_type], ['class' => 'btn btn-primary']) ?> <?= Html::a(Yii::t('common/ticket_type', 'Update'), ['update', 'id' => $model->id_ticket_type], ['class' => 'btn btn-primary']) ?>
<?php
/*
echo Html::a(Yii::t('common/ticket_type', 'Delete'), ['delete', 'id' => $model->id_ticket_type], [
'class' => 'btn btn-danger',
'data' => [
'confirm' => Yii::t('common/ticket_type', 'Are you sure you want to delete this item?'),
'method' => 'post',
],
])
*/
?>
</p> </p>
<?php }?>
<?= DetailView::widget([ <?= DetailView::widget([
'model' => $model, 'model' => $model,

5
backend/views/user/index.php
View File

@ -16,10 +16,13 @@ $this->params['breadcrumbs'][] = $this->title;
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php echo $this->render('_search', ['model' => $searchModel]); ?> <?php echo $this->render('_search', ['model' => $searchModel]); ?>
<?php if ( RoleDefinition::isAdmin()){ ?>
<p> <p>
<?= Html::a(Yii::t('app', 'Új felhasználó'), ['create'], ['class' => 'btn btn-success']) ?> <?= Html::a(Yii::t('app', 'Új felhasználó'), ['create'], ['class' => 'btn btn-success']) ?>
</p> </p>
<?php } ?>
<?= GridView::widget([ <?= GridView::widget([
'dataProvider' => $dataProvider, 'dataProvider' => $dataProvider,
'columns' => [ 'columns' => [
@ -39,7 +42,7 @@ $this->params['breadcrumbs'][] = $this->title;
] , ] ,
['class' => 'yii\grid\ActionColumn', ['class' => 'yii\grid\ActionColumn',
'template' => '{view} {update}' 'template' => RoleDefinition::getRoleTemplate([ 'admin' => '{view} {update}', 'employee' => '{view}' ] )
], ],
], ],
]); ?> ]); ?>

10
backend/views/user/update.php
View File

@ -5,12 +5,10 @@ use yii\helpers\Html;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $model common\models\User */ /* @var $model common\models\User */
$this->title = Yii::t('app', 'Update {modelClass}: ', [ $this->title = Yii::t('backend/user', 'Edit user' );
'modelClass' => 'User', $this->params['breadcrumbs'][] = ['label' => Yii::t('backend/user', 'Users'), 'url' => ['index']];
]) . ' ' . $model->id; $this->params['breadcrumbs'][] = ['label' => $model->username, 'url' => ['view', 'id' => $model->id]];
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Users'), 'url' => ['index']]; $this->params['breadcrumbs'][] = Yii::t('backend/user', 'Update');
$this->params['breadcrumbs'][] = ['label' => $model->id, 'url' => ['view', 'id' => $model->id]];
$this->params['breadcrumbs'][] = Yii::t('app', 'Update');
?> ?>
<div class="user-update"> <div class="user-update">

9
backend/views/user/view.php
View File

@ -2,21 +2,24 @@
use yii\helpers\Html; use yii\helpers\Html;
use yii\widgets\DetailView; use yii\widgets\DetailView;
use common\components\RoleDefinition;
/* @var $this yii\web\View */ /* @var $this yii\web\View */
/* @var $model common\models\User */ /* @var $model common\models\User */
$this->title = $model->id; $this->title = $model->username;
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Felhasználók'), 'url' => ['index']]; $this->params['breadcrumbs'][] = ['label' => Yii::t('backend/user', 'Users'), 'url' => ['index']];
$this->params['breadcrumbs'][] = $this->title; $this->params['breadcrumbs'][] = $this->title;
?> ?>
<div class="user-view"> <div class="user-view">
<h1><?= Html::encode($this->title) ?></h1> <h1><?= Html::encode($this->title) ?></h1>
<?php if ( RoleDefinition::isAdmin()) {?>
<p> <p>
<?= Html::a(Yii::t('app', 'Update'), ['update', 'id' => $model->id], ['class' => 'btn btn-primary']) ?> <?= Html::a(Yii::t('backend/user', 'Update'), ['update', 'id' => $model->id], ['class' => 'btn btn-primary']) ?>
</p> </p>
<?php }?>
<?= DetailView::widget([ <?= DetailView::widget([
'model' => $model, 'model' => $model,

4
common/components/AccountTotalWidget.php
View File

@ -5,8 +5,8 @@ use yii\base\Widget;
class AccountTotalWidget extends Widget{ class AccountTotalWidget extends Widget{
public $totalHeading = 'Össesen'; public $totalHeading = 'Összesen';
public $panelHeading = 'Össesen'; public $panelHeading = 'Összesen';
public $panelType = 'panel-info'; public $panelType = 'panel-info';
public $statistic = ['total' => 0, 'accounts' => [] ]; public $statistic = ['total' => 0, 'accounts' => [] ];

4
common/components/Helper.php
View File

@ -45,6 +45,10 @@ class Helper
]; ];
} }
public static function flash($mode,$message){
\Yii::$app->session->setFlash($mode, $message );
}
} }

43
common/components/RoleDefinition.php
View File

@ -60,6 +60,49 @@ class RoleDefinition{
return $result; return $result;
} }
public static function can($role){
$result = false;
if ( !Yii::$app->user->isGuest ){
if ( isset( $role)){
if ( is_array($role)){
foreach ($role as $r){
$result |= Yii::$app->user->can($r);
}
}else if ( is_string($role)){
$result = Yii::$app->user->can($role);
}
}
}
return $result;
}
public static function isAdmin(){
return self::can('admin');
}
public static function isReception(){
return self::can('reception');
}
public static function isEmployee(){
return self::can('employee');
}
/*
* [
* 'role1' => 'template1',
* 'role2' => 'template2,
* ]
* */
public static function getRoleTemplate($templates){
$result = "";
foreach ($templates as $role => $template ){
if ( Yii::$app->user->can($role)){
$result = $template;
break;
}
}
return $result;
}
} }

1
common/models/Account.php
View File

@ -131,6 +131,7 @@ class Account extends \yii\db\ActiveRecord
public static function read($forceIncludeAccount = null){ public static function read($forceIncludeAccount = null){
$accounts = null; $accounts = null;
$query = Account::find(); $query = Account::find();
$query->innerJoinWith('userAccountAssignments'); $query->innerJoinWith('userAccountAssignments');
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id]); $query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id]);
if ( $forceIncludeAccount == null){ if ( $forceIncludeAccount == null){

10
common/models/Collection.php
View File

@ -9,6 +9,7 @@ use yii\helpers\ArrayHelper;
use yii\behaviors\TimestampBehavior; use yii\behaviors\TimestampBehavior;
use yii\db\Query; use yii\db\Query;
use yii\db\Expression; use yii\db\Expression;
use common\components\RoleDefinition;
/** /**
* This is the model class for table "collection". * This is the model class for table "collection".
@ -115,6 +116,11 @@ public static function mkTotalQuery($mode = 'reception', $start,$end,$idUser,$ty
$query = new Query(); $query = new Query();
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment",'collection.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$query->addSelect( [ $query->addSelect( [
new Expression( ' collection.id_account as account'), new Expression( ' collection.id_account as account'),
new Expression( ' COALESCE(sum( collection.money ) ,0) as money /** collections total money */' ) new Expression( ' COALESCE(sum( collection.money ) ,0) as money /** collections total money */' )
@ -126,8 +132,8 @@ public static function mkTotalQuery($mode = 'reception', $start,$end,$idUser,$ty
'id_account' => $idAccount, 'id_account' => $idAccount,
]); ]);
$query->andFilterWhere(['id_user' => $idUser]); $query->andFilterWhere(['collection.id_user' => $idUser]);
$query->andFilterWhere(['in' ,'type', $types]); $query->andFilterWhere(['in' ,'collection.type', $types]);
self::inInterval($query, 'collection.end' , $start, $end); self::inInterval($query, 'collection.end' , $start, $end);
$query->groupBy('collection.id_account'); $query->groupBy('collection.id_account');

14
common/models/Transfer.php
View File

@ -12,6 +12,7 @@ use common\components\DiscountAwareBehavior;
use common\components\CustomerAwareBehavior; use common\components\CustomerAwareBehavior;
use yii\db\Query; use yii\db\Query;
use yii\db\Expression; use yii\db\Expression;
use common\components\RoleDefinition;
/** /**
* This is the model class for table "transfer". * This is the model class for table "transfer".
@ -488,18 +489,23 @@ class Transfer extends \common\models\BaseFitnessActiveRecord
$query->addSelect( [ $query->addSelect( [
new Expression( 'transfer.id_account as account'), new Expression( 'transfer.id_account as account'),
new Expression( ' COALESCE(sum( ( case when direction = '.Transfer::DIRECTION_OUT.' then -1 else 1 end )* transfer.money ),0) as money /** '. $mode.'*/' ) new Expression( ' COALESCE(sum( ( case when direction = '.Transfer::DIRECTION_OUT.' then -1 else 1 end )* transfer.money ),0) as money /** --'. $mode.'*/' )
]); ]);
$query->from('transfer'); $query->from('transfer');
if ( !RoleDefinition::isAdmin() ){
$query->innerJoin("user_account_assignment", 'transfer.id_account = user_account_assignment.id_account' );
$query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]);
}
$query->andFilterWhere([ $query->andFilterWhere([
'id_account' => $idAccount, 'transfer.id_account' => $idAccount,
]); ]);
$query->andFilterWhere(['id_user' => $idUser]); $query->andFilterWhere(['transfer.id_user' => $idUser]);
$query->andFilterWhere(['in' ,'type', $types]); $query->andFilterWhere(['in' ,'transfer.type', $types]);
if ( $mode == 'created_at'){ if ( $mode == 'created_at'){

18
common/models/User.php
View File

@ -214,6 +214,7 @@ class User extends ActiveRecord implements IdentityInterface
'email' => Yii::t('backend/user', 'E-Mail'), 'email' => Yii::t('backend/user', 'E-Mail'),
'created_at' => Yii::t('backend/user', 'Created at'), 'created_at' => Yii::t('backend/user', 'Created at'),
'role' => Yii::t('backend/user', 'Role'), 'role' => Yii::t('backend/user', 'Role'),
'statusHuman' => Yii::t('backend/user', 'Status'),
]; ];
} }
@ -239,15 +240,20 @@ class User extends ActiveRecord implements IdentityInterface
* $param int $forceIncludeAccount id warehouse, that should be included in list, even if it is inactive * $param int $forceIncludeAccount id warehouse, that should be included in list, even if it is inactive
* */ * */
public static function read($forceIncludeObjectWithId = null){ public static function read($forceIncludeObjectWithId = null){
$warehouses = null; $users = null;
$query = User::find();
if ( $forceIncludeObjectWithId == null){ if ( RoleDefinition::isReception()){
$warehouses = User::find()->andWhere(['status' => User::STATUS_ACTIVE])->all(); $query->andWhere(['id' => Yii::$app->user->id ]);
}else{
$warehouses = User::find()->andWhere( ['or', ['status' => User::STATUS_ACTIVE], ['id' => $forceIncludeObjectWithId ] ])->all();
} }
return $warehouses; if ( $forceIncludeObjectWithId == null){
$users = $query->andWhere(['status' => User::STATUS_ACTIVE])->all();
}else{
$users = $query->andWhere( ['or', ['status' => User::STATUS_ACTIVE], ['id' => $forceIncludeObjectWithId ] ])->all();
}
return $users;
} }
} }

2
common/models/UserSoldItem.php
View File

@ -70,7 +70,7 @@ class UserSoldItem extends \yii\db\ActiveRecord
new Expression( ' COALESCE(sum( transfer.money ) ,0) as money /** total unpaid reception cart */' ) new Expression( ' COALESCE(sum( transfer.money ) ,0) as money /** total unpaid reception cart */' )
]); ]);
$query->innerJoin('transfer',['user_sold_item.id_transfer' =>'transfer.id_transfer']); $query->innerJoin('transfer','user_sold_item.id_transfer = transfer.id_transfer');
$query->from('user_sold_item'); $query->from('user_sold_item');

31
console/migrations/m151105_114421_add__role__employee.php Normal file
View File

@ -0,0 +1,31 @@
<?php
use yii\db\Schema;
use yii\db\Migration;
class m151105_114421_add__role__employee extends Migration
{
public function up()
{
$role = Yii::$app->authManager->createRole('employee');
Yii::$app->authManager->add($role);
}
public function down()
{
echo "m151105_114421_add__role__employee cannot be reverted.\n";
return false;
}
/*
// Use safeUp/safeDown to run migration code within a transaction
public function safeUp()
{
}
public function safeDown()
{
}
*/
}

31
console/migrations/m151105_151357_add__role__reception.php Normal file
View File

@ -0,0 +1,31 @@
<?php
use yii\db\Schema;
use yii\db\Migration;
class m151105_151357_add__role__reception extends Migration
{
public function up()
{
$role = Yii::$app->authManager->createRole('reception');
Yii::$app->authManager->add($role);
}
public function down()
{
echo "m151105_151357_add__role__reception cannot be reverted.\n";
return false;
}
/*
// Use safeUp/safeDown to run migration code within a transaction
public function safeUp()
{
}
public function safeDown()
{
}
*/
}

2
frontend/controllers/ProductController.php
View File

@ -73,7 +73,7 @@ class ProductController extends Controller
$currencies = Currency::find()->all(); $currencies = Currency::find()->all();
$accounts = Account::readAccounts(); $accounts = Account::read();
$discounts = Discount::read(); $discounts = Discount::read();