diff --git a/backend/controllers/SiteController.php b/backend/controllers/SiteController.php index 6d0a165..19fb2a2 100755 --- a/backend/controllers/SiteController.php +++ b/backend/controllers/SiteController.php @@ -6,6 +6,7 @@ use yii\web\Controller; use yii\filters\VerbFilter; use yii\filters\AccessControl; use common\models\LoginForm; +use yii\helpers\Url; /** * Site controller @@ -18,20 +19,6 @@ class SiteController extends Controller public function behaviors() { return [ - 'access' => [ - 'class' => AccessControl::className(), - 'rules' => [ - [ - 'actions' => ['login', 'error'], - 'allow' => true, - ], - [ - 'actions' => ['logout', 'index'], - 'allow' => true, - 'roles' => ['@'], - ], - ], - ], 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ @@ -76,10 +63,14 @@ class SiteController extends Controller $model = new LoginForm(); if ($model->load(Yii::$app->request->post()) && $model->login()) { - return $this->goBack(); + if (\Yii::$app->user->can('secure')) { + return $this->goBack(); + } else { + Yii::$app->user->logout(); + return $this->redirect(Url::to('/card/user-card')); + } } else { $model->password = ''; - return $this->render('login', [ 'model' => $model, ]); diff --git a/backend/modules/accesses/controllers/AccessesController.php b/backend/modules/accesses/controllers/AccessesController.php index 54a59db..513f530 100755 --- a/backend/modules/accesses/controllers/AccessesController.php +++ b/backend/modules/accesses/controllers/AccessesController.php @@ -8,6 +8,7 @@ use common\models\UserCardAccesses; use Yii; use common\models\Accesses; use app\modules\accesses\models\AccessesSearch; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -29,6 +30,15 @@ class AccessesController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } @@ -112,6 +122,15 @@ class AccessesController extends Controller return $this->redirect(['index']); } + public function actionCustomDelete($id) + { + $clean_id = str_replace('=', "", stristr($id, '=')); + UserCardAccesses::deleteAll(['accesses_id' => $clean_id]); + Accesses::deleteAll(['id' => $clean_id]); + + return $this->redirect(['index']); + } + /** * Finds the Accesses model based on its primary key value. * If the model is not found, a 404 HTTP exception will be thrown. diff --git a/backend/modules/accesses/views/accesses/index.php b/backend/modules/accesses/views/accesses/index.php index 0507d75..ba31495 100755 --- a/backend/modules/accesses/views/accesses/index.php +++ b/backend/modules/accesses/views/accesses/index.php @@ -43,7 +43,17 @@ $this->params['breadcrumbs'][] = $this->title; // return $model->getProjectName(); // }, // ], - ['class' => 'yii\grid\ActionColumn'], + [ + 'class' => 'yii\grid\ActionColumn', + 'template' => '{view} {update} {delete}', + 'buttons' => [ + 'delete' => function ($data) { + return Html::a("", + ['/accesses/accesses/custom-delete', 'id' => $data]); + }, + ], + ], +// ['class' => 'yii\grid\ActionColumn'], ], ]); ?> diff --git a/backend/modules/balance/controllers/BalanceController.php b/backend/modules/balance/controllers/BalanceController.php index ed760b5..56332c7 100755 --- a/backend/modules/balance/controllers/BalanceController.php +++ b/backend/modules/balance/controllers/BalanceController.php @@ -10,12 +10,39 @@ use common\models\FieldsValueNew; use DateTime; use Yii; use yii\data\ActiveDataProvider; +use yii\filters\AccessControl; +use yii\filters\VerbFilter; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\db\Query; class BalanceController extends Controller { + /** + * {@inheritdoc} + */ + public function behaviors() + { + return [ + 'verbs' => [ + 'class' => VerbFilter::className(), + 'actions' => [ + 'delete' => ['POST'], + ], + ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], + ]; + } + + public function actionIndex() { $searchModel = new BalanceSearch(); diff --git a/backend/modules/calendar/controllers/CalendarController.php b/backend/modules/calendar/controllers/CalendarController.php index 99dbbaf..86ae7e3 100644 --- a/backend/modules/calendar/controllers/CalendarController.php +++ b/backend/modules/calendar/controllers/CalendarController.php @@ -6,6 +6,8 @@ use backend\modules\card\models\UserCardSearch; use common\classes\Debug; use Yii; use yii\data\ArrayDataProvider; +use yii\filters\AccessControl; +use yii\filters\VerbFilter; use yii\web\Controller; /** @@ -13,6 +15,30 @@ use yii\web\Controller; */ class CalendarController extends Controller { + /** + * {@inheritdoc} + */ + public function behaviors() + { + return [ + 'verbs' => [ + 'class' => VerbFilter::className(), + 'actions' => [ + 'delete' => ['POST'], + ], + ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], + ]; + } + /** * Renders the index view for the module * @return string diff --git a/backend/modules/card/controllers/UserCardController.php b/backend/modules/card/controllers/UserCardController.php index 4469b0c..e748257 100755 --- a/backend/modules/card/controllers/UserCardController.php +++ b/backend/modules/card/controllers/UserCardController.php @@ -14,6 +14,7 @@ use backend\modules\card\models\UserCard; use backend\modules\card\models\UserCardSearch; use yii\data\ActiveDataProvider; use yii\db\Expression; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -35,6 +36,15 @@ class UserCardController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } @@ -162,17 +172,6 @@ class UserCardController extends Controller return $this->redirect(['index']); } - /** - * Lists all UserCard models. - * @return mixed - */ - public function actionGenerate() - { - $massage = UserCard::generateUserForUserCard(); - return $this->render('generate', ['massage' => $massage]); - } - - /** * Finds the UserCard model based on its primary key value. * If the model is not found, a 404 HTTP exception will be thrown. diff --git a/backend/modules/card/models/UserCard.php b/backend/modules/card/models/UserCard.php index 1cf853c..13a289f 100755 --- a/backend/modules/card/models/UserCard.php +++ b/backend/modules/card/models/UserCard.php @@ -161,8 +161,8 @@ class UserCard extends \common\models\UserCard } } - if ($user_card_array) return "Данные успешно сгенерированы"; - else return "Нет данных для генерации"; + if ($user_card_array) return "data generated successfully"; + else return "no data to generate"; } public static function getParameter($params, $key) diff --git a/backend/modules/card/views/user-card/index.php b/backend/modules/card/views/user-card/index.php index d55159b..f3242bb 100755 --- a/backend/modules/card/views/user-card/index.php +++ b/backend/modules/card/views/user-card/index.php @@ -16,7 +16,6 @@ $this->params['breadcrumbs'][] = $this->title;

'btn btn-success']) ?> - 'btn btn-success']) ?>

['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/hh/controllers/HhController.php b/backend/modules/hh/controllers/HhController.php index 971fd5e..e3d90fb 100755 --- a/backend/modules/hh/controllers/HhController.php +++ b/backend/modules/hh/controllers/HhController.php @@ -9,6 +9,7 @@ use Yii; use backend\modules\hh\models\Hh; use backend\modules\hh\models\HhSearch; use yii\data\ActiveDataProvider; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -30,6 +31,15 @@ class HhController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/hh/controllers/HhJobController.php b/backend/modules/hh/controllers/HhJobController.php index be5cf6e..92d065d 100755 --- a/backend/modules/hh/controllers/HhJobController.php +++ b/backend/modules/hh/controllers/HhJobController.php @@ -6,6 +6,7 @@ use common\models\Hh; use Yii; use backend\modules\hh\models\HhJob; use backend\modules\hh\models\HhJobSearch; +use yii\filters\AccessControl; use yii\helpers\ArrayHelper; use yii\web\Controller; use yii\web\NotFoundHttpException; @@ -28,6 +29,15 @@ class HhJobController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/holiday/controllers/HolidayController.php b/backend/modules/holiday/controllers/HolidayController.php index a2afc39..908a606 100755 --- a/backend/modules/holiday/controllers/HolidayController.php +++ b/backend/modules/holiday/controllers/HolidayController.php @@ -6,6 +6,7 @@ use backend\modules\holiday\models\Holiday; use backend\modules\holiday\models\HolidaySearch; use common\classes\Debug; use Yii; +use yii\filters\AccessControl; use yii\filters\VerbFilter; use yii\web\Controller; use yii\web\NotFoundHttpException; @@ -24,6 +25,15 @@ class HolidayController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/notes/controllers/NotesController.php b/backend/modules/notes/controllers/NotesController.php index d42033e..74bff12 100755 --- a/backend/modules/notes/controllers/NotesController.php +++ b/backend/modules/notes/controllers/NotesController.php @@ -7,6 +7,8 @@ use Yii; use backend\modules\notes\models\Note; use common\models\FieldsValueNew; use yii\data\ActiveDataProvider; +use yii\filters\AccessControl; +use yii\filters\VerbFilter; use yii\web\Controller; use yii\web\NotFoundHttpException; @@ -15,6 +17,30 @@ use yii\web\NotFoundHttpException; */ class NotesController extends Controller { + /** + * {@inheritdoc} + */ + public function behaviors() + { + return [ + 'verbs' => [ + 'class' => VerbFilter::className(), + 'actions' => [ + 'delete' => ['POST'], + ], + ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], + ]; + } + /** * Renders the index view for the module * @return string diff --git a/backend/modules/project/controllers/ProjectController.php b/backend/modules/project/controllers/ProjectController.php index 1db532d..1cdd5c7 100755 --- a/backend/modules/project/controllers/ProjectController.php +++ b/backend/modules/project/controllers/ProjectController.php @@ -11,6 +11,7 @@ use Yii; use backend\modules\project\models\Project; use backend\modules\project\models\ProjectSearch; use yii\data\ActiveDataProvider; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -32,6 +33,15 @@ class ProjectController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/settings/controllers/AdditionalFieldsController.php b/backend/modules/settings/controllers/AdditionalFieldsController.php index aac3dce..526880e 100755 --- a/backend/modules/settings/controllers/AdditionalFieldsController.php +++ b/backend/modules/settings/controllers/AdditionalFieldsController.php @@ -7,6 +7,7 @@ use common\models\UseField; use Yii; use backend\modules\settings\models\AdditionalFields; use backend\modules\settings\models\AdditionalFieldsSearch; +use yii\filters\AccessControl; use yii\helpers\ArrayHelper; use yii\web\Controller; use yii\web\NotFoundHttpException; @@ -29,6 +30,15 @@ class AdditionalFieldsController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/settings/controllers/PositionController.php b/backend/modules/settings/controllers/PositionController.php index 0582978..c1093f6 100755 --- a/backend/modules/settings/controllers/PositionController.php +++ b/backend/modules/settings/controllers/PositionController.php @@ -5,6 +5,7 @@ namespace backend\modules\settings\controllers; use Yii; use backend\modules\settings\models\Position; use backend\modules\settings\models\PositionSearch; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -26,6 +27,15 @@ class PositionController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/settings/controllers/SkillController.php b/backend/modules/settings/controllers/SkillController.php index 5bced31..3786a54 100755 --- a/backend/modules/settings/controllers/SkillController.php +++ b/backend/modules/settings/controllers/SkillController.php @@ -5,6 +5,7 @@ namespace backend\modules\settings\controllers; use Yii; use backend\modules\settings\models\Skill; use backend\modules\settings\models\SkillSearch; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; @@ -26,6 +27,15 @@ class SkillController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/backend/modules/settings/controllers/StatusController.php b/backend/modules/settings/controllers/StatusController.php index f2da4c4..f184091 100755 --- a/backend/modules/settings/controllers/StatusController.php +++ b/backend/modules/settings/controllers/StatusController.php @@ -6,6 +6,7 @@ use common\models\UseStatus; use Yii; use backend\modules\settings\models\Status; use backend\modules\settings\models\StatusSearch; +use yii\filters\AccessControl; use yii\helpers\ArrayHelper; use yii\web\Controller; use yii\web\NotFoundHttpException; @@ -28,6 +29,15 @@ class StatusController extends Controller 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/common/config/main.php b/common/config/main.php index 88ac995..0cf53ca 100755 --- a/common/config/main.php +++ b/common/config/main.php @@ -9,6 +9,12 @@ return [ 'cache' => [ 'class' => 'yii\caching\FileCache', ], + 'authManager' => [ + 'class' => 'yii\rbac\DbManager', +// 'itemFile' => '@common/components/rbac/items.php', +// 'assignmentFile' => '@common/components/rbac/assignments.php', +// 'ruleFile' => '@common/components/rbac/rules.php' + ], ], 'controllerMap' => [ 'elfinder' => [ diff --git a/common/models/Accesses.php b/common/models/Accesses.php index 3d49c97..d732767 100755 --- a/common/models/Accesses.php +++ b/common/models/Accesses.php @@ -40,6 +40,7 @@ class Accesses extends \yii\db\ActiveRecord [['info'], 'string'], [['_projects'], 'safe'], [['_users'], 'safe'], + [['name', 'login', 'password', 'link', 'project', 'info'], 'required'], ]; } diff --git a/common/models/AuthAssignment.php b/common/models/AuthAssignment.php new file mode 100644 index 0000000..2f61253 --- /dev/null +++ b/common/models/AuthAssignment.php @@ -0,0 +1,59 @@ + 64], + [['item_name', 'user_id'], 'unique', 'targetAttribute' => ['item_name', 'user_id']], + [['item_name'], 'exist', 'skipOnError' => true, 'targetClass' => AuthItem::className(), 'targetAttribute' => ['item_name' => 'name']], + ]; + } + + /** + * {@inheritdoc} + */ + public function attributeLabels() + { + return [ + 'item_name' => 'Item Name', + 'user_id' => 'User ID', + 'created_at' => 'Created At', + ]; + } + + /** + * @return \yii\db\ActiveQuery + */ + public function getItemName() + { + return $this->hasOne(AuthItem::className(), ['name' => 'item_name']); + } +} diff --git a/common/models/UserCard.php b/common/models/UserCard.php index d2f3555..abc862c 100755 --- a/common/models/UserCard.php +++ b/common/models/UserCard.php @@ -6,6 +6,7 @@ use common\classes\Debug; use Yii; use yii\behaviors\TimestampBehavior; use yii\db\Expression; +use yii\filters\AccessControl; use yii\helpers\ArrayHelper; /** diff --git a/composer.json b/composer.json index be9888b..4cc4779 100755 --- a/composer.json +++ b/composer.json @@ -27,7 +27,7 @@ "nkovacs/yii2-datetimepicker": "*", "mirocow/yii2-eav": "*", "kartik-v/yii2-widget-fileinput": "^1.0", - "2amigos/yii2-file-upload-widget": "~1.0" + "2amigos/yii2-file-upload-widget": "~1.0", }, "require-dev": { "yiisoft/yii2-debug": "~2.0.0", diff --git a/console/config/main.php b/console/config/main.php index a67be5c..16d8dcf 100755 --- a/console/config/main.php +++ b/console/config/main.php @@ -22,6 +22,12 @@ return [ ], ], 'components' => [ + 'user' => [ + 'identityClass' => 'common\models\User', + 'class' => 'yii\web\User', + 'enableSession' => false, + 'enableAutoLogin' => false, + ], 'log' => [ 'targets' => [ [ diff --git a/console/controllers/RbacController.php b/console/controllers/RbacController.php new file mode 100644 index 0000000..3e0fe75 --- /dev/null +++ b/console/controllers/RbacController.php @@ -0,0 +1,36 @@ +authManager; + + $secure = $auth->createPermission('secure'); + $secure->description = 'Admin panel'; + $auth->add($secure); + + $front = $auth->createPermission('front'); + $front->description = 'Frontend'; + $auth->add($front); + + $user = $auth->createRole('user'); + $auth->add($user); + $auth->addChild($user, $front); + + $admin = $auth->createRole('admin'); + $auth->add($admin); + $auth->addChild($admin, $secure); + $auth->addChild($admin, $user); + + $auth->assign($user, 2); + $auth->assign($admin, 1); + } +} \ No newline at end of file diff --git a/console/controllers/SqlController.php b/console/controllers/SqlController.php index 2657a51..0e65cb2 100644 --- a/console/controllers/SqlController.php +++ b/console/controllers/SqlController.php @@ -4,6 +4,7 @@ namespace console\controllers; +use backend\modules\card\models\UserCard; use Yii; use yii\console\Controller; @@ -13,5 +14,11 @@ class SqlController extends Controller { $sql = "UPDATE user_card SET salary=REPLACE( `salary`, ' ', '' )"; Yii::$app->db->createCommand($sql)->execute(); + echo "script completed successfully\n"; + } + + public function actionGenerateUser() + { + echo UserCard::generateUserForUserCard() . "\n"; } } \ No newline at end of file diff --git a/frontend/models/SignupForm.php b/frontend/models/SignupForm.php index a66a875..5eec1cc 100755 --- a/frontend/models/SignupForm.php +++ b/frontend/models/SignupForm.php @@ -1,6 +1,8 @@ email = $this->email; $user->setPassword($this->password); $user->generateAuthKey(); + $user->save(); + + $auth = Yii::$app->authManager; + $authorRole = $auth->getRole('user'); + $auth->assign($authorRole, $user->id); return $user->save() ? $user : null; } diff --git a/frontend/modules/card/views/user-card/_form.php b/frontend/modules/card/views/user-card/_form.php index e510d86..4cc1194 100755 --- a/frontend/modules/card/views/user-card/_form.php +++ b/frontend/modules/card/views/user-card/_form.php @@ -33,9 +33,6 @@ use yii\helpers\ArrayHelper; [ 'data' => ArrayHelper::map(Skill::find()->all(), 'id', 'name'), 'options' => ['placeholder' => '...', 'class' => 'form-control', 'multiple' => true], - 'pluginOptions' => [ - 'allowClear' => true - ], ] )->label('Навыки'); ?> diff --git a/frontend/modules/card/views/user-card/view.php b/frontend/modules/card/views/user-card/view.php index ee26b36..bc8d557 100755 --- a/frontend/modules/card/views/user-card/view.php +++ b/frontend/modules/card/views/user-card/view.php @@ -21,34 +21,11 @@ $this->title = 'Профиль'; 'attributes' => [ ['label' => 'ФИО', 'attribute' => 'fio',], ['label' => 'Email', 'attribute' => 'email',], - [ - 'attribute' => 'gender', - 'value' => $model->gendersText, - ], ['label' => 'Дата рождения', 'attribute' => 'dob',], - [ - 'attribute' => 'status', - 'value' => $model->status0->name, - ], [ 'attribute' => 'position_id', 'value' => (isset($model->position->name)) ? $model->position->name : 'Без должности', ], - [ - 'attribute' => 'Фото', - 'format' => 'raw', - 'value' => function ($model) { - return Html::tag('img', null, ['src' => $model->photo, 'width' => '100px']); - } - ], - [ - 'attribute' => 'Резюме', - 'format' => 'raw', - 'value' => function ($model) { - return Html::a('Скачать', $model->resume, ['target' => '_blank']); - } - ], - ['label' => 'Добвлен', 'attribute' => 'created_at',], ], ]); ?> diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..e4ee320 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,11 @@ +{ + "requires": true, + "lockfileVersion": 1, + "dependencies": { + "sticky-table-headers": { + "version": "0.1.24", + "resolved": "https://registry.npmjs.org/sticky-table-headers/-/sticky-table-headers-0.1.24.tgz", + "integrity": "sha1-euofB5HKOgKwhgzYhe11ehrL84E=" + } + } +}