Доступы

diff --git a/erp24/controllers/MarketplacePricesLogController.php b/erp24/controllers/MarketplacePricesLogController.php
index 60967eb53215b1f786ab575e53481dc4160a1c8e..1ee314b9d6805f085d87e43fbfe440ad7faf00ea 100644 (file)
--- a/erp24/controllers/MarketplacePricesLogController.php
+++ b/erp24/controllers/MarketplacePricesLogController.php
@@ -2,6 +2,8 @@
 
 namespace app\controllers;
 
+use Yii;
+use yii_app\records\AdminGroup;
 use yii_app\records\MarketplacePricesLog;
 use yii_app\records\MarketplacePricesLogSearch;
 use yii\web\Controller;
@@ -38,6 +40,9 @@ class MarketplacePricesLogController extends Controller
      */
     public function actionIndex()
     {
+        if (($resp = $this->checkAccess()) !== null) {
+            return $resp;
+        }
         $searchModel = new MarketplacePricesLogSearch();
         $dataProvider = $searchModel->search($this->request->queryParams);
 
@@ -55,6 +60,9 @@ class MarketplacePricesLogController extends Controller
      */
     public function actionView($id)
     {
+        if (($resp = $this->checkAccess()) !== null) {
+            return $resp;
+        }
         return $this->render('view', [
             'model' => $this->findModel($id),
         ]);
@@ -67,6 +75,9 @@ class MarketplacePricesLogController extends Controller
      */
     public function actionCreate()
     {
+        if (($resp = $this->checkAccess()) !== null) {
+            return $resp;
+        }
         $model = new MarketplacePricesLog();
 
         if ($this->request->isPost) {
@@ -91,6 +102,9 @@ class MarketplacePricesLogController extends Controller
      */
     public function actionUpdate($id)
     {
+        if (($resp = $this->checkAccess()) !== null) {
+            return $resp;
+        }
         $model = $this->findModel($id);
 
         if ($this->request->isPost && $model->load($this->request->post()) && $model->save()) {
@@ -111,6 +125,10 @@ class MarketplacePricesLogController extends Controller
      */
     public function actionDelete($id)
     {
+        if (($resp = $this->checkAccess()) !== null) {
+            $this->redirect(['/site/index']);
+        }
+
         $this->findModel($id)->delete();
 
         return $this->redirect(['index']);
@@ -131,4 +149,16 @@ class MarketplacePricesLogController extends Controller
 
         throw new NotFoundHttpException('The requested page does not exist.');
     }
+
+    private function checkAccess() {
+        $groupId = Yii::$app->user->identity->group_id;
+
+        if (!in_array($groupId, [
+            AdminGroup::GROUP_IT,
+        ], true)) {
+            return $this->render('/site/index');
+        }
+
+        return null;
+    }
 }

diff --git a/erp24/views/marketplace-prices/index.php b/erp24/views/marketplace-prices/index.php
index 3766a073092874c6a0c050f872e0405a2242e5ef..3bc620bd2ba197e971a3e1f6eb169a4b5f976210 100644 (file)
--- a/erp24/views/marketplace-prices/index.php
+++ b/erp24/views/marketplace-prices/index.php
@@ -1,6 +1,8 @@
 <?php
 
 use yii\widgets\ActiveForm;
+use yii_app\records\Admin;
+use yii_app\records\AdminGroup;
 use yii_app\records\MarketplacePrices;
 use yii\helpers\Html;
 use yii\helpers\Url;
@@ -21,7 +23,9 @@ $this->params['breadcrumbs'][] = $this->title;
     <div class="d-flex justify-content-between">
         <div>
             <?= Html::a('Добавить цены', ['create'], ['class' => 'btn btn-success ']) ?>
+            <?php if(in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::GROUP_RS_DIRECTOR]))  { ?>
             <?= Html::a('История цен', ['/marketplace-prices-log/index'], ['class' => 'btn btn-success']) ?>
+            <?php } ?>
             <?= Html::a('Товары маркетплейсов', ['/matrix-erp/index'], ['class' => 'btn btn-success']) ?>
         </div>