From: fomichev <vladimir.fomichev@erp-flowers.ru>
Date: Thu, 7 Nov 2024 09:52:41 +0000 (+0300)
Subject: ОГРАНИЧЕНИЕ ДОСТУПА К РАЗДЕЛУ
X-Git-Tag: 1.7~228^2~6
X-Git-Url: https://gitweb.erp-flowers.ru/?a=commitdiff_plain;h=c3d6fad866f777ac973dff0bf8e92028e343d148;p=erp24_rep%2Fyii-erp24%2F.git

ОГРАНИЧЕНИЕ ДОСТУПА К РАЗДЕЛУ
---

diff --git a/erp24/controllers/crud/ClusterAdminController.php b/erp24/controllers/crud/ClusterAdminController.php
index 34304e60..4bfc9a9f 100644
--- a/erp24/controllers/crud/ClusterAdminController.php
+++ b/erp24/controllers/crud/ClusterAdminController.php
@@ -3,8 +3,10 @@
 namespace yii_app\controllers\crud;
 
 use Yii;
+use yii\filters\AccessControl;
 use yii\helpers\ArrayHelper;
 use yii_app\records\Admin;
+use yii_app\records\AdminGroup;
 use yii_app\records\Cluster;
 use yii_app\records\ClusterAdmin;
 use yii_app\records\ClusterAdminSearch;
@@ -26,6 +28,19 @@ class ClusterAdminController extends Controller
         return array_merge(
             parent::behaviors(),
             [
+                /*'access' => [
+                    'class' => AccessControl::class,
+                    'rules' => [
+                        [
+                            'allow' => true,
+                            'actions' => ['view', 'index', 'update', 'delete'],
+                            'roles' => ['clusterAdminEdit'],
+                        ],
+                    ],
+                    'denyCallback' => function ($rule, $action) {
+                        throw new \yii\web\ForbiddenHttpException('Ð£ Ð²Ð°Ñ Ð½ÐµÑ Ð¿ÑÐ°Ð² Ð´Ð»Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ Ð´ÐµÐ¹ÑÑÐ²Ð¸Ñ.');
+                    }
+                ],*/
                 'verbs' => [
                     'class' => VerbFilter::class,
                     'actions' => [
@@ -43,6 +58,11 @@ class ClusterAdminController extends Controller
      */
     public function actionIndex()
     {
+        if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) {
+            return $this->redirect('/');
+
+        }
+
         // ÐÐ¾Ð»ÑÑÐ°ÐµÐ¼ Ð²ÑÐµ ÐºÑÑÑÑ Ð¸Ð· ÑÐ°Ð±Ð»Ð¸ÑÑ Cluster
         $clusters = Cluster::find()->asArray()->all();
 
@@ -157,6 +177,12 @@ class ClusterAdminController extends Controller
      */
     public function actionView($id)
     {
+
+        if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) {
+            return $this->redirect('/');
+
+        }
+
         $user = Yii::$app->user->identity;
 
         // ÐÑÐµÐ¼ ÐºÐ»Ð°ÑÑÐµÑ Ð¿Ð¾ ÐµÐ³Ð¾ ID
@@ -185,6 +211,11 @@ class ClusterAdminController extends Controller
      */
     public function actionCreate($cluster_id)
     {
+        if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) {
+            return $this->redirect('/');
+
+        }
+
         $model = new ClusterAdmin();
 
         $allAdmins = Admin::find()
@@ -285,6 +316,10 @@ class ClusterAdminController extends Controller
      */
     public function actionUpdate($id)
     {
+        if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) {
+            return $this->redirect('/');
+
+        }
         $model = $this->findModel($id);
 
         $allAdmins = Admin::find()
@@ -401,6 +436,11 @@ class ClusterAdminController extends Controller
      */
     public function actionDelete($id)
     {
+        if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) {
+            return $this->redirect('/');
+
+        }
+
         $model = $this->findModel($id);
         $this->findModel($id)->delete();