From c3d6fad866f777ac973dff0bf8e92028e343d148 Mon Sep 17 00:00:00 2001 From: fomichev Date: Thu, 7 Nov 2024 12:52:41 +0300 Subject: [PATCH] =?utf8?q?=D0=9E=D0=93=D0=A0=D0=90=D0=9D=D0=98=D0=A7=D0=95?= =?utf8?q?=D0=9D=D0=98=D0=95=20=D0=94=D0=9E=D0=A1=D0=A2=D0=A3=D0=9F=D0=90?= =?utf8?q?=20=D0=9A=20=D0=A0=D0=90=D0=97=D0=94=D0=95=D0=9B=D0=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../crud/ClusterAdminController.php | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/erp24/controllers/crud/ClusterAdminController.php b/erp24/controllers/crud/ClusterAdminController.php index 34304e60..4bfc9a9f 100644 --- a/erp24/controllers/crud/ClusterAdminController.php +++ b/erp24/controllers/crud/ClusterAdminController.php @@ -3,8 +3,10 @@ namespace yii_app\controllers\crud; use Yii; +use yii\filters\AccessControl; use yii\helpers\ArrayHelper; use yii_app\records\Admin; +use yii_app\records\AdminGroup; use yii_app\records\Cluster; use yii_app\records\ClusterAdmin; use yii_app\records\ClusterAdminSearch; @@ -26,6 +28,19 @@ class ClusterAdminController extends Controller return array_merge( parent::behaviors(), [ + /*'access' => [ + 'class' => AccessControl::class, + 'rules' => [ + [ + 'allow' => true, + 'actions' => ['view', 'index', 'update', 'delete'], + 'roles' => ['clusterAdminEdit'], + ], + ], + 'denyCallback' => function ($rule, $action) { + throw new \yii\web\ForbiddenHttpException('У вас нет прав для выполнения данного действия.'); + } + ],*/ 'verbs' => [ 'class' => VerbFilter::class, 'actions' => [ @@ -43,6 +58,11 @@ class ClusterAdminController extends Controller */ public function actionIndex() { + if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) { + return $this->redirect('/'); + + } + // Получаем все кусты из таблицы Cluster $clusters = Cluster::find()->asArray()->all(); @@ -157,6 +177,12 @@ class ClusterAdminController extends Controller */ public function actionView($id) { + + if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) { + return $this->redirect('/'); + + } + $user = Yii::$app->user->identity; // Ищем кластер по его ID @@ -185,6 +211,11 @@ class ClusterAdminController extends Controller */ public function actionCreate($cluster_id) { + if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) { + return $this->redirect('/'); + + } + $model = new ClusterAdmin(); $allAdmins = Admin::find() @@ -285,6 +316,10 @@ class ClusterAdminController extends Controller */ public function actionUpdate($id) { + if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) { + return $this->redirect('/'); + + } $model = $this->findModel($id); $allAdmins = Admin::find() @@ -401,6 +436,11 @@ class ClusterAdminController extends Controller */ public function actionDelete($id) { + if (!in_array(Admin::findOne([Yii::$app->user->id])->group_id, [AdminGroup::GROUP_IT, AdminGroup::DIRECTOR, AdminGroup::GROUP_HR ])) { + return $this->redirect('/'); + + } + $model = $this->findModel($id); $this->findModel($id)->delete(); -- 2.39.5