diff --git a/backend/controllers/SiteController.php b/backend/controllers/SiteController.php index 8544e48..fea12ee 100755 --- a/backend/controllers/SiteController.php +++ b/backend/controllers/SiteController.php @@ -43,7 +43,6 @@ class SiteController extends Controller 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ - 'logout' => ['post'], ], ], ]; diff --git a/backend/controllers/UserController.php b/backend/controllers/UserController.php index fc98ea7..68d4c58 100644 --- a/backend/controllers/UserController.php +++ b/backend/controllers/UserController.php @@ -5,10 +5,13 @@ namespace backend\controllers; use Yii; use backend\models\User; use backend\models\UserSearch; +use yii\filters\AccessControl; use yii\web\Controller; use yii\web\NotFoundHttpException; use yii\filters\VerbFilter; -use developeruz\db_rbac\behaviors\AccessBehavior; +use yii\web\Response; +use yii\widgets\ActiveForm; + /** * UserController implements the CRUD actions for User model. */ @@ -19,32 +22,30 @@ class UserController extends Controller */ public function behaviors() { + + return [ - 'access'=>[ - 'class' => AccessBehavior::className(), - 'rules' => - ['site' => - [ - [ - 'actions' => ['login', 'error'], - 'allow' => true, - ] - ], - 'user' => - [ - [ - 'actions' => ['index', 'create', 'update'], - 'allow' => true, - ] - ] - ], - ], 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'delete' => ['POST'], ], ], + 'access' => [ + 'class' => AccessControl::className(), + 'rules' => [ + [ + 'allow' => true, +// 'actions' => ['login', 'signup'], + 'roles' => ['admin'], + ], + [ +// 'allow' => true, +// 'actions' => ['logout'], +// 'roles' => ['@'], + ], + ], + ], ]; } @@ -83,8 +84,19 @@ class UserController extends Controller public function actionCreate() { $model = new User(); + if (Yii::$app->request->isAjax) { + Yii::$app->response->format = Response::FORMAT_JSON; + $model->load(Yii::$app->request->post()); + return ActiveForm::validate($model); + }else if ($model->load(Yii::$app->request->post()) && $model->validate()) { + $model->save(); + + foreach($model->role as $k => $role){ + $auth = Yii::$app->authManager; + $authorRole = $auth->getRole($role); + $auth->assign($authorRole, $model->id); + } - if ($model->load(Yii::$app->request->post()) && $model->save()) { return $this->redirect(['view', 'id' => $model->id]); } else { return $this->render('create', [ @@ -104,6 +116,11 @@ class UserController extends Controller $model = $this->findModel($id); if ($model->load(Yii::$app->request->post()) && $model->save()) { + + $auth = Yii::$app->authManager; + $authorRole = $auth->getRole('author'); + $auth->assign($authorRole, $model->id); + return $this->redirect(['view', 'id' => $model->id]); } else { return $this->render('update', [ diff --git a/backend/models/User.php b/backend/models/User.php index e18e01a..ad6e067 100644 --- a/backend/models/User.php +++ b/backend/models/User.php @@ -6,8 +6,11 @@ use developeruz\db_rbac\interfaces\UserRbacInterface; use common\models\Share; use common\modules\comment\models\Comment; use common\modules\comment\models\Rating; +use yii\base\NotSupportedException; use Yii; - +use yii\behaviors\TimestampBehavior; +use yii\db\ActiveRecord; +use yii\web\IdentityInterface; /** * This is the model class for table "user". * @@ -25,8 +28,13 @@ use Yii; * @property Rating[] $ratings * @property Share[] $shares */ -class User extends \common\models\User implements UserRbacInterface +class User extends ActiveRecord implements UserRbacInterface, IdentityInterface { + + const STATUS_DELETED = 0; + const STATUS_ACTIVE = 10; + public $password; + /** * @inheritdoc */ @@ -41,16 +49,41 @@ class User extends \common\models\User implements UserRbacInterface public function rules() { return [ - [['username', 'auth_key', 'password_hash', 'email'], 'required'], + [['username', 'password', 'email'], 'required'], [['status', 'created_at', 'updated_at'], 'integer'], [['username', 'password_hash', 'password_reset_token', 'email'], 'string', 'max' => 255], [['auth_key'], 'string', 'max' => 32], - [['email'], 'unique'], [['password_reset_token'], 'unique'], - [['username'], 'unique'], + ['email', 'unique', 'targetClass' => '\backend\models\User', 'message' => Yii::t('app','message',[ + 'field' => 'Email' + ])], + ]; + } + + + /** + * @inheritdoc + */ + public function behaviors() + { + return [ + TimestampBehavior::className(), + [ + 'class' => 'common\behaviors\ShowImage', + ], ]; } + + public function beforeSave($insert) + { + $this->setPassword($this->password); + $this->generateAuthKey(); + return parent::beforeSave($insert); + } + + + /** * @inheritdoc */ @@ -69,6 +102,74 @@ class User extends \common\models\User implements UserRbacInterface ]; } + + /** + * Generates "remember me" authentication key + */ + public function generateAuthKey() + { + $this->auth_key = Yii::$app->security->generateRandomString(); + } + + /** + * Generates password hash from password and sets it to the model + * + * @param string $password + */ + public function setPassword($password) + { + $this->password_hash = Yii::$app->security->generatePasswordHash($password); + } + + + + + + public function getRole(){ + return !empty($this->id) ? \Yii::$app->authManager->getRolesByUser($this->id) : ""; + } + + /** + * @inheritdoc + */ + public function getId() + { + return $this->getPrimaryKey(); + } + + /** + * @inheritdoc + */ + public function getAuthKey() + { + return $this->auth_key; + } + + /** + * @inheritdoc + */ + public function validateAuthKey($authKey) + { + return $this->getAuthKey() === $authKey; + } + + + /** + * @inheritdoc + */ + public static function findIdentityByAccessToken($token, $type = null) + { + throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.'); + } + + /** + * @inheritdoc + */ + public static function findIdentity($id) + { + return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]); + } + /** * @return \yii\db\ActiveQuery */ @@ -93,19 +194,11 @@ class User extends \common\models\User implements UserRbacInterface return $this->hasMany(Share::className(), ['user_id' => 'id']); } - public function getId() - { - return $this->getPrimaryKey(); - } public function getUserName() { return $this->username; } - public static function findIdentity($id) - { - return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]); - } } diff --git a/backend/views/layouts/header.php b/backend/views/layouts/header.php index 696e292..04ab831 100755 --- a/backend/views/layouts/header.php +++ b/backend/views/layouts/header.php @@ -6,9 +6,11 @@ use yii\helpers\Html; use yii\bootstrap\Nav; use yii\bootstrap\NavBar; +use yii\helpers\Url; use yii\widgets\Breadcrumbs; use frontend\assets\AppAsset; use common\widgets\Alert; +use yii\widgets\Menu; AppAsset::register($this); ?> @@ -28,31 +30,6 @@ AppAsset::register($this);
- [ - 'class' => 'navbar-inverse navbar-fixed-top', - ], - ]); - if (Yii::$app->user->isGuest) { - $menuItems[] = ['label' => 'Signup', 'url' => ['/site/signup']]; - $menuItems[] = ['label' => 'Login', 'url' => ['/site/login']]; - } else { - $menuItems[] = '
  • ' - . Html::beginForm(['/site/logout'], 'post') - . Html::submitButton( - 'Logout (' . Yii::$app->user->identity->username . ')', - ['class' => 'btn btn-link'] - ) - . Html::endForm() - . '
    • '; - } - echo Nav::widget([ - 'options' => ['class' => 'navbar-nav navbar-right'], - 'items' => $menuItems, - ]); - NavBar::end(); - ?>
    \ No newline at end of file diff --git a/backend/views/layouts/main-sidebar.php b/backend/views/layouts/main-sidebar.php index 5c34645..793577b 100755 --- a/backend/views/layouts/main-sidebar.php +++ b/backend/views/layouts/main-sidebar.php @@ -4,70 +4,84 @@ use yii\widgets\Menu;