Skip to content

Commit

Permalink
Add access controll.
Browse files Browse the repository at this point in the history
  • Loading branch information
dvaganov committed Jun 6, 2016
1 parent 633ff99 commit d3d38fb
Show file tree
Hide file tree
Showing 4 changed files with 83 additions and 2 deletions.
22 changes: 20 additions & 2 deletions controllers/CalendarController.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,26 @@ public function actionIndex()
*/
public function actionView($id)
{
return $this->render('view', [
'model' => $this->findModel($id),
$model = $this->findModel($id);
$view = '';

switch(Access::check($model)) {

case Access::ACCESS_OWNER:
$view = 'view';
break;

case Access::ACCESS_GUEST:
$view = 'viewGuest';
break;

case Access::ACCESS_NO:
default:
throw new \yii\web\ForbiddenHttpException("Not allowed!");
}

return $this->render($view, [
'model' => $model,
]);
}

Expand Down
27 changes: 27 additions & 0 deletions models/Access.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ class Access extends \yii\db\ActiveRecord
* @var string DATE_FORMAT
*/
const DATE_FORMAT = 'Y-m-d';
const ACCESS_NO = 0;
const ACCESS_OWNER = 1;
const ACCESS_GUEST = 2;

/**
* @inheritdoc
*/
Expand Down Expand Up @@ -81,4 +85,27 @@ public static function find()
{
return new \app\models\query\AccessQuery(get_called_class());
}

/**
* Check access currento user to model.
* @param \app\models\Calendar $model
* @return int Access status
*/
public function check($model)
{
$result = self::ACCESS_NO;
$currentUser = \Yii::$app->user->id;

if ($currentUser == $model->creatorID) {
$result = self::ACCESS_OWNER;
} else {
$isGuest = self::find()
->whereGuest($currentUser)
->whereDate($model->dateEvent)
->exists();
$result = ($isGuest) ? self::ACCESS_GUEST : $result;
}

return $result;
}
}
9 changes: 9 additions & 0 deletions models/query/AccessQuery.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,13 @@ public function whereGuest($userID)
{
return $this->andWhere('guestID = :guestID', ['guestID' => $userID]);
}

/**
* Add date filter to access.
* @param int $date
*/
public function whereDate($date)
{
return $this->andWhere(['like', 'date', $date]);
}
}
27 changes: 27 additions & 0 deletions views/calendar/viewGuest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

use yii\helpers\Html;
use yii\widgets\DetailView;

/* @var $this yii\web\View */
/* @var $model app\models\Calendar */

$this->title = substr($model->text, 0, 10) . '...';
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Calendars'), 'url' => ['index']];
$this->params['breadcrumbs'][] = $this->title;
?>
<div class="calendar-view">

<h1><?= Html::encode($this->title) ?></h1>

<?= DetailView::widget([
'model' => $model,
'attributes' => [
'id',
'text:ntext',
'creatorID',
'dateEvent',
],
]) ?>

</div>

0 comments on commit d3d38fb

Please sign in to comment.