I am attempting to validate if a user, who belongs to a company, can view an item that belongs to a company...in other words, if they are an employee they should be able to view the company's items.
I'm trying to follow the example provided here:
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth
This is the code I generated (run one time):
$auth=Yii::app()->authManager;
$auth->createOperation('viewItem','view an item');
$bizRule = 'return User::model()->findByPk(Yii::app()->user->getId())->company->id==$params["item"]->company->id';
$task=$auth->createTask('companyOwnedItem','view a company-owned item',$bizRule);
$task->addChild('viewItem');
This is the code in main.php:
'authManager'=>array(
'class'=>'CDbAuthManager',
'connectionID'=>'db',
This is the authorization piece used in my controller:
if (Yii::app()->user->checkAccess('companyOwnedItem',array('item'=>$item))) {
echo 'YES';
} else echo 'NO';
I always get 'NO' on the screen.
However if I use this code:
if (User::model()->findByPk(Yii::app()->user->getId())->company->id==$item->company->id)
Then I get 'YES' on the screen. What am I doing wrong and how do I use Yii's built-in authManager to make it work?
Best guess is that the item in items array isn't working properly. Have you turned on debugging for your auth manager? Forgot the property, but there is one to turn on in case of bizRule errors.
Other than that, it looks right. Also, FYI, after Yii 1.1.11, there is a $param['userId'] option so that you don't need to look up the current user's ID.
I ended up using the following and it worked:
In my config:
'authManager'=>array(
'class'=>'CDbAuthManager',
'connectionID'=>'db',
'defaultRoles'=>array('authenticated'),
'showErrors'=>true,
),
My authManager code:
$auth=Yii::app()->authManager;
$bizRule = 'return User::model()->findByPk(Yii::app()->user->getId())->company->id==$params["item"]->company->id;';
$auth->createOperation('companyOwnedItem','view a company-owned item',$bizRule);
$role = $auth->createRole('authenticated');
$role->addChild('companyOwnedItem');
Then in my controller:
if (Yii::app()->user->checkAccess('companyOwnedItem',array('item'=>$item))) {
echo 'YES';
} else {echo 'NO';}
And it works now!
Related
Ive written a provisioning module for WHMCS and attached it to a product but the module presents 6 buttons, Create, Suspend, Terminate, Change Package, and Change Password. I dont need these buttons as they make no sense for my module, instead I have some custom ones that do what I need, how do I remove these buttons from the product page?
Can't find anything on the WHMCS documentation to describe how to remove or even change the text of the buttons.
Did you check Custom Functions in the Provisioning Modules documentation?
To add client area buttons/functions:
function mymodule_ClientAreaCustomButtonArray() {
//Add or remove items as required
$buttonarray = array(
"Reboot Server" => "reboot",
"Custom Label" => "customlabel",
);
return $buttonarray;
}
//customlabel implementation
function mymodule_customlabel($params) {
# Code to perform customlabel action goes here...
if ($successful) {
$result = "success";
} else {
$result = "Error Message Goes Here...";
}
return $result;
}
So I am pretty new to Laravel, and I have spent the whole day fishing through various documentations but I am stuck on the way queries work within the actual application. Right now, I am trying to get some data in my database to display, and I looked at the query builder so that's where I am right now. I am also using a CRUD based admin panel for entry in the database. And since it is CRUD based, it has created the model and the controller already, so I am wondering if I need to edit any of those files to get this to work. Here is what the public function index() has right now (Using Laraadmin):
$module = Module::get('Events');
if(Module::hasAccess($module->id)) {
return View('la.events.index', [
'show_actions' => $this->show_action,
'listing_cols' => $this->listing_cols,
'module' => $module
]);
} else {
return redirect(config('laraadmin.adminRoute')."/");
}`
Obviously, I am trying to display some data from this Events table into my blade view. From what I was reading, I understood (or I thought) that it would be something similar to this:
foreach ($module as $module) {
echo $module->id;
}
But, I keep getting an error that whatever variable I pass in the loop is undefined, although I thought it was in the controller. Right now my model is just returning the view as well. Any help with this is greatly appreciated, or even just an explanation of the relationships with queries in Laravel. Thanks!
A few things to check when this happens:
Change module to a known array. This tests if your data array is set up correctly:
'module' => [ '1', '2', '3' ], // previously $module
Within the blade, now write a simple loop, such as:
#foreach ($module as $m)
{{ $m }}
#endforeach
If this version does work, then you know you have something up with your $module variable.
If the above still doesn't work, try to simplify your view request (temporarily):
view('foo', ['a' => 555]);
Then in foo.blade.php, simply have:
hello {{ a }}
EDIT
If all this seems to be correct, then the data being fetched is probably wrong (so its not a view issue). Try $module = Module::all();
It seems like you are returning a view that doesn't exist. If what you have now was correct, it would be looking for resources/views/la/events/index.blade.php Try replacing that return view line with this:
return view('events', [ ... rest of your variables ]);
And just a side note, on your foreach statement, it's probably best to use two separate variable names... so something like:
foreach ($module as $element) { ...
I want to show our users there Country Code, on the Product Page in our CS-Cart Store.
I have tried {$user_data.b_country} what didn't work.
Smarty Debug Console also does not show this information so I guess I have to assign this variable to the view.tpl File first.
How can I solve this problem?
You should probably try:
{$cart.user_data.b_country}
Before you call the variable on tpl you need to assign to array variable $user_data
b_country is part of a profile and the customer can have multiple profile
Script bellow will take the b_country from primary profile
1.
add file
app/addons/my_changes/init.php
with content
<?php
if (!defined('BOOTSTRAP')) { die('Access denied'); }
fn_register_hooks(
'sucess_user_login'
);
2.
add file
app/addons/my_changes/func.php
with content
<?php
if (!defined('BOOTSTRAP')) { die('Access denied'); }
function fn_my_changes_sucess_user_login(&$udata, $auth){
if(!isset($auth['b_country']) && $auth['user_id']>0){
$auth['b_country'] = db_get_field('SELECT b_country FROM `?:user_profiles` WHERE user_id = ?i AND profile_type = ?s', $auth['user_id'], 'P');
}
}
3.
now you can use in tpl
{$auth.b_country}
I hope that helps
I have app in Yii and i extend all classes from some base controller and i have these code in it :
protected function beforeAction($action)
{
$this->setglobalvariable();
return parent::beforeAction($action);
}
as i just understand , these code prevent the Captcha to show , because when i delete it , the captcha shows up ! the captcha function is :
public function actions()
{
return array(
// captcha action renders the CAPTCHA image displayed on the contact page
'captcha'=>array(
'class'=>'CCaptchaAction',
'backColor'=>0xFFFFFF,
'minLength'=>2,
'maxLength'=>3,
'width'=>60,
),
// page action renders "static" pages stored under 'protected/views/site/pages'
// They can be accessed via: index.php?r=site/page&view=FileName
'page'=>array(
'class'=>'CViewAction',
),
);
}
So how could i use beforeAction and captcha in same time ?
The confilict is in your structure , Show us more code . put the program in fresh yii and test it.
beforeAction function , Do not have any conflict with other Yii methods or functions.
The probelm is in your code.
Obviously there is some code in your Controller::setglobalvariables() method that conflicts with the captcha's code.
The CCaptachAction::run() method uses $_GET parameters. Are you somehow resetting $_GET ?
Can you show us the code ?
This is a quick syntax question...
I need to block out an HTML element if two SQL statements are true w/ php.
If the status = 'closed', and if the current user is logged in. I can figure out the calls, I just need to see an example of the syntax. :)
So, If SQL status=closed, and if current_user=is_logged_in()...something like that.
I'll assume you're trying to block out a login box if the user is logged in. Here's what you'll need to do:
In the view:
<?php if ($show_login): ?>
<!-- login box code here -->
<?php endif; ?>
In the controller's action that calls the view:
if (is_logged_in() && $this->my_model->check_something()) {
$data['show_login'] = false;
}
else {
$data['show_login'] = true;
}
$this->load->view('myview', $data);
In the model:
function check_something() {
// execute the SQL statements
// and return true/false depending on what you get
}
Refer to CodeIgniter's Active Record documentation to figure out how to setup your SQL statements.
If this isn't what you were looking for, try making your question more detailed, maybe with whatever code you have.
figured it out:
I forgot that I had already called my $data...
<?php
if ($row['status'] == 'closed' && is_logged_in()) { ?>
I feel like a dummy... :)
if($status == "closed" && is_logged_in() == true)
{
// Do Stuff
}
Where is_logged_in() returns true if the user is logged in, or false if the user is not logged in. $status is the value of the MySQL status, which should be either true or false.
if (is_status_closed() && is_logged_in($current_user)) {
// Block this HTML element
elem->block();
}
is_status_closed() would return true if status is equal to "closed".
is_logged_in($current_user) would return true if the user referred to by $current_user is logged in.
The && lets you join two conditional statements together, and can be read as the word "and".
This seems to be a simple question though; is this what you are asking how to do?