public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "downloads";
     //only for admin
     Permission::allow('admin', $resource, "*");
     //only for normal users
     Permission::allow('user', $resource, "download");
     return Permission::check($role, $resource, $action);
 }
Example #2
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "files";
     //only for admins
     Permission::allow('admin', $resource, ['*']);
     //only for normal users
     Permission::allow('user', $resource, ['index', 'getAll', 'create']);
     Permission::allow('user', $resource, ['delete'], 'owner');
     $fileId = Encryption::decryptIdWithDash($this->request->data("file_id"));
     $config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #3
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "todo";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['delete'], 'owner');
     $todoId = $this->request->data("todo_id");
     if (!empty($todoId)) {
         $todoId = Encryption::decryptIdWithDash($todoId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #4
0
 public static function isOwner()
 {
     return "OWNER" === Session::getUserRole();
 }
Example #5
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "posts";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']);
     Permission::allow('user', $resource, ['update', 'delete'], 'owner');
     $postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id");
     if (!empty($postId)) {
         $postId = Encryption::decryptId($postId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #6
0
		
			<div dir='auto' class="panel-heading">
				<?php 
if (Session::getUserId() === (int) $post["user_id"] || Session::getUserRole() === "admin") {
    ?>
					<div class="pull-right">
						<a href="<?php 
    echo PUBLIC_ROOT . "Posts/View/" . urlencode(Encryption::encryptId($post["id"])) . "?action=update";
    ?>
">
							<button type="button" class="btn btn-default btn-circle edit"><i class="fa fa-pencil"></i></button>
						</a>
						<a href="<?php 
    echo PUBLIC_ROOT . "Posts/delete/" . urlencode(Encryption::encryptId($post["id"])) . "?csrf_token=" . urlencode(Session::generateCsrfToken());
    ?>
">
							<button type="button" class="btn btn-danger btn-circle delete"><i class="fa fa-times"></i></button>
						</a>
					</div>
				<?php 
}
?>
				<h5><?php 
echo $post["title"];
?>
</h5>
			</div>
			
			<div class="panel-body">
				<div class="row">
					<div class="col-lg-12">
Example #7
0
echo PUBLIC_ROOT . "Files";
?>
"><i class="fa fa-cloud-upload fa-fw"></i> Files
								<span class="label label-danger"><?php 
echo $files;
?>
</span></a>
                        </li>
						<li id="bugs">
                            <a href="<?php 
echo PUBLIC_ROOT . "User/Bugs";
?>
"><i class="fa fa-bug fa-fw"></i> Bugs</a>
                        </li>
						<?php 
if (Session::getUserRole() === "admin") {
    ?>
							<li id="users">
								<a href="<?php 
    echo PUBLIC_ROOT . "Admin/Users";
    ?>
"><i class="fa fa-users fa-fw"></i> Users</a>
							</li>
							<li id="backups">
								<a href="<?php 
    echo PUBLIC_ROOT . "Admin/Backups";
    ?>
"><i class="fa fa-database fa-fw"></i> Backups</a>
							</li>
						<?php 
}
Example #8
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "newsfeed";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']);
     Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
     $newsfeedId = $this->request->data("newsfeed_id");
     if (!empty($newsfeedId)) {
         $newsfeedId = Encryption::decryptIdWithDash($newsfeedId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #9
0
 /**
  * Is user authorized for admin controller & requested action method?
  *
  * @return bool
  */
 public function isAuthorized()
 {
     $role = Session::getUserRole();
     if (isset($role) && $role === "admin") {
         return true;
     }
     return false;
 }
Example #10
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "posts";
     //only for admins
     Permission::allow('admin', $resource, ['*']);
     //only for normal users
     Permission::allow('user', $resource, ['index', 'view', 'newPost', 'getAll', 'getById', 'create']);
     Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
     $postId = $this->request->data("post_id");
     $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #11
0
        echo PUBLIC_ROOT . "img/profile_pictures/" . $feed["profile_picture"];
        ?>
" alt="User Picture" class="img-circle profile-pic-sm">
					</span>
					<div class="chat-body clearfix">
						<div class="header">
							<strong class="primary-font"><?php 
        echo $feed["user_name"];
        ?>
</strong>
								<small class="text-muted"><i class="fa fa-clock-o fa-fw"></i> <?php 
        echo $this->timestamp($feed["date"]);
        ?>
 </small>
								<?php 
        if (Session::getUserId() === $feed["user_id"] || Session::getUserRole() === "admin") {
            ?>
									<span class="pull-right btn-group btn-group-xs">
										<a class="btn btn-default edit"><i class="fa fa-pencil"></i></a>
										<a class="btn btn-danger delete"><i class="fa fa-times"></i></a>
									</span>
								<?php 
        }
        ?>
						</div>
						<p> <?php 
        echo $this->autoLinks($this->encodeHTMLWithBR($feed["content"]));
        ?>
</p>
					</div>
				</li>
Example #12
0
        ?>
" alt="User Picture" class="img-circle profile-pic-sm">
					</span>
					
					<div class="chat-body clearfix">
						<div class="header">
							<strong class="primary-font"><?php 
        echo $comment["user_name"];
        ?>
</strong>
							<small class="text-muted"><i class="fa fa-clock-o fa-fw"></i><?php 
        echo $this->timestamp($comment["date"]);
        ?>
</small>
							<?php 
        if (Session::getUserId() === $comment["user_id"] || Session::getUserRole() === "admin") {
            ?>
								<span class="pull-right btn-group btn-group-xs">
									<a class="btn btn-default edit"><i class="fa fa-pencil"></i></a>
									<a class="btn btn-danger delete"><i class="fa fa-times"></i></a>
								</span>
							<?php 
        }
        ?>
						</div>
						<p><?php 
        echo $this->autoLinks($this->encodeHTMLWithBR($comment["content"]));
        ?>
</p>
					</div>
				 </li>