/**
* Ensure new role name doesn't already exist.
*/
public static function new_role($role)
{
if (isset(\User::acl()->rules[$role])) {
return false;
}
return true;
}
if (!isset($_POST['resources']['default'])) {
$_POST['resources']['default'] = false;
} else {
$resources = User::acl()->resources();
foreach ($resources as $resource => $label) {
if (isset($_POST['resources'][$resource])) {
unset($resources[$resource]);
} else {
$resources[$resource] = false;
}
}
$resources['default'] = true;
$_POST['resources'] = $resources;
}
// save the file
$acl = User::acl();
unset($acl->rules[$_GET['role']]);
unset($acl->rules[$_POST['name']]);
$acl->add_role($_POST['name'], $_POST['resources']['default']);
foreach ($_POST['resources'] as $resource => $allow) {
if ($allow) {
$acl->allow($_POST['name'], $resource);
} else {
$acl->deny($_POST['name'], $resource);
}
}
if (!Ini::write($acl->rules, conf('Paths', 'access_control_list'))) {
$form->controller->add_notification(__('Unable to save the file.'));
return false;
}
$form->controller->add_notification(__('Role saved.'));
/**
* Get or set the Acl object.
*/
public static function acl($acl = null)
{
if ($acl !== null) {
self::$acl = $acl;
}
if (self::$acl === null) {
self::$acl = new Acl(conf('Paths', 'access_control_list'));
}
return self::$acl;
}
<?php
/**
* List all user roles.
*/
$page->layout = 'admin';
$this->require_acl('admin', 'user', 'user/roles');
$page->title = __('Roles');
echo $tpl->render('user/roles', array('roles' => array_keys(User::acl()->rules)));
/**
* Loads the access control list for the `access()` method.
*/
private static function load_acl()
{
if (self::$acl === false) {
$appconf = parse_ini_file('apps/user/conf/config.php', true);
self::$acl = $appconf['Access'];
// make the default access levels translatable
i18n_get('Public');
i18n_get('Member');
i18n_get('Private');
}
}
<?php
/*
* Deletes a role.
*/
$this->require_acl('admin', 'user', 'user/roles');
$page->layout = 'admin';
if (!isset($_POST['role'])) {
$this->redirect('/user/roles');
}
$rules = User::acl()->rules;
unset($rules[$_POST['role']]);
if (!Ini::write($rules, conf('Paths', 'access_control_list'))) {
$this->add_notification(__('Unable to save the file.'));
} else {
$this->add_notification(__('Role deleted.'));
}
$this->redirect('/user/roles');
<?php
/**
* This is the settings form for the user app.
*/
$this->require_admin();
require_once 'apps/admin/lib/Functions.php';
$page->layout = 'admin';
$page->title = __('Member Settings');
$form = new Form('post', $this);
$appconf['User']['login_methods'] = is_array($appconf['User']['login_methods']) ? $appconf['User']['login_methods'] : array();
$form->data = array('facebook_app_id' => $appconf['Facebook']['application_id'], 'facebook_app_secret' => $appconf['Facebook']['application_secret'], 'twitter_id' => $appconf['Twitter']['twitter_id'], 'twitter_key' => $appconf['Twitter']['consumer_key'], 'twitter_secret' => $appconf['Twitter']['consumer_secret'], 'twitter_access_token' => $appconf['Twitter']['access_token'], 'twitter_access_token_secret' => $appconf['Twitter']['access_token_secret'], 'login_openid' => in_array('openid', $appconf['User']['login_methods']), 'login_google' => in_array('google', $appconf['User']['login_methods']), 'login_facebook' => in_array('facebook', $appconf['User']['login_methods']), 'login_twitter' => in_array('twitter', $appconf['User']['login_methods']), 'login_persona' => in_array('persona', $appconf['User']['login_methods']), 'default_role' => $appconf['User']['default_role'], 'roles' => array_keys(User::acl()->rules));
echo $form->handle(function ($form) {
$login_methods = array();
if ($_POST['login_openid'] === 'yes') {
$login_methods[] = 'openid';
}
if ($_POST['login_google'] === 'yes') {
$login_methods[] = 'google';
}
if ($_POST['login_facebook'] === 'yes') {
$login_methods[] = 'facebook';
}
if ($_POST['login_twitter'] === 'yes') {
$login_methods[] = 'twitter';
}
if ($_POST['login_persona'] === 'yes') {
$login_methods[] = 'persona';
}
if (count($login_methods) === 0) {
$login_methods = false;
