/**
* Check if user has access.
*
* @return bool
*/
private function hasAccess()
{
if ($this->user instanceof \BackendUser) {
return $this->user->hasAccess($this->table . '::' . $this->column, 'alexf');
}
return false;
}
protected function checkAccess()
{
// If backend controller is being used then we should
// check for user permissions to use role assigned to current controller and action
$rolesCacheDir = ClassLoader::getRealPath('cache.roles');
if (!is_dir($rolesCacheDir)) {
if (!@mkdir($rolesCacheDir, 0777, true)) {
return false;
}
}
$refl = new ReflectionClass($this);
$controllerPath = $refl->getFileName();
$cachePath = $rolesCacheDir . DIRECTORY_SEPARATOR . md5($controllerPath) . '.php';
ClassLoader::import("framework.roles.RolesDirectoryParser");
ClassLoader::import("framework.roles.RolesParser");
$this->roles = new RolesParser($controllerPath, $cachePath);
if ($this->roles->wereExpired()) {
ClassLoader::import('application.model.role.Role');
Role::addNewRolesNames($this->roles->getRolesNames());
}
$role = $this->roles->getRole($this->request->getActionName());
if ($role) {
if (!$this->user->hasAccess($role)) {
if ($this->user->isAnonymous()) {
throw new UnauthorizedException($this);
} else {
throw new ForbiddenException($this);
}
}
}
}
/**
* Removes menu items from an array if the supplied user lacks permission.
* @param User $user A user object
* @param array $items A collection of menu items
* @return array The filtered menu items
*/
protected function filterItemPermissions($user, array $items)
{
if (!$user) {
return $items;
}
$items = array_filter($items, function ($item) use($user) {
if (!$item->permissions) {
return true;
}
if ($user->hasAccess('superuser')) {
return true;
}
return $user->hasAnyAccess($item->permissions);
});
return $items;
}
$token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() !== $token) {
if (Request::ajax()) {
return Response::json('You don\'t have access to this page !', 401);
} else {
throw new Illuminate\Session\TokenMismatchException();
}
}
});
Route::filter('is_mobile', function () {
return true;
return Agent::isDesktop() ? false : true;
});
Route::filter('hasAccess', function ($route, $request, $value) {
try {
if (!User::hasAccess($value)) {
if (!Request::is('manage') && !Request::is('manage/*')) {
if (Request::ajax()) {
return Response::json('You don\'t have access to this page !', 401);
} else {
return Redirect::to('/')->with('error_msg', 'You don\'t have access to this page !');
}
} else {
if (Request::ajax()) {
return Response::json('You don\'t have access to this page !', 401);
} else {
return Redirect::action('SessionController@index')->with('error_msg', 'Anda Tidak Memiliki Akses Ke Halaman Tersebut.');
}
}
/* if ( Request::ajax() )
return Response::json('You don\'t have access to this page !',401);
QApplication::$PathInfo = '/' . implode('/', $arrRequest);
// Define the controller and view filenames
$strFilename = $strModulePath . '/' . $strController . '/' . $strAction . '.php';
$strTemplate = $strModulePath . '/' . $strController . '/' . $strAction . '.tpl.php';
/*
echo 'Controller: '. $strController .'<br>';
echo 'Action: '. $strAction .'<br>';
echo 'Params: '. implode( '/', $arrRequest ) .'<br>';
echo 'Controller File: '. $strFilename .'<br>';
echo 'View File: '. $strTemplate .'<br>';
exit;
*/
// Catch an error if the Controller/Action file does not exist
if (!is_file($strFilename)) {
$strController = 'error';
$strAction = 'error404';
$strFilename = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error404.php';
$strTemplate = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error404.tpl.php';
} elseif (!User::hasAccess($strController, $strAction, $adminModule)) {
$strController = 'error';
$strAction = 'error403';
$strFilename = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error403.php';
$strTemplate = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error403.tpl.php';
}
// Include the file
require $strFilename;
// If the view exists, run the form in its view
if (is_file($strTemplate)) {
call_user_func(array($strAction, 'run'), $strAction, $strTemplate);
}
// Otherwise, just we trust the Controller/Action file is handling whatever it needs to do itself
<?php
require_once 'func/functions.php';
$oUsr = new User();
$oUsr->hasAccess();
?>
<!doctype html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang=""> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang=""> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9" lang=""> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang=""> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Manage Result</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/font-awesome.min.css">
<link rel="stylesheet" href="css/icomoon.css">
<link rel="stylesheet" href="css/main.css">
<script src="js/vendor/modernizr-2.8.3-respond-1.4.2.min.js"></script>
</head>
<body>
<!--[if lt IE 8]>
<p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p>
<![endif]-->
<div class="container-fluid">
