/** * Check if user has access. * * @return bool */ private function hasAccess() { if ($this->user instanceof \BackendUser) { return $this->user->hasAccess($this->table . '::' . $this->column, 'alexf'); } return false; }
protected function checkAccess() { // If backend controller is being used then we should // check for user permissions to use role assigned to current controller and action $rolesCacheDir = ClassLoader::getRealPath('cache.roles'); if (!is_dir($rolesCacheDir)) { if (!@mkdir($rolesCacheDir, 0777, true)) { return false; } } $refl = new ReflectionClass($this); $controllerPath = $refl->getFileName(); $cachePath = $rolesCacheDir . DIRECTORY_SEPARATOR . md5($controllerPath) . '.php'; ClassLoader::import("framework.roles.RolesDirectoryParser"); ClassLoader::import("framework.roles.RolesParser"); $this->roles = new RolesParser($controllerPath, $cachePath); if ($this->roles->wereExpired()) { ClassLoader::import('application.model.role.Role'); Role::addNewRolesNames($this->roles->getRolesNames()); } $role = $this->roles->getRole($this->request->getActionName()); if ($role) { if (!$this->user->hasAccess($role)) { if ($this->user->isAnonymous()) { throw new UnauthorizedException($this); } else { throw new ForbiddenException($this); } } } }
/** * Removes menu items from an array if the supplied user lacks permission. * @param User $user A user object * @param array $items A collection of menu items * @return array The filtered menu items */ protected function filterItemPermissions($user, array $items) { if (!$user) { return $items; } $items = array_filter($items, function ($item) use($user) { if (!$item->permissions) { return true; } if ($user->hasAccess('superuser')) { return true; } return $user->hasAnyAccess($item->permissions); }); return $items; }
$token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token'); if (Session::token() !== $token) { if (Request::ajax()) { return Response::json('You don\'t have access to this page !', 401); } else { throw new Illuminate\Session\TokenMismatchException(); } } }); Route::filter('is_mobile', function () { return true; return Agent::isDesktop() ? false : true; }); Route::filter('hasAccess', function ($route, $request, $value) { try { if (!User::hasAccess($value)) { if (!Request::is('manage') && !Request::is('manage/*')) { if (Request::ajax()) { return Response::json('You don\'t have access to this page !', 401); } else { return Redirect::to('/')->with('error_msg', 'You don\'t have access to this page !'); } } else { if (Request::ajax()) { return Response::json('You don\'t have access to this page !', 401); } else { return Redirect::action('SessionController@index')->with('error_msg', 'Anda Tidak Memiliki Akses Ke Halaman Tersebut.'); } } /* if ( Request::ajax() ) return Response::json('You don\'t have access to this page !',401);
QApplication::$PathInfo = '/' . implode('/', $arrRequest); // Define the controller and view filenames $strFilename = $strModulePath . '/' . $strController . '/' . $strAction . '.php'; $strTemplate = $strModulePath . '/' . $strController . '/' . $strAction . '.tpl.php'; /* echo 'Controller: '. $strController .'<br>'; echo 'Action: '. $strAction .'<br>'; echo 'Params: '. implode( '/', $arrRequest ) .'<br>'; echo 'Controller File: '. $strFilename .'<br>'; echo 'View File: '. $strTemplate .'<br>'; exit; */ // Catch an error if the Controller/Action file does not exist if (!is_file($strFilename)) { $strController = 'error'; $strAction = 'error404'; $strFilename = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error404.php'; $strTemplate = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error404.tpl.php'; } elseif (!User::hasAccess($strController, $strAction, $adminModule)) { $strController = 'error'; $strAction = 'error403'; $strFilename = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error403.php'; $strTemplate = __DOCROOT__ . __SUBDIRECTORY__ . '/app/error/error403.tpl.php'; } // Include the file require $strFilename; // If the view exists, run the form in its view if (is_file($strTemplate)) { call_user_func(array($strAction, 'run'), $strAction, $strTemplate); } // Otherwise, just we trust the Controller/Action file is handling whatever it needs to do itself
<?php require_once 'func/functions.php'; $oUsr = new User(); $oUsr->hasAccess(); ?> <!doctype html> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang=""> <![endif]--> <!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang=""> <![endif]--> <!--[if IE 8]> <html class="no-js lt-ie9" lang=""> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang=""> <!--<![endif]--> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Manage Result</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="css/bootstrap.min.css"> <link rel="stylesheet" href="css/font-awesome.min.css"> <link rel="stylesheet" href="css/icomoon.css"> <link rel="stylesheet" href="css/main.css"> <script src="js/vendor/modernizr-2.8.3-respond-1.4.2.min.js"></script> </head> <body> <!--[if lt IE 8]> <p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <div class="container-fluid">