/** * Ensure that the user is an admin with access to the master admin site. */ function authenticate() { if (!isset($this->authenticated)) { if (!empty($this->admin_page->user_id)) { $user_id = $this->admin_page->user_id; $user = new entity($user_id); $user_netid = $user->get_value('name'); } else { $user_netid = reason_require_authentication(); $user_id = get_user_id($user_netid); } if (reason_user_has_privs($user_id, 'manage_allowable_relationships')) { $user_man = new User(); $this->authenticated = $user_man->is_site_user($user_netid, id_of('master_admin')); } } return $this->authenticated; }
/** * check_permission uses the user manager class to validate that the site * and user are valid, and that the user has access to the site * * @return boolean true if the user and site are valid, and the user has access to the site */ function check_permission() { $user_manager = new User(); if ($user_manager->set_site_id($this->site_id)) { if ($user_manager->is_site_user($this->user_netID)) { $user_id = get_user_id($this->user_netID); $e1 = new entity($this->entity_id); $e2 = new entity($this->left_entity_id); if ($e1->get_value('state') == 'Pending' || $e2->get_value('state') == 'Pending') { $priv = 'edit_pending'; } else { $priv = 'edit'; } if (reason_user_has_privs($user_id, $priv)) { $user = new entity($user_id); return $e2->user_can_edit_relationship($this->al_relationship_id, $user, 'right'); } } } return false; }