/** Purpose : this function check user task permissions for a Group or a Network @param : $uid, $task_values, $type, $target_id, $strict @return : bool **/ public static function can_user($uid, $task_values, $type = 'network', $strict, $target_id = null) { Logger::log("Enter: function User::can_user"); if (SUPER_USER_ID == $uid) { // SUPER USER has all permissions! return TRUE; } if (!is_array($task_values)) { $task_values = array($task_values); } $user = new self(); $user->load($uid); $roles = $user->get_user_roles(DB_FETCHMODE_OBJECT); $result = false; $user_tasks = array(); foreach ($roles as $role) { // merge all tasks/permissions for specific role type // $role_obj = new Roles(); // $role_obj->load((int)$role->role_id); $condition = $type == 'network' ? $role->extra['network'] == true : count($role->extra['groups']) > 0 && in_array($target_id, $role->extra['groups']); // apply role to a group // if(($role_obj->type == $type) && $condition) { if ($condition) { $role_tasks = Roles::get_tasks_of_role($role->role_id); if ($role_tasks) { foreach ($role_tasks as $rt) { $user_tasks[] = $rt->task_value; } } } } $found = 0; $nb_tasks = count($task_values); foreach ($task_values as $value) { if (!in_array($value, $user_tasks) && $strict == true) { $result = false; break; } if (in_array($value, $user_tasks) && $strict == false) { $result = true; break; } if (in_array($value, $user_tasks) && $strict == true) { $found++; } } if ($strict == true) { $result = $found == $nb_tasks ? true : false; } Logger::log("Exit: function User::can_user"); return $result; }