Beispiel #1
0
function access_can_view_page($page = '', $user = '')
{
    global $access_user, $is_admin, $login, $page_lookup, $page_lookup_ex, $PHP_SELF;
    if (!access_is_enabled()) {
        return true;
    }
    if (empty($user) && !empty($login)) {
        $user = $login;
    }
    assert('! empty ( $user )');
    if (empty($page) && !empty($PHP_SELF)) {
        $page = $PHP_SELF;
    }
    assert('! empty ( $page )');
    $page = basename($page);
    // Handle special cases for publish.php and freebusy.php.
    if (substr($page, -3) == 'ics') {
        $page = 'publish.php';
    }
    if (substr($page, -3) == 'ifb') {
        $page = 'freebusy.php';
    }
    // First, check list of exceptions to our rules.
    if (!empty($page_lookup_ex[$page])) {
        return true;
    }
    for ($i = 0; $i <= ACCESS_NUMBER_FUNCTIONS; $i++) {
        if (!empty($page_lookup[$i]) && preg_match("/{$page_lookup[$i]}/", $page)) {
            $page_id = $i;
        }
    }
    //echo "page_id = $page_id<br />page = $page<br />\n";
    // If the specified user is the currently logged in user, then we have already
    // loaded this user's access, stored in the global variable $access_user.
    $access = !empty($login) && $user == $login && !empty($access_user) ? $access_user : access_load_user_functions($user);
    assert('! empty ( $access )');
    // If we did not find a page id, then this is also a WebCalendar bug.
    // (Someone needs to add another entry in the $page_lookup[] array.)
    $yesno = substr($access, $page_id, 1);
    // No setting found. Use default values.
    if (empty($yesno)) {
        $yesno = get_default_function_access($page_id, $user);
    }
    //echo "yesno = $yesno<br />\n";
    assert('! empty ( $yesno )');
    return $yesno == 'Y';
}
        <option value="__default__"' . ($guser == '__default__' ? $selected : '') . '>' . $defConfigStr . '</option>';
    for ($i = 0, $cnt = count($userlist); $i < $cnt; $i++) {
        echo '
        <option value="' . $userlist[$i]['cal_login'] . '"' . ($guser == $userlist[$i]['cal_login'] ? $selected : '') . '>' . $userlist[$i]['cal_fullname'] . '</option>';
    }
    for ($i = 0, $cnt = count($nonuserlist); $i < $cnt; $i++) {
        echo '
        <option value="' . $nonuserlist[$i]['cal_login'] . '"' . ($guser == $nonuserlist[$i]['cal_login'] ? $selected : '') . '>' . $nonuserlist[$i]['cal_fullname'] . ' ' . ($nonuserlist[$i]['cal_is_public'] == 'Y' ? '*' : '') . '</option>';
    }
    echo $goStr;
}
//end admin $guser != default test
if (!empty($guser) || !$is_admin) {
    if ($is_admin) {
        // Present a page to allow editing a user's rights.
        $access = access_load_user_functions($guser);
        $div = ceil(ACCESS_NUMBER_FUNCTIONS / 4);
        // We can reorder the display of user rights here.
        $order = array(1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 27, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27);
        // Make sure that we have defined all the types of
        // access defined in access.php
        assert(count($order) == ACCESS_NUMBER_FUNCTIONS + 1);
        echo '
    <div class="boxall" style="margin-top: 5px; padding: 5px;">
      <form action="access.php" method="post" name="accessform">
        <input type="hidden" name="auser" value="' . $guser . '" />
        <input type="hidden" name="guser" value="' . $guser . '" />
        <table border="0" cellspacing="10">
          <tbody>
            <tr>
              <td valign="top">';