/** * */ public static function checkPermissions() { $request = Core_Request::getInstance(); // permissions structure $data = array('module' => $request->getRoute('module'), 'controller' => $request->getRoute('controller'), 'action' => $request->getRoute('action')); $model = Admin_PermissionsModel::getInstance(); $flag = $model->getFlag($data); // $flag = 0 - is a free acces of the page if ($flag === 0) { return true; } if (!$flag) { // we need to check that method exist $model->add($data); } else { if (!s()->user->id) { // @todo Core_View::getInstance()->addFlashMessage(__('Please Login'), 'danger'); Core_Response::getInstance()->setStatus(1)->redirect('admin')->toJson(); } if (!Core_Bit::check(s()->user->access['permissions'], $flag)) { // well an owner has ALL access $role_rs = Admin_RolesModel::get(array('id' => s()->user->role_id)); if ($role_rs->is_owner === 1 || s()->user->is_developer === 1) { return true; } Core_View::getInstance()->addFlashMessage(__('You Don\'t have permission to access this page'), 'danger'); Core_Response::getInstance()->setStatus(1)->redirect('admin')->toJson(); } } }
public function permissionsAction() { $id = $this->getRequest()->getParam('id'); if (!$id) { $this->getResponse()->setStatus(0)->setBody(__('role does not exist'))->toJson(); } $role_rs = Admin_RolesModel::get(array('id' => $id)); if (!$role_rs) { $this->getResponse()->setStatus(0)->setBody(__('role does not exist'))->toJson(); } $return = array(); $permissions_rs = Admin_PermissionsModel::getAll(); foreach ($permissions_rs as $permission_row) { if (Core_Bit::check($role_rs->permissions, $permission_row->bit_flag) || $role_rs->is_owner) { $return[$permission_row['name']] = true; } } $this->getResponse()->setStatus(1)->setData(Core_Tools::JsonEncode($return))->toJson(); }
public function createAction() { $email = strtolower($this->getRequest()->getPost('email')); if (!Core_Check::email($email)) { $this->getResponse()->setStatus(0)->setBody(__('invalid email'))->toJson(); } $pass = $this->getRequest()->getPost('pass'); if (!Core_Check::password($pass)) { $this->getResponse()->setStatus(0)->setBody(__('password must be at least %1$s characters long', cfg()->min_pass_lenght))->toJson(); } $user = $this->getRequest()->getPost('user'); if (!Core_Check::user($user)) { $this->getResponse()->setStatus(0)->setBody(__('invalid user'))->toJson(); } $all_roles = Admin_RolesModel::getAll(array()); $role_id = $this->getRequest()->getPost('role'); $valid_role = false; foreach ($all_roles as $role_row) { if ($role_id == $role_row->id) { $valid_role = true; } } if (!$valid_role) { $this->getResponse()->setStatus(0)->setBody(__('invalid role'))->toJson(); } $insert_data = array('user' => strip_tags(strtolower($this->getRequest()->getPost('user'))), 'email' => strip_tags(strtolower($this->getRequest()->getPost('email'))), 'role_id' => $this->getRequest()->getPost('role'), 'password' => Core_Security::generate($this->getRequest()->getPost('pass')), 'company' => $this->getRequest()->getPost('company')); if ($insert_data['user'] == '' || $insert_data['email'] == '' || $insert_data['role_id'] == '') { $this->getResponse()->setStatus(0)->setBody(__('invalid data submited. Username, Email and Role are mandatory'))->toJson(); } if (!Admin_UsersModel::tryAdd($insert_data)) { $this->getResponse()->setStatus(0)->setBody(__('duplicate user or email'))->toJson(); } $this->getResponse()->setStatus(1)->setBody(__('user added'))->toJson(); }