public static function from_idmobject()
 {
     $perm = new Permissions();
     $grant = array();
     if (\IDMObject::authZ('role', 'tcert')) {
         $grant[] = 'tcert';
     }
     if (\IDMObject::authz('permission', 'tcert_admin')) {
         $grant[] = 'admin';
     }
     if (\IDMObject::authz('permission', 'tcert_gatesystem_ug')) {
         $grant[] = 'gatesystem_ug';
     }
     if (\IDMObject::authz('permission', 'tcert_gatesystem_gr')) {
         $grant[] = 'gatesystem_gr';
     }
     if (\IDMObject::authz('permission', 'mis')) {
         $grant[] = 'superadmin';
     }
     if (\IDMObject::authz('role', 'faculty')) {
         $grant[] = 'faculty';
     }
     $perm->grant($grant);
     $perm->pidm = $_SESSION['pidm'];
     return $perm;
 }
 function __construct()
 {
     parent::__construct();
     // general template vars
     $this->assign('title', 'Analysis and Provisioning Engine');
     $this->assign('icon', $GLOBALS['ape']->icons);
     $this->template_dir = $GLOBALS['BASE_DIR'] . '/templates';
     // custom template functions
     $this->register_function('ape_bool', array($this, 'ape_bool'));
     $this->assign('username', $_SESSION['username']);
     $this->assign('ape', $GLOBALS['ape']);
     $this->assign('myuser', $GLOBALS['myuser']);
     $this->assign('infodesk', APEAuthZ::infodesk());
     // get svn dataz for this application
     $this->assign('svninfo', PSU::get_svn_info());
     $this->xhtml = false;
     $this->load_authz();
     /*** set up navigation links ***/
     $links = array('nav-home' => $this->createLink('Home', $GLOBALS['BASE_URL'] . '/', 'nav-icon nav-home', 'home'), 'nav-identity' => $this->createLink('Identity/Access', $GLOBALS['BASE_URL'] . '/user/' . $_SESSION['ape_identifier'], 'nav-identity', 'person'));
     if (APEAuthZ::advancement()) {
         $links['nav-advancement'] = $this->createLink('Advancement', $GLOBALS['BASE_URL'] . '/user/advancement/' . $_SESSION['ape_identifier'], 'nav-advancement', 'advancement');
         $this->assign('advancement_link', true);
     }
     //end if
     if (APEAuthZ::hr()) {
         $links['nav-hr'] = $this->createLink('HR', '#', 'nav-advancement', 'hr');
         $this->assign('hr_link', true);
     }
     //end if
     if (APEAuthZ::family()) {
         $links['nav-family'] = $this->createLink('Family', $GLOBALS['BASE_URL'] . '/user/family/' . $_SESSION['ape_identifier'], 'nav-family', 'family');
         $this->assign('family_link', true);
     }
     //end if
     if (APEAuthZ::student()) {
         $links['nav-student'] = $this->createLink('Student', $GLOBALS['BASE_URL'] . '/user/student/' . $_SESSION['ape_identifier'], 'nav-student', 'student');
         $this->assign('student_link', true);
     }
     //end if
     if ($_SESSION['AUTHZ']['admin']) {
         $links['nav-identity']['children'][] = $this->createLink('Access Management', $GLOBALS['BASE_URL'] . '/authz.html', 'nav-access', 'access');
     }
     if (IDMObject::authZ('permission', 'ape_mailing')) {
         $links['nav-identity']['children'][] = $this->createLink('Mailing Lists', $GLOBALS['BASE_URL'] . '/lists/', 'nav-mailing', 'mail');
     }
     if (IDMObject::authZ('oracle', 'reporting_security')) {
         $links['nav-identity']['children'][] = $this->createLink('Banner Security', $GLOBALS['BASE_URL'] . '/banner/', 'nav-banner', 'banner-security');
     }
     if ($GLOBALS['ape']->canResetPassword()) {
         $links['nav-identity']['children'][] = $this->createLink('Password Test', $GLOBALS['BASE_URL'] . '/password-test.html', 'nav-pass', 'password');
         $links['nav-identity']['children'][] = $this->createLink('Locked (' . $GLOBALS['ape']->locks_count() . ')', $GLOBALS['BASE_URL'] . '/locks.html', 'nav-locked', 'lock');
     }
     //end if
     $links['nav-identity']['children'][] = $this->createLink('Creation (' . $GLOBALS['ape']->pending_accounts_count() . ')', $GLOBALS['BASE_URL'] . '/pending.html', 'nav-pend-create', 'pending-creation');
     $links['nav-identity']['children'][] = $this->createLink('Deletion (' . $GLOBALS['ape']->pending_deletion_count() . ')', $GLOBALS['BASE_URL'] . '/deletion.html', 'nav-pend-delete', 'pending-deletion');
     if (IDMObject::authz('permission', 'mis')) {
         $links['nav-identity']['children'][] = $this->createLink('Provision/Deprovision Docs', 'https://docs.google.com/Doc?docid=0AcDtIeWVN6nGYWNmZ3dxamRqOW5jXzE0N2dndHBqNmZn&hl=en', 'nav-identity', 'identity');
     }
     //end if
     if (APEAuthZ::hr()) {
         $links['nav-hr']['children'][] = $this->createLink('Employee Clearance', $GLOBALS['BASE_URL'] . '/checklist-admin.html', 'nav-advancement', 'identity');
     }
     //end if
     // if there are only 2 root links, replace root link #2 with its children
     if (count($links) == 2) {
         $parent_link = array_pop($links);
         $links = array_merge($links, $parent_link['children']);
     }
     //end if
     $this->assign('nav_links', $links);
 }
 /**
  * returns whether or not the current user can view hr data
  */
 public static function hr()
 {
     return IDMObject::authz('permission', 'mis') || IDMObject::authZ('permission', 'ape_checklist_employee_exit_hr');
 }