public static function currentOperatorHasAnyOfPermissions($requested_permissions_arr)
{
$current_user_has_any_of_permissions = Auth::currentUserHasAnyOfPermissions($requested_permissions_arr);
if ($current_user_has_any_of_permissions) {
return true;
}
$current_user_id = Auth::currentUserId();
if (!$current_user_id) {
//error_log('Auth: no current user');
return false;
}
// check operator permissions
$current_operator_ids_arr = Operator::getIdsArrForUserIdByCreatedAtDesc($current_user_id);
if (empty($current_operator_ids_arr)) {
//error_log('Auth: no operators for user ' . $current_user_id);
return false;
}
$current_operator_id = $current_operator_ids_arr[0];
$operator_permissions_ids_arr = OperatorPermission::getIdsArrForOperatorIdByCreatedAtDesc($current_operator_id);
$assigned_permissions_titles_arr = [];
foreach ($operator_permissions_ids_arr as $operator_permission_id) {
$operator_permission_obj = OperatorPermission::factory($operator_permission_id);
$permission_id = $operator_permission_obj->getPermissionId();
$permission_obj = Permission::factory($permission_id);
$assigned_permissions_titles_arr[] = $permission_obj->getTitle();
if (in_array($permission_obj->getTitle(), $requested_permissions_arr)) {
return true;
}
}
//error_log('Auth: no permissions for operator ' . $current_operator_id . ' (' . implode(',', $operator_permissions_ids_arr) . ') (' . implode(',', $assigned_permissions_titles_arr) . ') matched requested list: ' . implode(',', $requested_permissions_arr));
return false;
}
public function save($id = null)
{
if (!empty($id)) {
$id = (int) $id;
}
$role = UserRole::factory($id);
$role->name = $this->input->post('name', true);
if (!$role->exists()) {
$role->save();
}
//save role under new name
$perms_arr = $this->input->post('permissions');
$perms = Permission::factory()->where_in('id', $perms_arr)->get();
$role->delete(Permission::factory()->get()->all);
$role->save($perms->all);
$this->templatemanager->notify_next(__("User role is saved successfully."), "success");
redirect('administration/userroles');
}
public function init()
{
header("Content-Type: application/x-javascript");
echo "var IU_SITE_URL = '" . str_replace("'", "\\'", rtrim(site_url(), '/')) . "';\n";
echo "var IU_BASE_URL = '" . str_replace("'", "\\'", base_url()) . "';\n";
echo "var IU_GLOBALS = {}; //throw anything in here\n";
$pages = Page::factory()->get();
$pages_arr = array();
foreach ($pages as $p) {
$page = new stdClass();
$page->uri = $p->uri;
$page->label = $p->title . ' ' . $p->uri;
$page->url = site_url($p->uri);
$page->title = character_limiter($p->title, 50);
$page->id = $p->id;
$pages_arr[] = $page;
}
echo "var IU_PAGES = " . json_encode($pages_arr) . ";\n";
$settings = Setting::factory()->where('group !=', 'hidden')->where('group !=', 'branding')->get();
$setts = array();
foreach ($settings as $s) {
$setts[$s->name] = $s->value;
}
echo "var IU_SETTINGS = " . json_encode($setts) . ";\n";
if (!empty($this->user)) {
$juser = $this->user->stored;
unset($juser->salt);
unset($juser->password);
unset($juser->key);
unset($juser->active);
echo "var IU_USER = "******";\n";
$perms = Permission::factory()->where_related_user('id', $this->user->id)->get();
$permarr = array();
foreach ($perms as $p) {
$permarr[] = $p->key;
}
echo "var IU_USER_PERMISSIONS = " . json_encode($permarr) . ";\n";
}
}
public function save($id = null)
{
$this->load->helper('email');
if (!empty($id)) {
$id = (int) $id;
}
if (!$this->user->can('manage_users') && $id !== $this->user->id) {
$this->templatemanager->notify_next("You are not allowed to edit users!", 'failure');
redirect('administration/dashboard');
}
//get user from db (or instantiate new user obj)
if (empty($id)) {
$user = new User();
} else {
$user = User::factory()->get_by_id($id);
}
$user->name = $this->input->post('name');
if ($this->user->can('manage_users')) {
$user->active = (bool) $this->input->post('active');
}
//check name
if (empty($user->name) || strlen($user->name) < 5) {
$this->templatemanager->notify_next(__("Name can not be empty or shorter than 5 characters."), 'failure');
redirect('administration/users/' . (empty($id) ? 'add' : 'edit/' . $id));
}
$role_id = $this->input->post('userrole_id');
//get role
if ($this->user->can('manage_users') && !empty($role_id)) {
$role = UserRole::factory((int) $role_id);
} else {
$role = $this->user->userrole->get();
}
//other data
$email = trim($this->input->post('email'));
//check e-mail
if (!valid_email($email)) {
$this->templatemanager->notify_next(__("Entered e-mail address was not valid."), 'failure');
redirect('administration/users/' . (empty($id) ? 'add' : 'edit/' . $id));
} else {
$user->email = $email;
}
//get, check and update password
$password = trim($this->input->post('password'));
$password2 = trim($this->input->post('password2'));
if (empty($id) && empty($password) && empty($password2)) {
$this->templatemanager->notify_next(__("When creating new user you must specify his password!"), 'failure');
redirect('administration/users/' . (empty($id) ? 'add' : 'edit/' . $id));
}
if (!empty($password)) {
if ($password != $password2) {
$this->templatemanager->notify_next(__("Passwords differ!"), 'failure');
redirect('administration/users/' . (empty($id) ? 'add' : 'edit/' . $id));
} else {
//if ($user->id != 1)
$user->password = $password;
//else
// $this->templatemanager->notify_next("Changing administrator password is disabled in the demo!", 'information');
}
}
//prepare for upload
$config['upload_path'] = './iu-resources/uploads/';
$config['allowed_types'] = 'gif|jpg|png|jpeg';
$config['max_size'] = '512';
$config['max_width'] = '1024';
$config['max_height'] = '1024';
$config['encrypt_name'] = true;
$this->load->library('upload', $config);
//upload profile picture
if (!empty($_FILES['picture']['name'])) {
if (!$this->upload->do_upload('picture')) {
show_error($this->upload->display_errors());
} else {
$data = $this->upload->data();
$im = image_create_from_file($config['upload_path'] . $data['file_name']);
$im = image_resize($im, 150);
image_to_file($im, $config['upload_path'] . $data['file_name']);
$user->picture = $data['file_name'];
}
}
//save user
$user->save(array($role));
//save user and role
//permissions
$perms_arr = $this->input->post('permissions');
$perms = Permission::factory()->where_in('id', $perms_arr)->get();
$user->delete(Permission::factory()->get()->all);
$user->save($perms->all);
//notify user
if ($this->user->id != $id) {
$this->templatemanager->notify_next(__("User is saved successfully."), "success");
} else {
$this->templatemanager->notify_next(__("Profile is updated successfully."), "success");
}
if ($this->loginmanager->is_editor()) {
redirect('administration/users');
}
//go back to previous page
if (empty($_SERVER['HTTP_REFERER'])) {
redirect('administration/users');
} else {
redirect($_SERVER['HTTP_REFERER']);
}
}
public function saveadmin()
{
//we cannot save admin if database config file is empty
if (!is_db_conf_empty()) {
//if config file exists, load libraries
$this->load->database();
$this->load->library('datamapper');
DataMapper::$config['prefix'] = $this->db->dbprefix;
} else {
redirect("setup/help/database-config-missing");
}
//now create the mofo admin
$role = UserRole::factory()->where('name', 'Administrator')->limit(1)->get();
$user = new User();
$perms = Permission::factory()->get();
$name = $this->input->post('name');
$email = $this->input->post('email');
if (empty($name)) {
$this->saveadmin_error("You need to specify administrator's name.");
} else {
if (empty($email)) {
$this->saveadmin_error("You need to specify administrator's e-mail address.");
} else {
$user->name = $name;
$user->email = $email;
$user->active = 1;
$password = trim($this->input->post('password'));
$password2 = trim($this->input->post('password2'));
if (empty($password)) {
$this->saveadmin_error("You must enter administrator's password.");
} else {
if ($password != $password2) {
$this->saveadmin_error("Entered passwords differ.");
} else {
$user->password = $password;
$user->save(array($role, $perms->all));
redirect("setup/finish");
}
}
}
}
}
public function can($permission_key)
{
//admin can edit all
if ($this->is_admin()) {
return true;
}
$perm = Permission::factory()->get_by_key($permission_key);
if (!$perm->exists()) {
return false;
}
return $this->is_related_to($perm);
}