public static function checkRights($page, $action, $token)
{
loadClass('status');
loadClass('token');
loadClass('action');
loadClass('right');
loadClass('customer');
if (is_null($action)) {
Functions::setResponse(400);
}
$pagename = str_replace('.php', '', basename($page));
$actionName = $pagename . '-' . $action;
$whereClause = 'name=:name';
$params = array(array('id' => ':name', 'value' => $actionName));
$result = Action::search($whereClause, $params);
if (!count($result)) {
echo 'Please update actions and rights!';
Functions::setResponse(500);
}
$action = $result[0];
define('LOGGED_OUT_STATUS', 'standard');
$loggedOut = false;
if (is_null($token) || strtolower($token) == 'none') {
$loggedOut = true;
} else {
$whereClause = 'value=:value';
$params = array(array('id' => ':value', 'value' => $token));
$result = Token::search($whereClause, $params);
if (!count($result)) {
Functions::setResponse(498);
} else {
$token = $result[0];
$customer = new Customer($token->get('customerId'));
$status = new Status($customer->get('statusId'));
}
}
if ($loggedOut) {
$whereClause = 'name=:name';
$params = array(array('id' => ':name', 'value' => LOGGED_OUT_STATUS));
$result = Status::search($whereClause, $params);
if (!count($result)) {
Functions::setResponse(500);
}
$status = $result[0];
}
$whereClause = 'action_id=:action_id AND status_id=:status_id';
$params = array(array('id' => ':action_id', 'value' => $action->get('id')), array('id' => ':status_id', 'value' => $status->get('id')));
$result = Right::search($whereClause, $params);
if (!count($result)) {
Functions::setResponse(401);
}
if ($result[0]->get('right') == 'deny') {
Functions::setResponse(401);
}
}
function searchRight($actionId, $statusId)
{
if (is_null($actionId) || is_null($statusId)) {
Functions::setResponse(400);
}
$whereClause = 'action_id=:action_id AND status_id=:status_id';
$params = array(array('id' => ':action_id', 'value' => $actionId), array('id' => ':status_id', 'value' => $statusId));
$result = Right::search($whereClause, $params);
if (!count($result)) {
Functions::setResponse(404);
}
return $result[0];
}
loadClass('db');
/* Load models */
loadClass('right');
loadClass('action');
loadClass('status');
/* Load SQL Views */
/* <controller> */
/* <functions> */
if (isset($_GET['name'], $_GET['checked'])) {
$name = explode('-', $_GET['name']);
$right = $_GET['checked'] == 'true' ? 'allow' : 'deny';
$st = $name[1];
$ac = $name[3];
$whereClause = 'action_id = :ac AND status_id = :st';
$params = array(array('id' => ':ac', 'value' => $ac), array('id' => ':st', 'value' => $st));
$result = Right::search($whereClause, $params);
if (!count($result)) {
Functions::setResponse(404);
}
$ri = $result[0];
$ri->set('right', $right);
$ri->save();
}
$rights = Right::searchForAll();
$actions = Action::searchForAll();
$status = Status::searchForAll();
$aArr = array();
$sArr = array();
$rArr = array();
foreach ($actions as $a) {
$aArr[$a->get('id')] = $a->get('name');
