public static function checkRights($page, $action, $token) { loadClass('status'); loadClass('token'); loadClass('action'); loadClass('right'); loadClass('customer'); if (is_null($action)) { Functions::setResponse(400); } $pagename = str_replace('.php', '', basename($page)); $actionName = $pagename . '-' . $action; $whereClause = 'name=:name'; $params = array(array('id' => ':name', 'value' => $actionName)); $result = Action::search($whereClause, $params); if (!count($result)) { echo 'Please update actions and rights!'; Functions::setResponse(500); } $action = $result[0]; define('LOGGED_OUT_STATUS', 'standard'); $loggedOut = false; if (is_null($token) || strtolower($token) == 'none') { $loggedOut = true; } else { $whereClause = 'value=:value'; $params = array(array('id' => ':value', 'value' => $token)); $result = Token::search($whereClause, $params); if (!count($result)) { Functions::setResponse(498); } else { $token = $result[0]; $customer = new Customer($token->get('customerId')); $status = new Status($customer->get('statusId')); } } if ($loggedOut) { $whereClause = 'name=:name'; $params = array(array('id' => ':name', 'value' => LOGGED_OUT_STATUS)); $result = Status::search($whereClause, $params); if (!count($result)) { Functions::setResponse(500); } $status = $result[0]; } $whereClause = 'action_id=:action_id AND status_id=:status_id'; $params = array(array('id' => ':action_id', 'value' => $action->get('id')), array('id' => ':status_id', 'value' => $status->get('id'))); $result = Right::search($whereClause, $params); if (!count($result)) { Functions::setResponse(401); } if ($result[0]->get('right') == 'deny') { Functions::setResponse(401); } }
function searchRight($actionId, $statusId) { if (is_null($actionId) || is_null($statusId)) { Functions::setResponse(400); } $whereClause = 'action_id=:action_id AND status_id=:status_id'; $params = array(array('id' => ':action_id', 'value' => $actionId), array('id' => ':status_id', 'value' => $statusId)); $result = Right::search($whereClause, $params); if (!count($result)) { Functions::setResponse(404); } return $result[0]; }
loadClass('db'); /* Load models */ loadClass('right'); loadClass('action'); loadClass('status'); /* Load SQL Views */ /* <controller> */ /* <functions> */ if (isset($_GET['name'], $_GET['checked'])) { $name = explode('-', $_GET['name']); $right = $_GET['checked'] == 'true' ? 'allow' : 'deny'; $st = $name[1]; $ac = $name[3]; $whereClause = 'action_id = :ac AND status_id = :st'; $params = array(array('id' => ':ac', 'value' => $ac), array('id' => ':st', 'value' => $st)); $result = Right::search($whereClause, $params); if (!count($result)) { Functions::setResponse(404); } $ri = $result[0]; $ri->set('right', $right); $ri->save(); } $rights = Right::searchForAll(); $actions = Action::searchForAll(); $status = Status::searchForAll(); $aArr = array(); $sArr = array(); $rArr = array(); foreach ($actions as $a) { $aArr[$a->get('id')] = $a->get('name');