/**
  * Return view for selecting a document for preprocessing.
  */
 public function getIndex()
 {
     $files = File::get();
     $thisUser = \Auth::user();
     foreach ($files as $ent) {
         $hasPermission = PermissionHandler::checkProject($thisUser, $ent['project'], Permissions::PROJECT_WRITE);
         $ent['canWrite'] = $hasPermission;
     }
     if (count($files) > 0) {
         return View::make('media.preprocess.text.pages.actions', compact('files'));
     }
     return Redirect::to('media/upload')->with('flashNotice', 'You have not uploaded any documents yet');
 }
 /**
  * Generate a list of Projects a given user belongs to.
  * 
  * @param $user UserAgent of the user whose groups should be listed.
  * @param $permission (optional) a permission required for the listed projects -- only 
  * 			projects for which the user has the given permission will be listed.
  * @return List of containing the name and role of Projects the user belongs to.
  */
 public static function getUserProjects($user, $permission = null)
 {
     $sentryGroups = $user->getGroups();
     // List Sentry-groups and build list of Projects
     $projects = [];
     foreach ($sentryGroups as $sentryGroup) {
         $parts = explode(':', $sentryGroup->name);
         if (is_null($permission) || PermissionHandler::checkProject($user, $parts[0], $permission)) {
             array_push($projects, ['name' => $parts[0], 'role' => $parts[1]]);
         }
     }
     return $projects;
 }
 /**
  * Display view with details for a specified group.
  * 
  * @param $groupname Name of the group to be displayed.
  */
 public function getSettings($groupname)
 {
     $sentryGroups = [];
     foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
         $sentryGroups[$role] = Sentry::findGroupByName($groupname . ':' . $role);
     }
     $groupUsers = [];
     foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
         // List userts with $role in this group -- make [] when none
         $users = $sentryGroups[$role]['user_agent_ids'];
         $groupUsers[$role] = is_null($users) ? [] : $users;
     }
     $groupInviteCodes = [];
     foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
         $groupInviteCodes[$role] = $sentryGroups[$role]['invite_code'];
     }
     $canEditGroup = PermissionHandler::checkProject(Auth::user(), $groupname, Permissions::PROJECT_ADMIN);
     $credentials = ProjectHandler::getCredentials($groupname);
     return View::make('projects.settings')->with('project', $groupname)->with('users', $groupUsers)->with('inviteCodes', $groupInviteCodes)->with('canEditGroup', $canEditGroup)->with('credentials', $credentials);
 }
 /**
  * Display list of all users
  */
 public function getUserlist()
 {
     $userlist = UserAgent::getUserlist();
     // Logged in user can view other user's profiles
     $viewProfiles = PermissionHandler::checkAdmin(Auth::user(), Permissions::ALLOW_ALL);
     $thisUser = Auth::user();
     // List of groups this user can invite people to
     $groupsManaged = [];
     // For each group logged in user belongs to
     foreach (ProjectHandler::getUserProjects($thisUser) as $group) {
         // Check if user has admin permission..
         if (PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN)) {
             array_push($groupsManaged, $group['name']);
         }
     }
     $userGroupInfo = [];
     foreach ($userlist as $user) {
         // List of groups $user belongs to
         $usergroups = ProjectHandler::getUserProjects($user);
         $usergroupnames = array_column($usergroups, 'name');
         // List of groups logged in user can invite $user to join
         // and that $user is not already a member of.
         $inviteGroups = array_diff($groupsManaged, $usergroupnames);
         $belongGroups = [];
         foreach ($usergroups as $group) {
             // Can logged user assign roles for this group ?
             $canAssign = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN);
             // Can logged user view info for this group ?
             $canView = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_READ);
             // User cannot change his own permissions
             if ($user['_id'] == $thisUser['_id']) {
                 $canAssign = false;
             }
             $group['canview'] = $canView;
             $group['assignrole'] = $canAssign;
             array_push($belongGroups, $group);
         }
         $userGroupInfo[$user['_id']] = ['groups' => $belongGroups, 'tojoin' => $inviteGroups];
     }
     return View::make('users.list')->with('userlist', $userlist)->with('viewProfiles', $viewProfiles)->with('usergroups', $userGroupInfo);
 }
Beispiel #5
0
 * Alternatively it should be passed in as a GET/POST parameter 
 * 
 * $permission needs to be passed in as a filter parameter
 * 
 * 		'before' => 'permission:'.Permissions::PROJECT_ADMIN
 */
Route::filter('permission', function ($route, $request, $permission) {
    $thisUser = Auth::user();
    $groupName = Route::input('projectname');
    // Passed in as route parameter
    if (is_null($groupName)) {
        $groupName = Input::get('projectname');
        // Passed in as parameter parameter
    }
    // Check permissions
    $hasPermission = PermissionHandler::checkProject($thisUser, $groupName, $permission);
    if (!$hasPermission) {
        return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
    }
});
/**
 * Require routes to have admin permissions.
 */
Route::filter('adminPermission', function () {
    $thisUser = Auth::user();
    // Check permissions
    $isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL);
    if (!$isAdmin) {
        return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
    }
});