/** * Test si l'utilisateur a un niveau d'accès * @param type $acl * @return type */ function hasAcl($acl, $action = null, $page = 'index', $params = null) { global $pdo; if (!isset($_SESSION['user']) || $_SESSION['user'] == false || !isset($_SESSION['user']['role'])) { $user = ACL_ANNONYMOUS; } elseif ($action != null) { $user = modsecu($action, $page, $params); if ($user < $_SESSION['user']['role']) { $user = $_SESSION['user']['role']; } } else { $user = $_SESSION['user']['role']; } // Tentative de rattrapage par groupe if ($user < ACL_SUPERUSER && $acl <= ACL_SUPERUSER) { $sql = $pdo->prepare('SELECT ag_group FROM access_groups RIGHT JOIN acces ON ag_access = acl_id WHERE acl_action = ? AND acl_page = ?'); $sql->bindValue(1, $action !== null ? $action : 'index'); $sql->bindValue(2, $page); $sql->execute(); while ($line = $sql->fetch()) { // Test si utilisateur dans section $line[0] if (isset($_SESSION['user']['sections'][$line[0]]) && $_SESSION['user']['sections'][$line[0]]['us_type'] == 'manager') { $user = ACL_SUPERUSER; } } } return $user >= $acl; }
if (isset($_GET['page'])) { $page = $_GET['page']; } $page = basename($page); } // Recherche du module ... if (Extend::getAction($action) == false && !file_exists($root . 'action' . DS . $action . '.php')) { $action = 'syscore'; $page = 'nomod'; } // Etape 3, vérification des droits d'accès if (!isset($_SESSION['user'])) { $_SESSION['user'] = false; } $tpl->assign('_user', $_SESSION['user']); if ($_SESSION['user']) { $sections = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN sections ON us_section = section_id WHERE us_user = ?'); $sections->bindValue(1, $_SESSION['user']['user_id']); $sections->execute(); $_SESSION['user']['sections'] = array(); while ($line = $sections->fetch()) { $_SESSION['user']['sections'][$line['section_id']] = $line; } } modsecu($action, $page, $_GET); needAcl(getAclLevel($action, $page), $action, $page, $_GET); // Etape 4 lancement du module modexec($action, $page); modexec('syscore', 'moderror'); quit(); }