/**
* Test si l'utilisateur a un niveau d'accès
* @param type $acl
* @return type
*/
function hasAcl($acl, $action = null, $page = 'index', $params = null)
{
global $pdo;
if (!isset($_SESSION['user']) || $_SESSION['user'] == false || !isset($_SESSION['user']['role'])) {
$user = ACL_ANNONYMOUS;
} elseif ($action != null) {
$user = modsecu($action, $page, $params);
if ($user < $_SESSION['user']['role']) {
$user = $_SESSION['user']['role'];
}
} else {
$user = $_SESSION['user']['role'];
}
// Tentative de rattrapage par groupe
if ($user < ACL_SUPERUSER && $acl <= ACL_SUPERUSER) {
$sql = $pdo->prepare('SELECT ag_group FROM access_groups RIGHT JOIN acces ON ag_access = acl_id WHERE acl_action = ? AND acl_page = ?');
$sql->bindValue(1, $action !== null ? $action : 'index');
$sql->bindValue(2, $page);
$sql->execute();
while ($line = $sql->fetch()) {
// Test si utilisateur dans section $line[0]
if (isset($_SESSION['user']['sections'][$line[0]]) && $_SESSION['user']['sections'][$line[0]]['us_type'] == 'manager') {
$user = ACL_SUPERUSER;
}
}
}
return $user >= $acl;
}
if (isset($_GET['page'])) {
$page = $_GET['page'];
}
$page = basename($page);
}
// Recherche du module ...
if (Extend::getAction($action) == false && !file_exists($root . 'action' . DS . $action . '.php')) {
$action = 'syscore';
$page = 'nomod';
}
// Etape 3, vérification des droits d'accès
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = false;
}
$tpl->assign('_user', $_SESSION['user']);
if ($_SESSION['user']) {
$sections = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN sections ON us_section = section_id WHERE us_user = ?');
$sections->bindValue(1, $_SESSION['user']['user_id']);
$sections->execute();
$_SESSION['user']['sections'] = array();
while ($line = $sections->fetch()) {
$_SESSION['user']['sections'][$line['section_id']] = $line;
}
}
modsecu($action, $page, $_GET);
needAcl(getAclLevel($action, $page), $action, $page, $_GET);
// Etape 4 lancement du module
modexec($action, $page);
modexec('syscore', 'moderror');
quit();
}
