/**
* beforeFind model callback
*
* if we are checking permissions, then the appropriate modifications are
* made to the original query to filter out denied rows
*
* @param object $Model
* @param array $queryData
* @return mixed
*/
public function beforeFind(Model $Model, $queryData)
{
$checked = false;
if (isset(Router::getRequest()->params)) {
$url = Router::getRequest()->params;
}
if (isset($url['controller']) && isset($url['action']) && strtolower($url['controller']) == strtolower(Configure::read('Core.LoginAction.controller')) && strtolower($url['action']) == strtolower(Configure::read('Core.LoginAction.action'))) {
$checked = true;
}
if ($checked == true || $this->_disabled || isset($queryData['permissionable']) && $queryData['permissionable'] == false || isset($queryData['conditions']['permissionable']) && $queryData['conditions']['permissionable'] == false) {
unset($queryData['permissionable']);
unset($queryData['conditions']['permissionable']);
$this->_unbind($Model);
return $queryData;
}
$alias = $this->getPermissionAlias($Model);
if (!in_array($Model->findQueryType, array('avg', 'count', 'max', 'min', 'sum'))) {
if (empty($queryData['fields'])) {
$queryData['fields'] = array("{$Model->alias}.*");
}
$queryData['fields'] = Set::merge($queryData['fields'], array("{$alias}.*, BIT_OR({$alias}.perms) as perms_merge"));
}
$que = array("{$alias}.model" => "{$Model->alias}", "{$alias}.module_id" => "{$this->settings[$Model->alias]['defaultModuleIds']}", "{$alias}.foreign_id = {$Model->alias}.{$Model->primaryKey}", 'or' => $this->_getPermissionQuery($Model));
$type = 'INNER';
$read = Access::__getPermissionCurrentModule($Model->plugin);
if (!empty($read) && $read['perms']['_read'] == GLOBAL_P) {
$que = array("{$alias}.model" => "{$Model->alias}", "{$alias}.module_id" => "{$this->settings[$Model->alias]['defaultModuleIds']}", "{$alias}.foreign_id = {$Model->alias}.{$Model->primaryKey}");
$type = 'LEFT';
}
$this->_bind($Model, $que, $type);
$queryData['group'] = "{$alias}.foreign_id";
return $queryData;
}
public function gridLink($title = 'view', $url = null, $item = false, $confirmMessage = false)
{
$options = array();
$options['escape'] = false;
if ($confirmMessage) {
$options['onclick'] = 'confirmDialog(this.href, \'' . str_replace("'", "\\'", $confirmMessage) . '\'); return false;';
$confirmMessage = false;
}
if (is_array($url)) {
if (!isset($url['action'])) {
$url['action'] = 'index';
}
//if(isset($url['action'])){
$module = isset($url['plugin']) ? $url['plugin'] : $this->plugin;
$controller = isset($url['controller']) ? $url['controller'] : $this->params['controller'];
$user_module = Access::__getPermissionCurrentModule($module);
$action = $url['action'];
switch ($action) {
case "add":
if (!Access::checkPermissionCreateModule($module)) {
return $title;
}
return parent::link($title, $url, $options, $confirmMessage);
default:
if (!Access::checkRow($module, $controller, $action, $item)) {
return $title;
}
return parent::link($title, $url, $options, $confirmMessage);
}
//}
} else {
die('not support');
}
return parent::link($title, $url, $options, $confirmMessage);
}
public static function checkPermissionCreateModule($module)
{
$user_module = Access::__getPermissionCurrentModule($module);
if (empty($user_module) || $user_module['perms']['_create'] == DENY_P) {
return false;
}
return true;
}
