/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
return (bool) $user;
case self::PERMISSION_UPDATE:
return $user && ($user->id == $this->author_id || $user->has_role('admin', 'photo admin'));
case self::PERMISSION_DELETE:
return $user && (in_array($user->id, array($this->user_id, $this->author_id)) || $user->has_role('admin', 'photo admin'));
case self::PERMISSION_READ:
return true;
}
return false;
}
/**
* Find Notifications for user.
*
* @static
* @param Model_User $target
* @return Model_Notification[]
*/
public function find_by_target(Model_User $target)
{
// User notifications
$query = DB::select_array($this->fields())->where('target_id', '=', $target->id)->order_by('id', 'DESC');
// Admin notifications
if ($target->has_role('admin', 'photo moderator')) {
$query = $query->or_where_open()->where('class', '=', Notification_Galleries::CLASS_GALLERIES)->and_where('type', '=', Notification_Galleries::TYPE_IMAGE_REPORT)->or_where_close();
}
return $this->load($query, 0);
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && $user->has_role('admin');
case self::PERMISSION_POST:
case self::PERMISSION_READ:
return (bool) $user;
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_READ:
return true;
case self::PERMISSION_CREATE:
case self::PERMISSION_COMMENT:
case self::PERMISSION_COMMENTS:
return (bool) $user;
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && ($this->author_id == $user->id || $user->has_role('admin'));
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
// Everybody can read roles
case self::PERMISSION_READ:
return true;
// Don't allow to delete nor rename of critical roles
// Don't allow to delete nor rename of critical roles
case self::PERMISSION_DELETE:
if (in_array($this->id, array(self::LOGIN, self::ADMIN))) {
return false;
}
default:
return $user && $user->has_role('admin');
}
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
$status = false;
switch ($permission) {
case self::PERMISSION_DELETE:
if (count($this->areas())) {
// Don't delete groups with areas
return false;
}
case self::PERMISSION_CREATE:
case self::PERMISSION_CREATE_AREA:
case self::PERMISSION_UPDATE:
$status = $user && $user->has_role('admin');
break;
case self::PERMISSION_READ:
$status = true;
break;
}
return $status;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_DELETE:
return $user && $user->has_role('admin');
case self::PERMISSION_POST:
return ($this->status != self::STATUS_LOCKED || $user->has_role('admin')) && $this->has_permission(self::PERMISSION_READ, $user);
case self::PERMISSION_READ:
return $user && in_array($user->id, $this->recipients());
case self::PERMISSION_UPDATE:
return $this->has_permission(self::PERMISSION_READ, $user) && parent::has_permission($permission, $user);
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_DELETE:
return $user && $user->has_role(array('admin', 'photo moderator'));
case self::PERMISSION_COMMENT:
case self::PERMISSION_COMMENTS:
case self::PERMISSION_CREATE:
case self::PERMISSION_READ:
return (bool) $user;
case self::PERMISSION_UPDATE:
return $user && !$this->has_full_date();
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
return (bool) $user;
break;
case self::PERMISSION_COMBINE:
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && $user->has_role('admin', 'venue moderator');
break;
case self::PERMISSION_READ:
return true;
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
case self::PERMISSION_NOTE:
case self::PERMISSION_REPORT:
return (bool) $user;
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && ($user->id == $this->author_id || $user->has_role('admin', 'photo moderator'));
case self::PERMISSION_READ:
return true;
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && $user->has_role('admin');
case self::PERMISSION_POST:
return $user && !$this->is_hidden && (!$this->is_moderated || $user->has_role('admin'));
case self::PERMISSION_READ:
return !$this->is_hidden && $this->area_type != self::TYPE_PRIVATE && (!$this->is_private || $user);
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_DELETE:
return $user && $user->has_role('admin');
case self::PERMISSION_POST:
return $user && ($this->status !== self::STATUS_LOCKED || $user->has_role('admin'));
case self::PERMISSION_READ:
return Permission::has($this->area(), Model_Forum_Area::PERMISSION_READ, $user);
case self::PERMISSION_UPDATE:
return $user && ($this->status !== self::STATUS_LOCKED && $user->id == $this->author_id || $user->has_role('admin'));
}
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_CREATE:
case self::PERMISSION_DELETE:
case self::PERMISSION_UPDATE:
return $user && $user->has_role('admin');
case self::PERMISSION_POST:
return $user && ($this->access_write != self::WRITE_ADMINS && $this->area_type != self::TYPE_BIND && $this->status != self::STATUS_HIDDEN || $user->has_role('admin'));
case self::PERMISSION_READ:
return $this->status == self::STATUS_NORMAL && $this->area_type != self::TYPE_PRIVATE && ($this->access_read == self::READ_NORMAL || $user);
}
return false;
}
protected function add_edit(Model_User &$user)
{
$errors = array();
$roles = ORM::factory('Role')->where('id', '!=', Model_User::LOGIN_ROLE_ID)->order_by('id')->find_all()->as_array('id');
if ($this->request->method() == Request::POST) {
$data = $this->request->post();
$_data = $data;
// operate on copy: $_data
$email = $user->email;
// keep email in the case od validation exception to restore this value in $user
$external_validation = Validation::factory($_data)->labels(array('repeat_email' => 'Repeat e-mail'))->rules('roles', array(array('each_in_array', array(':value', array_keys($roles)))))->rules('repeat_email', array(array('matches', array(':validation', ':field', 'email'))));
if ($user->loaded()) {
if (empty($_data['email'])) {
// no email while editing means: no changing but ORM model need email value to be not empty
$_data['email'] = $user->email;
}
} else {
$_data['password'] = Text::random('alnum', 14);
// set random password for new user
}
try {
$user->values($_data)->save($external_validation);
} catch (ORM_Validation_Exception $vex) {
$errors = $vex->errors('orm');
$user->email = $email;
// restore original email value
}
// Manage roles for user:
if (empty($errors)) {
$user_roles = (array) Arr::get($data, 'roles', array());
foreach ($roles as $role) {
// Adding:
if (in_array($role->id, $user_roles) and !$user->has_role($role->id)) {
$user->add('roles', $role);
}
// Removing:
if (!in_array($role->id, $user_roles) and $user->has_role($role->id)) {
$user->remove('roles', $role);
}
}
if (!empty($data['send_hashlink'])) {
$this->send_activation($user);
}
// finish saving
return TRUE;
}
} else {
if ($user->loaded()) {
$data = $user->as_array();
$data['email'] = '';
$data['roles'] = array();
foreach ($roles as $role) {
if ($user->has_role($role->id)) {
$data['roles'][] = $role->id;
}
}
} else {
$data = array('send_hashlink' => '1');
}
}
$this->content = View::factory("users/edit")->bind("user", $user)->bind("roles", $roles)->bind("data", $data)->bind("errors", $errors);
}
/**
* Attempt to log in a user by using an ORM object and plain-text password.
*
* @param Model_User $user
* @param string $password plain text
* @param boolean $remember auto-login
* @return boolean
*/
public function login(Model_User $user, $password, $remember = false)
{
if (!$password || !$user) {
return false;
}
// Get the salt from the stored password
$salt = $this->find_salt($user->password_kohana);
// Create a hashed password using the salt from the stored password
$hashed_password = $this->hash_password($password, $salt);
// If the passwords match to hashed password or "generated" password, perform a login
if (($user->password_kohana === $hashed_password || self::generate_password($user->password_kohana) === $password) && $user->has_role('login')) {
if ($remember === true) {
// Create a new autologin token
$token = new Model_User_Token();
$token->user_id = $user->id;
$token->expires = time() + $this->_config['lifetime'];
$token->create();
// Set the autologin cookie
Cookie::set($this->_config['cookie_name'], $token->token, $this->_config['lifetime']);
}
// Finish the login
$this->complete_login($user);
return true;
}
// Login failed
return false;
}
/**
* Check permission
*
* @param string $permission
* @param Model_User $user
* @return boolean
*/
public function has_permission($permission, $user)
{
switch ($permission) {
case self::PERMISSION_APPROVE:
case self::PERMISSION_UPDATE:
return $user && $user->has_role(array('admin', 'photo moderator'));
case self::PERMISSION_APPROVE_WAITING:
return $user && $user->has_role(array('photo', 'admin', 'photo moderator'));
case self::PERMISSION_DELETE:
return $user && $user->has_role('admin');
case self::PERMISSION_COMMENT:
case self::PERMISSION_COMMENTS:
case self::PERMISSION_CREATE:
case self::PERMISSION_UPLOAD:
return (bool) $user;
case self::PERMISSION_READ:
return true;
}
return false;
}
