Ejemplo n.º 1
0
 /**
  * Checks if user has access to specific area (for example admin or agency area)
  * Permissions are defined in www/admin/lib-permissions.inc.php file
  *
  * @access public
  *
  * @param integer $permissions
  * @param string $table  Table name
  * @param integer $id  Id (or empty if new is created)
  * @param unknown $allowed  check allowed
  * @param OA_Permission Does the current call require only a subset of the permissions?
  * 						If set to null, equivalent to asking permission to do everything on the object
  *
  * @return boolean  True if has access
  */
 function checkPermissions($permissions, $table = '', $id = null, $allowed = null, $operationAccessType = OA_Permission::OPERATION_ALL)
 {
     $isError = false;
     if (isset($permissions) && !OA_Permission::isAccount($permissions)) {
         if (!OA_Permission::attemptToSwitchToAccount($permissions)) {
             $isError = true;
         }
     }
     // Should this check also be part of checkPermissions?
     if (!empty($id) && !$this->checkIdExistence($table, $id)) {
         return false;
     }
     if (isset($id) && !OA_Permission::hasAccessToObject($table, $id, $operationAccessType)) {
         if (!OA_Permission::attemptToSwitchForAccess($table, $id)) {
             $isError = true;
         }
     }
     if (isset($allowed)) {
         if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) {
             $isError = true;
         }
     }
     if ($isError) {
         $this->raiseError('Access forbidden');
         return false;
     } else {
         // Set system timezone and return
         OA_setTimeZoneLocal();
         return true;
     }
 }
Ejemplo n.º 2
0
 /**
  * Checks if user has access to specific area (for example admin or agency area)
  * Permissions are defined in www/admin/lib-permissions.inc.php file
  *
  * @access public
  *
  * @param integer $permissions
  * @param string $table  Table name
  * @param integer $id  Id (or empty if new is created)
  * @param unknown $allowed  check allowed
  *
  * @return boolean  True if has access
  */
 function checkPermissions($permissions, $table = '', $id = null, $allowed = null)
 {
     $isError = false;
     if (isset($permissions) && !OA_Permission::isAccount($permissions)) {
         if (!OA_Permission::attemptToSwitchToAccount($permissions)) {
             $isError = true;
         }
     }
     if (!empty($id) && !$this->checkIdExistence($table, $id)) {
         return false;
     }
     if (isset($id) && !OA_Permission::hasAccessToObject($table, $id)) {
         if (!OA_Permission::attemptToSwitchForAccess($table, $id)) {
             $isError = true;
         }
     }
     if (isset($allowed)) {
         if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) {
             $isError = true;
         }
     }
     if ($isError) {
         $this->raiseError('Access forbidden');
         return false;
     } else {
         return true;
     }
 }
Ejemplo n.º 3
0
 /**
  * A method to show an error if the current user/account doesn't have access
  * to the specified DB_DataObject (defined by table name and entity ID).
  *
  * @static
  * @param string  $entityTable    The name of the table.
  * @param integer $entityId       Optional entity ID -- when set, tests if the current
  *                                account has access to the enity, when not set,  tests
  *                                if the current account can create a new entity in the
  *                                table.
  * @param boolean $allowNewEntity Allow creation of a new entity, defaults to false.
  */
 function enforceAccessToObject($entityTable, $entityId = null, $allowNewEntity = false)
 {
     if (!$allowNewEntity) {
         OA_Permission::enforceTrue(!empty($entityId));
     }
     // Verify that the ID is numeric
     OA_Permission::enforceTrue(preg_match('/^\\d*$/D', $entityId));
     $entityId = (int) $entityId;
     $hasAccess = OA_Permission::hasAccessToObject($entityTable, $entityId);
     if (!$hasAccess) {
         if (!OA_Permission::isManualAccountSwitch()) {
             if (OA_Permission::isUserLinkedToAdmin()) {
                 // Check object existence
                 OA_Permission::enforceTrue(OA_Permission::getAccountIdForEntity($entityTable, $entityId));
             }
             // if has access switch to the manager account that owns this object
             if ($hasAccess) {
                 if (OA_Permission::switchToManagerAccount($entityTable, $entityId)) {
                     // Now that the admin user is working with the manager
                     // account that owns the object, show to him the page.
                     $url = $_SERVER['REQUEST_URI'];
                     header("Location: {$url}");
                     exit;
                 } else {
                     // If is not possible to switch redirect the admin to his home page
                     OX_Admin_Redirect::redirect();
                 }
             }
         }
     }
     if (!$hasAccess) {
         OA_Permission::redirectIfManualAccountSwitch();
         $hasAccess = OA_Permission::attemptToSwitchForAccess($entityTable, $entityId);
     }
     OA_Permission::enforceTrue($hasAccess);
 }