/**
* Test handler
* @param [type] $request [description]
* @param Closure $next [description]
* @return [type] [description]
*/
public function handle($request, Closure $next)
{
$controller_id = str_replace('/index', '', action("\\" . \Route::currentRouteAction()));
$controller_id = str_replace($controller_id, '', \URL::current());
$controller_id = trim($controller_id, '/');
$perm = \Permission::checkPermission(\Route::currentRouteAction(), $controller_id, false);
if ($perm === true) {
//preceed with the normal request
} else {
if (@\Auth::user()->id) {
\Session::flash('danger', "You do not have permission to do that.");
}
return $perm;
}
return $next($request);
}
public function getRoles()
{
if ($this->getUserId() != 0) {
$roles = Permission::getEditableRoles();
foreach ($roles as $key => $role) {
$roles_edit[$key]['role'] = $role;
$roles_edit[$key]['dual'] = pow(2, $role);
$roles_edit[$key]['check'] = Permission::checkPermission($roles_edit[$key]['dual'], $this->getUserId());
}
return $roles_edit;
}
return array();
}
function rootMenu()
{
$menu = array();
if (Permission::checkPermission(PERM_ROOT)) {
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name' => 'Konfiguration', 'href' => 'config.php?section=edit_netmon');
$subsubmenu[] = array('name' => 'Datenbank', 'href' => 'config.php?section=edit');
$subsubmenu[] = array('name' => 'Community', 'href' => 'config.php?section=edit_community');
$subsubmenu[] = array('name' => 'Netzwerkverbindung', 'href' => 'config.php?section=edit_network_connection');
$subsubmenu[] = array('name' => 'Mail', 'href' => 'config.php?section=edit_email');
$subsubmenu[] = array('name' => 'Jabber', 'href' => 'config.php?section=edit_jabber');
$subsubmenu[] = array('name' => 'Twitter', 'href' => 'config.php?section=edit_twitter');
$subsubmenu[] = array('name' => 'Hardware', 'href' => 'config.php?section=edit_hardware');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
}
// $menu = Menus::checkIfSelected($menu);
return $menu;
}
$controller = str_replace('-', ' ', strtolower(preg_replace('/[^A-Za-z0-9\\-]/', '', $controller)));
$controller = str_replace(' ', '', Str::title($controller));
$controller = '\\' . $controller . 'Controller';
if (!class_exists($controller)) {
return App::abort(404, "Controller '{$controller}' was not existed.");
}
$action = str_replace('-', ' ', preg_replace('/[^A-Za-z0-9\\-]/', '', $action));
$method = Str::camel($action);
if (!method_exists($controller, $method)) {
return App::abort(404, "Method '{$method}' was not existed.");
}
$params = explode("/", $args);
/*
* Check permission
*/
if (!Permission::checkPermission($controller, $method, $params)) {
return App::abort(403, 'Need permission to access this page.');
}
/*
* End check permission
*/
$app = app();
$controller = $app->make($controller);
return $controller->callAction($method, $params);
})->where(['controller' => '[^/]+', 'action' => '[^/]+', 'args' => '[^?$]+']);
});
#===========================================#
# FRONTEND #
#===========================================#
Route::get('/', ['as' => 'home', 'uses' => 'HomeController@index']);
/*
//show ressource record
} elseif ($_GET['section'] == 'add') {
if (Permission::checkPermission(PERM_USER)) {
//pass system messages to the template
$smarty->assign('message', Message::getMessage());
$dns_zone_list = new DnsZoneList();
$smarty->assign('dns_zone_list', $dns_zone_list->getDnsZoneList());
//compile the template and sorround the main content by footer and header template
$smarty->display("header.tpl.html");
$smarty->display("dns_ressource_record_add.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'insert_add') {
if (Permission::checkPermission(PERM_USER)) {
$dns_ressource_record = new DnsRessourceRecord(false, (int) $_POST['dns_zone_id'], (int) $_SESSION['user_id'], $_POST['host'], $_POST['type'], $_POST['pri'], (int) $_POST['destination']);
if ($dns_ressource_record->store()) {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gespeichert.', 1);
} else {
$message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id=' . $_POST['dns_zone_id']);
} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'delete') {
$dns_ressource_record = new DnsRessourceRecord((int) $_GET['dns_ressource_record_id']);
$dns_ressource_record->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_ressource_record->getUserId())) {
/**
* Wrapper method for checking if the current user is logged in
* @author Clemens John <*****@*****.**>
* @param $user_id user id of the user for wich you want to check the login. Can only be the current user.
* @return boolean if the current user is logged in.
*/
public static function isLoggedIn($user_id)
{
return Permission::checkPermission(4, $user_id);
}
/**
* Find out which roles a user as
* @author Clemens John <*****@*****.**>
* @param int $user_id id
* @return array() an array containing all editable permissions and an boolean field that indicates
* weather this user has this role
*/
public function getRolesByUserID($user_id)
{
if (!empty($user_id)) {
$roles = Permission::getEditableRoles();
foreach ($roles as $key => $role) {
$roles_edit[$key]['role'] = $role;
$roles_edit[$key]['dual'] = pow(2, $role);
$roles_edit[$key]['check'] = Permission::checkPermission($roles_edit[$key]['dual'], $user_id);
}
return $roles_edit;
}
return array();
}
//$orgid=$_POST['organization_id'];
if ($defaultorganization_id == '') {
$defaultorganization_id = $o->getDefaultOrganization($userid);
$_SESSION['defaultorganization_id'] = $defaultorganization_id;
if ($defaultorganization_id == '' || $defaultorganization_id == 0) {
$defaultorganization_id = 1;
$_SESSION['defaultorganization_id'] = $defaultorganization_id;
}
}
if ($_GET['setSessionDate'] == 'Y') {
$_SESSION['defaultDateSession'] = $_GET['defaultDateSession'];
}
$defaultDateSession = $_SESSION['defaultDateSession'];
$permission = new Permission();
$log->showLog(4, "Currenct org session id=" . $_SESSION['defaultorganization_id'] . ",program org_id= {$defaultorganization_id},uid={$userid}");
$arrperm = $permission->checkPermission($userid, $module_id, $usefilename);
$menuname = $arrperm[0];
$xoopsTpl->assign('xoops_pagetitle', $menuname);
$havewriteperm = $arrperm[1];
$windowsetting = $arrperm[2];
$permissionsetting = $arrperm[3];
$helpurl = $arrperm[4];
$jrxml = $arrperm[5];
if (strpos($permissionsetting, '$') >= 0) {
$permissionsetting = explode(",", $permissionsetting);
$totalpermissionsetting = count($permissionsetting);
$i = 0;
while ($i < $totalpermissionsetting) {
eval($permissionsetting[$i] . ";");
if (strpos($permissionsetting[$i], '$')) {
eval($permissionsetting[$i] . ";");
if ($_GET['object_type'] == "router") {
$router = new Router((int) $_GET['object_id']);
$router->fetch();
//Root and owning user can see api keys
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $router->getUserId())) {
$api_key_list = new ApiKeyList((int) $_GET['object_id'], 'router');
$smarty->assign('api_key_list', $api_key_list->getList());
$smarty->display("header.tpl.html");
$smarty->display("api_key_list.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $router->getUserId());
}
} elseif ($_GET['object_type'] == "user") {
$user = new User((int) $_GET['object_id']);
$user->fetch();
//Root and owning user can see api keys
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $user->getUserId())) {
$api_key_list = new ApiKeyList((int) $_GET['object_id'], 'user');
$smarty->assign('api_key_list', $api_key_list->getList());
$smarty->display("header.tpl.html");
$smarty->display("api_key_list.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $user->getUserId());
}
}
} elseif (Permission::checkPermission(PERM_ROOT)) {
} else {
//no permission to access this site
}
header("Location: ./routereditor.php?section=new&router_auto_assign_login_string={$_POST['router_auto_assign_login_string']}&hostname={$_POST['hostname']}");
}
} else {
Permission::denyAccess(PERM_USER);
}
}
if ($_GET['section'] == "edit") {
$router_data = Router_old::getRouterInfo($_GET['router_id']);
$smarty->assign('router_data', $router_data);
//Moderator and owning user can edit router
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $router_data['user_id'])) {
$smarty->assign('community_location_longitude', Config::getConfigValueByName('community_location_longitude'));
$smarty->assign('community_location_latitude', Config::getConfigValueByName('community_location_latitude'));
$smarty->assign('community_location_zoom', Config::getConfigValueByName('community_location_zoom'));
$smarty->assign('message', Message::getMessage());
$smarty->assign('is_root', Permission::checkPermission(PERM_ROOT));
/** Get and assign Router Informations **/
$chipsetlist = new Chipsetlist(false, false, 0, -1);
$smarty->assign('chipsetlist', $chipsetlist->getList());
$smarty->display("header.tpl.html");
$smarty->display("router_edit.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $router_data['user_id']);
}
}
if ($_GET['section'] == "insert_edit") {
//Moderator and owning user can edit router
$router_data = Router_old::getRouterInfo($_GET['router_id']);
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $router_data['user_id'])) {
$insert_result = RouterEditor::insertEditRouter();
<?php
require_once 'runtime.php';
require_once './lib/core/helper.class.php';
require_once './lib/core/user_old.class.php';
$smarty->assign('message', Message::getMessage());
if ($_GET['section'] == "edit") {
//Only owner and Root can access this site.
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
$smarty->assign('user', User_old::getUserByID($_GET['user_id']));
$smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id']));
$smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id']));
$smarty->display("header.tpl.html");
$smarty->display("user_edit.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "insert_edit") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) {
header('Location: user.php?user_id=' . $_GET['user_id']);
} else {
header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "delete") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if ($_POST['delete'] == "true") {
