Get permissions for the user and project and merge them.
public static getPermissions ( |
||
$user | ||
$project | ||
return | array |
/** * Always call this when defining `__construct()` in sub-classes. */ public function __construct() { $this->db = ConnectionManager::getConnection(); // Modal? if (Request::$headers->has('X-Modal')) { $this->isModal = Request::$headers->get('X-Modal') == true; } // Get current project. if (Request::$properties->has('pslug')) { $this->currentProject = Project::find('slug', Request::$properties->get('pslug')) ?: null; $GLOBALS['current_project'] = $this->currentProject; $this->before('*', function () { if (!$this->hasPermission('view', $this->currentProject)) { return $this->show404(); } }); } else { $GLOBALS['current_project'] = null; } // Get current user. if ($sessionHash = Request::$cookies->get('traq')) { if ($this->currentProject) { $user = User::select('u.*')->addSelect('pur.project_role_id')->leftJoin('u', UserRole::tableName(), 'pur', 'pur.project_id = :project_id AND pur.user_id = u.id'); $user->where('u.session_hash = :session_hash'); $user->setParameter('project_id', $this->currentProject['id']); $user->setParameter('session_hash', $sessionHash); $this->currentUser = $user->fetch() ?: null; } else { $this->currentUser = User::find('session_hash', $sessionHash) ?: null; } $GLOBALS['current_user'] = $this->currentUser; } else { $GLOBALS['current_user'] = null; } $GLOBALS['permissions'] = Permission::getPermissions($this->currentUser, $this->currentProject); // Add Traq as first breadcrumb. $this->addCrumb(setting('title'), $this->generateUrl('root')); // Check if the user has permission to view the current project if (isset($this->currentProject)) { $this->before('*', function () { if (!$this->hasPermission('view')) { return $this->show403(); } }); } // If the user has a `sha1` hashed password, require them to change it because // as of Traq 4.1, only mcrypt passwords will work. if ($this->currentUser['password_ver'] == 'sha1') { $this->before('*', function () { if (Request::$properties['controller'] != 'Traq\\Controllers\\UserCP' && Request::$properties['controller'] != 'Traq\\Controllers\\Sessions') { return $this->redirectTo('usercp_password'); } }); } }
/** * Check if the user can perform the requested action. * * @param integer $project_id * @param string $action * @param boolean $fetchProjectRoles * * @return bool */ public function hasPermission($action, $projectId, $fetchProjectRoles = false) { // Admins are godlike if ($this->is_admin) { return true; } if (!isset($this->permissions[$projectId])) { $this->permissions[$projectId] = null; } // No need to fetch permissions if we already have if ($this->permissions[$projectId] === null) { // Get group permissions $group = Permission::getPermissions($projectId, $this->group_id); // Get role permissions $role = []; if (!$fetchProjectRoles && isset($this->project_role_id) && $this->project_role_id) { $role = Permission::getPermissions($projectId, $this->project_role_id, 'role'); } else { $roles = $this->fetchProjectRolesIds(); if (isset($roles[$projectId])) { $role = Permission::getPermissions($projectId, $roles[$projectId], 'role'); } } // Merge group and role permissions $this->permissions[$projectId] = array_merge(Permissions::getPermissions(), array_merge($group, $role)); } return isset($this->permissions[$projectId][$action]) ? $this->permissions[$projectId][$action] : null; }
/** * Check users permission. * * @param string $action * @param Project $project * * @return boolean */ function hasPermission($action, Project $project = null) { // Admins can do everything, regardless of permissions. if (currentUser() && currentUser()->isAdmin()) { return true; } $permissions = $project ? Permission::getPermissions(currentUser(), $project) : $GLOBALS['permissions']; return isset($permissions[$action]) ? $permissions[$action] : null; }