function loadSecureFunctions() { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } return fetchSecureFunctions(); }
// Load CSRF token $csrf_token = $loggedInUser->csrf_token; $response .= "<input type='hidden' name='csrf_token' value='{$csrf_token}'/>"; $response .= "\n<div class='dialog-alert'>\n</div>"; if ($group_id) { $response .= "<h4>Users in group '{$group_name}' can perform the action </h4>\n <input type='hidden' name='group_id' value='{$group_id}'/>"; } else { if ($user_id) { $response .= "<h4>User '{$user_name}' can perform the action </h4>\n <input type='hidden' name='user_id' value='{$user_id}'/>"; } } $response .= "<div class='form-group'>\n <input class='form-control input-lg typeahead typeahead-action-name' type='text' data-selected_id='' placeholder='Search by name or description' name='action_name' autocomplete='off' value='{$action_name}' {$action_name_disable_str} />"; $response .= "\n</div>\n<h4>for</h4>\n<div class='form-group'>\n <select class='form-control' name='permit'>"; // If we're in update mode, load the preset options and highlight the selected one (if available) if ($populate_fields) { $secure_functions = fetchSecureFunctions(); $fields = array_keys($secure_functions[$action_name]['parameters']); $presets = fetchPresetPermitOptions($fields); $option_found = false; foreach ($presets as $preset) { $name = $preset['name']; $value = $preset['value']; if ($value == $action_permits) { $option_found = true; $response .= "<option value=\"{$value}\" selected>{$name}</option>"; } else { $response .= "<option value=\"{$value}\">{$name}</option>"; } } if (!$option_found) { $response .= "<option value='{$action_permits}'>Custom permit string: {$action_permits}</option>";