Example #1
0
 function checkAccess($category, $action, $is_owner = false, $type = 'module')
 {
     global $current_user;
     if (is_admin($current_user)) {
         return true;
     }
     //calendar is a special case since it has 3 modules in it (calls, meetings, tasks)
     if ($category == 'Calendar') {
         return ACLAction::userHasAccess($current_user->id, 'Calls', $action, $type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action, 'module', $is_owner);
     }
     if ($category == 'Activities') {
         return ACLAction::userHasAccess($current_user->id, 'Calls', $action, $type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Emails', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Notes', $action, 'module', $is_owner);
     }
     return ACLAction::userHasAccess($current_user->id, $category, $action, $type, $is_owner);
 }
Example #2
0
 public function testuserHasAccess()
 {
     $this->assertFalse(ACLAction::userHasAccess('', '', ''));
     //test with empty module and action
     $this->assertTrue(ACLAction::userHasAccess('', 'Accounts', 'list'));
     //test with e,pty user and valid module and action
     $this->assertTrue(ACLAction::userHasAccess('1', 'Accounts', 'list'));
     //test with valid User, module and action
     $this->assertTrue(ACLAction::userHasAccess('1', 'SecurityGroups', 'list'));
     //test with valid User, module and action
     $this->assertTrue(ACLAction::userHasAccess('1', 'Users', 'list'));
     //test with valid User, module and action
 }
Example #3
0
 /**
  * Get user access for the list of actions
  * @param string $module
  * @param array $access_list List of actions
  * @returns array - List of access levels. Access levels not returned are assumed to be "all allowed".
  */
 public function getUserAccess($module, $access_list, $context)
 {
     $user = $this->getCurrentUser($context);
     if (empty($user) || empty($user->id) || is_admin($user)) {
         // no user or admin - do nothing
         return $access_list;
     }
     $is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false);
     if (isset(self::$non_module_acls[$module])) {
         $level = self::$non_module_acls[$module];
     } else {
         $level = 'module';
     }
     $actions = ACLAction::getUserActions($user->id, false, $module, $level);
     if (empty($actions)) {
         return $access_list;
     }
     // default implementation, specific ACLs can override
     $access = $access_list;
     // check 'access' first - if it's false all others will be false
     if (isset($access_list['access'])) {
         if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) {
             foreach ($access_list as $action => $value) {
                 $access[$action] = false;
             }
             return $access;
         }
         // no need to check it second time
         unset($access_list['access']);
     }
     foreach ($access_list as $action => $value) {
         // may have the bean, so we need to use checkAccess
         if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) {
             $access[$action] = false;
         }
     }
     return $access;
 }