public static function blogEntry($author_id = '',$entry_id = '') { $entry = new Entry(); $min_access = Application::user()->minAccessLevel(); $access = $entry->also('Access'); $access->clause('access_level',$min_access,Clause::GTE); if(Application::user()->id()) { $lbk_user = $entry->also('LogbookUser'); $lbk_user->clauseSafe('user_id',Application::user()->id()); } if($author_id) $entry->clauseSafe('author_id',Logbook::current()->authorId()); $entry->maybe('BlogTag'); if(!$entry_id) $entry_id = Application::param('entry_id'); if($entry_id&&$author_id) $entry->clauseSafe('entry_id',$entry_id); $entry->order('entry_date'); /*$entry->order('author_id'); $entry->order('entry_id');*/ $entry->maybe('Comment'); $entry->descending(); try { $page = $entry->page(1,1); $ret = current($page->objects()); Logbook::current()->setAuthorId($ret->get('author_id')); } catch(Exception $exc) { $ret = new Entry(); } return $ret; }
public function userChanged() { $ret = false; if ($this->ajaxResponse()) { if ($disp = $this->getPreviousDisplay()) { $prev = $disp['user']; $ret = Application::user()->toString() != $prev; } } return $ret; }
public function runHandlerTest() { $redir = Application::current()->redirection_listener; Application::current()->setRedirectionListener($this); Application::alterParam('h', $this->test_handler->getClass()); try { ob_start(); Application::current()->run(); $cached = ob_get_clean(); } catch (RedirectionException $exc) { $this->setResult('Redirected to: ' . $exc->handler() . ' with vars: ' . $exc->varString(), MurphyTest::REDIRECT); Application::current()->setRedirectionLister($redir); } catch (AccessDeniedException $exc) { $this->setResult('Access denied to ' . $this->test_handler->getClass() . ' for user: '******' in test: ' . $this->name, MurphyTest::ACCESS_DENIED); Application::current()->setRedirectionLister($redir); } catch (Exception $exc) { $this->setResult('Exception of type ' . get_class($exc) . ': ' . $exc->getMessage(), MurphyTest::EXCEPTION); Application::current()->setRedirectionLister($redir); } $this->setResult('Completed handler test for: ' . $this->name, MurphyTest::COMPLETE); }
private static function getSearchObjectForUser($user) { $min_access = $user->minAccessLevel(); $ret = new Entry(); $access = $ret->also('Access'); $access->clause('access_level', $min_access, Clause::GTE); if (Application::user()->id()) { $lbk_user = $ret->also('LogbookUser'); $lbk_user->clause('user_id', $user); } $ret->order('entry_date'); $ret->descending(); $ret->sterile(); return $ret; }
public function impersonateUser($user) { Session::register('not_impersonated_user', Application::user()); Application::setUser($user); SiteNavigation::init($user->getHandlerTree()); }
public function userCanDoAction($user, $entry, $action) { //DEFAULT RETURN VALUE IS TRUE $ret = true; //GRANT ALL PERMISSIONS TO THE AUTHOR $author = new Author(); $author->clause('author_id', $entry->get('author_id')); $author->noForeign(); $author_user_id = $author->get('user_id'); if ($author_user_id != $user->id()) { //FIRST CHECK IF WE ARE EXCLUDED BASED ON ACCESS LEVEL $min_level = Application::user()->minAccessLevel(); $check_entry = $entry->restrict(); //IF THE ENTRY ACCESS ID IS GREATER THAN THE MIN LEVEL //OF THE CURRENT APP USER (0 IS ROOT LEVEL ACCESS) if ($access = $check_entry->fetchSingle('Access')) { $level = $access->get('access_level'); } else { $level = 0; } if ($level >= $min_level) { if ($user->id()) { $access = new EntryGroupAccess(); //NOW CHECK IF THERE IS GROUP ACCESS CONTROL FOR //ANY GROUPS THIS USER IS A MEMBER OF $user = $user->restrict(); $user->also('Group'); $access->clause('author_id', $entry->get('author_id')); $access->clause('entry_id', $entry->get('entry_id')); //IF THE USER IS IN ANY GROUPS if ($groups = $user->fetch('Group')) { $access->clause('group_id', $groups, Clause::IN); } else { $access->clause('group_id', 0); } //IF THERE WERE ACCESS ENTRIES FOR GROUPS THAT THIS USER IS IN if ($entries = $access->fetch()) { //LOOP THROUGH UNTIL WE FIND A GROUP THAT DIASALLOWS //THEN STOP foreach ($entries as $access_entry) { if ($ret) { $ret = $access_entry->get($action); } else { end($entries); } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { $ret = false; } } return $ret; }