/** * Works the same as the allow static function but confirms the user's authorization code * * @param string module Name of the module checking * @param string subpermission Name of the module permission to verify * @param integer item_id Id of the item to verify * @param string itename Name of the item permission * @param boolean unrestricted_only If true, user must be have unrestricted * priviledges for that module regardless of * module, subpermission, or item id */ public static function authorized($module, $subpermission = null, $item_id = 0, $itemname = null, $unrestricted_only = false) { if ($unrestricted_only && Current_User::isRestricted($module)) { return false; } if (!isset($_SESSION['User'])) { return false; } return $_SESSION['User']->allow($module, $subpermission, $item_id, $itemname, true); }
public function get($type) { switch ($type) { case 'new': if (Current_User::isRestricted('signup')) { $this->signup->title = dgettext('signup', 'Sorry'); $this->signup->content = dgettext('signup', 'You do not have permission for this action.'); return; } case 'edit_sheet': if (empty($this->signup->sheet)) { $this->signup->loadSheet(); } if (!Current_User::allow('signup', 'edit_sheet', $this->signup->sheet->id, 'sheet')) { Current_User::disallow(); } $this->editSheet(); break; case 'list': $this->signup->panel->setCurrentTab('list'); $this->listSignup(); break; case 'edit_slots': $this->editSlots(); break; case 'edit_peep': $this->editPeep(); break; case 'edit_slot_popup': $this->editSlotPopup(); break; case 'edit_peep_popup': $this->editPeepPopup(); break; case 'user_signup': $this->userSignup(); break; case 'report': $this->report(); break; case 'email_applicants': $this->emailApplicants(); break; } }
/** * Handles admin functions outside of file manager. * Expects an 'aop' command. */ public function admin() { $javascript = false; // if true, sends to nakedDisplay $this->loadPanel(); if (isset($_REQUEST['aop'])) { $aop = $_REQUEST['aop']; } else { $aop = $this->panel->getCurrentTab(); } if (!Current_User::isLogged()) { Current_User::disallow(); return; } if ($aop != 'edit_image' && $aop != 'get_images' && !Current_User::allow('filecabinet')) { Current_User::disallow(); return; } // Requires an unrestricted user switch ($aop) { case 'delete_folder': case 'unpin': if (Current_User::isRestricted('filecabinet')) { Current_User::disallow(); } } switch ($aop) { case 'image': $this->panel->setCurrentTab('image'); $this->title = dgettext('filecabinet', 'Image folders'); $this->loadForms(); $this->forms->getFolders(IMAGE_FOLDER); break; case 'multimedia': $this->panel->setCurrentTab('multimedia'); $this->title = dgettext('filecabinet', 'Multimedia folders'); $this->loadForms(); $this->forms->getFolders(MULTIMEDIA_FOLDER); break; case 'add_folder': if (!Current_User::allow('filecabinet', 'edit_folders', null, null, true)) { Current_User::disallow(); } $javascript = true; $this->loadFolder(); $this->addFolder(); break; case 'classify': if (!Current_User::isDeity()) { Current_User::errorPage(); } $this->loadForms(); $this->forms->classifyFileList(); break; case 'classify_action': if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) { Current_User::errorPage(); } $this->classifyAction(); break; case 'classify_file': if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) { Current_User::disallow(); } $this->loadForms(); if (!empty($_POST['file_list'])) { $this->forms->classifyFile($_POST['file_list']); } elseif (isset($_GET['file'])) { $this->forms->classifyFile($_GET['file']); } else { $this->forms->classifyFileList(); } break; case 'post_classifications': if (!Current_User::isDeity()) { Current_User::errorPage(); } $result = $this->classifyFiles(); if (is_array($result)) { $this->message = implode('<br />', $result); } $this->loadForms(); $this->forms->classifyFileList(); break; case 'unpin': if (!Current_User::authorized('filecabinet')) { Current_User::disallow(); } Cabinet::unpinFolder(); PHPWS_Core::goBack(); break; case 'pin_form': $javascript = true; @($key_id = (int) $_GET['key_id']); if (!$key_id) { javascript('close_refresh', array('refresh' => 0)); break; } $this->loadForms(); $this->forms->pinFolder($key_id); break; case 'delete_folder': if (!Current_User::authorized('filecabinet', 'delete_folders', null, null, true)) { Current_User::disallow(); } $this->loadFolder(); $this->folder->delete(); PHPWS_Core::goBack(); break; case 'delete_incoming': if (!Current_User::isDeity()) { Current_User::errorPage(); } $this->deleteIncoming(); $this->loadForms(); $this->forms->classifyFileList(); break; case 'document': $this->panel->setCurrentTab('document'); $this->title = dgettext('filecabinet', 'Document folders'); $this->loadForms(); $this->forms->getFolders(DOCUMENT_FOLDER); break; case 'edit_folder_modal': $javascript = true; $this->loadFolder(); // permission check in function below $this->editFolder(false); break; case 'edit_folder': $javascript = true; $this->loadFolder(); // permission check in function below $this->editFolder(true); break; case 'change_tn': $javascript = true; $this->changeTN(); break; case 'post_thumbnail': $javascript = true; if ($this->postTN()) { javascript('close_refresh'); } else { $this->message = dgettext('filecabinet', 'Could not save thumbnail image.'); $this->changeTN(); } break; case 'post_folder': if (!Current_User::authorized('filecabinet', 'edit_folders')) { Current_User::disallow(); } $this->loadFolder(); if ($this->folder->post()) { if (!$this->folder->save()) { self::setMessage(dgettext('filecabinet', 'Failed to create folder. Please check your logs.')); } } else { self::setMessage(dgettext('filecabinet', 'Failed to create folder. Please check your logs.')); } if (filter_input(INPUT_POST, 'js') == 1) { javascript('close_refresh'); } else { PHPWS_Core::goBack(); } break; case 'post_allowed_files': if (!Current_User::isDeity()) { Current_User::disallow(); } $this->loadForms(); $this->forms->postAllowedFiles(); $this->message = dgettext('filecabinet', 'File types saved.'); $this->title = dgettext('filecabinet', 'Allowed file types'); $this->content = $this->forms->fileTypes(); break; case 'save_settings': if (!Current_User::isDeity()) { Current_User::disallow(); } $this->loadForms(); $result = $this->forms->saveSettings(); if (is_array($result)) { $this->message = implode('<br />', $result); } else { $this->message = dgettext('filecabinet', 'Settings saved.'); } case 'settings': if (!Current_User::isDeity()) { Current_User::disallow(); } $this->loadForms(); $this->title = dgettext('filecabinet', 'Settings'); $this->content = $this->forms->settings(); break; case 'view_folder': $this->viewFolder(); break; case 'file_types': if (!Current_User::isDeity()) { Current_User::disallow(); } $this->loadForms(); $this->title = dgettext('filecabinet', 'Allowed file types'); $this->content = $this->forms->fileTypes(); break; case 'fix_document_dir': if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) { Current_User::disallow(); } if (strtolower($_GET['confirm']) == 'yes') { $this->fixDocumentDirectories(); } PHPWS_Core::reroute('index.php?module=filecabinet&tab=settings'); } $template['TITLE'] =& $this->title; $template['MESSAGE'] =& $this->message; $template['CONTENT'] =& $this->content; if ($javascript) { $main = PHPWS_Template::process($template, 'filecabinet', 'javascript.tpl'); Layout::nakedDisplay($main); } else { $main = PHPWS_Template::process($template, 'filecabinet', 'main.tpl'); $this->panel->setContent($main); $finalPanel = $this->panel->display(); Layout::add(PHPWS_ControlPanel::display($finalPanel)); } }
public function disapproveSuggestion($id) { if (!Current_User::authorized('calendar', 'edit_public') || Current_User::isRestricted('calendar')) { PHPWS_Core::errorPage('403'); } PHPWS_Core::initModClass('calendar', 'Suggestion.php'); $suggestion = new Calendar_Suggestion((int) $id); if (!$suggestion->id) { PHPWS_Core::errorPage('404'); } return $suggestion->delete(); }
public function save() { PHPWS_Core::initModClass('search', 'Search.php'); if (!$this->id) { $new = true; $this->create_date = time(); } else { $new = false; } $this->last_updated = time(); // If this page has a parent and the order is not set // then increment if (!$this->page_order && $this->parent_page) { $page_order = $this->getLastPage(); if (!PHPWS_Error::logIfError($page_order)) { $this->page_order = $page_order + 1; } else { $this->page_order = 1; } } $db = new PHPWS_DB('ps_page'); if (PHPWS_Error::logIfError($db->saveObject($this))) { return false; } $this->saveKey(); if ($new && Current_User::isRestricted('pagesmith')) { Current_User::giveItemPermission($this->_key); } $search = new Search($this->key_id); $search->resetKeywords(); $search->addKeywords($this->title); PHPWS_Error::logIfError($search->save()); foreach ($this->_sections as $section) { $section->pid = $this->id; PHPWS_Error::logIfError($section->save($this->key_id)); } PHPWS_Cache::remove($this->cacheKey()); }
public static function permission() { if (!isset($_REQUEST['key_id'])) { return; } $key = new Key((int) $_REQUEST['key_id']); if (!Key::checkKey($key, false)) { return; } if (Current_User::isRestricted($key->module) || !$key->allowEdit()) { Current_User::disallow(); } // View permissions must be first to allow error checking // Edit will add its list to the view Users_Permission::postViewPermissions($key); Users_Permission::postEditPermissions($key); $result = $key->savePermissions(); if (isset($_POST['popbox'])) { Layout::nakedDisplay(javascript('close_refresh', array('refresh' => 0))); } else { if (PHPWS_Error::logIfError($result)) { $_SESSION['Permission_Message'] = dgettext('users', 'An error occurred.'); } else { $_SESSION['Permission_Message'] = dgettext('users', 'Permissions updated.'); } PHPWS_Core::goBack(); } }