/**
* Check in the list of permission to see if this user has access to the requested action
*
* @param string the name of the action to be checked
* @param string the controller name
* @param string the module name
* @return boolean if has permission return true else return false
*
*/
public function hasPermission($modules, $controller = '', $action = '', $pid = '')
{
if (!is_array($modules)) {
$modules = array('module' => $modules);
}
//echo 'AccessObject:hasPermission modules='.implode('=',$modules).' controller='.$controller.' action='.$action.' pid='.$pid.'<br>';
debug('AccessObject::hasPermission modules ' . implode('=', $modules) . ' : controller ' . $controller . ' : action ' . $action);
$controller = str_replace('controller', '', strtolower($controller));
if ($modules['module'] == 'dashboard' && (empty($controller) || $controller == 'index')) {
return true;
}
if ($modules['module'] == 'login' || trim($modules['module']) == '') {
return true;
}
// if($this->check('egs')) {
// return true;
// }
$action = strtolower($action);
if ($this->getCache($modules, $controller, $action)) {
return true;
}
if (isset($pid) && !isset($this->permissions[$pid])) {
$permission = DataObjectFactory::Factory('Permission');
$permission->load($pid);
if ($permission->isLoaded()) {
// permission exists but user does not have access to it
return false;
}
}
if ($action == 'new') {
$action = '_new';
}
if (isset($pid) && isset($this->permissions[$pid])) {
switch ($this->permissions[$pid]['type']) {
case 'g':
case 'm':
if (!in_array($this->permissions[$pid]['permission'], $modules)) {
return false;
}
break;
case 'c':
if ($this->permissions[$pid]['permission'] != $controller) {
return false;
}
break;
case 'a':
if ($this->permissions[$pid]['permission'] != $action) {
return false;
}
break;
}
return true;
}
// TODO : Need to check down the modules tree and
$permissions = new PermissionCollection();
$module_permissions = $permissions->checkPermission($modules, array('g', 'm'));
if (count($module_permissions) == 0) {
// module does not exist in permissions so user cannot have access to it
return false;
}
$parent_ids = array();
foreach ($module_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// module exists in permissions but user does not have access to it
return false;
}
// Need to use default controller if controller is empty?
if ($controller !== '') {
// echo 'AccessObject:hasPermission checking controller '.$controller.'<br>';
$permissions = new PermissionCollection();
$controller_permissions = $permissions->checkPermission($controller, 'c', $parent_ids);
if (count($controller_permissions) == 0) {
// controller does not exist in permissions so user has access to it by default
return true;
}
$parent_ids = array();
foreach ($controller_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// controller exists in permissions but user does not have access to it
return false;
}
}
// Need to use default action if action is empty?
if ($action !== '') {
// echo 'AccessObject:hasPermission checking action '.$action.'<br>';
$permissions = new PermissionCollection();
$action_permissions = $permissions->checkPermission($action, 'a', $parent_ids);
if (count($action_permissions) == 0) {
// action does not exist in permissions so user has access to it by default
return true;
}
$parent_ids = array();
foreach ($action_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// action exists in permissions but user does not have access to it
return false;
}
}
return true;
}
