private static function instance()
{
if (!self::$instance instanceof SE_PerMan) {
self::$instance = new SE_PerMan();
}
return self::$instance;
}
private function sanitizeFields(&$fields)
{
if (!is_array($fields)) {
return;
}
$actions = SE_PerMan::getControl('field')->getAllowedActions();
$levels = array(SE_Permissions::LEVEL_NONE, SE_Permissions::LEVEL_ALL);
foreach ($fields as $fid => $data) {
try {
if (count($data) != 4) {
throw new Exception('', 115);
}
if (!RoleManager::fetch($data['role_id']) instanceof Role) {
throw new Exception('', 115);
}
foreach ($actions as $action) {
if (!in_array($data[$action], $levels)) {
throw new Exception('', 115);
}
}
} catch (Exception $e) {
if ($e->getCode() == 115) {
unset($fields[$fid]);
}
}
}
}
/**
* Checks Entries for permissions.
*
* @param $input
*
* @return array
*/
private function sectionsCheckPermissions($input)
{
$output = $input;
$is_symphony_author = Symphony::Engine()->isLoggedIn();
foreach ($output as $handle => &$section) {
$schema = FieldManager::fetchFieldsSchema($section['id']);
foreach ($section['entries'] as &$entry) {
// a logged in Symphony user can skip user permissions check
if ($is_symphony_author && !$entry['perm_check']) {
continue;
}
$valid = true;
$has_perm_section = SE_PerMan::getControl('section')->check($section['id'], $entry['action'], $entry['id']);
if (!$has_perm_section) {
$this->error = true;
$entry['done'] = true;
$valid = false;
$entry['res_filters']->appendChild($this->filtersBuildElement('permissions-section', false, __('You do not have enough permissions to perform this operation.')));
}
if (!is_array($schema) || empty($schema)) {
continue;
}
// check fields only on EDIT and VIEW b/c there's no practical reason to check other values
if ($entry['action'] === SE_Permissions::ACTION_EDIT || $entry['action'] === SE_Permissions::ACTION_VIEW) {
foreach ($schema as $field_info) {
$field_name = $field_info['element_name'];
// make sure this field has data
if (!isset($entry['fields'][$field_name])) {
continue;
}
$has_perm_field = SE_PerMan::getControl('field')->check($field_info['id'], $entry['action']);
if (!$has_perm_field) {
$this->error = true;
$entry['done'] = true;
$valid = false;
$entry['res_filters']->appendChild($this->filtersBuildElement("permissions-field-{$field_name}", false, __('You do not have enough permissions to perform this operation.')));
}
}
}
if (!$valid) {
$this->resultEntry($entry['res_entry'], 'error');
}
}
}
return $output;
}
