/**
* Comprobar los permisos de acceso del usuario a los módulos de la aplicación.
* Esta función comprueba los permisos del usuario para realizar una acción.
* Si los permisos ya han sido obtenidos desde la BBDD, se utiliza el objeto creado
* en la variable de sesión.
*
* @param string $action con el nombre de la acción
* @param int $userId opcional, con el Id del usuario
* @return bool
*/
public static function checkUserAccess($action, $userId = 0)
{
// Comprobamos si la cache de permisos está inicializada
if (!is_object(Session::getUserProfile())) {
// error_log('ACL_CACHE_MISS');
return false;
}
$curUserIsAdminApp = Session::getUserIsAdminApp();
$curUserIsAdminAcc = Session::getUserIsAdminAcc();
$curUserProfile = Session::getUserProfile();
$curUserId = Session::getUserId();
switch ($action) {
case self::ACTION_ACC_VIEW:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccView() || $curUserProfile->isAccEdit();
case self::ACTION_ACC_VIEW_PASS:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccViewPass();
case self::ACTION_ACC_VIEW_HISTORY:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccViewHistory();
case self::ACTION_ACC_EDIT:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccEdit();
case self::ACTION_ACC_EDIT_PASS:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccEditPass();
case self::ACTION_ACC_NEW:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccAdd();
case self::ACTION_ACC_COPY:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccAdd() && $curUserProfile->isAccView();
case self::ACTION_ACC_DELETE:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccDelete();
case self::ACTION_ACC_FILES:
return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccFiles();
case self::ACTION_MGM:
return $curUserIsAdminApp || $curUserProfile->isMgmCategories() || $curUserProfile->isMgmCustomers();
case self::ACTION_CFG:
return $curUserIsAdminApp || $curUserProfile->isConfigGeneral() || $curUserProfile->isConfigEncryption() || $curUserProfile->isConfigBackup() || $curUserProfile->isConfigImport();
case self::ACTION_CFG_GENERAL:
return $curUserIsAdminApp || $curUserProfile->isConfigGeneral();
case self::ACTION_CFG_IMPORT:
return $curUserIsAdminApp || $curUserProfile->isConfigImport();
case self::ACTION_MGM_CATEGORIES:
return $curUserIsAdminApp || $curUserProfile->isMgmCategories();
case self::ACTION_MGM_CUSTOMERS:
return $curUserIsAdminApp || $curUserProfile->isMgmCustomers();
case self::ACTION_MGM_CUSTOMFIELDS:
return $curUserIsAdminApp || $curUserProfile->isMgmCustomFields();
case self::ACTION_CFG_ENCRYPTION:
return $curUserIsAdminApp || $curUserProfile->isConfigEncryption();
case self::ACTION_CFG_BACKUP:
return $curUserIsAdminApp || $curUserProfile->isConfigBackup();
case self::ACTION_USR:
return $curUserIsAdminApp || $curUserProfile->isMgmUsers() || $curUserProfile->isMgmGroups() || $curUserProfile->isMgmProfiles();
case self::ACTION_USR_USERS:
return $curUserIsAdminApp || $curUserProfile->isMgmUsers();
case self::ACTION_USR_USERS_EDITPASS:
return $userId == $curUserId || $curUserIsAdminApp || $curUserProfile->isMgmUsers();
case self::ACTION_USR_GROUPS:
return $curUserIsAdminApp || $curUserProfile->isMgmGroups();
case self::ACTION_USR_PROFILES:
return $curUserIsAdminApp || $curUserProfile->isMgmProfiles();
case self::ACTION_MGM_APITOKENS:
return $curUserIsAdminApp || $curUserProfile->isMgmApiTokens();
case self::ACTION_EVL:
return $curUserIsAdminApp || $curUserProfile->isEvl();
}
Log::writeNewLog(__FUNCTION__, sprintf('%s \'%s\'', _('Denegado acceso a'), self::getActionName($action)));
return false;
}
