/** * Comprobar los permisos de acceso del usuario a los módulos de la aplicación. * Esta función comprueba los permisos del usuario para realizar una acción. * Si los permisos ya han sido obtenidos desde la BBDD, se utiliza el objeto creado * en la variable de sesión. * * @param string $action con el nombre de la acción * @param int $userId opcional, con el Id del usuario * @return bool */ public static function checkUserAccess($action, $userId = 0) { // Comprobamos si la cache de permisos está inicializada if (!is_object(Session::getUserProfile())) { // error_log('ACL_CACHE_MISS'); return false; } $curUserIsAdminApp = Session::getUserIsAdminApp(); $curUserIsAdminAcc = Session::getUserIsAdminAcc(); $curUserProfile = Session::getUserProfile(); $curUserId = Session::getUserId(); switch ($action) { case self::ACTION_ACC_VIEW: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccView() || $curUserProfile->isAccEdit(); case self::ACTION_ACC_VIEW_PASS: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccViewPass(); case self::ACTION_ACC_VIEW_HISTORY: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccViewHistory(); case self::ACTION_ACC_EDIT: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccEdit(); case self::ACTION_ACC_EDIT_PASS: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccEditPass(); case self::ACTION_ACC_NEW: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccAdd(); case self::ACTION_ACC_COPY: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccAdd() && $curUserProfile->isAccView(); case self::ACTION_ACC_DELETE: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccDelete(); case self::ACTION_ACC_FILES: return $curUserIsAdminApp || $curUserIsAdminAcc || $curUserProfile->isAccFiles(); case self::ACTION_MGM: return $curUserIsAdminApp || $curUserProfile->isMgmCategories() || $curUserProfile->isMgmCustomers(); case self::ACTION_CFG: return $curUserIsAdminApp || $curUserProfile->isConfigGeneral() || $curUserProfile->isConfigEncryption() || $curUserProfile->isConfigBackup() || $curUserProfile->isConfigImport(); case self::ACTION_CFG_GENERAL: return $curUserIsAdminApp || $curUserProfile->isConfigGeneral(); case self::ACTION_CFG_IMPORT: return $curUserIsAdminApp || $curUserProfile->isConfigImport(); case self::ACTION_MGM_CATEGORIES: return $curUserIsAdminApp || $curUserProfile->isMgmCategories(); case self::ACTION_MGM_CUSTOMERS: return $curUserIsAdminApp || $curUserProfile->isMgmCustomers(); case self::ACTION_MGM_CUSTOMFIELDS: return $curUserIsAdminApp || $curUserProfile->isMgmCustomFields(); case self::ACTION_CFG_ENCRYPTION: return $curUserIsAdminApp || $curUserProfile->isConfigEncryption(); case self::ACTION_CFG_BACKUP: return $curUserIsAdminApp || $curUserProfile->isConfigBackup(); case self::ACTION_USR: return $curUserIsAdminApp || $curUserProfile->isMgmUsers() || $curUserProfile->isMgmGroups() || $curUserProfile->isMgmProfiles(); case self::ACTION_USR_USERS: return $curUserIsAdminApp || $curUserProfile->isMgmUsers(); case self::ACTION_USR_USERS_EDITPASS: return $userId == $curUserId || $curUserIsAdminApp || $curUserProfile->isMgmUsers(); case self::ACTION_USR_GROUPS: return $curUserIsAdminApp || $curUserProfile->isMgmGroups(); case self::ACTION_USR_PROFILES: return $curUserIsAdminApp || $curUserProfile->isMgmProfiles(); case self::ACTION_MGM_APITOKENS: return $curUserIsAdminApp || $curUserProfile->isMgmApiTokens(); case self::ACTION_EVL: return $curUserIsAdminApp || $curUserProfile->isEvl(); } Log::writeNewLog(__FUNCTION__, sprintf('%s \'%s\'', _('Denegado acceso a'), self::getActionName($action))); return false; }