public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "downloads"; //only for admin Permission::allow('admin', $resource, "*"); //only for normal users Permission::allow('user', $resource, "download"); return Permission::check($role, $resource, $action); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "files"; //only for admins Permission::allow('admin', $resource, ['*']); //only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'create']); Permission::allow('user', $resource, ['delete'], 'owner'); $fileId = Encryption::decryptIdWithDash($this->request->data("file_id")); $config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId]; return Permission::check($role, $resource, $action, $config); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "todo"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['delete'], 'owner'); $todoId = $this->request->data("todo_id"); if (!empty($todoId)) { $todoId = Encryption::decryptIdWithDash($todoId); } $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId]; return Permission::check($role, $resource, $action, $config); }
public static function isOwner() { return "OWNER" === Session::getUserRole(); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "posts"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']); Permission::allow('user', $resource, ['update', 'delete'], 'owner'); $postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id"); if (!empty($postId)) { $postId = Encryption::decryptId($postId); } $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId]; return Permission::check($role, $resource, $action, $config); }
<div dir='auto' class="panel-heading"> <?php if (Session::getUserId() === (int) $post["user_id"] || Session::getUserRole() === "admin") { ?> <div class="pull-right"> <a href="<?php echo PUBLIC_ROOT . "Posts/View/" . urlencode(Encryption::encryptId($post["id"])) . "?action=update"; ?> "> <button type="button" class="btn btn-default btn-circle edit"><i class="fa fa-pencil"></i></button> </a> <a href="<?php echo PUBLIC_ROOT . "Posts/delete/" . urlencode(Encryption::encryptId($post["id"])) . "?csrf_token=" . urlencode(Session::generateCsrfToken()); ?> "> <button type="button" class="btn btn-danger btn-circle delete"><i class="fa fa-times"></i></button> </a> </div> <?php } ?> <h5><?php echo $post["title"]; ?> </h5> </div> <div class="panel-body"> <div class="row"> <div class="col-lg-12">
echo PUBLIC_ROOT . "Files"; ?> "><i class="fa fa-cloud-upload fa-fw"></i> Files <span class="label label-danger"><?php echo $files; ?> </span></a> </li> <li id="bugs"> <a href="<?php echo PUBLIC_ROOT . "User/Bugs"; ?> "><i class="fa fa-bug fa-fw"></i> Bugs</a> </li> <?php if (Session::getUserRole() === "admin") { ?> <li id="users"> <a href="<?php echo PUBLIC_ROOT . "Admin/Users"; ?> "><i class="fa fa-users fa-fw"></i> Users</a> </li> <li id="backups"> <a href="<?php echo PUBLIC_ROOT . "Admin/Backups"; ?> "><i class="fa fa-database fa-fw"></i> Backups</a> </li> <?php }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "newsfeed"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']); Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner'); $newsfeedId = $this->request->data("newsfeed_id"); if (!empty($newsfeedId)) { $newsfeedId = Encryption::decryptIdWithDash($newsfeedId); } $config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId]; return Permission::check($role, $resource, $action, $config); }
/** * Is user authorized for admin controller & requested action method? * * @return bool */ public function isAuthorized() { $role = Session::getUserRole(); if (isset($role) && $role === "admin") { return true; } return false; }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "posts"; //only for admins Permission::allow('admin', $resource, ['*']); //only for normal users Permission::allow('user', $resource, ['index', 'view', 'newPost', 'getAll', 'getById', 'create']); Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner'); $postId = $this->request->data("post_id"); $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId]; return Permission::check($role, $resource, $action, $config); }
echo PUBLIC_ROOT . "img/profile_pictures/" . $feed["profile_picture"]; ?> " alt="User Picture" class="img-circle profile-pic-sm"> </span> <div class="chat-body clearfix"> <div class="header"> <strong class="primary-font"><?php echo $feed["user_name"]; ?> </strong> <small class="text-muted"><i class="fa fa-clock-o fa-fw"></i> <?php echo $this->timestamp($feed["date"]); ?> </small> <?php if (Session::getUserId() === $feed["user_id"] || Session::getUserRole() === "admin") { ?> <span class="pull-right btn-group btn-group-xs"> <a class="btn btn-default edit"><i class="fa fa-pencil"></i></a> <a class="btn btn-danger delete"><i class="fa fa-times"></i></a> </span> <?php } ?> </div> <p> <?php echo $this->autoLinks($this->encodeHTMLWithBR($feed["content"])); ?> </p> </div> </li>
?> " alt="User Picture" class="img-circle profile-pic-sm"> </span> <div class="chat-body clearfix"> <div class="header"> <strong class="primary-font"><?php echo $comment["user_name"]; ?> </strong> <small class="text-muted"><i class="fa fa-clock-o fa-fw"></i><?php echo $this->timestamp($comment["date"]); ?> </small> <?php if (Session::getUserId() === $comment["user_id"] || Session::getUserRole() === "admin") { ?> <span class="pull-right btn-group btn-group-xs"> <a class="btn btn-default edit"><i class="fa fa-pencil"></i></a> <a class="btn btn-danger delete"><i class="fa fa-times"></i></a> </span> <?php } ?> </div> <p><?php echo $this->autoLinks($this->encodeHTMLWithBR($comment["content"])); ?> </p> </div> </li>