/**
* Needs to check if current user (in $_SESSION['qa_user'], if any) has
* access to given Controller/Action combo
* If $adminModule is true, the controller/action is in the admin namespace
* instead of te normal one
*/
public static function hasAccess($strController, $strAction, $adminModule)
{
// We always need access to error pages...
if ($strController == 'error') {
return true;
}
// If we're requesting an admin module, we prepend the Controller with 'admin_'
if ($adminModule) {
$strController = 'admin_' . $strController;
}
/**
* If user is logged in, check their status:
* - If it's 'admin', they always have access;
* - If it's "activated", we check the ACL;
* - If it's anythng else (new/suspended/banned), we treat it as if they were not logged in
*/
if (isset($_SESSION['qa_user'])) {
switch ($_SESSION['qa_user']['status']) {
case 'admin':
return true;
case 'activated':
return User::checkACL($_SESSION['qa_user'], $strController, $strAction);
}
}
// Check ACL for accesss rights as if user is not logged in.
// Note: also catches users who are logged in, but have a status of anyting but
// 'admin' or 'activated' which are handles above.
return User::checkACL(null, $strController, $strAction);
}
