/** * Needs to check if current user (in $_SESSION['qa_user'], if any) has * access to given Controller/Action combo * If $adminModule is true, the controller/action is in the admin namespace * instead of te normal one */ public static function hasAccess($strController, $strAction, $adminModule) { // We always need access to error pages... if ($strController == 'error') { return true; } // If we're requesting an admin module, we prepend the Controller with 'admin_' if ($adminModule) { $strController = 'admin_' . $strController; } /** * If user is logged in, check their status: * - If it's 'admin', they always have access; * - If it's "activated", we check the ACL; * - If it's anythng else (new/suspended/banned), we treat it as if they were not logged in */ if (isset($_SESSION['qa_user'])) { switch ($_SESSION['qa_user']['status']) { case 'admin': return true; case 'activated': return User::checkACL($_SESSION['qa_user'], $strController, $strAction); } } // Check ACL for accesss rights as if user is not logged in. // Note: also catches users who are logged in, but have a status of anyting but // 'admin' or 'activated' which are handles above. return User::checkACL(null, $strController, $strAction); }