/** * Returns whether a user can manage security. * If groups are checked, one true permission makes the function return true. * * @param User $user * @param boolean $include_groups states whether groups should be checked for permissions * @return boolean */ function can_manage_security(User $user, $include_groups = true) { if ($user->isGuest()) { return false; } if ($user->getCanManageSecurity()) { return true; } else { if ($include_groups) { $group_ids = GroupUsers::getGroupsCSVsByUser($user->getId()); if ($group_ids != '') { $gr = Groups::findOne(array('conditions' => array('id in (' . $group_ids . ') AND can_manage_security = true '))); return $gr instanceof Group; } } } return false; }