/**
* Returns whether a user can manage security.
* If groups are checked, one true permission makes the function return true.
*
* @param User $user
* @param boolean $include_groups states whether groups should be checked for permissions
* @return boolean
*/
function can_manage_security(User $user, $include_groups = true)
{
if ($user->isGuest()) {
return false;
}
if ($user->getCanManageSecurity()) {
return true;
} else {
if ($include_groups) {
$group_ids = GroupUsers::getGroupsCSVsByUser($user->getId());
if ($group_ids != '') {
$gr = Groups::findOne(array('conditions' => array('id in (' . $group_ids . ') AND can_manage_security = true ')));
return $gr instanceof Group;
}
}
}
return false;
}
