/** * Checks if user is allowed to perform the specified action (possible actions are defined in app/conf/user_actions.conf) * Returns true if user can do action, false otherwise. */ public function canDoAction($ps_action) { $vs_cache_key = $ps_action . "/" . $this->getPrimaryKey(); if (isset(ca_users::$s_user_action_access_cache[$vs_cache_key])) { return ca_users::$s_user_action_access_cache[$vs_cache_key]; } if (!$this->getPrimaryKey()) { return ca_users::$s_user_action_access_cache[$vs_cache_key] = false; } // "empty" ca_users object -> no groups or roles associated -> can't do action if (!ca_user_roles::isValidAction($ps_action)) { return ca_users::$s_user_action_access_cache[$vs_cache_key] = false; } // return false if action is not valid // is user administrator? if ($this->getPrimaryKey() == $this->_CONFIG->get('administrator_user_id')) { return ca_users::$s_user_action_access_cache[$vs_cache_key] = true; } // access restrictions don't apply to user with user_id = admin id // get user roles $va_roles = $this->getUserRoles(); foreach ($this->getGroupRoles() as $vn_role_id => $va_role_info) { $va_roles[$vn_role_id] = $va_role_info; } $va_actions = ca_user_roles::getActionsForRoleIDs(array_keys($va_roles)); if (in_array('is_administrator', $va_actions)) { return ca_users::$s_user_action_access_cache[$vs_cache_key] = true; } // access restrictions don't apply to users with is_administrator role return ca_users::$s_user_action_access_cache[$vs_cache_key] = in_array($ps_action, $va_actions); }
/** * Returns change log display for currently edited record in current view inherited from ActionController * * @param array $pa_options Array of options passed through to _initView */ public function Log($pa_options = null) { AssetLoadManager::register('tableList'); list($vn_subject_id, $t_subject) = $this->_initView($pa_options); if (!$this->_checkAccess($t_subject)) { return false; } if (ca_user_roles::isValidAction('can_view_change_log_' . $t_subject->tableName()) && !$this->request->user->canDoAction('can_view_change_log_' . $t_subject->tableName())) { $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2575?r=' . urlencode($this->request->getFullUrlPath())); return; } $this->render('log_html.php'); }