/**
* Determines whether or not the current user has access to the specified media work. If no username is provided, this function defaults to the currently-loggin-in username.
*
* @param string $username
* @return boolean user has access
*/
public function user_has_access_to_media($username = '')
{
// First, get the restricted group--if one exists
$es = new entity_selector();
$es->add_type(id_of('group_type'));
$es->add_right_relationship($this->media_work->id(), relationship_id_of('av_restricted_to_group'));
$group = current($es->run_one());
if (!empty($group)) {
$gh = new group_helper();
$gh->set_group_by_id($group->id());
if ($gh->requires_login()) {
if (!$username) {
$username = reason_check_authentication();
}
if ($username) {
if (!$gh->is_username_member_of_group($username)) {
return false;
}
} else {
return false;
}
}
}
return true;
// Return true if the user has access to view media work
}
/**
* Run the group tester
*
* @return void
*/
function run()
{
echo '<p>Use this form to see if a particular username will be part of this group</p>' . "\n";
$tester = new Disco();
$tester->init(true);
$tester->add_element('username_to_check', 'text', array('display_name' => ' '));
$tester->actions = array('test' => 'Test this username');
$tester->run();
if (!empty($this->admin_page->request['username_to_check'])) {
$username = $this->admin_page->request['username_to_check'];
$gh = new group_helper();
$gh->set_group_by_entity($this->group);
if ($gh->is_username_member_of_group($username)) {
echo '<p><strong>Yes</strong>, ' . $username . ' is a member of this group.</p>' . "\n";
} else {
echo '<p><strong>No</strong>, ' . $username . ' is not a member of this group.</p>' . "\n";
}
}
echo '<p><a href="' . $this->admin_page->make_link(array('cur_module' => 'Editor', 'mode' => '')) . '">Return to editing the group</a>';
}
/**
* Checks whether the given user is a member of the given group.
* @param string $username the username of the user whose group membership is
* in question
* @param int|object $group a group entity or the ID of a group entity
* @return boolean true if the user was determined to be a member of the group;
* false if otherwise
* @since Reason 4.0 beta 8
*/
function reason_user_is_in_group($username, $group)
{
static $error_prefix = "cannot check if user is a member of a group:";
if (!$username)
{
return false;
trigger_error("$error_prefix a username was not provided");
}
elseif (!$group || (!is_object($group) && !is_numeric($group)))
{
trigger_error("$error_prefix an integer (group id) or entity was not provided");
return false;
}
else
{
$group_entity = is_object($group) ? $group : new entity($group);
if (reason_is_entity($group_entity, 'group_type'))
{
$helper = new group_helper();
$helper->set_group_by_entity($group_entity);
return $helper->is_username_member_of_group($username);
}
else
{
trigger_error("$error_prefix a valid group entity was not provided");
return false;
}
}
}
/**
* Instantiates a group helper for the group that represents users who can post news items to this publication.
* @return entity the group helper for users who can post to this publication
*/
function get_post_group_helper()
{
reason_include_once( 'classes/group_helper.php' );
$group = $this->get_post_group();
$post_group_helper = new group_helper();
$post_group_helper->set_group_by_entity($group);
return $post_group_helper;
}
protected function _get_access_group_helper($policy)
{
$rel = relationship_id_of('policy_to_access_group');
if(!$rel)
return null;
$es = new entity_selector();
$es->add_type(id_of('group_type'));
$es->add_right_relationship($policy->id(), relationship_id_of('policy_to_access_group'));
$es->set_num(1);
$groups = $es->run_one();
if(empty($groups))
return null;
$group = current($groups);
$gh = new group_helper();
$gh->set_group_by_entity($group);
return $gh;
}
/**
* determines whether or not authentication is necessary for a particular asset
* and whether the current user is a member of the group that has access
* @return boolean true if the user has access
*/
function access_allowed()
{
$es = new entity_selector();
$es->add_right_relationship($this->asset->id(), relationship_id_of('asset_access_permissions_to_group'));
$es->add_type(id_of('group_type'));
$es->set_num(1);
$groups = $es->run_one();
if (empty($groups)) {
return true;
}
$group = current($groups);
$gh = new group_helper();
$gh->set_group_by_entity($group);
$access = $gh->is_username_member_of_group("") ? true : $gh->is_username_member_of_group($this->get_username());
// else discover and check username
if ($access === NULL) {
reason_require_authentication('login_to_access_file');
die;
}
return $access;
// true or false
}
function run($send_header = true)
{
$this->get_site_id();
if ($page = $this->_get_page()) {
if ($groups = $this->get_page_restriction_groups($page, $this->site)) {
foreach ($groups as $group) {
$gh = new group_helper();
$gh->set_group_by_entity($group);
if ($gh->requires_login()) {
$username = reason_require_http_authentication();
if (!$gh->is_username_member_of_group($username)) {
$this->_send_unauthorized_output($send_header);
die;
}
}
}
}
} else {
$pages = $this->get_sitewide_media_pages($this->site);
if (!empty($pages)) {
$restricted_pages = array();
$page_group_helpers = array();
foreach ($pages as $page) {
if ($groups = $this->get_page_restriction_groups($page, $this->site)) {
foreach ($groups as $group) {
$gh = new group_helper();
$gh->set_group_by_entity($group);
if ($gh->requires_login()) {
$restricted_pages[$page->id()] = $page;
if (!isset($page_group_helpers[$page->id()])) {
$page_group_helpers[$page->id()] = array();
}
$page_group_helpers[$page->id()][] = $gh;
}
}
}
}
if (count($restricted_pages) >= count($pages)) {
$username = reason_require_http_authentication();
$access_ok = false;
foreach ($restricted_pages as $page) {
$is_member = true;
foreach ($page_group_helpers[$page->id()] as $gh) {
if (!$gh->is_username_member_of_group($username)) {
$is_member = false;
break;
}
}
if ($is_member) {
$access_ok = true;
break;
}
}
if (!$access_ok) {
$this->_send_unauthorized_output($send_header);
die;
}
}
} else {
$this->_send_unauthorized_output($send_header);
die;
}
}
parent::run($send_header);
}
function _user_is_in_viewing_group()
{
if ($group =& $this->_get_group('form_to_authorized_viewing_group'))
{
$netid = $this->get_user_netid();
$gh = new group_helper();
$gh->set_group_by_entity($group);
return $gh->has_authorization($netid);
}
else return true;
}
/**
* Determine if a given user has access to all of a set of assets
*
* @param array $access
* @param string $username
* @return boolean
*/
function _has_access($assets, $username)
{
if (!is_array($assets)) {
$assets = array($assets->id() => $assets);
}
if (!empty($assets)) {
$es = new entity_selector();
$es->add_right_relationship(array_keys($assets), relationship_id_of('asset_access_permissions_to_group'));
$es->add_type(id_of('group_type'));
$es->set_env('site', $this->site_id);
$groups = $es->run_one();
//pray($groups);
//die();
foreach ($groups as $group_id => $group) {
$gh = new group_helper();
$gh->set_group_by_entity($group);
if (!$gh->has_authorization($username)) {
return false;
}
}
}
return true;
}
/**
* Get access information about whether the current user can access a given image at its original size
* @return string 'no_group', 'authentication_required', 'ok', or 'not_authorized'
*/
function current_user_original_size_access($item)
{
if (empty($this->params['original_size_access_group'])) {
return 'no_group';
}
if (!($group_id = id_of($this->params['original_size_access_group']))) {
trigger_error('Access group unique name parameter given in page type not a Reason entity.');
return 'no_group';
}
$group = new entity($group_id);
if ($group->get_value('type') != id_of('group_type')) {
trigger_error('Access group unique name does not belong to a valid Reason group.');
return 'no_group';
}
$helper = new group_helper();
$helper->set_group_by_entity($group);
$result = $helper->is_username_member_of_group(reason_check_authentication());
if (null === $result) {
return 'authentication_required';
} elseif (true === $result) {
return 'ok';
} else {
return 'not_authorized';
}
}
