public static function check($name, $action = 1, $module = "") { if (empty($module)) { $module = wbCache::getCached('current', 'module'); } if (empty($module)) { throw new Exception("Unknown Module"); } if (!self::isPermissionExist($name)) { throw new Exception('Unknown Permission Name ' . $name . ' on module ' . $module); } $sessionInfo = wbUser::getSession(); $dbconn = wbDB::getConn(); $prefix = wbConfig::get('DB.prefix'); $query = "SELECT role_id FROM " . $prefix . "_user_role \r\n WHERE role_id IN (select role_id FROM " . $prefix . "_role_permission) AND user_id = ?"; $result =& $dbconn->Execute($query, array($sessionInfo['user_id'])); if (!$result) { throw new Exception($dbconn->ErrorMsg()); } while (!$result->EOF) { list($role_id) = $result->fields; // check ACCESS $query = "SELECT COUNT(1) FROM " . $prefix . "_role_permission as a, " . $prefix . "_permission as b\r\n WHERE a.role_id = ? AND \r\n a.permission_level >= ? AND \r\n a.permission_id = b.permission_id AND\r\n b.permission_name = ? AND \r\n b.permission_module = ?"; $count = $dbconn->GetOne($query, array($role_id, $action, $name, $module)); if ($count === false) { throw new Exception($dbconn->ErrorMsg()); } if ($count) { return true; } // this user has ACCESS $result->MoveNext(); } $result->Close(); // this user does not access throw new Exception(json_encode(array('error' => 'sess_error', 'msg' => "Anda tidak memiliki hak akses untuk melakukan operasi ini atau sessi login anda sudah berakhir<br/><br/>Silahkan untuk melakukan login kembali"))); throw new Exception("Anda tidak memiliki hak akses untuk melakukan operasi ini atau sessi login anda sudah berakhir<br/><br/>Nama Akses : " . self::$accessList[$action] . " on " . $module . '.' . $name . "<br/>Silahkan hubungi Administrator untuk mendapatkan akses tersebut"); }