public function _login()
{
try {
Core\Auth::login();
if (isset($_SESSION['orion_auth_target']) && $_SESSION['orion_auth_target'] != Core\Context::genModuleURL($this->name)) {
$target = $_SESSION['orion_auth_target'];
unset($_SESSION['orion_auth_target']);
Core\Context::redirect($target);
} else {
Core\Context::redirect(Core\Context::genURL(\Orion::config()->get('DEFAULT_LOGGED_PAGE')));
}
} catch (Core\Exception $e) {
$this->assign('info', $e->getMessage());
$this->assign('type', 'error');
}
$this->renderView('views/login');
}
/**
* <p><b>Must be called AFTER Core\Auth::login()</b></p>
* Allows access only to logged users that have a level equal to or less than provided role. If permission is nsot granted, it will automatically redirect the user to the login module.
* <p><b>Note that while it's doing all login/auth/redirection work automatically, you still have to create the corresponding user table in your database in addition to provide the login module into orion's module directory.</b></p>
* @see Core\Auth
* MainConfig
* LoginModule
* @param string $slug the role identifier (ie: 'administrator', 'member', etc.). See your configuration file for a liste of roles and their permission level.
* @return bool TRUE if user has the permission, FALSE otherwise (even if redirected)
*/
public static function allow($slug, $noredirect = false)
{
if (!self::logged()) {
self::login();
}
$roles = \Orion::config()->get('AUTH_ROLES');
if (!array_key_exists($slug, $roles)) {
throw new Exception('Unable to restrict access, role [' . $slug . '] does not exist.', E_USER_ERROR, __CLASS__);
}
if (self::$user == null || empty(self::$user->level) || self::$user->level <= 0) {
throw new Exception('Missing user information. See Core\\Auth for more info.', E_USER_ERROR, __CLASS__);
}
if (self::$user->level > $roles[$slug]) {
Context::setHeaderCode(403);
if (!$noredirect) {
Context::redirect(Context::genModuleURL('users', 'error-' . self::E_LEVEL_RESTRICT, 'default'));
}
return false;
} else {
return true;
}
}
