/** * @param $roleNames * @return bool */ public static function hasRoles($roleNames) { $hasRoles = false; if (Authentication::isAuthenticated()) { $userEntity = Authentication::getUserEntity(); for ($i = 0; $i < count($roleNames); $i++) { if (in_array($roleNames[$i], $userEntity->roleNames)) { $hasRoles = true; } } } return $hasRoles; }
/** * Controller constructor. * @param bool $isAuthenticated * @param null $roleNames */ public function __construct($isAuthenticated = false, $roleNames = null) { Browsing::setBrowsingId(); PageMenu::setPageMenu(); if (Authentication::isAuthenticated()) { Authentication::setUserEntity(); if ($roleNames != null && !Authentication::hasRoles($roleNames)) { $this->redirectToUrlFromAction('main', 'no-access'); } } else { Authentication::unsetUserEntity(); if ($isAuthenticated) { $this->redirectToUrlFromAction('account', 'login'); } } }
/** * @param $pageId * @param $feedbackType */ public static function getScriptForComments($pageId, $feedbackType) { ?> <?php if ($feedbackType != PageEntity::$FEEDBACK_COMMENTS_AUTH || Authentication::isAuthenticated()) { ?> <script type="text/javascript"> $('#answer_0').focus(); function showDivAnswer(commentId) { $('div.div_answer').each(function () { $(this).hide(); }); $('a.a_answer').each(function () { $(this).prop('disabled', false); }); $('#div_answer_' + commentId).show(); $('#a_answer_' + commentId).prop('disabled', true); $('#answer_' + commentId).focus(); } function submitComment(textAreaId, commentId) { var body = $('#' + textAreaId).val(); var captcha = $('#input_captcha_' + commentId).val(); $.ajax({ method: 'POST', url: '/main/create-comment', data: {PageId: <?php echo $pageId; ?> , CommentId: commentId, Body: body, Captcha: captcha} }).done(function (data) { if (data == 'captcha') { alert('<?php echo Language::$ERROR_CAPTCHA[Config::$LANGUAGE]; ?> '); $('#input_captcha_' + commentId).val(''); $('#input_captcha_' + commentId).focus(); } else if (commentId == 0) { $('#li_0').before(data); } else { $('#ul_' + commentId).append(data); } if (data != 'captcha') { $('div.div_answer').each(function () { $(this).hide(); }); $('a.a_answer').each(function () { $(this).prop('disabled', false); }); $('#' + textAreaId).val(''); $('#answer_0').focus(); } refresh(commentId); }); } function deleteComment(commentId) { if (confirm('<?php echo Language::$ARE_YOU_SURE[Config::$LANGUAGE]; ?> ')) { $.ajax({ method: 'POST', url: '/main/delete-comment', data: {CommentId: commentId} }).done(function (data) { if (data == 'success') { $('#li_' + commentId).remove(); } }); } } function refresh(id) { var captcha = document.getElementById('captcha_' + id); captcha.src = '/misc/captcha/' + id + '?v=' + Math.random(); } </script> <?php } ?> <?php }
/** * POST: /main/delete-comment */ public function deleteCommentPost() { $commentId = $_REQUEST['CommentId']; $commentOnPageDAO = new CommentOnPageDAO(); $comment = $commentOnPageDAO->getCommentOnPage($commentId); if (Authentication::isAuthenticated() && (Authentication::getUserEntity()->id == $comment->userId || Authentication::hasRoles(array('manager', 'admin')))) { $commentOnPageDAO->delete($commentId); echo 'success'; } }