/** Load action permissions for the logged in user, and check the specified action with the specified arguments. */ function checkActionPermission($action_function, $args) { global $db_table_prefix, $loggedInUser, $master_account; // Error if user is not logged in if (!isUserLoggedIn()) { if (LOG_AUTH_FAILURES) { error_log("Authorization failed: user is not logged in."); } return false; } // Root user automatically has access to everything if ($loggedInUser->user_id == $master_account) { return true; } // Error if the specified function does not exist. if (!function_exists($action_function)) { if (LOG_AUTH_FAILURES) { error_log("Authorization failed: action '{$action_function}' does not exist."); } return false; } // Fetch individual level permits $action_permits = fetchUserPermits($loggedInUser->user_id, $action_function); // Fetch permits for each group that the user belongs to $groups = fetchUserGroups($loggedInUser->user_id); foreach ($groups as $group_id => $group) { $action_permits = array_merge($action_permits, fetchGroupPermits($group_id, $action_function)); } // For each mapping, run the appropriate handlers // If the handlers pass, return true. Otherwise, move on to the next mapping. foreach ($action_permits as $idx => $action_permit) { $action = $action_permit['action']; // Process permits for this mapping $permits_str = $action_permit['permits']; $permits = explode('&', $permits_str); if (checkActionPermits($permits, $args)) { return true; } } // Return false if no mappings pass. if (LOG_AUTH_FAILURES) { error_log("Authorization failed: User {$loggedInUser->username} (user_id={$loggedInUser->user_id}) could not be validated for {$action_function} on arguments " . print_r($args, true)); } return false; }
/** Load action permissions for the logged in user, and check the specified action with the specified arguments. */ function checkActionPermission($action_function, $args) { global $db_table_prefix, $loggedInUser, $master_account; // Error if user is not logged in if (!isUserLoggedIn()) { return false; } // Root user automatically has access to everything if ($loggedInUser->user_id == $master_account) { return true; } // Error if the specified function does not exist. if (!function_exists($action_function)) { //echo "FAILED: action '$action_function' does not exist.<br><br>"; return false; } /* $parameters = $method->getParameters(); //echo var_dump($parameters); foreach ($parameters as $id => $param ){ echo $param->getName() . "<br>"; } */ // Fetch individual level permits $action_permits = fetchUserPermits($loggedInUser->user_id, $action_function); // Fetch permits for each group that the user belongs to $groups = fetchUserGroups($loggedInUser->user_id); foreach ($groups as $group_id => $group) { $action_permits = array_merge($action_permits, fetchGroupPermits($group_id, $action_function)); } // For each mapping, run the appropriate handlers // If the handlers pass, return true. Otherwise, move on to the next mapping. foreach ($action_permits as $idx => $action_permit) { $action = $action_permit['action']; //echo "Checking action $action<br>"; // Get names of action parameters /* $action_param_str = array(); preg_match('/\((*?)\)/i', $action, $action_param_str); $action_params = split(',', $action_param_str); */ // Process permits for this mapping $permits_str = $action_permit['permits']; $permits = explode('&', $permits_str); //echo "Checking $action_function on arguments " . print_r($args, true) . "<br><br>"; if (checkActionPermits($permits, $args)) { return true; } } // Return false if no mappings pass. //echo "FAILED validating $action_function on arguments " . print_r($args, true) . "<br><br>"; return false; }