function fn_check_admin_permissions(&$schema, $controller, $mode, $request_method = '', $request_variables = array()) { static $usergroup_privileges; if (empty($_SESSION['auth']['usergroup_ids'])) { $_schema = isset($schema['root']) ? $schema['root'] : array(); } else { $_schema = $schema; } if (isset($_schema[$controller])) { // Check if permissions set for certain mode if (isset($_schema[$controller]['modes']) && isset($_schema[$controller]['modes'][$mode])) { if (isset($_schema[$controller]['modes'][$mode]['permissions'])) { $permission = is_array($_schema[$controller]['modes'][$mode]['permissions']) ? $_schema[$controller]['modes'][$mode]['permissions'][$request_method] : $_schema[$controller]['modes'][$mode]['permissions']; if (isset($_schema[$controller]['modes'][$mode]['condition'])) { $condition = $_schema[$controller]['modes'][$mode]['condition']; } } elseif (!empty($request_variables) & !empty($_schema[$controller]['modes'][$mode]['param_permissions'])) { $permission = fn_get_request_param_permissions($_schema[$controller]['modes'][$mode]['param_permissions'], $request_variables); } } // Check common permissions if (empty($permission) && !empty($_schema[$controller]['permissions'])) { $permission = is_array($_schema[$controller]['permissions']) ? $_schema[$controller]['permissions'][$request_method] : $_schema[$controller]['permissions']; if (isset($_schema[$controller]['condition'])) { $condition = $_schema[$controller]['condition']; } } if (empty($permission)) { // This controller does not have permission checking return true; } else { if (empty($usergroup_privileges)) { $usergroup_privileges = db_get_fields("SELECT privilege FROM ?:usergroup_privileges WHERE usergroup_id IN(?n)", $_SESSION['auth']['usergroup_ids']); $usergroup_privileges = !empty($usergroup_privileges) ? array_unique($usergroup_privileges) : array('__EMPTY__'); } $result = in_array($permission, $usergroup_privileges); if (isset($condition)) { if ($condition['operator'] == 'or') { return $result || fn_execute_permission_condition($condition); } elseif ($condition['operator'] == 'and') { return $result && fn_execute_permission_condition($condition); } } return $result; } } return true; }
function fn_check_admin_permissions(&$schema, $controller, $mode, $request_method = '', $request_variables = array()) { if (isset($schema[$controller])) { // Check if permissions set for certain mode if (isset($schema[$controller]['modes']) && isset($schema[$controller]['modes'][$mode])) { if (isset($schema[$controller]['modes'][$mode]['permissions'])) { $permission = is_array($schema[$controller]['modes'][$mode]['permissions']) ? $schema[$controller]['modes'][$mode]['permissions'][$request_method] : $schema[$controller]['modes'][$mode]['permissions']; if (isset($schema[$controller]['modes'][$mode]['condition'])) { $condition = $schema[$controller]['modes'][$mode]['condition']; } } elseif (!empty($request_variables['table']) && isset($schema[$controller]['modes'][$mode]['param_permissions']['table_names'][$request_variables['table']])) { $permission = $schema[$controller]['modes'][$mode]['param_permissions']['table_names'][$request_variables['table']]; } } // Check common permissions if (empty($permission) && !empty($schema[$controller]['permissions'])) { $permission = is_array($schema[$controller]['permissions']) ? $schema[$controller]['permissions'][$request_method] : $schema[$controller]['permissions']; if (isset($schema[$controller]['condition'])) { $condition = $schema[$controller]['condition']; } } if (empty($permission)) { // This controller does not have permission checking return true; } else { $exists = db_get_field("SELECT privilege FROM ?:usergroup_privileges WHERE usergroup_id IN(?n) AND privilege = ?s", $_SESSION['auth']['usergroup_ids'], $permission); $result = !empty($exists); if (isset($condition)) { if ($condition['operator'] == 'or') { return $result || fn_execute_permission_condition($condition); } elseif ($condition['operator'] == 'and') { return $result && fn_execute_permission_condition($condition); } } return $result; } } return true; }