/**
* Checks recursively in the form directory and parent directories
* until it checks $formPath finally for an access.php file. It then
* parses that file as an INI file and determines whether the form is
* accessible by the current user. If a template is specified in the
* access.php file, that template name is returned on success, otherwise
* a boolean true value is returned on success. False is always returned
* if the user is not allowed.
*
* @access public
* @param string $name
* @param string $context
* @return mixed
*
*/
function formAllowed($name, $context = 'normal')
{
$app = $this->getApp($name);
$name = $this->removeApp($name, $app);
if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) {
return false;
}
if (isset($this->applications[$app]) && !$this->applications[$app]) {
// app is disabled
return false;
}
$dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name;
while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) {
if (@file_exists($dir . '/access.php')) {
$access = parse_ini_file($dir . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) {
return false;
// } elseif ($context == 'inline' && ! $access['sitellite_inline']) {
// return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
$dir = preg_split('/\\//', $dir);
array_pop($dir);
$dir = join('/', $dir);
}
// check for a global access.php file
if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) {
$access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'inline' && !$access['sitellite_inline']) {
return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
// no access.php found at all, revert to logical defaults
if ($context == 'action') {
return false;
}
return true;
}
<?php
/**
* Set this to the email address to send notices of completed tasks to.
* Add multiple email recipients by separating them with commas.
*/
appconf_set('email_notices', '*****@*****.**');
/**
* Override the template set used in the application. This can be used
* to integrate the app into a web site. Note that the access.php files
* will also need to be modified in this case.
*/
appconf_set('template_set', false);
if ($context == 'action' && appconf('template_set')) {
page_template_set(appconf('template_set'));
}
