/** * Checks recursively in the form directory and parent directories * until it checks $formPath finally for an access.php file. It then * parses that file as an INI file and determines whether the form is * accessible by the current user. If a template is specified in the * access.php file, that template name is returned on success, otherwise * a boolean true value is returned on success. False is always returned * if the user is not allowed. * * @access public * @param string $name * @param string $context * @return mixed * */ function formAllowed($name, $context = 'normal') { $app = $this->getApp($name); $name = $this->removeApp($name, $app); if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) { return false; } if (isset($this->applications[$app]) && !$this->applications[$app]) { // app is disabled return false; } $dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name; while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) { if (@file_exists($dir . '/access.php')) { $access = parse_ini_file($dir . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) { return false; // } elseif ($context == 'inline' && ! $access['sitellite_inline']) { // return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } $dir = preg_split('/\\//', $dir); array_pop($dir); $dir = join('/', $dir); } // check for a global access.php file if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) { $access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'inline' && !$access['sitellite_inline']) { return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } // no access.php found at all, revert to logical defaults if ($context == 'action') { return false; } return true; }
<?php /** * Set this to the email address to send notices of completed tasks to. * Add multiple email recipients by separating them with commas. */ appconf_set('email_notices', '*****@*****.**'); /** * Override the template set used in the application. This can be used * to integrate the app into a web site. Note that the access.php files * will also need to be modified in this case. */ appconf_set('template_set', false); if ($context == 'action' && appconf('template_set')) { page_template_set(appconf('template_set')); }