/** * Whether a group has capability * * @since 2.1 * @package facileManager * * @param integer $group_id Group ID to check. * @param string|array $capability Capability name. * @param string $module Module name to check capability for * @param string $extra_perm Extra capability to check * @param array $allowed_capabilities Capabilities granted to the user or group * @return boolean */ function userGroupCan($id, $capability, $module = 'facileManager', $extra_perm = null, $allowed_capabilities = array()) { global $fm_name; /** Check if super admin */ if (@array_key_exists('do_everything', $allowed_capabilities[$fm_name])) { return true; } /** Handle multiple capabilities */ if (is_array($capability)) { foreach ($capability as $cap) { if (userCan($id, $cap, $module, $extra_perm)) { return true; } } return false; } /** Check capability */ if (@array_key_exists($capability, $allowed_capabilities[$module])) { if (is_array($allowed_capabilities[$module][$capability])) { if (is_array($extra_perm)) { $found = false; foreach ($extra_perm as $needle) { if (in_array($needle, $allowed_capabilities[$module][$capability])) { $found = true; } } return $found; } else { return in_array($extra_perm, $allowed_capabilities[$module][$capability]); } } return true; } return false; }
/** * Whether a user has capability * * @since 1.2 * @package facileManager * * @param integer $user_id User ID to check. * @param string|array $capability Capability name. * @param string $module Module name to check capability for * @param string $extra_perm Extra capability to check * @return boolean */ function userCan($user_id, $capability, $module = 'facileManager', $extra_perm = null) { global $fm_name; $user_capabilities = getUserCapabilities($user_id); /** Check if super admin */ if (@array_key_exists('do_everything', $user_capabilities[$fm_name])) { return true; } /** If no authentication then return full access */ if (!getOption('auth_method')) { return true; } /** Handle multiple capabilities */ if (is_array($capability)) { foreach ($capability as $cap) { if (userCan($user_id, $cap, $module, $extra_perm)) { return true; } } return false; } /** Check user capability */ if (@array_key_exists($capability, $user_capabilities[$module])) { if (is_array($user_capabilities[$module][$capability])) { if (is_array($extra_perm)) { $found = false; foreach ($extra_perm as $needle) { if (in_array($needle, $user_capabilities[$module][$capability])) { $found = true; } } return $found; } else { return in_array($extra_perm, $user_capabilities[$module][$capability]); } } return true; } if ($capability === null) { return true; } return false; }
/** * Check the current user's permissions against an ownable item. * @param $permission * @param Ownable $ownable * @return bool */ protected function checkOwnablePermission($permission, Ownable $ownable) { if (userCan($permission, $ownable)) { return true; } return $this->showPermissionError(); }
/** * Update the specified user in storage. * @param Request $request * @param int $id * @return Response */ public function update(Request $request, $id) { $this->preventAccessForDemoUsers(); $this->checkPermissionOr('users-manage', function () use($id) { return $this->currentUser->id == $id; }); $this->validate($request, ['name' => 'min:2', 'email' => 'min:2|email|unique:users,email,' . $id, 'password' => 'min:5|required_with:password_confirm', 'password-confirm' => 'same:password|required_with:password'], ['password-confirm.required_with' => 'Password confirmation required']); $user = $this->user->findOrFail($id); $user->fill($request->all()); // Role updates if (userCan('users-manage') && $request->has('roles')) { $roles = $request->get('roles'); $user->roles()->sync($roles); } // Password updates if ($request->has('password') && $request->get('password') != '') { $password = $request->get('password'); $user->password = bcrypt($password); } // External auth id updates if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) { $user->external_auth_id = $request->get('external_auth_id'); } $user->save(); session()->flash('success', 'User successfully updated'); $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id; return redirect($redirectUrl); }
/** * Displays the form to add new user * * @since 1.0 * @package facileManager */ function printUsersForm($data = '', $action = 'add', $form_bits = array(), $button_text = 'Save', $button_id = 'submit', $action_page = 'admin-users.php', $print_form_head = true, $display_type = 'popup') { global $__FM_CONFIG, $fm_name, $fm_login; $user_id = 0; $user_login = $user_password = $cpassword = null; $ucaction = ucfirst($action); $disabled = isset($_GET['id']) && $_SESSION['user']['id'] == $_GET['id'] ? 'disabled' : null; $button_disabled = null; $user_email = $user_default_module = null; $hidden = $user_perm_form = $return_form_rows = null; $user_force_pwd_change = $user_template_only = null; if (!empty($_POST) && !array_key_exists('is_ajax', $_POST)) { if (is_array($_POST)) { extract($_POST); } } elseif (@is_object($data[0])) { extract(get_object_vars($data[0])); $user_password = null; } $popup_title = $action == 'add' ? __('Add User') : __('Edit User'); $popup_header = buildPopup('header', $popup_title); $popup_footer = buildPopup('footer'); if (in_array('user_login', $form_bits)) { /** Get field length */ $field_length = getColumnLength('fm_users', 'user_login'); $username_form = $action == 'add' ? '<input name="user_login" id="user_login" type="text" value="' . $user_login . '" size="40" maxlength="' . $field_length . '" />' : '<span id="form_username">' . $user_login . '</span>'; $hidden = '<input type="hidden" name="user_id" value="' . $user_id . '" />'; $hidden .= $action != 'add' ? '<input type="hidden" name="user_login" value="' . $user_login . '" />' : null; $return_form_rows .= '<tr> <th width="33%" scope="row"><label for="user_login">' . _('User Login') . '</label></th> <td width="67%">' . $username_form . '</td> </tr>'; } if (in_array('user_email', $form_bits)) { /** Get field length */ $field_length = getColumnLength('fm_users', 'user_login'); $return_form_rows .= '<tr> <th width="33%" scope="row"><label for="user_email">' . _('User Email') . '</label></th> <td width="67%"><input name="user_email" id="user_email" type="email" value="' . $user_email . '" size="32" maxlength="' . $field_length . '" ' . $disabled . ' /></td> </tr>'; } if (in_array('user_auth_method', $form_bits) && getOption('auth_method')) { if (!isset($user_auth_type)) { $user_auth_type = 1; } $auth_method_types = $__FM_CONFIG['options']['auth_method']; if (array_shift($auth_method_types) && count($auth_method_types) > 1) { $return_form_rows .= '<tr> <th width="33%" scope="row"><label for="user_email">' . _('Authentication Method') . '</label></th> <td width="67%">' . buildSelect('user_auth_type', 'user_auth_type', $auth_method_types, $user_auth_type) . '</td> </tr>'; } } if (in_array('user_password', $form_bits) || array_key_exists('user_password', $form_bits)) { if ($action == 'add') { $button_disabled = 'disabled'; } $strength = $GLOBALS['PWD_STRENGTH']; if (array_key_exists('user_password', $form_bits)) { $strength = $form_bits['user_password']; } $return_form_rows .= '<tr class="user_password"> <th width="33%" scope="row"><label for="user_password">' . _('User Password') . '</label></th> <td width="67%"><input name="user_password" id="user_password" type="password" value="" size="40" onkeyup="javascript:checkPasswd(\'user_password\', \'' . $button_id . '\', \'' . $strength . '\');" /></td> </tr> <tr class="user_password"> <th width="33%" scope="row"><label for="cpassword">' . _('Confirm Password') . '</label></th> <td width="67%"><input name="cpassword" id="cpassword" type="password" value="" size="40" onkeyup="javascript:checkPasswd(\'cpassword\', \'' . $button_id . '\', \'' . $strength . '\');" /></td> </tr> <tr class="user_password"> <th width="33%" scope="row">' . _('Password Validity') . '</th> <td width="67%"><div id="passwd_check">' . _('No Password') . '</div></td> </tr> <tr class="pwdhint user_password"> <th width="33%" scope="row">' . _('Hint') . '</th> <td width="67%">' . $__FM_CONFIG['password_hint'][$strength][1] . '</td> </tr>'; } if (in_array('user_module', $form_bits)) { $active_modules = $user_id == $_SESSION['user']['id'] ? getActiveModules(true) : getActiveModules(); $user_module_options = buildSelect('user_default_module', 'user_default_module', $active_modules, $user_default_module); unset($active_modules); $return_form_rows .= '<tr> <th width="33%" scope="row">' . _('Default Module') . '</th> <td width="67%">' . $user_module_options . '</td> </tr>'; } if (in_array('user_options', $form_bits)) { $force_pwd_check = $user_force_pwd_change == 'yes' ? 'checked disabled' : null; $user_template_only_check = $user_template_only == 'yes' ? 'checked' : null; $return_form_rows .= '<tr> <th width="33%" scope="row">' . _('Options') . '</th> <td width="67%"> <input name="user_force_pwd_change" id="user_force_pwd_change" value="yes" type="checkbox" ' . $force_pwd_check . '/><label for="user_force_pwd_change">' . _('Force Password Change at Next Login') . '</label><br /> <input name="user_template_only" id="user_template_only" value="yes" type="checkbox" ' . $user_template_only_check . '/><label for="user_template_only">' . _('Template User') . '</label> </td> </tr>'; } if (in_array('verbose', $form_bits)) { $hidden .= '<input type="hidden" name="verbose" value="0" />' . "\n"; $return_form_rows .= '<tr> <th width="33%" scope="row">' . _('Options') . '</th> <td width="67%"><input name="verbose" id="verbose" type="checkbox" value="1" checked /><label for="verbose">' . _('Verbose Output') . '</label></td> </tr>'; } do { if (in_array('user_perms', $form_bits)) { /** Cannot edit perms of super-admin if logged in user is not a super-admin */ if (userCan($user_id, 'do_everything') && !currentUserCan('do_everything')) { break; } $user_is_super_admin = userCan($user_id, 'do_everything'); $fm_perm_boxes = $perm_boxes = null; $i = 1; $fm_user_caps = getAvailableUserCapabilities(); foreach ($fm_user_caps[$fm_name] as $key => $title) { if ($key != 'do_everything' && $user_is_super_admin) { $checked = null; } else { $checked = userCan($user_id, $key) ? 'checked' : null; } if ($key == 'do_everything') { $title = "<b>{$title}</b>"; } $fm_perm_boxes .= ' <input name="user_caps[' . $fm_name . '][' . $key . ']" id="fm_perm_' . $key . '" type="checkbox" value="1" ' . $checked . '/> <label for="fm_perm_' . $key . '">' . $title . '</label>' . "\n"; /** Display checkboxes three per row */ if ($i == 3) { $fm_perm_boxes .= "<br />\n"; $i = 0; } $i++; } if (!empty($fm_perm_boxes)) { $perm_boxes .= <<<PERM \t\t\t\t<tr id="userperms"> \t\t\t\t\t<th width="33%" scope="row">{$fm_name}</th> \t\t\t\t\t<td width="67%"> \t\t\t\t\t\t<input type="hidden" name="process_user_caps" value="1" /> \t\t\t\t\t\t{$fm_perm_boxes} \t\t\t\t\t</td> \t\t\t\t</tr> PERM; } /** Process module permissions */ $active_modules = getActiveModules(); foreach ($active_modules as $module_name) { $module_perm_boxes = null; $i = 1; if (array_key_exists($module_name, $fm_user_caps)) { foreach ($fm_user_caps[$module_name] as $key => $title) { $checked = userCan($user_id, $key, $module_name) && !$user_is_super_admin ? 'checked' : null; $module_perm_boxes .= ' <input name="user_caps[' . $module_name . '][' . $key . ']" id="fm_perm_' . $module_name . '_' . $key . '" type="checkbox" value="1" ' . $checked . '/> <label for="fm_perm_' . $module_name . '_' . $key . '">' . $title . '</label>' . "\n"; /** Display checkboxes three per row */ if ($i == 3) { $module_perm_boxes .= "<br />\n"; $i = 0; } $i++; } $module_extra_functions = ABSPATH . 'fm-modules' . DIRECTORY_SEPARATOR . $module_name . DIRECTORY_SEPARATOR . 'functions.extra.php'; if (file_exists($module_extra_functions)) { include $module_extra_functions; $function = 'print' . $module_name . 'UsersForm'; if (function_exists($function)) { $module_perm_boxes .= $function(getUserCapabilities($user_id), $module_name); } } } if (!empty($module_perm_boxes)) { $perm_boxes .= <<<PERM \t\t\t\t\t<tr id="userperms"> \t\t\t\t\t\t<th width="33%" scope="row">{$module_name}</th> \t\t\t\t\t\t<td width="67%"> \t\t\t\t\t\t{$module_perm_boxes} \t\t\t\t\t\t</td> \t\t\t\t\t</tr> \t PERM; } } if (!empty($perm_boxes)) { $user_perm_form = sprintf('<tr><td colspan="2"><br /><br /><i>%s</i></td></tr>', _('User Permissions')) . $perm_boxes; } } } while (false); $return_form = $print_form_head ? '<form name="manage" id="manage" method="post" action="' . $action_page . '">' . "\n" : null; if ($display_type == 'popup') { $return_form .= $popup_header; } $return_form .= ' <div> <form id="fm_user_profile"> <input type="hidden" name="action" value="' . $action . '" />' . $hidden . ' <table class="form-table" width="495px"> <tr><td colspan="2"><i>' . _('User Details') . '</i></td></tr>' . $return_form_rows . $user_perm_form; $return_form .= '</table></div>'; if ($display_type == 'popup') { $return_form .= ' </div> <div class="popup-footer"> <input type="submit" id="' . $button_id . '" name="submit" value="' . $button_text . '" class="button primary" ' . $button_disabled . '/> <input type="button" value="' . _('Cancel') . '" class="button left" id="cancel_button" /> </div> </form> <script> $(document).ready(function() { $("select").select2({ containerCss: { "min-width": "165px" }, minimumResultsForSearch: -1 }); $("select.wide_select").select2({ width: "300px", minimumResultsForSearch: -1 }); }); </script>'; } return $return_form; }