/** * IsAuthorized method. * * @param array $user Authenticated user. * * @return bool */ public function isAuthorized($user) { if (in_array($this->request->action, ['properties'])) { return $this->Auth->user('id'); } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($user['group_id'] == 6 || $user['group_id'] == 7) { if (in_array($this->action, array('index', 'listamensaje', 'leermensaje', 'leido', 'contador', 'enviarmensaje'))) { return true; } else { if ($this->Auth->user('id')) { $this->Session->setFlash('no se puede acceder'); // $this->redirect($this->Auth->redirect()); $this->redirect(array('controller' => 'users', 'action' => 'index')); } } } // if ($user['group_id']==7 ){ // if(in_array($this->action,array('enviarmensaje','index','leermensaje'))){ // return true; // }else { // if($this->Auth->user('id')){ // $this->Session->setFlash('no se puede acceder'); // // $this->redirect($this->Auth->redirect()); // $this->redirect(array('controller'=>'users','action'=>'index')); // } // } // } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($this->action === "repo" || $this->action === "detail") { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, array('index', 'logout'))) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { $action = $this->action; if ($action === 'add') { $organizationId = $this->request->params['pass'][0]; $this->loadModel('Organization'); $organization = $this->Organization->findById($organizationId); //is this organization approved if ($organization['Organization']['status_id'] != 2) { $this->Session->setFlash('This organization must be approved before adding new events.'); return false; } //am I an organization admin of some kind for this organization? return $this->_isOrgAdminFor($organizationId); } else { if ($action === 'edit' || $action === 'admin') { $event_id = $this->request->params['pass'][0]; $event = $this->Event->findById($event_id); if (!$event) { throw new NotFoundException('Invalid event'); } $organizationId = $event['Event']['organization_id']; //am I an organization admin of some kind for this organization? return $this->_isOrgAdminFor($organizationId); } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($this->request->action === 'index') { return true; } return parent::isAuthorized($user); }
/** * Test to see if a user is authorized to make a request. * * @param array $user Member record for the user. * @param CakeRequest $request The request the user is attempting to make. * @return bool True if the user is authorized to make the request, otherwise false. * @link http://api20.cakephp.org/class/cake-request */ public function isAuthorized($user, $request) { // allows full access to see everything if (parent::isAuthorized($user, $request)) { return true; } // Get the member_id details have been requested for & the logged in users member_id $logMemberId = $this->_getLoggedInMemberId(); if (isset($request->params['pass'][0])) { $reqMemberId = $request->params['pass'][0]; } else { $reqMemberId = $logMemberId; } $memberAdmin = $this->Member->GroupsMember->isMemberInGroup($logMemberId, Group::MEMBERSHIP_ADMIN); switch ($request->action) { case 'view': // Allow everyone to view their own transaction history if ($reqMemberId == $logMemberId or $memberAdmin) { return true; } return false; case 'edit': // we'll sort this out later return true; } }
public function isAuthorized($user) { if (in_array($this->action, array('index', 'view', 'filedownload'))) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (isset($user['role']) && $user['role'] === 'storekeeper') { return true; } return parent::isAuthorized($user); }
/** * isAuthorized method * * @return boolean */ public function isAuthorized($user) { if (parent::isAuthorized($user)) { return true; } return true; }
/** * Test to see if a user is authorized to make a request. * * @param array $user Member record for the user. * @param CakeRequest $request The request the user is attempting to make. * @return bool True if the user is authorized to make the request, otherwise false. * @link http://api20.cakephp.org/class/cake-request */ public function isAuthorized($user, $request) { if (parent::isAuthorized($user, $request)) { return true; } $authGranted = false; // Only history page implemented so far if ($request->params['action'] != 'history') { return false; } // Get the member_id details have been requested for & the logged in users member_id $logMemberId = $this->_getLoggedInMemberId(); if (isset($request->params['pass'][0])) { $reqMemberId = $request->params['pass'][0]; } else { $reqMemberId = $logMemberId; } // Allow everyone to view their own transaction history if ($reqMemberId == $logMemberId) { $authGranted = true; } elseif ($this->Member->GroupsMember->isMemberInGroup($logMemberId, Group::SNACKSPACE_ADMIN)) { // Only allow 'Full Access' (via parent::isAuthorized) and 'Snackspace Admins' to view the transaction history of others $authGranted = true; } return $authGranted; }
public function isAuthorized($user = null) { $owner_allowed = array(); $user_allowed = array(); $admin_allowed = array_merge($owner_allowed, $user_allowed, array('display')); $developer_allowed = array_merge($admin_allowed, array()); # All registered users can: if (in_array($this->action, $user_allowed)) { return true; } # Admin users can: // if ($user['rol'] === 'admin') if ($user['Rol']['weight'] >= User::ADMIN) { if (in_array($this->action, $admin_allowed)) { return true; } } # Developer users can: if ($user['Rol']['weight'] >= User::DEVELOPER) { if (in_array($this->action, $developer_allowed)) { return true; } } # The owner of an user can: if (in_array($this->action, $owner_allowed)) { $userId = $this->request->params['pass'][0]; if ($this->Event->isOwnedBy($userId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($user['group_id'] == '7') { if (in_array($this->action, array('subirexamen'))) { return true; } else { if ($this->Auth->user('id')) { $this->Session->setFlash('no se puede acceder'); $this->redirect(array('controller' => 'users', 'action' => 'index')); } } } else { if ($user['group_id'] == '6') { if (in_array($this->action, array('index', 'getexams', 'download'))) { return true; } else { if ($this->Auth->user('id')) { $this->Session->setFlash('no se puede acceder'); $this->redirect(array('controller' => 'users', 'action' => 'index')); } } } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (isset($user['role']) && $user['role'] === 'teacher') { if (in_array($this->action, array('add'))) { return true; } } /**}else { $this->Session->setFlash(__('You don\'t have the right to add a teacher.'), 'flash/error'); $this->redirect(array('action' => 'index'));**/ //return false; if (isset($user['role']) && $user['role'] === 'teacher') { } else { if (isset($user['role']) && $user['role'] === 'admin') { } else { $this->Session->setFlash(__('You don\'t have the right to access to groups.'), 'flash/error'); } } // The owner of a post can edit and delete it if (in_array($this->action, array('edit', 'delete'))) { $postId = (int) $this->request->params['pass'][0]; if ($this->Group->isOwnedBy($postId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
/** * isAuthorized Method * Allows Hippa Admin to Add, Edit, Delete Everything * Client Managers & MU MAnagers can only Add Edit Delete to their own group * Users cannot see * @return void */ public function isAuthorized($user) { $group = $this->Session->read('Auth.User.group_id'); // Test group role. Is admin? $client = $this->Session->read('Auth.User.client_id'); // Test Client. $acct = $this->Session->read('Auth.User.Client.account_type'); // Get account type if ($group == 2) { if (in_array($this->action, array('index', 'view', 'add'))) { // Allow Managers to Add return true; } if (in_array($this->action, array('edit', 'delete', 'sendFile'))) { // Allow Managers to Edit, delete their own $id = $this->request->params['pass'][0]; if ($this->BusinessAssociateAgreement->isOwnedBy($id, $client)) { return true; } } } if ($group == 3 || $acct == 'Initial') { $this->Session->setFlash('You are not authorized to view that!'); $this->redirect(array('controller' => 'dashboard', 'action' => 'index')); return false; } return parent::isAuthorized($user); }
public function isAuthorized($user) { switch ($this->action) { case 'add': if ($user['Role']['name'] !== 'patient') { return true; } else { // tylko doktor albo pani Bożena z rejestracji mogą stworzyc wizytę bo wiedzą kiedy lekarz ma wolne return false; } case 'index': // No tylko zwracamy inne rzeczy return true; case 'view': if ($user['Role']['name'] == 'doctor' || $user['Role']['name'] == 'receptionist' || $user['Role']['name'] == 'admin') { return true; } else { $visit_id = $this->params['pass'][0]; $visit = $this->Visit->findById($visit_id); if ($visit) { if ($visit['Patient']['id'] == $user['Patient']['id']) { return true; } } } return false; case 'edit': if ($user['Role']['name'] !== 'patient') { return true; } return parent::isAuthorized($user); } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($this->action === 'profil') { return true; } return parent::isAuthorized($user); }
/** * Check to see if a user is authorized to perform an action. * @param array $user Array of user data * @param CakeRequest $request The request the user is attempting to perform. * @return bool True if the user is authorized to perform the action, false otherwise. */ public function isAuthorized($user, $request) { // pass all requests to the parent. // This will allow "full access" users to access everything if (parent::isAuthorized($user, $request)) { return true; } // non-logged in users can never access $memberId = $this->Member->getIdForMember($user); if ($memberId <= 0) { return false; } // Logged in users will be redirected to the index page $this->Auth->unauthorizedRedirect = array('plugin' => 'Tools', 'controller' => 'ToolsTools', 'action' => 'index'); // Array of all request in this plugin that any logged in user can access $allowedRequests = array('ToolsTools' => array('index')); // Array of all requests in this plugin that may be restricted $restrictedRequests = array('ToolsTools' => array('view', 'addbooking', 'listBookings', 'publicAccess', 'deleteBooking')); if ($this->request->params['plugin'] == 'Tools') { // is it a general page? if (array_key_exists($this->request->params['controller'], $allowedRequests)) { if (in_array($this->request->params['action'], $allowedRequests[$this->request->params['controller']])) { return true; } } // Is this user allowed to access this page? if (array_key_exists($this->request->params['controller'], $restrictedRequests)) { if (in_array($this->request->params['action'], $restrictedRequests[$this->request->params['controller']])) { return $this->ToolsTool->isUserInducted($this->request->params['pass'][0], $memberId); } } } return false; }
public function isAuthorized($user) { parent::isAuthorized($user); if (isset($user['role_id']) && $user['role_id'] == 1 || $user['role_id'] == 2) { return true; } return false; }
function isAuthorized() { $parent = parent::isAuthorized(); if (!is_null($parent)) { return $parent; } return false; }
public function isAuthorized($user = null) { // Only users with a response can use the map if ($this->action == 'view' && !$this->Session->read('response')) { return false; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // All registered users can add partes if (in_array($this->action, array('add'))) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // All registered users can add articles if ($this->request->action === 'add') { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // Addのみ許可 if ($this->action === 'add') { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // ログインしていれば申請できる、フレンド一覧を表示できる if ($this->Auth->loggedIn()) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { switch ($this->action) { case 'add': return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // Allow limited access to this controller if (in_array($this->action, array('complete'))) { return true; } // Just in case the base controller has something to add return parent::isAuthorized($user); }
public function isAuthorized($user) { //Delivered id. $car = $this->request->params['pass'][0]; if ($this->User->belongsTo($user, $user['id'])) { return TRUE; } return parent::isAuthorized($user); }
public function isAuthorized($user) { $action = $this->action; if ($action === 'index') { return $this->_isLoggedIn(); } else { if ($action === 'add') { $registration_id = $this->request->params['pass'][0]; $user_id = $this->_getUserId(); $this->loadModel('Registration'); $registration = $this->Registration->find('first', array('conditions' => array('Registration.id' => $registration_id))); if ($this->_isMine($registration['Registration']['user_id']) || $this->_isOrgAdminFor($registration['Event']['organization_id'])) { return $this->_isLoggedIn(); } else { $this->Session->setFlash('You are not yet registered for this event.'); return false; } } else { if ($action === 'edit') { $hour_id = $this->request->params['pass'][0]; $hour = $this->Hour->findById($hour_id); if (!$hour) { throw new NotFoundException('Invalid, Hour Not Found'); } $this->loadModel("Event"); $event = $this->Event->findById($hour['Registration']['event_id']); //can only edit the hour if I am an admin $isOrgAdminForHour = $this->_isOrgAdminFor($event['Event']['organization_id']); $isHourApproved = $hour['Hour']['status_id'] == 2; if ($isOrgAdminForHour || !$isOrgAdminForHour && !$isHourApproved) { return $this->_isLoggedIn(); } else { $this->Session->setFlash('You are not authorized to edit this hour.'); return false; } } else { if ($action === 'view') { $hour_id = $this->request->params['pass'][0]; $hour = $this->Hour->findById($hour_id); if (!$hour) { throw new NotFoundException('Invalid, Hour Not Found'); } $this->loadModel("Event"); $event = $this->Event->findById($hour['Registration']['event_id']); //can only edit or view the hour if it is mine or I am an admin if ($this->_isMine($hour['Hour']['user_id']) || $this->_isOrgAdminFor($event['Event']['organization_id'])) { return $this->_isLoggedIn(); } else { $this->Session->setFlash('This is not your hour to view.'); return false; } } } } } return parent::isAuthorized($user); }
/** * isAuthorized Method * Only Allow Hipaa Admin to add groups * @return void */ public function isAuthorized($user) { $group = $this->Session->read('Auth.User.group_id'); // Test group role. Is admin? if ($group == 2 || $group == 3) { //deny return false; } return parent::isAuthorized($user); }