public function has_access($condition, array $entity) { // get user's group level $group = \Auth::group()->get_level(); // parse conditions, area and rights in question $condition = static::_parse_conditions($condition); if (!is_array($condition) || empty($group)) { return false; } $area = $condition[0]; $rights = (array) $condition[1]; if (empty($rights)) { $rights = array('read'); // default to read } $area_rights = \DB::select()->from($this->table_name)->where('app', '=', $area)->and_where('level', '=', $group)->execute(); // var_dump('',$area_rights); if (count($area_rights) <= 0) { return false; // given area and level has no defined rights } // check user's group has access right to the given area foreach ($rights as $r) { if ($area_rights->get($r) == 'N') { return false; // one of the right does not exist, return false immediately } } // all the rights were found, return true return true; }
public function has_access($condition, array $entity) { $group = \Auth::group($entity[0]); if (!is_array($condition) || empty($group) || !is_callable(array($group, 'get_roles'))) { return false; } $area = $condition[0]; $rights = $condition[1]; $current_roles = $group->get_roles($entity[1]); $current_rights = ''; if (is_array($current_roles)) { $roles = \Config::get('simpleauth.roles', array()); array_key_exists('#', $roles) && array_unshift($current_roles, '#'); foreach ($current_roles as $r_role) { if (!array_key_exists($r_role, $roles) || ($r_rights = $roles[$r_role]) === false) { return false; } if (array_key_exists($area, $r_rights)) { $current_rights = $r_rights === true || $current_rights === true ? true : $current_rights . $r_rights[$area]; } } } // start checking rights, terminate false when character not found $rights = array_unique(preg_split('//', $rights, -1, PREG_SPLIT_NO_EMPTY)); foreach ($rights as $right) { if (strpos($current_rights, $right) === false) { return false; } } return true; }
public function get_user_info() { if (empty($this->user)) { return false; } return array('id' => (int) $this->user['id'], 'username' => $this->user['username'], 'email' => $this->user['email'], 'group' => $this->user['group'], 'level' => \Auth::group()->get_level(), 'profile_fields' => $this->get_profile_fields()); }
public function before() { parent::before(); // Without this line, templating won't work! if (\Auth::check()) { # Set user info list(, $userid) = \Auth::get_user_id(); $this->template->set_global('auth', ['user' => ['screen_name' => \Auth::get_screen_name(), 'group' => \Auth::group()->get_name()]], false); } }
public function has_access($condition, array $entity) { if (count($entity) > 0) { $group = Auth::group($entity[0]); if (!is_null($group) || !empty($group)) { return $group->member($condition); } } return false; }
public function before() { parent::before(); // Without this line, templating won't work! if (\Auth::check()) { // Check if the current user is an administrator if (!\Auth::member(100)) { \Session::set_flash('error', 'You don\'t have the required access'); \Response::redirect('auth'); } # Set user info $this->template->set_global('auth', ['user' => ['screen_name' => \Auth::get_screen_name(), 'group' => \Auth::group()->get_name()]], false); } else { \Response::redirect('auth'); } }
public function action_view($id = null) { $user = \Model_User::find($id); if (is_null($user)) { \Response::redirect('users'); } $out = Petro::render_panel('User Information', Petro::render_attr_table($user, array('name', 'username', 'email', 'group', 'last_login'), static::_columns())); $out .= Petro_Comment::render($this->app, $id); $routes = Petro::get_routes($id); $this->action_items = array(array('title' => 'Edit User', 'link' => $routes['edit']), array('title' => 'Delete User', 'link' => $routes['delete'])); $gp = \Auth::group()->get_name($user->group); if (\Auth::instance()->is_current_user($id)) { $this->sidebars->add('Operations', '<div>' . \Html::anchor('users/change_password', 'Change password') . '<br/>' . \Html::anchor('#', 'Reset password') . '<br/>' . $user->group . ' : ' . $gp . '</div>'); } $this->template->page_title = $user->username; $this->template->set('content', $out, false); }
public function has_access($condition, array $entity) { $group = \Auth::group($entity[0]); if (!is_array($condition) || empty($group) || !is_callable(array($group, 'get_roles'))) { return false; } $area = $condition[0]; $rights = $condition[1]; $current_roles = $group->get_roles($entity[1]); $current_rights = array(); if (is_array($current_roles)) { $roles = \Config::get('simpleauth.roles', array()); array_key_exists('#', $roles) && array_unshift($current_roles, '#'); foreach ($current_roles as $r_role) { // continue if the role wasn't found if (!array_key_exists($r_role, $roles)) { continue; } $r_rights = $roles[$r_role]; // if one of the roles has a negative wildcard (false) return it if ($r_rights === false) { return false; } elseif ($r_rights === true) { return true; } elseif (array_key_exists($area, $r_rights)) { $current_rights = array_unique(array_merge($current_rights, $r_rights[$area])); } } } // start checking rights, terminate false when right not found foreach ($rights as $right) { if (!in_array($right, $current_rights)) { return false; } } // all necessary rights were found, return true return true; }
public function has_access($condition, array $entity) { $condition = static::_parse_conditions($condition); $group = \Auth::group($entity[0]); if (!is_array($condition) || empty($group) || !is_callable(array($group, 'get_roles'))) { return false; } $module = $condition[0]; $area = $condition[1]; $rights = $condition[2]; $current_roles = $group->get_roles($entity[1]); $current_rights = array(); if (is_array($current_roles)) { $roles = \Config::get('complexauth.roles', array()); array_key_exists('#', $roles) && array_unshift($current_roles, '#'); foreach ($current_roles as $r_role) { if (!array_key_exists($r_role, $roles) || ($r_rights = $roles[$r_role]) === false) { return false; } if ($roles[$r_role] === true) { return true; } if (array_key_exists($module, $r_rights)) { if (array_key_exists($area, $r_rights[$module])) { $current_rights = array_unique(array_merge($current_rights, $r_rights[$module][$area])); // $current_rights = ($r_rights === true || $current_rights === true) ? true : $current_rights . $r_rights[$area]; } } } } foreach ($rights as $right) { if (!in_array($right, $current_rights)) { return false; } } return true; }
public function has_access($condition, array $entity) { // get the group driver instance $group_driver = \Auth::group($entity[0]); // parse the requested permissions so we can check them $condition = static::_parse_conditions($condition); // if we couldn't parse the conditions, don't have a driver, or the driver doesn't export roles, bail out if (!is_array($condition) || empty($group_driver) || !is_callable(array($group_driver, 'get_roles'))) { return false; } // get the permission area and the permission rights to be checked $area = $condition[0]; // any actions defined? if (!is_array($condition[1]) and preg_match('#(.*)?\\[(.*)?\\]#', $condition[1], $matches)) { $rights = (array) $matches[1]; $actions = explode(',', $matches[2]); } else { $rights = (array) $condition[1]; $actions = array(); } // fetch the current user object $user = Auth::get_user(); // some storage to collect the current rights and revoked rights, and the global flag $current_rights = array(); $revoked_rights = array(); $global_access = null; // assemble the current users effective rights $cache_key = \Config::get('ormauth.cache_prefix', 'auth') . '.permissions.user_' . ($user ? $user->id : 0); try { list($current_rights, $revoked_rights, $global_access) = \Cache::get($cache_key); } catch (\CacheNotFoundException $e) { // get the role objects assigned to this group $current_roles = $entity[1]->roles; // if we have a user, add the roles directly assigned to the user if ($user) { $current_roles = \Arr::merge($current_roles, Auth::get_user()->roles); } foreach ($current_roles as $role) { // role grants all access if ($role->filter == 'A') { $global_access = true; } elseif ($role->filter == 'D') { $global_access = false; } elseif ($role->filter == 'R') { // fetch the permissions of this role foreach ($role->permissions as $permission) { isset($revoked_rights[$permission->area][$permission->permission]) or $revoked_rights[$permission->area][$permission->permission] = array(); foreach ($role->rolepermission as $rolepermission) { if ($rolepermission->role_id == $role->id and $rolepermission->perms_id == $permission->id) { $revoked_rights[$permission->area][$permission->permission] = array_merge($revoked_rights[$permission->area][$permission->permission], array_intersect_key($permission->actions ?: array(), array_flip($rolepermission->actions ?: array()))); break; } } } } else { // fetch the permissions of this role foreach ($role->permissions as $permission) { isset($current_rights[$permission->area][$permission->permission]) or $current_rights[$permission->area][$permission->permission] = array(); foreach ($role->rolepermission as $rolepermission) { if ($rolepermission->role_id == $role->id and $rolepermission->perms_id == $permission->id) { $current_rights[$permission->area][$permission->permission] = array_merge($current_rights[$permission->area][$permission->permission], array_intersect_key($permission->actions ?: array(), array_flip($rolepermission->actions ?: array()))); break; } } } } } // if this user doesn't have a global filter applied... if (is_array($current_rights)) { if ($user) { // add the users group rights foreach ($user->group->permissions as $permission) { isset($current_rights[$permission->area][$permission->permission]) or $current_rights[$permission->area][$permission->permission] = array(); foreach ($user->group->grouppermission as $grouppermission) { if ($grouppermission->group_id == $user->group_id and $grouppermission->perms_id == $permission->id) { $current_rights[$permission->area][$permission->permission] = array_merge($current_rights[$permission->area][$permission->permission], array_intersect_key($permission->actions ?: array(), array_flip($grouppermission->actions ?: array()))); break; } } } // add the users personal rights foreach ($user->permissions as $permission) { isset($current_rights[$permission->area][$permission->permission]) or $current_rights[$permission->area][$permission->permission] = array(); foreach ($user->userpermission as $userpermission) { if ($userpermission->user_id == $user->id and $userpermission->perms_id == $permission->id) { $current_rights[$permission->area][$permission->permission] = array_merge($current_rights[$permission->area][$permission->permission], array_intersect_key($permission->actions ?: array(), array_flip($userpermission->actions ?: array()))); break; } } } } } // save the rights in the cache \Cache::set($cache_key, array($current_rights, $revoked_rights, $global_access)); } // check for a revocation first foreach ($rights as $right) { // check revocation permissions if (isset($revoked_rights[$area]) and array_key_exists($right, $revoked_rights[$area])) { $revoked = true; // need to check any actions? foreach ($actions as $action) { if (!in_array($action, $revoked_rights[$area][$right])) { $revoked = false; break; } } // right revoked? if ($revoked) { return false; } } } // was a global filter applied? if (is_bool($global_access)) { // we're done here return $global_access; } // start checking rights, terminate false when right not found foreach ($rights as $right) { // check basic permissions if (!isset($current_rights[$area]) or !array_key_exists($right, $current_rights[$area])) { return false; } // need to check any actions? foreach ($actions as $action) { if (!in_array($action, $current_rights[$area][$right])) { return false; } } } // all necessary rights were found, return true return true; }
/** * Returns the list of defined groups * * @return array */ public function groups($driver = null) { $result = array(); if ($driver === null) { foreach (\Auth::group(true) as $group) { method_exists($group, 'groups') and $result = \Arr::merge($result, $group->groups()); } } else { $result = \Auth::group($driver)->groups(); } return $result; }
/** * Verify Group membership * * @param mixed group identifier to check for membership * @param string group driver id or null to check all * @param array user identifier to check in form array(driver_id, user_id) * @return bool */ public function member($group, $driver = null, $user = null) { $user = $user ?: $this->get_user_id(); if ($driver === null) { foreach (\Auth::group(true) as $g) { if ($g->member($group, $user)) { return true; } } return false; } return \Auth::group($driver)->member($group, $user); }