/** * Check if user has access * * @param integer $toolid Tool ID * @param boolean $allowAuthors Allow tool authors? * @return boolean True if user has access, False if not */ private function _checkAccess($toolid, $allowAuthors = false) { // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); // allow to view if admin if ($this->config->get('access-manage-component')) { return true; } // check if user in tool dev team if ($developers = $obj->getToolDevelopers($toolid)) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { return true; } } } // allow access to tool authors if ($allowAuthors) { // Nothing here? } return false; }
/** * Authorize current user * * @param mixed $idx Index value * @return array */ private function _authorize() { // NOT logged in if (User::isGuest()) { // If the resource is published and public if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 3)) { // Allow view access $this->params->set('access-view-resource', true); if ($this->resource->access == 0) { $this->params->set('access-view-all-resource', true); } } $this->_authorized = true; return; } if ($this->isTool()) { $tconfig = Component::params('com_tools'); if ($admingroup = trim($tconfig->get('admingroup', ''))) { // Check if they're a member of admin group $ugs = \Hubzero\User\Helper::getGroups(User::get('id')); if ($ugs && count($ugs) > 0) { $admingroup = strtolower($admingroup); foreach ($ugs as $ug) { if (strtolower($ug->cn) == $admingroup) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-admin-resource', true); $this->params->set('access-manage-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); break; } } } } if (!$this->params->get('access-admin-resource') && !$this->params->get('access-manage-resource')) { // If logged in and resource is published and public or registered if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 1)) { // Allow view access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } if ($this->resource->group_owner) { // For protected resources, make sure users can see abstract if ($this->resource->access < 3) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } else { if ($this->resource->access == 3) { $this->params->set('access-view-resource', true); } } // Get the groups the user has access to $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'all'); $usersgroups = array(); if (!empty($xgroups)) { foreach ($xgroups as $group) { if ($group->regconfirmed) { $usersgroups[] = $group->cn; } } } // Get the groups that can access this resource $allowedgroups = $this->resource->getGroups(); // Find what groups the user has in common with the resource, if any $common = array_intersect($usersgroups, $allowedgroups); // Check if the user is apart of the group that owns the resource // or if they have any groups in common if (in_array($this->resource->group_owner, $usersgroups) || count($common) > 0) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } } $obj = new \Components\Tools\Tables\Tool($this->_db); $obj->loadFromName($this->resource->alias); // check if user in tool dev team if ($developers = $obj->getToolDevelopers($obj->id)) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } } } } $this->_authorized = true; return; } else { // Check if they're a site admin (from Joomla) $this->params->set('access-admin-resource', User::authorise('core.admin', null)); $this->params->set('access-manage-resource', User::authorise('core.manage', null)); if ($this->params->get('access-admin-resource') || $this->params->get('access-manage-resource')) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); $this->_authorized = true; return; } // If they're not an admin // If logged in and resource is published and public or registered if ($this->published() && ($this->resource->access == 0 || $this->resource->access == 1)) { // Allow view access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } // Check if they're the resource creator if ($this->resource->created_by == User::get('id')) { // Give full access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } else { if (in_array(User::get('id'), $this->contributors('id'))) { // Give full access $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); $this->params->set('access-create-resource', true); $this->params->set('access-delete-resource', true); $this->params->set('access-edit-resource', true); $this->params->set('access-edit-state-resource', true); $this->params->set('access-edit-own-resource', true); } else { if ($this->resource->group_owner) { // For protected resources, make sure users can see abstract if ($this->resource->access < 3) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } else { if ($this->resource->access == 3) { $this->params->set('access-view-resource', true); } } // Get the groups the user has access to $xgroups = \Hubzero\User\Helper::getGroups(User::get('id'), 'all'); $usersgroups = array(); if (!empty($xgroups)) { foreach ($xgroups as $group) { if ($group->regconfirmed) { $usersgroups[] = $group->cn; } } } // Get the groups that can access this resource $allowedgroups = $this->resource->getGroups(); // Find what groups the user has in common with the resource, if any $common = array_intersect($usersgroups, $allowedgroups); // Check if the user is apart of the group that owns the resource // or if they have any groups in common if (in_array($this->resource->group_owner, $usersgroups) || count($common) > 0) { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); // if (!empty($xgroups)) // { // foreach ($xgroups as $group) // { // if ($this->resource->group_owner == $group->cn && $group->manager) // { // $this->params->set('access-delete-resource', true); // $this->params->set('access-edit-resource', true); // $this->params->set('access-edit-state-resource', true); // $this->params->set('access-edit-own-resource', true); // break; // } // } // } } } else { $this->params->set('access-view-resource', true); $this->params->set('access-view-all-resource', true); } } } } $this->_authorized = true; }
/** * Check if a user has access to a tool * * @param integer $toolid Tool ID * @return boolean True if user has access, false if not */ private function _checkToolaccess($toolid) { // Check if they're a site admin if (User::authorize($this->_option, 'manage')) { return true; } // Create a Tool object $obj = new \Components\Tools\Tables\Tool($this->database); // check if user in tool dev team $developers = $obj->getToolDevelopers($toolid); if ($developers) { foreach ($developers as $dv) { if ($dv->uidNumber == User::get('id')) { return true; } } } return false; }