/**
* @param string $type
*/
static function checkParentRestrictions($item, $type, $metaUser)
{
$parents = ItemGroupHandler::parentGroups($item->id, $type);
if (!empty($parents)) {
foreach ($parents as $parent) {
$g = new ItemGroup();
$g->load($parent);
// Only check for permission, visibility might be overridden
if (!$g->checkPermission($metaUser)) {
return false;
}
if (!ItemGroupHandler::checkParentRestrictions($g, 'group', $metaUser)) {
return false;
}
}
}
return true;
}
public function verifyUsage()
{
if (empty($this->usage)) {
return null;
}
$this->loadMetaUser();
$plan = new SubscriptionPlan();
$plan->load($this->usage);
$restrictions = $plan->getRestrictionsArray();
if (!aecRestrictionHelper::checkRestriction($restrictions, $this->metaUser)) {
return getView('access_denied');
}
if (!ItemGroupHandler::checkParentRestrictions($plan, 'item', $this->metaUser)) {
return getView('access_denied');
}
return true;
}
public function actionRestrictionCheck()
{
$this->response->result = false;
if (!empty($this->request->details->plan)) {
$plan = new SubscriptionPlan();
$plan->load($this->request->details->plan);
if ($plan->id != $this->request->details->plan) {
$this->error = 'could not find plan to check restrictions for';
return;
}
$restrictions = $plan->getRestrictionsArray();
if (aecRestrictionHelper::checkRestriction($restrictions, $this->metaUser) !== false) {
if (!ItemGroupHandler::checkParentRestrictions($plan, 'item', $this->metaUser)) {
$this->error = 'user is denied permission - plans parent group is restricted from this user';
}
} else {
$this->error = 'user is denied permission - plan is restricted from this user';
}
unset($this->request->details->plan);
}
if (!empty($this->request->details->group)) {
$group = new ItemGroup();
$group->load($this->request->details->group);
if ($group->id != $this->request->details->group) {
$this->error = 'could not find group to check restrictions for';
return;
}
$restrictions = $group->getRestrictionsArray();
if (aecRestrictionHelper::checkRestriction($restrictions, $this->metaUser) !== false) {
if (!ItemGroupHandler::checkParentRestrictions($group, 'group', $this->metaUser)) {
$this->error = 'user is denied permission - groups parent group is restricted from this user';
}
} else {
$this->error = 'user is denied permission - group is restricted from this user';
}
unset($this->request->details->group);
}
if (!empty($this->request->details)) {
$re = get_object_vars($this->request->details);
$restrictions = aecRestrictionHelper::getRestrictionsArray($re);
if (aecRestrictionHelper::checkRestriction($restrictions, $this->metaUser) === false) {
$this->error = 'user is denied permission - at least one restriction result was negative';
}
}
if (empty($this->error)) {
$this->response->result = true;
}
}
public function checkAuthorized($metaUser)
{
if (!empty($this->params['fixed_redirect'])) {
return $this->params['fixed_redirect'];
}
$authorized = $this->checkInventory();
if ($authorized) {
$restrictions = $this->getRestrictionsArray();
if (aecRestrictionHelper::checkRestriction($restrictions, $metaUser) !== false) {
if (!ItemGroupHandler::checkParentRestrictions($this, 'item', $metaUser)) {
$authorized = false;
}
} else {
$authorized = false;
}
}
if (!$authorized && !empty($this->params['notauth_redirect'])) {
return $this->params['notauth_redirect'];
}
return $authorized;
}
