Exemple #1
0
 /**
  * Test handler
  * @param  [type]  $request [description]
  * @param  Closure $next    [description]
  * @return [type]           [description]
  */
 public function handle($request, Closure $next)
 {
     $controller_id = str_replace('/index', '', action("\\" . \Route::currentRouteAction()));
     $controller_id = str_replace($controller_id, '', \URL::current());
     $controller_id = trim($controller_id, '/');
     $perm = \Permission::checkPermission(\Route::currentRouteAction(), $controller_id, false);
     if ($perm === true) {
         //preceed with the normal request
     } else {
         if (@\Auth::user()->id) {
             \Session::flash('danger', "You do not have permission to do that.");
         }
         return $perm;
     }
     return $next($request);
 }
Exemple #2
0
 public function getRoles()
 {
     if ($this->getUserId() != 0) {
         $roles = Permission::getEditableRoles();
         foreach ($roles as $key => $role) {
             $roles_edit[$key]['role'] = $role;
             $roles_edit[$key]['dual'] = pow(2, $role);
             $roles_edit[$key]['check'] = Permission::checkPermission($roles_edit[$key]['dual'], $this->getUserId());
         }
         return $roles_edit;
     }
     return array();
 }
Exemple #3
0
 function rootMenu()
 {
     $menu = array();
     if (Permission::checkPermission(PERM_ROOT)) {
         $submenu = array();
         $subsubmenu = array();
         $submenu[] = array('name' => 'Konfiguration', 'href' => 'config.php?section=edit_netmon');
         $subsubmenu[] = array('name' => 'Datenbank', 'href' => 'config.php?section=edit');
         $subsubmenu[] = array('name' => 'Community', 'href' => 'config.php?section=edit_community');
         $subsubmenu[] = array('name' => 'Netzwerkverbindung', 'href' => 'config.php?section=edit_network_connection');
         $subsubmenu[] = array('name' => 'Mail', 'href' => 'config.php?section=edit_email');
         $subsubmenu[] = array('name' => 'Jabber', 'href' => 'config.php?section=edit_jabber');
         $subsubmenu[] = array('name' => 'Twitter', 'href' => 'config.php?section=edit_twitter');
         $subsubmenu[] = array('name' => 'Hardware', 'href' => 'config.php?section=edit_hardware');
         $submenu[] = $subsubmenu;
         $menu[] = $submenu;
     }
     //		$menu = Menus::checkIfSelected($menu);
     return $menu;
 }
Exemple #4
0
        $controller = str_replace('-', ' ', strtolower(preg_replace('/[^A-Za-z0-9\\-]/', '', $controller)));
        $controller = str_replace(' ', '', Str::title($controller));
        $controller = '\\' . $controller . 'Controller';
        if (!class_exists($controller)) {
            return App::abort(404, "Controller '{$controller}' was not existed.");
        }
        $action = str_replace('-', ' ', preg_replace('/[^A-Za-z0-9\\-]/', '', $action));
        $method = Str::camel($action);
        if (!method_exists($controller, $method)) {
            return App::abort(404, "Method '{$method}' was not existed.");
        }
        $params = explode("/", $args);
        /*
         * Check permission
         */
        if (!Permission::checkPermission($controller, $method, $params)) {
            return App::abort(403, 'Need permission to access this page.');
        }
        /*
         * End check permission
         */
        $app = app();
        $controller = $app->make($controller);
        return $controller->callAction($method, $params);
    })->where(['controller' => '[^/]+', 'action' => '[^/]+', 'args' => '[^?$]+']);
});
#===========================================#
#               FRONTEND                    #
#===========================================#
Route::get('/', ['as' => 'home', 'uses' => 'HomeController@index']);
/*
    //show ressource record
} elseif ($_GET['section'] == 'add') {
    if (Permission::checkPermission(PERM_USER)) {
        //pass system messages to the template
        $smarty->assign('message', Message::getMessage());
        $dns_zone_list = new DnsZoneList();
        $smarty->assign('dns_zone_list', $dns_zone_list->getDnsZoneList());
        //compile the template and sorround the main content by footer and header template
        $smarty->display("header.tpl.html");
        $smarty->display("dns_ressource_record_add.tpl.html");
        $smarty->display("footer.tpl.html");
    } else {
        Permission::denyAccess(PERM_USER);
    }
} elseif ($_GET['section'] == 'insert_add') {
    if (Permission::checkPermission(PERM_USER)) {
        $dns_ressource_record = new DnsRessourceRecord(false, (int) $_POST['dns_zone_id'], (int) $_SESSION['user_id'], $_POST['host'], $_POST['type'], $_POST['pri'], (int) $_POST['destination']);
        if ($dns_ressource_record->store()) {
            $message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gespeichert.', 1);
        } else {
            $message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
        }
        Message::setMessage($message);
        header('Location: ./dns_zone.php?dns_zone_id=' . $_POST['dns_zone_id']);
    } else {
        Permission::denyAccess(PERM_USER);
    }
} elseif ($_GET['section'] == 'delete') {
    $dns_ressource_record = new DnsRessourceRecord((int) $_GET['dns_ressource_record_id']);
    $dns_ressource_record->fetch();
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_ressource_record->getUserId())) {
Exemple #6
0
 /**
  * Wrapper method for checking if the current user is logged in
  * @author  Clemens John <*****@*****.**>
  * @param $user_id user id of the user for wich you want to check the login. Can only be the current user.
  * @return boolean if the current user is logged in.
  */
 public static function isLoggedIn($user_id)
 {
     return Permission::checkPermission(4, $user_id);
 }
Exemple #7
0
 /**
  * Find out which roles a user as
  * @author  Clemens John <*****@*****.**>
  * @param int $user_id id
  * @return array() an array containing all editable permissions and an boolean field that indicates
  *	  weather this user has this role
  */
 public function getRolesByUserID($user_id)
 {
     if (!empty($user_id)) {
         $roles = Permission::getEditableRoles();
         foreach ($roles as $key => $role) {
             $roles_edit[$key]['role'] = $role;
             $roles_edit[$key]['dual'] = pow(2, $role);
             $roles_edit[$key]['check'] = Permission::checkPermission($roles_edit[$key]['dual'], $user_id);
         }
         return $roles_edit;
     }
     return array();
 }
Exemple #8
0
//$orgid=$_POST['organization_id'];
if ($defaultorganization_id == '') {
    $defaultorganization_id = $o->getDefaultOrganization($userid);
    $_SESSION['defaultorganization_id'] = $defaultorganization_id;
    if ($defaultorganization_id == '' || $defaultorganization_id == 0) {
        $defaultorganization_id = 1;
        $_SESSION['defaultorganization_id'] = $defaultorganization_id;
    }
}
if ($_GET['setSessionDate'] == 'Y') {
    $_SESSION['defaultDateSession'] = $_GET['defaultDateSession'];
}
$defaultDateSession = $_SESSION['defaultDateSession'];
$permission = new Permission();
$log->showLog(4, "Currenct org session id=" . $_SESSION['defaultorganization_id'] . ",program org_id= {$defaultorganization_id},uid={$userid}");
$arrperm = $permission->checkPermission($userid, $module_id, $usefilename);
$menuname = $arrperm[0];
$xoopsTpl->assign('xoops_pagetitle', $menuname);
$havewriteperm = $arrperm[1];
$windowsetting = $arrperm[2];
$permissionsetting = $arrperm[3];
$helpurl = $arrperm[4];
$jrxml = $arrperm[5];
if (strpos($permissionsetting, '$') >= 0) {
    $permissionsetting = explode(",", $permissionsetting);
    $totalpermissionsetting = count($permissionsetting);
    $i = 0;
    while ($i < $totalpermissionsetting) {
        eval($permissionsetting[$i] . ";");
        if (strpos($permissionsetting[$i], '$')) {
            eval($permissionsetting[$i] . ";");
Exemple #9
0
    if ($_GET['object_type'] == "router") {
        $router = new Router((int) $_GET['object_id']);
        $router->fetch();
        //Root and owning user can see api keys
        if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $router->getUserId())) {
            $api_key_list = new ApiKeyList((int) $_GET['object_id'], 'router');
            $smarty->assign('api_key_list', $api_key_list->getList());
            $smarty->display("header.tpl.html");
            $smarty->display("api_key_list.tpl.html");
            $smarty->display("footer.tpl.html");
        } else {
            Permission::denyAccess(PERM_ROOT, (int) $router->getUserId());
        }
    } elseif ($_GET['object_type'] == "user") {
        $user = new User((int) $_GET['object_id']);
        $user->fetch();
        //Root and owning user can see api keys
        if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $user->getUserId())) {
            $api_key_list = new ApiKeyList((int) $_GET['object_id'], 'user');
            $smarty->assign('api_key_list', $api_key_list->getList());
            $smarty->display("header.tpl.html");
            $smarty->display("api_key_list.tpl.html");
            $smarty->display("footer.tpl.html");
        } else {
            Permission::denyAccess(PERM_ROOT, (int) $user->getUserId());
        }
    }
} elseif (Permission::checkPermission(PERM_ROOT)) {
} else {
    //no permission to access this site
}
Exemple #10
0
            header("Location: ./routereditor.php?section=new&router_auto_assign_login_string={$_POST['router_auto_assign_login_string']}&hostname={$_POST['hostname']}");
        }
    } else {
        Permission::denyAccess(PERM_USER);
    }
}
if ($_GET['section'] == "edit") {
    $router_data = Router_old::getRouterInfo($_GET['router_id']);
    $smarty->assign('router_data', $router_data);
    //Moderator and owning user can edit router
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $router_data['user_id'])) {
        $smarty->assign('community_location_longitude', Config::getConfigValueByName('community_location_longitude'));
        $smarty->assign('community_location_latitude', Config::getConfigValueByName('community_location_latitude'));
        $smarty->assign('community_location_zoom', Config::getConfigValueByName('community_location_zoom'));
        $smarty->assign('message', Message::getMessage());
        $smarty->assign('is_root', Permission::checkPermission(PERM_ROOT));
        /** Get and assign Router Informations **/
        $chipsetlist = new Chipsetlist(false, false, 0, -1);
        $smarty->assign('chipsetlist', $chipsetlist->getList());
        $smarty->display("header.tpl.html");
        $smarty->display("router_edit.tpl.html");
        $smarty->display("footer.tpl.html");
    } else {
        Permission::denyAccess(PERM_ROOT, (int) $router_data['user_id']);
    }
}
if ($_GET['section'] == "insert_edit") {
    //Moderator and owning user can edit router
    $router_data = Router_old::getRouterInfo($_GET['router_id']);
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $router_data['user_id'])) {
        $insert_result = RouterEditor::insertEditRouter();
Exemple #11
0
<?php

require_once 'runtime.php';
require_once './lib/core/helper.class.php';
require_once './lib/core/user_old.class.php';
$smarty->assign('message', Message::getMessage());
if ($_GET['section'] == "edit") {
    //Only owner and Root can access this site.
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
        $smarty->assign('user', User_old::getUserByID($_GET['user_id']));
        $smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id']));
        $smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id']));
        $smarty->display("header.tpl.html");
        $smarty->display("user_edit.tpl.html");
        $smarty->display("footer.tpl.html");
    } else {
        Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
    }
} elseif ($_GET['section'] == "insert_edit") {
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
        if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) {
            header('Location: user.php?user_id=' . $_GET['user_id']);
        } else {
            header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']);
        }
    } else {
        Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
    }
} elseif ($_GET['section'] == "delete") {
    if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
        if ($_POST['delete'] == "true") {