function generate_inner_html()
{
global $current_theme_path, $base_url, $network_info, $login_uid;
if ($network_info->type == MOTHER_NETWORK_TYPE) {
if ($login_uid == SUPER_USER_ID) {
$this->set_perms('all');
} else {
$role_obj = Roles::get_user_role($login_uid);
if (empty($role_obj)) {
$this->set_perms('none');
} else {
$tasks = Roles::get_tasks_of_role($role_obj->role_id);
$this->set_perms($tasks);
}
}
} else {
//spawned networks only admin roles
if (Network::is_admin($network_info->network_id, $login_uid) || $login_uid == SUPER_USER_ID) {
//owner of network
$this->set_perms('all');
//todo - quick fix here
$this->task_perms['meta_networks'] = FALSE;
} else {
$this->set_perms('none');
}
}
$extra = unserialize($network_info->extra);
$network_content_moderation = FALSE;
if (@$extra['network_content_moderation'] == NET_YES) {
// this can be empty or not set
$network_content_moderation = TRUE;
}
$inner_template = NULL;
switch ($this->mode) {
default:
$inner_template = dirname(__FILE__) . '/center_inner_private.tpl';
}
$obj_inner_template =& new Template($inner_template);
$obj_inner_template->set('base_url', $base_url);
$obj_inner_template->set('task_perms', $this->task_perms);
$obj_inner_template->set('network_content_moderation', $network_content_moderation);
$inner_html = $obj_inner_template->fetch();
return $inner_html;
}
} else {
// show network and user personal pages roles
$g_roles = array();
$u_roles = array();
$net_roles = array();
$g_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'group', 'gid' => $group_id));
$u_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'user'));
$net_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'network'));
$u_roles = array_merge($u_roles, $net_roles);
$u_roles = array_merge($u_roles, $g_roles);
}
foreach ($u_roles as $role) {
$role_id = $role['role_id'];
$role_type = $role['type'];
$role_name = Roles::get_role_name($role_id);
$role_tasks = Roles::get_tasks_of_role($role_id);
$role_extra = unserialize($role['extra']);
$role_info = array('role_id' => $role_id, 'name' => $role_name, 'type' => $role_type, 'extra' => $role_extra, 'tasks' => $role_tasks);
$user_roles[$role_id] = $role_info;
if ($role_id == $sel_role_id) {
$selected_role = $role_info;
}
}
?>
<form action="" class="inputrow" method="post" name="assign_role_form" id="assign_role_form">
<input type="hidden" name="uid" id = "user_role_id" />
<fieldset>
<legend> <?php
echo __('Edit/Assign Role for user: ') . $user->login_name;
?>
public function __construct($user_id)
{
if (!isset($user_id)) {
throw new CNException(REQUIRED_PARAMETERS_MISSING, "PermissionsHandler::__construct() must be called with User object or user_id parameter");
}
$tasks_obj = Tasks::get_instance();
$this->tasks = $tasks_obj->get_tasks();
foreach ($this->tasks as $task) {
$this->static_permissions[] = $task->task_value;
}
$this->uid = (int) $user_id;
$this->is_net_admin = Network::is_admin(PA::$network_info->network_id, $this->uid);
$roles = Roles::get_user_roles((int) $user_id, DB_FETCHMODE_OBJECT);
// echo "User Roles <pre>".print_r(PA::$login_user, 1). "</pre>";
$this->user_permissions = array();
$user_perms = array();
$network_perms = array();
$groups_perms = array();
foreach (array('user', 'network', 'groups') as $type) {
foreach ($roles as $role) {
$role_extra = unserialize($role->extra);
if ($type == 'user') {
$condition = $role_extra['user'] == true;
} else {
if ($type == 'network') {
$condition = $role_extra['network'] == true;
} else {
$condition = count($role_extra['groups']) > 0;
}
}
if ($condition) {
$role_tasks = Roles::get_tasks_of_role($role->role_id);
// echo "RoleID: $role->role_id<pre>".print_r($role_tasks,1)."</pre>";
if ($role_tasks) {
foreach ($role_tasks as $rt) {
if ($type == 'user') {
$user_perms[] = $rt->task_value;
} else {
if ($type == 'network') {
$network_perms[] = $rt->task_value;
} else {
foreach ($role_extra['groups'] as $group_id) {
if (isset($groups_perms[$group_id]) && is_array($groups_perms[$group_id])) {
array_push($groups_perms[$group_id], $rt->task_value);
} else {
$groups_perms[$group_id] = array($rt->task_value);
}
}
}
}
}
}
}
}
}
$this->user_permissions['user'] = $user_perms;
$this->user_permissions['network'] = $network_perms;
$this->user_permissions['groups'] = $groups_perms;
if ($this->is_net_admin) {
// user is network admin, grant him same privileges for all network groups
foreach ($this->user_permissions['groups'] as &$gr_perms) {
$gr_perms = array_unique(array_merge($gr_perms, $this->user_permissions['network']));
}
}
// echo "<pre>".print_r($this->user_permissions,1)."</pre>";
}
/**
Purpose : this function check user task permissions for a Group or a Network
@param : $uid, $task_values, $type, $target_id, $strict
@return : bool
**/
public static function can_user($uid, $task_values, $type = 'network', $strict, $target_id = null)
{
Logger::log("Enter: function User::can_user");
if (SUPER_USER_ID == $uid) {
// SUPER USER has all permissions!
return TRUE;
}
if (!is_array($task_values)) {
$task_values = array($task_values);
}
$user = new self();
$user->load($uid);
$roles = $user->get_user_roles(DB_FETCHMODE_OBJECT);
$result = false;
$user_tasks = array();
foreach ($roles as $role) {
// merge all tasks/permissions for specific role type
// $role_obj = new Roles();
// $role_obj->load((int)$role->role_id);
$condition = $type == 'network' ? $role->extra['network'] == true : count($role->extra['groups']) > 0 && in_array($target_id, $role->extra['groups']);
// apply role to a group
// if(($role_obj->type == $type) && $condition) {
if ($condition) {
$role_tasks = Roles::get_tasks_of_role($role->role_id);
if ($role_tasks) {
foreach ($role_tasks as $rt) {
$user_tasks[] = $rt->task_value;
}
}
}
}
$found = 0;
$nb_tasks = count($task_values);
foreach ($task_values as $value) {
if (!in_array($value, $user_tasks) && $strict == true) {
$result = false;
break;
}
if (in_array($value, $user_tasks) && $strict == false) {
$result = true;
break;
}
if (in_array($value, $user_tasks) && $strict == true) {
$found++;
}
}
if ($strict == true) {
$result = $found == $nb_tasks ? true : false;
}
Logger::log("Exit: function User::can_user");
return $result;
}
private function getRolesInfo()
{
$roles = new Roles();
$roles_info = $roles->get_multiple(null, DB_FETCHMODE_ASSOC);
foreach ($roles_info as &$role) {
$role['tasks'] = Roles::get_tasks_of_role($role['id'], DB_FETCHMODE_ASSOC);
}
return $roles_info;
}
private function get_user_task_permissions($uid)
{
$tasks = array();
$role_obj = Roles::get_user_roles($uid);
if (!empty($role_obj)) {
$tasks = array();
foreach ($role_obj as $r_obj) {
$tasks_roles = Roles::get_tasks_of_role($r_obj->role_id);
if ($tasks_roles) {
$tasks = array_merge($tasks, $tasks_roles);
}
}
}
return $tasks;
}
public static function check_administration_permissions($uid)
{
Logger::log("Enter: function Roles::check_administration_permissions");
if ($uid == SUPER_USER_ID) {
return true;
}
// meta admin!
$user = new User();
$user->load($uid);
$roles = $user->get_user_roles(DB_FETCHMODE_OBJECT);
$result = false;
$user_tasks = array();
foreach ($roles as $role) {
// first get all user network roles
if ($role->extra['network'] == true) {
$role_tasks = Roles::get_tasks_of_role($role->role_id);
// then get all tasks/permissions
if ($role_tasks) {
foreach ($role_tasks as $rt) {
$user_tasks[] = $rt->name;
// and task/permission names
}
}
}
}
foreach ($user_tasks as $task_name) {
if (false !== stripos($task_name, 'Manage') || false !== stripos($task_name, 'Configure')) {
$result = true;
// if user have any task/permission that beggining
break;
// with 'Manage' or 'Configure', that means that this
}
// user have assigned one of administration permissions
}
Logger::log("Exit: function Roles::check_administration_permissions");
return $result;
}
