public function can_modify() { $user = zest::check_login(); if ($user && ($this->user->id == $user->id || $user->roles[0]->id < 3)) { return true; } return false; }
private function __check_login() { // IF LOGGED IN if ($this->user = zest::check_login()) { $roles = $this->user->roles; foreach ($roles as $role) { if ($role->id == 1) { $this->superuser = TRUE; } if ($role->id == 1 || $role->id == 2) { $this->admin = TRUE; } } } else { // Redirect back to the login page url::redirect('admin/login'); } }
public function comment_form() { $array = array("title" => "", "display_name" => "", "email" => ""); $user = zest::check_login(); if ($user) { $array = array("title" => "", "display_name" => $user->username, "email" => $user->email); } $comments_form = ""; if (isset($_POST['post_comment'])) { $comment = ORM::factory('comment'); unset($_POST['post_comment']); $post = $comment->validate($_POST); if (count($post['errors']) == 0) { foreach ($_POST as $key => $value) { $comment->{$key} = $value; } $comment->feedpost_id = $this->id; if (!$user) { $comment->status_id = 1; $comment->save(); $to = $comment->email; $from = 'no-reply@' . str_replace('www.', '', $_SERVER['HTTP_HOST']); $subject = "Please confirm your email address"; $message = "Please click on the link below to confirm your email address and make your comment active\n\n" . $comment->activate_url(); email::send($to, $from, $subject, $message, FALSE); return "<p>You have been sent an email. You must confirm your email before your comment will become active.</p>"; } else { $comment->user_id = $user->id; $comment->status_id = 2; $comment->email = $user->email; $comment->save(); url::redirect($this->get_url() . '#comments'); return "<p>Thank you for your comment.</p>"; } } else { $comments_form .= "<p style='color:red'>"; foreach ($post['errors'] as $key => $value) { $comments_form .= $value . "<br/>"; } $comments_form .= "</p>"; $array = arr::overwrite($array, $post); } } $comments_form .= form::open(); $comments_form .= form::hidden('post_comment', 'true'); $comments_form .= '<div class="user_auth">'; $comments_form .= form::label('display_name', 'Display Name'); $comments_form .= form::input('display_name', $array['display_name']) . '<br/>'; $comments_form .= form::label('email', 'Email'); $comments_form .= form::input('email', $array['email']) . '<br/>'; $comments_form .= '<fb:login-button onlogin="******"></fb:login-button>'; $comments_form .= '</div>'; $comments_form .= ' <script type="text\\javascript"> function update_user_box() { var user_box = document.getElementById("user_auth"); user_box.innerHTML } </script> '; $comments_form .= form::textarea('title', $array['title'], 'style="width:100%;"'); $comments_form .= form::label('', ' '); $comments_form .= form::submit('', 'Submit', 'class="submit"'); $comments_form .= form::close(); return $comments_form; }