/**
 * see if a user is authorised to carry out a particular task
 * @public
 * @param realm the realm under test
 * @param component the component under test
 * @param instance the instance under test
 * @param level the level of access required
 * @return bool true if authorised, false if not
 */
function pnSecAuthAction($testrealm, $testcomponent, $testinstance, $testlevel = 0)
{
    $testrealm = isset($testrealm) ? $testrealm : 0;
    $testcomponent = isset($testcomponent) ? $testcomponent : null;
    $testinstance = isset($testinstance) ? $testinstance : null;
    if (strlen($testcomponent) == 0 || strlen($testrealm) == 0) {
        return false;
    }
    static $userperms, $groupperms;
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    if (!isset($GLOBALS['authinfogathered']) || (int) $GLOBALS['authinfogathered'] == 0) {
        // First time here - get auth info
        list($userperms, $groupperms) = pnSecGetAuthInfo();
        if (count($userperms) == 0 && count($groupperms) == 0) {
            // No permissions
            return false;
        }
    }
    // Get user access level
    $userlevel = pnSecGetLevel($userperms, $testrealm, $testcomponent, $testinstance);
    // User access level is override, so return that if it exists
    if ($userlevel > ACCESS_INVALID) {
        // user has explicitly defined access level for this
        // realm/component/instance combination
        return $userlevel >= $testlevel;
    }
    return pnSecGetLevel($groupperms, $testrealm, $testcomponent, $testinstance) >= $testlevel;
}
Esempio n. 2
0
/**
 * see if a user is authorised to carry out a particular task
 * @public
 * @param realm the realm under test
 * @param component the component under test
 * @param instance the instance under test
 * @param level the level of access required
 * @returns bool
 * @return true if authorised, false if not
 */
function pnSecAuthAction($testrealm, $testcomponent, $testinstance, $testlevel)
{
    static $authinfogathered = 0;
    static $userperms, $groupperms;
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if ($authinfogathered == 0) {
        // First time here - get auth info
        list($userperms, $groupperms) = pnSecGetAuthInfo();
        if (count($userperms) == 0 && count($groupperms) == 0) {
            // No permissions
            return;
        }
        $authinfogathered = 1;
    }
    // Get user access level
    $userlevel = pnSecGetLevel($userperms, $testrealm, $testcomponent, $testinstance);
    // User access level is override, so return that if it exists
    if ($userlevel > ACCESS_INVALID) {
        // user has explicitly defined access level for this
        // realm/component/instance combination
        if ($userlevel >= $testlevel) {
            // permission is granted to user
            return true;
        } else {
            // permission is prohibited to user, so group perm
            // doesn't matter
            return false;
        }
    }
    // User access level not defined. Now check group access level
    $grouplevel = pnSecGetLevel($groupperms, $testrealm, $testcomponent, $testinstance);
    if ($grouplevel >= $testlevel) {
        // permission is granted to associated group
        return true;
    }
    // No access granted
    return false;
}