/** * Set up basic "find" action */ public function Index($pa_options = null) { $po_search = isset($pa_options['search']) ? $pa_options['search'] : null; $t_model = $this->opo_datamodel->getInstanceByTableName($this->ops_tablename, true); $vn_display_id = $this->opo_result_context->getCurrentBundleDisplay(); // Make sure user has access to at least one type if (method_exists($t_model, 'getTypeFieldName') && $t_model->getTypeFieldName() && (!is_null($va_types = caGetTypeListForUser($this->ops_tablename, array('access' => __CA_BUNDLE_ACCESS_READONLY__))) && (is_array($va_types) && !sizeof($va_types)))) { $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2320?r=' . urlencode($this->request->getFullUrlPath())); return; } $va_display_list = array(); $t_display = $this->opo_datamodel->getInstanceByTableName('ca_bundle_displays', true); $t_display->load($vn_display_id); $vs_view = $this->opo_result_context->getCurrentView(); if ($vn_display_id && $t_display->haveAccessToDisplay($this->request->getUserID(), __CA_BUNDLE_DISPLAY_READ_ACCESS__)) { $va_placements = $t_display->getPlacements(array('settingsOnly' => true)); foreach ($va_placements as $vn_placement_id => $va_display_item) { $va_settings = caUnserializeForDatabase($va_display_item['settings']); // get column header text $vs_header = $va_display_item['display']; if (isset($va_settings['label']) && is_array($va_settings['label'])) { $va_tmp = caExtractValuesByUserLocale(array($va_settings['label'])); if ($vs_tmp = array_shift($va_tmp)) { $vs_header = $vs_tmp; } } $va_display_list[$vn_placement_id] = array('placement_id' => $vn_placement_id, 'bundle_name' => $va_display_item['bundle_name'], 'display' => $vs_header, 'settings' => $va_settings); if ($vs_view == 'editable') { $va_display_list[$vn_placement_id] = array_merge($va_display_list[$vn_placement_id], array('allowInlineEditing' => $va_display_item['allowInlineEditing'], 'inlineEditingType' => $va_display_item['inlineEditingType'], 'inlineEditingListValues' => $va_display_item['inlineEditingListValues'])); AssetLoadManager::register('panel'); } } } // // Default display list (if none are specifically defined) // if (!sizeof($va_display_list)) { if ($vs_idno_fld = $t_model->getProperty('ID_NUMBERING_ID_FIELD')) { $va_display_list[$this->ops_tablename . '.' . $vs_idno_fld] = array('placement_id' => $this->ops_tablename . '.' . $vs_idno_fld, 'bundle_name' => $this->ops_tablename . '.' . $vs_idno_fld, 'display' => $t_model->getDisplayLabel($this->ops_tablename . '.' . $vs_idno_fld), 'settings' => array(), 'allowInlineEditing' => true, 'inlineEditingType' => DT_FIELD, 'inlineEditingListValues' => array()); } if (method_exists($t_model, 'getLabelTableInstance') && !($this->ops_tablename === 'ca_objects' && $this->request->config->get('ca_objects_dont_use_labels'))) { $t_label = $t_model->getLabelTableInstance(); $va_display_list[$this->ops_tablename . '.preferred_labels'] = array('placement_id' => $this->ops_tablename . '.preferred_labels', 'bundle_name' => $this->ops_tablename . '.preferred_labels', 'display' => $t_label->getDisplayLabel($t_label->tableName() . '.' . $t_label->getDisplayField()), 'settings' => array(), 'allowInlineEditing' => true, 'inlineEditingType' => DT_FIELD, 'inlineEditingListValues' => array()); } if ($vs_view == 'editable') { AssetLoadManager::register('panel'); } } $this->view->setVar('current_display_list', $vn_display_id); $this->view->setVar('t_display', $t_display); if ($vs_view == 'editable') { $this->view->setVar('columns', $this->getInlineEditColumns($va_display_list, array('request' => $this->request))); $this->view->setVar('columnHeaders', caExtractValuesFromArrayList($va_display_list, 'display', array('preserveKeys' => false))); $this->view->setVar('rowHeaders', array()); } // figure out which items in the display are sortable if (method_exists($t_model, 'getApplicableElementCodes')) { $va_sortable_elements = ca_metadata_elements::getSortableElements($t_model->tableName()); $va_attribute_list = array_flip($t_model->getApplicableElementCodes($this->opo_result_context->getTypeRestriction($vb_dummy), false, false)); $t_label = $t_model->getLabelTableInstance(); $vs_label_table_name = $t_label->tableName(); $vs_label_display_field = $t_label->getDisplayField(); foreach ($va_display_list as $vn_i => $va_display_item) { $va_tmp = explode('.', $va_display_item['bundle_name']); if ($va_tmp[0] === $vs_label_table_name && $va_tmp[1] === $vs_label_display_field || $va_tmp[0] == $this->ops_tablename && $va_tmp[1] === 'preferred_labels') { $va_display_list[$vn_i]['is_sortable'] = true; $va_display_list[$vn_i]['bundle_sort'] = $vs_label_table_name . '.' . $vs_label_display_field; continue; } if ($va_tmp[0] != $this->ops_tablename) { continue; } if ($t_model->hasField($va_tmp[1])) { $va_display_list[$vn_i]['is_sortable'] = true; if ($t_model->hasField($va_tmp[1] . '_sort')) { $va_display_list[$vn_i]['bundle_sort'] = $va_display_item['bundle_name'] . '_sort'; } else { $va_display_list[$vn_i]['bundle_sort'] = $va_display_item['bundle_name']; } continue; } if (isset($va_attribute_list[$va_tmp[1]]) && $va_sortable_elements[$va_attribute_list[$va_tmp[1]]]) { $va_display_list[$vn_i]['is_sortable'] = true; $va_display_list[$vn_i]['bundle_sort'] = $va_display_item['bundle_name']; continue; } } } $this->view->setVar('display_list', $va_display_list); // Get current display list $va_displays = array('0' => _t('Default')); foreach (caExtractValuesByUserLocale($t_display->getBundleDisplays(array('table' => $this->ops_tablename, 'user_id' => $this->request->getUserID(), 'access' => __CA_BUNDLE_DISPLAY_READ_ACCESS__))) as $va_display) { $va_displays[$va_display['display_id']] = $va_display['name']; } $this->view->setVar('display_lists', $va_displays); # --- print forms used for printing search results as labels - in tools show hide under page bar if ((bool) $this->request->config->get('use_legacy_print_labels_generator')) { $this->view->setVar('label_formats', $this->getLegacyPrintForms()); } else { $this->view->setVar('label_formats', caGetAvailablePrintTemplates('labels', array('table' => $this->ops_tablename, 'type' => 'label'))); } # --- export options used to export search results - in tools show hide under page bar $vn_table_num = $this->opo_datamodel->getTableNum($this->ops_tablename); //default export formats, not configureable $va_export_options = array(array('name' => _t('Tab delimited'), 'code' => '_tab'), array('name' => _t('Comma delimited (CSV)'), 'code' => '_csv'), array('name' => _t('Spreadsheet with media icons (XLSX)'), 'code' => '_xlsx')); // merge default formats with drop-in print templates $va_export_options = array_merge($va_export_options, caGetAvailablePrintTemplates('results', array('table' => $this->ops_tablename))); $this->view->setVar('export_formats', $va_export_options); $this->view->setVar('current_export_format', $this->opo_result_context->getParameter('last_export_type')); // // Available sets // $t_set = new ca_sets(); $this->view->setVar('available_sets', caExtractValuesByUserLocale($t_set->getSets(array('table' => $this->ops_tablename, 'user_id' => $this->request->getUserID(), 'access' => __CA_SET_EDIT_ACCESS__, 'omitCounts' => true)))); if (strlen($this->ops_tablename) > 0) { if (!$this->request->user->canDoAction("can_edit_{$this->ops_tablename}")) { $this->view->setVar("default_action", "Summary"); } else { $this->view->setVar("default_action", "Edit"); } } $this->view->setVar('result_context', $this->opo_result_context); $this->view->setVar('access_restrictions', AccessRestrictions::load()); }
/** * Determine if a user is allowed to access a certain module/controller/action combination * * @param array $pa_module_path * @param string $ps_controller * @param string $ps_action * @param array $pa_fake_parameters optional array of fake parameters to "simulate" a future request * @return bool */ public function canAccess($pa_module_path, $ps_controller, $ps_action, $pa_fake_parameters = array()) { $vo_acr = AccessRestrictions::load(); return $vo_acr->userCanAccess($this->getUserID(), $pa_module_path, $ps_controller, $ps_action, $pa_fake_parameters); }
public function testBooleanOperators() { $vo_acr = AccessRestrictions::load(true); // OR $va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "OR", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists")))); $vo_acr->opa_acr = $va_access_restrictions; // no role -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions(array()); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has one of the OR-ed roles -> can access controller $this->opt_role->setMode(ACCESS_WRITE); $va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"]; $this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)])); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertTrue($vb_access); // AND $va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "AND", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists")))); $vo_acr->opa_acr = $va_access_restrictions; // no role -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions(array()); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has one of the AND-ed roles -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"]; $this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)])); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has all AND-ed roles -> can access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions($va_actions); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertTrue($vb_access); }