/** * Method to check if a user is authorised to perform an action, optionally on an asset. * * @param integer Id of the user for which to check authorisation. * @param string The name of the action to authorise. * @param mixed Integer asset id or the name of the asset as a string. Defaults to the global asset node. * @return boolean True if authorised. * @since 1.6 */ public static function check($userId, $action, $asset = null) { if (self::$isRoot) { return true; } else { // Sanitize inputs. $userId = (int) $userId; $action = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($action))); $asset = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($asset))); // Default to the root asset node. if (empty($asset)) { $asset = 1; } // Get the rules for the asset recursively to root if not already retrieved. if (empty(self::$assetRules[$asset])) { self::$assetRules[$asset] = self::getAssetRules($asset, true); } // Get all groups against which the user is mapped. $identities = self::getGroupsByUser($userId); array_unshift($identities, $userId * -1); // Make sure we only check for core.admin once during the run. if (self::$isRoot === null) { if (self::getAssetRules(1)->allow('core.admin', $identities)) { self::$isRoot = true; return true; } else { self::$isRoot = false; } } return self::$assetRules[$asset]->allow($action, $identities); } }