/** * Restricts access to controller's actions * * @return boolean Returns true if user has access. */ public function hasAccess() { if ($this->user) { // check admin, non-admin if ($this->user->getType() != Scalr_Account_User::TYPE_SCALR_ADMIN) { // check controller in permissions return true; } else { return false; } } else { return false; } }
public function callActionMethod($method) { if ($this->request->getRequestType() == Scalr_UI_Request::REQUEST_TYPE_API) { $apiMethodCheck = false; if (method_exists($this, 'getApiDefinitions')) { $api = $this::getApiDefinitions(); $m = str_replace('Action', '', $method); if (in_array($m, $api)) { $apiMethodCheck = true; } } if (!$apiMethodCheck) { throw new Scalr_UI_Exception_NotFound(); } } if ($this->user) { if ($this->user->getType() == Scalr_Account_User::TYPE_TEAM_USER) { if (!$this->user->isTeamUserInEnvironment($this->getEnvironmentId(), Scalr_Account_Team::PERMISSIONS_OWNER) && !$this->user->isTeamUserInEnvironment($this->getEnvironmentId(), Scalr_Account_Team::PERMISSIONS_FULL)) { if (method_exists($this, 'getPermissionDefinitions')) { // rules defined for this controller $cls = get_class($this); $clsShort = str_replace('Scalr_UI_Controller_', '', $cls); $methodShort = str_replace('Action', '', $method); $clsPermissions = $cls::getPermissionDefinitions(); $permissions = $this->user->getGroupPermissions($this->getEnvironmentId()); if (array_key_exists($clsShort, $permissions)) { // rules for user and such controller $perm = $permissions[$clsShort]; if (!in_array('FULL', $perm, true)) { // user doesn't has full privilegies if (array_key_exists($methodShort, $clsPermissions)) { // standalone rule for this method if (!in_array($clsPermissions[$methodShort], $perm)) { throw new Scalr_Exception_InsufficientPermissions(); } } else { // VIEW rule if (!in_array('VIEW', $perm)) { throw new Scalr_Exception_InsufficientPermissions(); } } } } else { throw new Scalr_Exception_InsufficientPermissions(); } } } } } $this->{$method}(); }