/**
* Restricts access to controller's actions
*
* @return boolean Returns true if user has access.
*/
public function hasAccess()
{
if ($this->user) {
// check admin, non-admin
if ($this->user->getType() != Scalr_Account_User::TYPE_SCALR_ADMIN) {
// check controller in permissions
return true;
} else {
return false;
}
} else {
return false;
}
}
public function callActionMethod($method)
{
if ($this->request->getRequestType() == Scalr_UI_Request::REQUEST_TYPE_API) {
$apiMethodCheck = false;
if (method_exists($this, 'getApiDefinitions')) {
$api = $this::getApiDefinitions();
$m = str_replace('Action', '', $method);
if (in_array($m, $api)) {
$apiMethodCheck = true;
}
}
if (!$apiMethodCheck) {
throw new Scalr_UI_Exception_NotFound();
}
}
if ($this->user) {
if ($this->user->getType() == Scalr_Account_User::TYPE_TEAM_USER) {
if (!$this->user->isTeamUserInEnvironment($this->getEnvironmentId(), Scalr_Account_Team::PERMISSIONS_OWNER) && !$this->user->isTeamUserInEnvironment($this->getEnvironmentId(), Scalr_Account_Team::PERMISSIONS_FULL)) {
if (method_exists($this, 'getPermissionDefinitions')) {
// rules defined for this controller
$cls = get_class($this);
$clsShort = str_replace('Scalr_UI_Controller_', '', $cls);
$methodShort = str_replace('Action', '', $method);
$clsPermissions = $cls::getPermissionDefinitions();
$permissions = $this->user->getGroupPermissions($this->getEnvironmentId());
if (array_key_exists($clsShort, $permissions)) {
// rules for user and such controller
$perm = $permissions[$clsShort];
if (!in_array('FULL', $perm, true)) {
// user doesn't has full privilegies
if (array_key_exists($methodShort, $clsPermissions)) {
// standalone rule for this method
if (!in_array($clsPermissions[$methodShort], $perm)) {
throw new Scalr_Exception_InsufficientPermissions();
}
} else {
// VIEW rule
if (!in_array('VIEW', $perm)) {
throw new Scalr_Exception_InsufficientPermissions();
}
}
}
} else {
throw new Scalr_Exception_InsufficientPermissions();
}
}
}
}
}
$this->{$method}();
}
