/**
* Verifica se o usuario tem permissao para acessar uma url
* @param url de acesso
* @param conexao com banco de dados
* @return efetuado ou rejeitado acesso a arquivo
*/
public static function check($url, connection_factory $conn)
{
$acl = new acl();
if (!$acl->has_access($url, $conn)) {
die('<center><h2>Sem permissão para acessar esta página.</h2>' . '<a href="javascript:history.back(-1)">Voltar</a></center>');
}
}
/**
* 保存设定
*/
public function action_save()
{
if ($this->isPost()) {
$roleId = (int) $this->getQuery('role_id');
$this->acl->assign($roleId, $this->getPost('rule_id'));
$this->request->redirect('/admin/acl/assign?role_id=' . $roleId . '&mod_name=' . $this->getQuery('mod_name'));
}
$this->auto_render = false;
}
function post($message, $attachment = null)
{
// Check the ACL entries. Leaving out parameter 3 will cause the ACL
// class to look up and open the current user.
if (!acl::getAccess($this, 'post')) {
// User doesn't have permission to post at all
throw new AccessException("No access to post");
}
// Check ACL entries for posting attachments.
if ($attachment && !acl::getAccess($this, 'attach')) {
// User doesn't have permission to attach stuff
throw new AccessException("No access to attach");
}
// All is well. Post the data
}
/**
* @brief Retrieve the effective access on the object
*
* If the subject is not specified, the current user will be used.
*
* @param IAclObject $object The object to for which the access is queried
* @param IAclSubject $subject The subject whos access is being queried
* @return Array The effective access for each of the roles
*/
static function getEffectiveAccess(IAclObject $object, IAclSubject $subject = null)
{
// If the subject is not specified, set it to the current user.
if (!$subject) {
$subject = user::getActiveUser();
}
$am = acl::getAccessMatrix($object, $subject);
$ar = end($am);
return $ar['roles'];
}
<?php
/// Copyright (c) 2004-2016, Needlworks / Tatter Network Foundation
/// All rights reserved. Licensed under the GPL.
/// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT)
$IV = array('POST' => array('email' => array('email'), 'name' => array('string', 'default' => ''), 'comment' => array('string', 'default' => ''), 'senderName' => array('string', 'default' => ''), 'senderEmail' => array('email')));
require ROOT . '/library/preprocessor.php';
requireStrictRoute();
if (!acl::check('group.owners')) {
Respond::ResultPage(false);
}
$result = Blog::addUser($_POST['email'], $_POST['name'], $_POST['comment'], $_POST['senderName'], $_POST['senderEmail']);
Respond::ResultPage($result);
* Installation:
* 1 - Copy this file, cpconfig.php and classes/ folder in a public folder
* 2 - Edit cpconfig.php and set correct values for your servers and user
* 3 - Open this file with your browser
*/
include 'cpconfig.php';
// Edit this file to set the configuration
include 'classes/tpl.php';
include 'classes/acl.php';
include 'classes/fields.php';
include 'classes/core.php';
include 'classes/history.php';
// start session
session_start();
// check user
$acl = new acl();
$acl->validate_user();
$acl->check_session();
$acl->check_logout();
// core functions
$core = new core();
// general tpl class
$tpl = new tpl();
// Setting credentials for curl commands
if (isset($_GET['serverid']) and !empty($_GET['serverid'])) {
$whmuser = $servers[$_GET['serverid']]['whmuser'];
$ip_server = $servers[$_GET['serverid']]['ip_server'];
$server = $servers[$_GET['serverid']]['server'];
$hash = $servers[$_GET['serverid']]['hash'];
} else {
if (!isset($_POST['ajax'])) {
/**
* @desc Check for suffient permissions
* @param arr|int $vPermissions AclList or simple permissions int
* @param int $iWhat Which permissions bit are involved
* @param str $sUid uid to check
* @param arr $aGid groups to check
* @return bool success
* @access private
* @author Marc Groot Koerkamp
*/
function _checkPermission($vPermissions, $iWhat, $sUid, $aGid)
{
$bResult = true;
if ($this->enable_acl) {
// use tree defaults if uid/gid are not supplied
if (!$sUid) {
$sUid = $this->uid;
}
if (!count($aGid)) {
$aGid = $this->gid;
}
$bResult = acl::checkaccess($vPermissions, $sUid, $aGid, $iWhat);
} else {
if ($vPermissions & $iWhat == $iWhat) {
$bResult = true;
}
}
return $bResult;
}
<?php
/**
Account Form Index View
*/
if (!acl::may('/account/tax-form')) {
radix_session::flash('fail', 'Access Denied');
radix::redirect();
}
$_ENV['h1'] = $_ENV['title'] = array('Accounting', 'Tax Forms');
$res = radix_db_sql::fetchAll("select id,name from account_tax_form order by name");
echo '<p>Choose a Tax Form to Print!</p>';
echo '<ul>';
foreach ($res as $i => $f) {
echo '<li><a href="' . radix::link('/account/tax-form/view?id=' . $f['id']) . '">' . $f['name'] . '</a></li>';
}
echo '</ul>';
Radix::redirect();
}
// Radix::dump($res);
$_SESSION['uid'] = $res['id'];
acl::permit('/index');
acl::permit('/dashboard');
acl::permit('/search');
acl::permit('/block*');
acl::permit('/email*');
acl::permit('/file*');
acl::permit('/note*');
acl::permit('/account*');
acl::permit('/contact*');
acl::permit('/invoice*');
acl::permit('/workorder*');
acl::permit('/settings*');
Session::flash('info', 'Sign In Successful');
// Redirect
$ret = '/';
if (!empty($_SESSION['return-path'])) {
$ret = $_SESSION['return-path'];
unset($_SESSION['return-path']);
}
Radix::redirect($ret);
break;
}
// $db = Zend_Registry::get('db');
// $ss = Zend_Registry::get('session');
// $this->view->title = 'Login';
//
// $req = $this->getRequest();
/**
* Construct Acl provider
* @return \Directus\Acl
*/
private static function acl()
{
$acl = new acl();
$db = self::get('ZendDb');
$DirectusTablesTableGateway = new DirectusTablesTableGateway($acl, $db);
$getTables = function () use($DirectusTablesTableGateway) {
return $DirectusTablesTableGateway->select()->toArray();
};
$tableRecords = $DirectusTablesTableGateway->memcache->getOrCache(MemcacheProvider::getKeyDirectusTables(), $getTables, 1800);
$magicOwnerColumnsByTable = [];
foreach ($tableRecords as $tableRecord) {
if (!empty($tableRecord['user_create_column'])) {
$magicOwnerColumnsByTable[$tableRecord['table_name']] = $tableRecord['user_create_column'];
}
}
$acl::$cms_owner_columns_by_table = $magicOwnerColumnsByTable;
if (AuthProvider::loggedIn()) {
$currentUser = AuthProvider::getUserInfo();
$Users = new DirectusUsersTableGateway($acl, $db);
$cacheFn = function () use($currentUser, $Users) {
return $Users->find($currentUser['id']);
};
$cacheKey = MemcacheProvider::getKeyDirectusUserFind($currentUser['id']);
$currentUser = $Users->memcache->getOrCache($cacheKey, $cacheFn, 10800);
if ($currentUser) {
$privilegesTable = new DirectusPrivilegesTableGateway($acl, $db);
$acl->setGroupPrivileges($privilegesTable->getGroupPrivileges($currentUser['group']));
}
}
return $acl;
}
<?php
require_once dirname(__FILE__) . '/../setup.php';
require_once $BASE_DIR . 'core/web_diario.php';
require_once $BASE_DIR . 'core/login/acl.php';
$conn = new connection_factory($param_conn);
// VERIFICA SE O USUARIO TEM DIREITO DE ACESSO
$acl = new acl();
// @todo melhorar o retorno ao usuário usando um metódo de logout
if (!$acl->has_role($sa_ref_pessoa, $PAPEIS_WEB_DIARIO, $conn)) {
exit('<script language="javascript" type="text/javascript">
alert(\'Você não tem direito de acesso a estas informações!\');
window.history.back(1);</script>');
}
// ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ //
// @todo verificar se quem acessou possui pelo menos um diário ou coordena pelo menos um curso
unset($_SESSION['conteudo']);
unset($_SESSION['flag_falta']);
$is_coordenador = FALSE;
$is_professor = FALSE;
// RECUPERA INFORMACOES SOBRE OS PERIODOS DO PROFESSOR
$qry_periodo = 'SELECT DISTINCT o.ref_periodo,p.descricao FROM disciplinas_ofer o, disciplinas_ofer_prof dp, periodos p WHERE dp.ref_professor = ' . $sa_ref_pessoa . ' AND o.id = dp.ref_disciplina_ofer AND p.id = o.ref_periodo ORDER BY ref_periodo DESC LIMIT 1;';
$periodo = $conn->get_row($qry_periodo);
if (count($periodo) > 0) {
$_SESSION['web_diario_periodo_id'] = isset($_SESSION['web_diario_periodo_id']) ? $_SESSION['web_diario_periodo_id'] : $periodo['ref_periodo'];
$is_professor = TRUE;
}
// ^ RECUPERA INFORMACOES SOBRE OS PERIODOS DO PROFESSOR ^ //
// RECUPERA INFORMACOES SOBRE OS PERIODOS DO COORDENADOR
$sql_coordena = 'SELECT DISTINCT o.ref_periodo,p.descricao FROM disciplinas_ofer o, periodos p WHERE o.ref_periodo = p.id AND o.ref_curso IN (SELECT DISTINCT ref_curso FROM coordenador WHERE ref_professor = ' . $sa_ref_pessoa . ') ORDER BY ref_periodo DESC LIMIT 1;';
$periodo_coordenacao = $conn->get_row($sql_coordena);
<?php
// Turn on error reporting
ini_set('display_errors', 'On');
error_reporting(E_ALL);
require_once 'resources/db_connection.php';
require 'acl.php';
if (isset($_SESSION['id'])) {
$acl = new acl();
$privilege = $acl->checkPrivilege($_SESSION['id'], 7);
} else {
header("Location: index.php");
}
require 'layout/header.php';
?>
<body>
<nav class="navbar navbar-inverse" data-spy="affix">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse"
data-target="#homeNavbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">
<?php
//echo htmlentities($name);
?>
</a>
</div>
/**
* @func checkAccess
* @desc calculate if provided uid/gid has sufficient rights
* @param arr $aAclList array with individual acl entries
* @param str $sUid username
* @param arr $aGid array with groups
* @param int $iRights rights to check
* @return bool sufficient rights
* @access public
* @author Marc Groot Koerkamp
*/
function checkAccess($aAclList, $sUid = '', $aGid = array(), $iRights)
{
$iMyRights = acl::effectiveRights($aAclList, $sUid, $aGid);
return acl::suffRights($iMyRights, $iRights);
}
$g['user']->add($_POST['username'], $_POST['password'], $_POST['fullname'], $_POST['email'], $_POST['role']);
}
}
$roles = $g['user']->get_roles();
foreach ($roles as $i => $r) {
if ($r == 'admin' || $r == 'member') {
unset($roles[$i]);
}
}
$g['smarty']->assign('roles', $roles);
$g['template'] = 'form';
break;
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
case 'edit':
if (!acl::has(__FILE__, $_GET['action'])) {
break;
}
if (isset($_POST['submit'])) {
$res = $g['user']->admin_edit($_GET['id'], $_POST['username'], $_POST['password'], $_POST['fullname'], $_POST['email'], $_POST['role'], $_POST['status']);
if ($res['error']) {
$g['error']->push($res['msg'], 'error');
} else {
$g['error']->push('به درستی تغییر داده شد', 'info');
}
}
$user = $g['user']->get_one_by_id($_GET['id']);
$g['smarty']->assign('user', $user['rows'][0]);
$yegans = $g['user']->get_yegans($user['rows'][0]['id']);
$g['smarty']->assign('yegans', $yegans['rows']);
$roles = $g['user']->get_roles();
<?php
require_once dirname(__FILE__) . '/setup.php';
require_once $BASE_DIR . 'core/login/acl.php';
$conn = new connection_factory($param_conn);
// VERIFICA SE O USUARIO TEM DIREITO DE ACESSO
$acl = new acl();
// @todo melhorar o retorno ao usuário usando um metódo de logout
if (!$acl->has_role($sa_ref_pessoa, $PAPEIS_SA, $conn)) {
exit('<script language="javascript" type="text/javascript">
alert(\'Você não tem direito de acesso a estas informações!\');
window.history.back(1);</script>');
}
// ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ //
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SA</title>
<link href="../public/styles/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
function iframeAutoHeight(quem){
if(navigator.appName.indexOf("Internet Explorer")>-1){
var func_temp = function(){
var val_temp = quem.contentWindow.document.body.scrollHeight + 30
quem.style.height = val_temp + "px";
}
setTimeout(function() { func_temp() },100) //ie sucks
}else {
var val = quem.contentWindow.document.body.parentNode.offsetHeight + 30
<?php
require_once dirname(__FILE__) . '/../setup.php';
require_once $BASE_DIR . 'core/login/acl.php';
require_once $BASE_DIR . 'core/date.php';
$conn = new connection_factory($param_conn);
// VERIFICA SE O USUARIO TEM DIREITO DE ACESSO
$acl = new acl();
$papeis = $acl->get_roles($sa_ref_pessoa, $conn);
if (count(array_intersect($papeis, $PAPEIS_WEB_DIARIO)) == 0) {
exit('<script language="javascript" type="text/javascript">
alert(\'Você não tem direito de acesso a estas informações!\');
window.history.back(1);</script>');
}
// ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ /
?>
<html>
<head>
<title><?php
echo $IEnome;
?>
- web diário</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" href="<?php
echo $BASE_URL . 'public/styles/web_diario.css';
?>
" type="text/css">
<script type="text/javascript" src="<?php
echo $BASE_URL . 'lib/prototype.js';
<?php
/// Copyright (c) 2004-2016, Needlworks / Tatter Network Foundation
/// All rights reserved. Licensed under the GPL.
/// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT)
$IV = array('POST' => array('useCustomSMTP' => array('bool', 'mandatory' => false), 'smtpHost' => array('ip'), 'smtpPort' => array('number', 'min' => '1', 'max' => '65535')));
require ROOT . '/library/preprocessor.php';
requireStrictRoute();
if (!acl::check('group.creators')) {
Respond::ResultPage(false);
}
$result = setSmtpServer(empty($_POST['useCustomSMTP']) ? 0 : 1, $_POST['smtpHost'], $_POST['smtpPort']);
Respond::ResultPage($result);
<?php
require_once dirname(__FILE__) . "/../setup.php";
require_once dirname(__FILE__) . '/../../core/login/acl.php';
$conn = new connection_factory($param_conn);
// Definindo as permissoes do usuario quanto ao arquivo
$acl = new acl();
if (!$acl->has_access(__FILE__, $conn)) {
exit('Você não tem permissão para acessar este formulário!');
}
$id_usuario = $_GET["id_usuario"];
$sqlUsuario = '
SELECT
u.id,
u.nome,
u.ativado,
u.ref_pessoa,
p.nome,
s.nome_setor,
c.nome_campus,
u.ref_campus,
u.ref_setor
FROM
usuario u, setor s, pessoas p, campus c
WHERE
s.id = u.ref_setor AND
u.ref_pessoa = p.id AND
c.id = u.ref_campus AND
u.id = ' . $id_usuario;
$RsUsuario = $conn->get_row($sqlUsuario);
$setor = $conn->get_all('SELECT id, nome_setor FROM setor;');
public function testDenyNoPermissionException()
{
$this->setExpectedException('Pop\\Auth\\Exception');
$editor = Role::factory('editor');
$editor->addPermission('edit');
$page = Resource::factory('page');
$a = acl::factory($editor, $page);
$a->deny('editor', 'page', 'read');
}
