/** * Checks if the given user has the given permission. * * @param string $permission * The permission string to check- * @param array $user * If not provided current logged in user will be used. (Optional, default = null) * * @return boolean * True if the user has the permission, else false. If access control is not enabled or was just enabled without any config it returns also true. */ public function has_permission($permission, $user = null) { static $perms = array(); if (AccessControl::is_enabled()) { if (!$this->access_config->is_empty()) { if ($user === null) { $user = $this->user; } if (empty($user)) { return false; } if (!isset($perms[$user['username']])) { $res = db::getInstance()->query('SELECT "permission" FROM "group2perm" WHERE "group_name" = :group', array(':group' => $user['group'])); $perms[$user['username']] = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { $perms[$user['username']][$row['permission']] = $row['permission']; } } return isset($perms[$user['username']]) && (!empty($perms[$user['username']]['*']) || !empty($perms[$user['username']]['is_admin']) || !empty($perms[$user['username']][$permission])); } } return true; }
/** * Ajax request to save new configuration settings. */ public function save_settings() { $params = new ParamStruct(); $params->add_required_param('settings', PDT_ARR); $params->fill(); if (!$params->is_valid()) { AjaxModul::return_code(AjaxModul::ERROR_INVALID_PARAMETER); } if (!$this->access_control->has_permission(AccessControl::PERM_CHANGE_MAIN_SETTINGS)) { AjaxModul::return_code(AjaxModul::ERROR_NO_RIGHTS); } $need_redirect = null; foreach ($params->settings as $key => $val) { if ($key === 'enable_access_control' && !empty($val)) { $access_controll = new AccessConfig(); if ($access_controll->is_empty()) { $need_redirect = true; } } $this->config->set_value($key, $val); } if ($need_redirect) { AjaxModul::return_code(AjaxModul::SUCCESS, array('url' => murl('access', 'index'))); } else { AjaxModul::return_code(AjaxModul::SUCCESS); } }