/** * Return the selected view mode if any * @return bollean|string, view mode name or false * @access getViewMode */ function getViewMode() { $enabled = Configure::read('App.gui.viewModes.enabled'); // check if different view modes are actives for this context $allowed = Common::requestAllowed($this->Controller->name, $this->Controller->action, Configure::read('App.gui.viewModes.conditions')); // options must be enabled and allowed for controller:action if ($enabled && $allowed) { // list allowed view modes $allowed = Configure::read('App.gui.viewModes.options'); $urlName = Configure::read('App.gui.viewModes.urlName'); $requested = array(); if (isset($this->Controller->params['named'][$urlName]) && isset($allowed[$this->Controller->params['named'][$urlName]])) { // check if the view mode is requested in the url $requested = $this->Controller->params['named'][$urlName]; User::setValue('Preference.gui.viewModes.default', $requested); } elseif (User::get('Preference.gui.viewModes.default')) { // check if there was any preferences in the past $requested = User::get('Preference.gui.viewModes.default'); } else { // default option $requested = Configure::read('App.gui.viewModes.default'); } return $requested; } return false; }
/** * undocumented function * * @return void * @access public */ function beforeFilter() { if (!defined('CAKEPHP_UNIT_TEST_EXECUTION')) { Assert::false($this->name == 'App', '404'); Assert::true(!!$this->action, '404'); } $this->Session = $this->AppSession; ClassRegistry::addObject('Component.Session', $this->Session); ClassRegistry::addObject('Component.RequestHandler', $this->RequestHandler); ClassRegistry::addObject('Component.Cookie', $this->Cookie); ClassRegistry::addObject('Component.Email', $this->Email); ClassRegistry::addObject('Component.Pgp', $this->Pgp); $this->_loadPermissions(); $this->_setLanguage(); $this->_loadPluginConfigs(); if ($this->isAdmin()) { $this->layout = 'admin'; } if (defined('CAKEPHP_UNIT_TEST_EXECUTION')) { return; } $this->RequestHandler->setContent('list', 'text/html'); if (empty($this->ignoreUserSession)) { $rules = Configure::read('App.userPermissions.' . User::get('Role.name')); Assert::notEmpty($rules, '500'); $canAccess = Common::requestAllowed($this->name, $this->action, $rules, true); if (!$canAccess) { Assert::true(User::is('guest'), '403'); if ($this->isOkForSessionRedirect()) { $this->Session->write($this->loginRedirectSesskey, $this->here); } $this->Session->write('cant_access', true); return $this->redirect('/admin/auth/login', '403', true); } if (!User::is('guest') && $this->name == 'auth' && $this->action == 'login') { $url = '/admin/home'; if ($this->Session->check($this->loginRedirectSesskey)) { $url = $this->Session->read($this->loginRedirectSesskey); } $this->redirect($url); } } $here = $this->params['url']['url']; if (!empty($here) && $here[0] != '/') { $here = '/' . $here; } $this->setJson('here', $here); $ajax = $isAjax = false; if ($this->isAjax()) { $this->layout = 'ajax'; $ajax = $isAjax = true; } $this->set(compact('ajax', 'isAjax', 'here')); }
/** * Use UserLog model to create a log entry * @return void * @access public */ function log() { $logRules = Configure::read('App.logs.controllers.rules'); // log if there is matching rule foreach ($logRules as $rules => $verbose) { $verbose = $this->__getVerbose($verbose); if (!$verbose) { continue; } if (Common::requestAllowed($this->Controller->name, $this->Controller->action, $rules)) { $this->__UserLog->data = $this->__getDataForLogs($verbose); $this->__UserLog->save($this->__UserLog->data, false); // log only once break; } } }
/** * Get the siderbar for a given section * @param $section name */ function get($options = null) { $results = array(); if (!isset($options) || empty($options)) { return $results; } $section = isset($options['section']) ? $options['section'] : null; $controller = $options['controller']; $action = $options['action']; $widgets = $this->__getSidebarElements($section); // check permissions // 1. sidebar inclusion rules for controller:action // 2. user/role rights to access sidebar:widget foreach ($widgets as $key => $widget) { if (Common::requestAllowed($controller, $action, $widget['rules']) && User::isAuthorized($controller, $action)) { $results[$key] = $widget; } } return $results; }
/** * Get and group permissions * @param $role (optional) * @return arrray $item[$controller][$action] */ static function getPermissions($role = null) { $permissions = Configure::read('App.permissions.options'); $controller = ''; $action = ''; $items = array(); foreach ($permissions as $perm) { $perm = trim($perm); $permData = explode(':', $perm); $controller = $permData[0]; $action = $permData[1]; if (!isset($role['Role']['permissions'])) { $allowed = '0'; } else { $allowed = Common::requestAllowed($controller, $action, $role['Role']['permissions'], true); } $items[$controller][$action] = $allowed; } return $items; }
/** * undocumented function * * @param string $obj * @return void * @access public */ function allowed($controller, $action, $obj = null) { if (User::is('root')) { return true; } $result = true; if (!empty($obj)) { $officeId = $this->Session->read('Office.id'); if (isset($obj['Gift']['office_id'])) { $result = $obj['Gift']['office_id'] == $officeId; } if (isset($obj['Appeal']['office_id'])) { $result = $obj['Appeal']['office_id'] == $officeId; } if (isset($obj['User']['office_id'])) { $result = $obj['User']['office_id'] == $officeId; } } $rolePerms = User::get('Role.permissions'); $result = $result && Common::requestAllowed($controller, $action, $rolePerms, true); $indivPerms = User::get('permissions'); return $result && Common::requestAllowed($controller, $action, $indivPerms, true); }
/** * Is a user allowed to do something? * @param array $ressource * @param array $property * @param string $rules - something like "*:*,!users:delete" */ static function isAuthorized($ressource, $property) { return Common::requestAllowed($ressource, $property, User::get('Role.permissions') . ',' . User::get('User.permissions')); }