public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "files"; //only for admins Permission::allow('admin', $resource, ['*']); //only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'create']); Permission::allow('user', $resource, ['delete'], 'owner'); $fileId = Encryption::decryptIdWithDash($this->request->data("file_id")); $config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId]; return Permission::check($role, $resource, $action, $config); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "todo"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['delete'], 'owner'); $todoId = $this->request->data("todo_id"); if (!empty($todoId)) { $todoId = Encryption::decryptIdWithDash($todoId); } $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId]; return Permission::check($role, $resource, $action, $config); }
/** * delete a user * */ public function deleteUser() { $userId = Encryption::decryptIdWithDash($this->request->data("user_id")); if (!$this->user->exists($userId)) { return $this->error(404); } $this->admin->deleteUser(Session::getUserId(), $userId); $this->view->renderJson(array("success" => true)); }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "newsfeed"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']); Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner'); $newsfeedId = $this->request->data("newsfeed_id"); if (!empty($newsfeedId)) { $newsfeedId = Encryption::decryptIdWithDash($newsfeedId); } $config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId]; return Permission::check($role, $resource, $action, $config); }
/** * delete a user * */ public function deleteUser() { $userId = Encryption::decryptIdWithDash($this->request->data("user_id")); if (!$this->user->exists($userId)) { $this->error("notfound"); } $this->admin->deleteUser(Session::getUserId(), $userId); echo $this->view->JSONEncode(array("success" => true)); }