public static function check($name, $action = 1, $module = "") { if (empty($module)) { $module = wbCache::getCached('current', 'module'); } if (empty($module)) { throw new Exception("Unknown Module"); } if (!self::isPermissionExist($name)) { throw new Exception('Unknown Permission Name ' . $name . ' on module ' . $module); } $sessionInfo = wbUser::getSession(); $dbconn = wbDB::getConn(); $prefix = wbConfig::get('DB.prefix'); $query = "SELECT role_id FROM " . $prefix . "_user_role \r\n WHERE role_id IN (select role_id FROM " . $prefix . "_role_permission) AND user_id = ?"; $result =& $dbconn->Execute($query, array($sessionInfo['user_id'])); if (!$result) { throw new Exception($dbconn->ErrorMsg()); } while (!$result->EOF) { list($role_id) = $result->fields; // check ACCESS $query = "SELECT COUNT(1) FROM " . $prefix . "_role_permission as a, " . $prefix . "_permission as b\r\n WHERE a.role_id = ? AND \r\n a.permission_level >= ? AND \r\n a.permission_id = b.permission_id AND\r\n b.permission_name = ? AND \r\n b.permission_module = ?"; $count = $dbconn->GetOne($query, array($role_id, $action, $name, $module)); if ($count === false) { throw new Exception($dbconn->ErrorMsg()); } if ($count) { return true; } // this user has ACCESS $result->MoveNext(); } $result->Close(); // this user does not access throw new Exception(json_encode(array('error' => 'sess_error', 'msg' => "Anda tidak memiliki hak akses untuk melakukan operasi ini atau sessi login anda sudah berakhir<br/><br/>Silahkan untuk melakukan login kembali"))); throw new Exception("Anda tidak memiliki hak akses untuk melakukan operasi ini atau sessi login anda sudah berakhir<br/><br/>Nama Akses : " . self::$accessList[$action] . " on " . $module . '.' . $name . "<br/>Silahkan hubungi Administrator untuk mendapatkan akses tersebut"); }
/** * Get controller request */ static function getController() { $module = self::getVar('module'); $class = self::getVar('class'); $method = self::getVar('method'); if (!empty($module)) { if (!preg_match('/^[a-z][a-z_0-9]*$/', $module)) { $module = ''; } } if (empty($module)) { $module = wbConfig::get('Module.defaultModule'); $class = wbConfig::get('Module.defaultClass'); $method = wbConfig::get('Module.defaultMethod'); } else { if (!empty($class)) { if (!preg_match('/^[a-zA-Z._\\x7f-\\xff][a-zA-Z.0-9_\\x7f-\\xff]*$/', $class)) { $class = ''; } } if (empty($class)) { if ($module == wbConfig::get('Module.defaultModule')) { $class = wbConfig::get('Module.defaultClass'); } } if (!empty($method)) { if (!preg_match('/^[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*$/', $method)) { $method = ''; } } if (empty($method)) { if ($module == wbConfig::get('Module.defaultModule') && $class == wbConfig::get('Module.defaultClass')) { $method = wbConfig::get('Module.defaultMethod'); } } } if (empty($module)) { $requestInfo = self::$defaultRequest; } else { if (empty($class)) { $class = $module; } if (empty($method)) { $method = 'main'; } $requestInfo = array($module, $class, $method); } wbCache::setCached('current', 'module', $requestInfo[0]); wbCache::setCached('current', 'controller', $requestInfo[1]); wbCache::setCached('current', 'method', $requestInfo[2]); return $requestInfo; }