/** * Checks the user rights of the currently logged-in person against the page * visibility set for this controller. Will return false if the user has * not got the correct rights. * * @return bool * * @since 1.0 */ public function checkRights() { self::$logger->debug('>>checkRights()'); $config = ConfigProvider::getInstance(); $sessionProvider = $config->get('session.provider.name'); $session = SessionProviderFactory::getInstance($sessionProvider); if (method_exists($this, 'before_checkRights_callback')) { $this->before_checkRights_callback(); } // firstly if the page is Public then there is no issue if ($this->getVisibility() == 'Public') { if (method_exists($this, 'after_checkRights_callback')) { $this->after_checkRights_callback(); } self::$logger->debug('<<checkRights [true]'); return true; } else { // the person is logged in? if ($session->get('currentUser') !== false) { // if the visibility is 'Session', just being logged in enough if ($this->getVisibility() == 'Session') { if (method_exists($this, 'after_checkRights_callback')) { $this->after_checkRights_callback(); } self::$logger->debug('<<checkRights [true]'); return true; } // checking for admins (can access everything) if ($session->get('currentUser')->inGroup('Admin')) { if (method_exists($this, 'after_checkRights_callback')) { $this->after_checkRights_callback(); } self::$logger->debug('<<checkRights [true]'); return true; } elseif ($session->get('currentUser')->inGroup($this->getVisibility())) { if (method_exists($this, 'after_checkRights_callback')) { $this->after_checkRights_callback(); } self::$logger->debug('<<checkRights [true]'); return true; // the person is editing their own profile which is allowed } elseif (get_class($this->record) == 'Alpha\\Model\\Person' && $session->get('currentUser')->getDisplayName() == $this->record->getDisplayName()) { if (method_exists($this, 'after_checkRights_callback')) { $this->after_checkRights_callback(); } self::$logger->debug('<<checkRights [true]'); return true; } else { self::$logger->debug('<<checkRights [false]'); return false; } } else { // the person is NOT logged in self::$logger->debug('<<checkRights [false]'); return false; } } }