/**
* Return view for selecting a document for preprocessing.
*/
public function getIndex()
{
$files = File::get();
$thisUser = \Auth::user();
foreach ($files as $ent) {
$hasPermission = PermissionHandler::checkProject($thisUser, $ent['project'], Permissions::PROJECT_WRITE);
$ent['canWrite'] = $hasPermission;
}
if (count($files) > 0) {
return View::make('media.preprocess.text.pages.actions', compact('files'));
}
return Redirect::to('media/upload')->with('flashNotice', 'You have not uploaded any documents yet');
}
/**
* Generate a list of Projects a given user belongs to.
*
* @param $user UserAgent of the user whose groups should be listed.
* @param $permission (optional) a permission required for the listed projects -- only
* projects for which the user has the given permission will be listed.
* @return List of containing the name and role of Projects the user belongs to.
*/
public static function getUserProjects($user, $permission = null)
{
$sentryGroups = $user->getGroups();
// List Sentry-groups and build list of Projects
$projects = [];
foreach ($sentryGroups as $sentryGroup) {
$parts = explode(':', $sentryGroup->name);
if (is_null($permission) || PermissionHandler::checkProject($user, $parts[0], $permission)) {
array_push($projects, ['name' => $parts[0], 'role' => $parts[1]]);
}
}
return $projects;
}
/**
* Display view with details for a specified group.
*
* @param $groupname Name of the group to be displayed.
*/
public function getSettings($groupname)
{
$sentryGroups = [];
foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
$sentryGroups[$role] = Sentry::findGroupByName($groupname . ':' . $role);
}
$groupUsers = [];
foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
// List userts with $role in this group -- make [] when none
$users = $sentryGroups[$role]['user_agent_ids'];
$groupUsers[$role] = is_null($users) ? [] : $users;
}
$groupInviteCodes = [];
foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
$groupInviteCodes[$role] = $sentryGroups[$role]['invite_code'];
}
$canEditGroup = PermissionHandler::checkProject(Auth::user(), $groupname, Permissions::PROJECT_ADMIN);
$credentials = ProjectHandler::getCredentials($groupname);
return View::make('projects.settings')->with('project', $groupname)->with('users', $groupUsers)->with('inviteCodes', $groupInviteCodes)->with('canEditGroup', $canEditGroup)->with('credentials', $credentials);
}
/**
* Display list of all users
*/
public function getUserlist()
{
$userlist = UserAgent::getUserlist();
// Logged in user can view other user's profiles
$viewProfiles = PermissionHandler::checkAdmin(Auth::user(), Permissions::ALLOW_ALL);
$thisUser = Auth::user();
// List of groups this user can invite people to
$groupsManaged = [];
// For each group logged in user belongs to
foreach (ProjectHandler::getUserProjects($thisUser) as $group) {
// Check if user has admin permission..
if (PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN)) {
array_push($groupsManaged, $group['name']);
}
}
$userGroupInfo = [];
foreach ($userlist as $user) {
// List of groups $user belongs to
$usergroups = ProjectHandler::getUserProjects($user);
$usergroupnames = array_column($usergroups, 'name');
// List of groups logged in user can invite $user to join
// and that $user is not already a member of.
$inviteGroups = array_diff($groupsManaged, $usergroupnames);
$belongGroups = [];
foreach ($usergroups as $group) {
// Can logged user assign roles for this group ?
$canAssign = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN);
// Can logged user view info for this group ?
$canView = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_READ);
// User cannot change his own permissions
if ($user['_id'] == $thisUser['_id']) {
$canAssign = false;
}
$group['canview'] = $canView;
$group['assignrole'] = $canAssign;
array_push($belongGroups, $group);
}
$userGroupInfo[$user['_id']] = ['groups' => $belongGroups, 'tojoin' => $inviteGroups];
}
return View::make('users.list')->with('userlist', $userlist)->with('viewProfiles', $viewProfiles)->with('usergroups', $userGroupInfo);
}
* Alternatively it should be passed in as a GET/POST parameter
*
* $permission needs to be passed in as a filter parameter
*
* 'before' => 'permission:'.Permissions::PROJECT_ADMIN
*/
Route::filter('permission', function ($route, $request, $permission) {
$thisUser = Auth::user();
$groupName = Route::input('projectname');
// Passed in as route parameter
if (is_null($groupName)) {
$groupName = Input::get('projectname');
// Passed in as parameter parameter
}
// Check permissions
$hasPermission = PermissionHandler::checkProject($thisUser, $groupName, $permission);
if (!$hasPermission) {
return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
}
});
/**
* Require routes to have admin permissions.
*/
Route::filter('adminPermission', function () {
$thisUser = Auth::user();
// Check permissions
$isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL);
if (!$isAdmin) {
return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
}
});
