/** * beforeFind model callback * * if we are checking permissions, then the appropriate modifications are * made to the original query to filter out denied rows * * @param object $Model * @param array $queryData * @return mixed */ public function beforeFind(Model $Model, $queryData) { $checked = false; if (isset(Router::getRequest()->params)) { $url = Router::getRequest()->params; } if (isset($url['controller']) && isset($url['action']) && strtolower($url['controller']) == strtolower(Configure::read('Core.LoginAction.controller')) && strtolower($url['action']) == strtolower(Configure::read('Core.LoginAction.action'))) { $checked = true; } if ($checked == true || $this->_disabled || isset($queryData['permissionable']) && $queryData['permissionable'] == false || isset($queryData['conditions']['permissionable']) && $queryData['conditions']['permissionable'] == false) { unset($queryData['permissionable']); unset($queryData['conditions']['permissionable']); $this->_unbind($Model); return $queryData; } $alias = $this->getPermissionAlias($Model); if (!in_array($Model->findQueryType, array('avg', 'count', 'max', 'min', 'sum'))) { if (empty($queryData['fields'])) { $queryData['fields'] = array("{$Model->alias}.*"); } $queryData['fields'] = Set::merge($queryData['fields'], array("{$alias}.*, BIT_OR({$alias}.perms) as perms_merge")); } $que = array("{$alias}.model" => "{$Model->alias}", "{$alias}.module_id" => "{$this->settings[$Model->alias]['defaultModuleIds']}", "{$alias}.foreign_id = {$Model->alias}.{$Model->primaryKey}", 'or' => $this->_getPermissionQuery($Model)); $type = 'INNER'; $read = Access::__getPermissionCurrentModule($Model->plugin); if (!empty($read) && $read['perms']['_read'] == GLOBAL_P) { $que = array("{$alias}.model" => "{$Model->alias}", "{$alias}.module_id" => "{$this->settings[$Model->alias]['defaultModuleIds']}", "{$alias}.foreign_id = {$Model->alias}.{$Model->primaryKey}"); $type = 'LEFT'; } $this->_bind($Model, $que, $type); $queryData['group'] = "{$alias}.foreign_id"; return $queryData; }
public function gridLink($title = 'view', $url = null, $item = false, $confirmMessage = false) { $options = array(); $options['escape'] = false; if ($confirmMessage) { $options['onclick'] = 'confirmDialog(this.href, \'' . str_replace("'", "\\'", $confirmMessage) . '\'); return false;'; $confirmMessage = false; } if (is_array($url)) { if (!isset($url['action'])) { $url['action'] = 'index'; } //if(isset($url['action'])){ $module = isset($url['plugin']) ? $url['plugin'] : $this->plugin; $controller = isset($url['controller']) ? $url['controller'] : $this->params['controller']; $user_module = Access::__getPermissionCurrentModule($module); $action = $url['action']; switch ($action) { case "add": if (!Access::checkPermissionCreateModule($module)) { return $title; } return parent::link($title, $url, $options, $confirmMessage); default: if (!Access::checkRow($module, $controller, $action, $item)) { return $title; } return parent::link($title, $url, $options, $confirmMessage); } //} } else { die('not support'); } return parent::link($title, $url, $options, $confirmMessage); }
public static function checkPermissionCreateModule($module) { $user_module = Access::__getPermissionCurrentModule($module); if (empty($user_module) || $user_module['perms']['_create'] == DENY_P) { return false; } return true; }