/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: return (bool) $user; case self::PERMISSION_UPDATE: return $user && ($user->id == $this->author_id || $user->has_role('admin', 'photo admin')); case self::PERMISSION_DELETE: return $user && (in_array($user->id, array($this->user_id, $this->author_id)) || $user->has_role('admin', 'photo admin')); case self::PERMISSION_READ: return true; } return false; }
/** * Find Notifications for user. * * @static * @param Model_User $target * @return Model_Notification[] */ public function find_by_target(Model_User $target) { // User notifications $query = DB::select_array($this->fields())->where('target_id', '=', $target->id)->order_by('id', 'DESC'); // Admin notifications if ($target->has_role('admin', 'photo moderator')) { $query = $query->or_where_open()->where('class', '=', Notification_Galleries::CLASS_GALLERIES)->and_where('type', '=', Notification_Galleries::TYPE_IMAGE_REPORT)->or_where_close(); } return $this->load($query, 0); }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && $user->has_role('admin'); case self::PERMISSION_POST: case self::PERMISSION_READ: return (bool) $user; } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_READ: return true; case self::PERMISSION_CREATE: case self::PERMISSION_COMMENT: case self::PERMISSION_COMMENTS: return (bool) $user; case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && ($this->author_id == $user->id || $user->has_role('admin')); } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { // Everybody can read roles case self::PERMISSION_READ: return true; // Don't allow to delete nor rename of critical roles // Don't allow to delete nor rename of critical roles case self::PERMISSION_DELETE: if (in_array($this->id, array(self::LOGIN, self::ADMIN))) { return false; } default: return $user && $user->has_role('admin'); } }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { $status = false; switch ($permission) { case self::PERMISSION_DELETE: if (count($this->areas())) { // Don't delete groups with areas return false; } case self::PERMISSION_CREATE: case self::PERMISSION_CREATE_AREA: case self::PERMISSION_UPDATE: $status = $user && $user->has_role('admin'); break; case self::PERMISSION_READ: $status = true; break; } return $status; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_DELETE: return $user && $user->has_role('admin'); case self::PERMISSION_POST: return ($this->status != self::STATUS_LOCKED || $user->has_role('admin')) && $this->has_permission(self::PERMISSION_READ, $user); case self::PERMISSION_READ: return $user && in_array($user->id, $this->recipients()); case self::PERMISSION_UPDATE: return $this->has_permission(self::PERMISSION_READ, $user) && parent::has_permission($permission, $user); } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_DELETE: return $user && $user->has_role(array('admin', 'photo moderator')); case self::PERMISSION_COMMENT: case self::PERMISSION_COMMENTS: case self::PERMISSION_CREATE: case self::PERMISSION_READ: return (bool) $user; case self::PERMISSION_UPDATE: return $user && !$this->has_full_date(); } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: return (bool) $user; break; case self::PERMISSION_COMBINE: case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && $user->has_role('admin', 'venue moderator'); break; case self::PERMISSION_READ: return true; } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: case self::PERMISSION_NOTE: case self::PERMISSION_REPORT: return (bool) $user; case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && ($user->id == $this->author_id || $user->has_role('admin', 'photo moderator')); case self::PERMISSION_READ: return true; } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && $user->has_role('admin'); case self::PERMISSION_POST: return $user && !$this->is_hidden && (!$this->is_moderated || $user->has_role('admin')); case self::PERMISSION_READ: return !$this->is_hidden && $this->area_type != self::TYPE_PRIVATE && (!$this->is_private || $user); } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_DELETE: return $user && $user->has_role('admin'); case self::PERMISSION_POST: return $user && ($this->status !== self::STATUS_LOCKED || $user->has_role('admin')); case self::PERMISSION_READ: return Permission::has($this->area(), Model_Forum_Area::PERMISSION_READ, $user); case self::PERMISSION_UPDATE: return $user && ($this->status !== self::STATUS_LOCKED && $user->id == $this->author_id || $user->has_role('admin')); } return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_CREATE: case self::PERMISSION_DELETE: case self::PERMISSION_UPDATE: return $user && $user->has_role('admin'); case self::PERMISSION_POST: return $user && ($this->access_write != self::WRITE_ADMINS && $this->area_type != self::TYPE_BIND && $this->status != self::STATUS_HIDDEN || $user->has_role('admin')); case self::PERMISSION_READ: return $this->status == self::STATUS_NORMAL && $this->area_type != self::TYPE_PRIVATE && ($this->access_read == self::READ_NORMAL || $user); } return false; }
protected function add_edit(Model_User &$user) { $errors = array(); $roles = ORM::factory('Role')->where('id', '!=', Model_User::LOGIN_ROLE_ID)->order_by('id')->find_all()->as_array('id'); if ($this->request->method() == Request::POST) { $data = $this->request->post(); $_data = $data; // operate on copy: $_data $email = $user->email; // keep email in the case od validation exception to restore this value in $user $external_validation = Validation::factory($_data)->labels(array('repeat_email' => 'Repeat e-mail'))->rules('roles', array(array('each_in_array', array(':value', array_keys($roles)))))->rules('repeat_email', array(array('matches', array(':validation', ':field', 'email')))); if ($user->loaded()) { if (empty($_data['email'])) { // no email while editing means: no changing but ORM model need email value to be not empty $_data['email'] = $user->email; } } else { $_data['password'] = Text::random('alnum', 14); // set random password for new user } try { $user->values($_data)->save($external_validation); } catch (ORM_Validation_Exception $vex) { $errors = $vex->errors('orm'); $user->email = $email; // restore original email value } // Manage roles for user: if (empty($errors)) { $user_roles = (array) Arr::get($data, 'roles', array()); foreach ($roles as $role) { // Adding: if (in_array($role->id, $user_roles) and !$user->has_role($role->id)) { $user->add('roles', $role); } // Removing: if (!in_array($role->id, $user_roles) and $user->has_role($role->id)) { $user->remove('roles', $role); } } if (!empty($data['send_hashlink'])) { $this->send_activation($user); } // finish saving return TRUE; } } else { if ($user->loaded()) { $data = $user->as_array(); $data['email'] = ''; $data['roles'] = array(); foreach ($roles as $role) { if ($user->has_role($role->id)) { $data['roles'][] = $role->id; } } } else { $data = array('send_hashlink' => '1'); } } $this->content = View::factory("users/edit")->bind("user", $user)->bind("roles", $roles)->bind("data", $data)->bind("errors", $errors); }
/** * Attempt to log in a user by using an ORM object and plain-text password. * * @param Model_User $user * @param string $password plain text * @param boolean $remember auto-login * @return boolean */ public function login(Model_User $user, $password, $remember = false) { if (!$password || !$user) { return false; } // Get the salt from the stored password $salt = $this->find_salt($user->password_kohana); // Create a hashed password using the salt from the stored password $hashed_password = $this->hash_password($password, $salt); // If the passwords match to hashed password or "generated" password, perform a login if (($user->password_kohana === $hashed_password || self::generate_password($user->password_kohana) === $password) && $user->has_role('login')) { if ($remember === true) { // Create a new autologin token $token = new Model_User_Token(); $token->user_id = $user->id; $token->expires = time() + $this->_config['lifetime']; $token->create(); // Set the autologin cookie Cookie::set($this->_config['cookie_name'], $token->token, $this->_config['lifetime']); } // Finish the login $this->complete_login($user); return true; } // Login failed return false; }
/** * Check permission * * @param string $permission * @param Model_User $user * @return boolean */ public function has_permission($permission, $user) { switch ($permission) { case self::PERMISSION_APPROVE: case self::PERMISSION_UPDATE: return $user && $user->has_role(array('admin', 'photo moderator')); case self::PERMISSION_APPROVE_WAITING: return $user && $user->has_role(array('photo', 'admin', 'photo moderator')); case self::PERMISSION_DELETE: return $user && $user->has_role('admin'); case self::PERMISSION_COMMENT: case self::PERMISSION_COMMENTS: case self::PERMISSION_CREATE: case self::PERMISSION_UPLOAD: return (bool) $user; case self::PERMISSION_READ: return true; } return false; }