function generate_inner_html() { global $current_theme_path, $base_url, $network_info, $login_uid; if ($network_info->type == MOTHER_NETWORK_TYPE) { if ($login_uid == SUPER_USER_ID) { $this->set_perms('all'); } else { $role_obj = Roles::get_user_role($login_uid); if (empty($role_obj)) { $this->set_perms('none'); } else { $tasks = Roles::get_tasks_of_role($role_obj->role_id); $this->set_perms($tasks); } } } else { //spawned networks only admin roles if (Network::is_admin($network_info->network_id, $login_uid) || $login_uid == SUPER_USER_ID) { //owner of network $this->set_perms('all'); //todo - quick fix here $this->task_perms['meta_networks'] = FALSE; } else { $this->set_perms('none'); } } $extra = unserialize($network_info->extra); $network_content_moderation = FALSE; if (@$extra['network_content_moderation'] == NET_YES) { // this can be empty or not set $network_content_moderation = TRUE; } $inner_template = NULL; switch ($this->mode) { default: $inner_template = dirname(__FILE__) . '/center_inner_private.tpl'; } $obj_inner_template =& new Template($inner_template); $obj_inner_template->set('base_url', $base_url); $obj_inner_template->set('task_perms', $this->task_perms); $obj_inner_template->set('network_content_moderation', $network_content_moderation); $inner_html = $obj_inner_template->fetch(); return $inner_html; }
} else { // show network and user personal pages roles $g_roles = array(); $u_roles = array(); $net_roles = array(); $g_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'group', 'gid' => $group_id)); $u_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'user')); $net_roles = Roles::get_user_roles($user_id, DB_FETCHMODE_ASSOC, array('type' => 'network')); $u_roles = array_merge($u_roles, $net_roles); $u_roles = array_merge($u_roles, $g_roles); } foreach ($u_roles as $role) { $role_id = $role['role_id']; $role_type = $role['type']; $role_name = Roles::get_role_name($role_id); $role_tasks = Roles::get_tasks_of_role($role_id); $role_extra = unserialize($role['extra']); $role_info = array('role_id' => $role_id, 'name' => $role_name, 'type' => $role_type, 'extra' => $role_extra, 'tasks' => $role_tasks); $user_roles[$role_id] = $role_info; if ($role_id == $sel_role_id) { $selected_role = $role_info; } } ?> <form action="" class="inputrow" method="post" name="assign_role_form" id="assign_role_form"> <input type="hidden" name="uid" id = "user_role_id" /> <fieldset> <legend> <?php echo __('Edit/Assign Role for user: ') . $user->login_name; ?>
public function __construct($user_id) { if (!isset($user_id)) { throw new CNException(REQUIRED_PARAMETERS_MISSING, "PermissionsHandler::__construct() must be called with User object or user_id parameter"); } $tasks_obj = Tasks::get_instance(); $this->tasks = $tasks_obj->get_tasks(); foreach ($this->tasks as $task) { $this->static_permissions[] = $task->task_value; } $this->uid = (int) $user_id; $this->is_net_admin = Network::is_admin(PA::$network_info->network_id, $this->uid); $roles = Roles::get_user_roles((int) $user_id, DB_FETCHMODE_OBJECT); // echo "User Roles <pre>".print_r(PA::$login_user, 1). "</pre>"; $this->user_permissions = array(); $user_perms = array(); $network_perms = array(); $groups_perms = array(); foreach (array('user', 'network', 'groups') as $type) { foreach ($roles as $role) { $role_extra = unserialize($role->extra); if ($type == 'user') { $condition = $role_extra['user'] == true; } else { if ($type == 'network') { $condition = $role_extra['network'] == true; } else { $condition = count($role_extra['groups']) > 0; } } if ($condition) { $role_tasks = Roles::get_tasks_of_role($role->role_id); // echo "RoleID: $role->role_id<pre>".print_r($role_tasks,1)."</pre>"; if ($role_tasks) { foreach ($role_tasks as $rt) { if ($type == 'user') { $user_perms[] = $rt->task_value; } else { if ($type == 'network') { $network_perms[] = $rt->task_value; } else { foreach ($role_extra['groups'] as $group_id) { if (isset($groups_perms[$group_id]) && is_array($groups_perms[$group_id])) { array_push($groups_perms[$group_id], $rt->task_value); } else { $groups_perms[$group_id] = array($rt->task_value); } } } } } } } } } $this->user_permissions['user'] = $user_perms; $this->user_permissions['network'] = $network_perms; $this->user_permissions['groups'] = $groups_perms; if ($this->is_net_admin) { // user is network admin, grant him same privileges for all network groups foreach ($this->user_permissions['groups'] as &$gr_perms) { $gr_perms = array_unique(array_merge($gr_perms, $this->user_permissions['network'])); } } // echo "<pre>".print_r($this->user_permissions,1)."</pre>"; }
/** Purpose : this function check user task permissions for a Group or a Network @param : $uid, $task_values, $type, $target_id, $strict @return : bool **/ public static function can_user($uid, $task_values, $type = 'network', $strict, $target_id = null) { Logger::log("Enter: function User::can_user"); if (SUPER_USER_ID == $uid) { // SUPER USER has all permissions! return TRUE; } if (!is_array($task_values)) { $task_values = array($task_values); } $user = new self(); $user->load($uid); $roles = $user->get_user_roles(DB_FETCHMODE_OBJECT); $result = false; $user_tasks = array(); foreach ($roles as $role) { // merge all tasks/permissions for specific role type // $role_obj = new Roles(); // $role_obj->load((int)$role->role_id); $condition = $type == 'network' ? $role->extra['network'] == true : count($role->extra['groups']) > 0 && in_array($target_id, $role->extra['groups']); // apply role to a group // if(($role_obj->type == $type) && $condition) { if ($condition) { $role_tasks = Roles::get_tasks_of_role($role->role_id); if ($role_tasks) { foreach ($role_tasks as $rt) { $user_tasks[] = $rt->task_value; } } } } $found = 0; $nb_tasks = count($task_values); foreach ($task_values as $value) { if (!in_array($value, $user_tasks) && $strict == true) { $result = false; break; } if (in_array($value, $user_tasks) && $strict == false) { $result = true; break; } if (in_array($value, $user_tasks) && $strict == true) { $found++; } } if ($strict == true) { $result = $found == $nb_tasks ? true : false; } Logger::log("Exit: function User::can_user"); return $result; }
private function getRolesInfo() { $roles = new Roles(); $roles_info = $roles->get_multiple(null, DB_FETCHMODE_ASSOC); foreach ($roles_info as &$role) { $role['tasks'] = Roles::get_tasks_of_role($role['id'], DB_FETCHMODE_ASSOC); } return $roles_info; }
private function get_user_task_permissions($uid) { $tasks = array(); $role_obj = Roles::get_user_roles($uid); if (!empty($role_obj)) { $tasks = array(); foreach ($role_obj as $r_obj) { $tasks_roles = Roles::get_tasks_of_role($r_obj->role_id); if ($tasks_roles) { $tasks = array_merge($tasks, $tasks_roles); } } } return $tasks; }
public static function check_administration_permissions($uid) { Logger::log("Enter: function Roles::check_administration_permissions"); if ($uid == SUPER_USER_ID) { return true; } // meta admin! $user = new User(); $user->load($uid); $roles = $user->get_user_roles(DB_FETCHMODE_OBJECT); $result = false; $user_tasks = array(); foreach ($roles as $role) { // first get all user network roles if ($role->extra['network'] == true) { $role_tasks = Roles::get_tasks_of_role($role->role_id); // then get all tasks/permissions if ($role_tasks) { foreach ($role_tasks as $rt) { $user_tasks[] = $rt->name; // and task/permission names } } } } foreach ($user_tasks as $task_name) { if (false !== stripos($task_name, 'Manage') || false !== stripos($task_name, 'Configure')) { $result = true; // if user have any task/permission that beggining break; // with 'Manage' or 'Configure', that means that this } // user have assigned one of administration permissions } Logger::log("Exit: function Roles::check_administration_permissions"); return $result; }