/** * Ensure new role name doesn't already exist. */ public static function new_role($role) { if (isset(\User::acl()->rules[$role])) { return false; } return true; }
if (!isset($_POST['resources']['default'])) { $_POST['resources']['default'] = false; } else { $resources = User::acl()->resources(); foreach ($resources as $resource => $label) { if (isset($_POST['resources'][$resource])) { unset($resources[$resource]); } else { $resources[$resource] = false; } } $resources['default'] = true; $_POST['resources'] = $resources; } // save the file $acl = User::acl(); unset($acl->rules[$_GET['role']]); unset($acl->rules[$_POST['name']]); $acl->add_role($_POST['name'], $_POST['resources']['default']); foreach ($_POST['resources'] as $resource => $allow) { if ($allow) { $acl->allow($_POST['name'], $resource); } else { $acl->deny($_POST['name'], $resource); } } if (!Ini::write($acl->rules, conf('Paths', 'access_control_list'))) { $form->controller->add_notification(__('Unable to save the file.')); return false; } $form->controller->add_notification(__('Role saved.'));
/** * Get or set the Acl object. */ public static function acl($acl = null) { if ($acl !== null) { self::$acl = $acl; } if (self::$acl === null) { self::$acl = new Acl(conf('Paths', 'access_control_list')); } return self::$acl; }
<?php /** * List all user roles. */ $page->layout = 'admin'; $this->require_acl('admin', 'user', 'user/roles'); $page->title = __('Roles'); echo $tpl->render('user/roles', array('roles' => array_keys(User::acl()->rules)));
/** * Loads the access control list for the `access()` method. */ private static function load_acl() { if (self::$acl === false) { $appconf = parse_ini_file('apps/user/conf/config.php', true); self::$acl = $appconf['Access']; // make the default access levels translatable i18n_get('Public'); i18n_get('Member'); i18n_get('Private'); } }
<?php /* * Deletes a role. */ $this->require_acl('admin', 'user', 'user/roles'); $page->layout = 'admin'; if (!isset($_POST['role'])) { $this->redirect('/user/roles'); } $rules = User::acl()->rules; unset($rules[$_POST['role']]); if (!Ini::write($rules, conf('Paths', 'access_control_list'))) { $this->add_notification(__('Unable to save the file.')); } else { $this->add_notification(__('Role deleted.')); } $this->redirect('/user/roles');
<?php /** * This is the settings form for the user app. */ $this->require_admin(); require_once 'apps/admin/lib/Functions.php'; $page->layout = 'admin'; $page->title = __('Member Settings'); $form = new Form('post', $this); $appconf['User']['login_methods'] = is_array($appconf['User']['login_methods']) ? $appconf['User']['login_methods'] : array(); $form->data = array('facebook_app_id' => $appconf['Facebook']['application_id'], 'facebook_app_secret' => $appconf['Facebook']['application_secret'], 'twitter_id' => $appconf['Twitter']['twitter_id'], 'twitter_key' => $appconf['Twitter']['consumer_key'], 'twitter_secret' => $appconf['Twitter']['consumer_secret'], 'twitter_access_token' => $appconf['Twitter']['access_token'], 'twitter_access_token_secret' => $appconf['Twitter']['access_token_secret'], 'login_openid' => in_array('openid', $appconf['User']['login_methods']), 'login_google' => in_array('google', $appconf['User']['login_methods']), 'login_facebook' => in_array('facebook', $appconf['User']['login_methods']), 'login_twitter' => in_array('twitter', $appconf['User']['login_methods']), 'login_persona' => in_array('persona', $appconf['User']['login_methods']), 'default_role' => $appconf['User']['default_role'], 'roles' => array_keys(User::acl()->rules)); echo $form->handle(function ($form) { $login_methods = array(); if ($_POST['login_openid'] === 'yes') { $login_methods[] = 'openid'; } if ($_POST['login_google'] === 'yes') { $login_methods[] = 'google'; } if ($_POST['login_facebook'] === 'yes') { $login_methods[] = 'facebook'; } if ($_POST['login_twitter'] === 'yes') { $login_methods[] = 'twitter'; } if ($_POST['login_persona'] === 'yes') { $login_methods[] = 'persona'; } if (count($login_methods) === 0) { $login_methods = false;