public function isAuthorized($user) { AuthState::setAuth($this->Auth, $this->hasAuthUser()); $auths = $this->Crud->action()->config('auth') ?: ['super']; foreach ($auths as $role) { if (AuthState::hasRole($role)) { return true; } } return false; }
public function ruleRoleChange($entity, $options) { if (!$entity->dirty('role') || AuthState::hasRole('super')) { return true; } $msg = true; // don't demote someone who is above your auth level if (!AuthState::hasRole($entity->getOriginal('role'))) { $msg = "Cannot demote user that has more permissions than you."; } // don't promote someone to above your auth level if (!AuthState::hasRole($entity->get('role'))) { $msg = "Cannot promote user to more permissions than you have."; } if ($msg !== true) { $entity->errors('role', $msg); return false; } return true; }
public function __construct($properties = [], $options = []) { parent::__construct($properties, $options); if ($this->isNew()) { $this->set($this->_defaults, ['guard' => false]); } foreach ($this->_editAuth as $p => $access) { if (is_bool($access)) { $this->accessible($p, $access); continue; } if (!is_array($access)) { $access = [$access]; } $this->accessible($p, false); foreach ($access as $auth) { if (AuthState::hasRole($auth)) { $this->accessible($p, true); break; } } } foreach ($this->_showAuth as $p => $access) { if (!is_array($access)) { $access = [$access]; } $show = false; foreach ($access as $auth) { if (AuthState::hasRole($auth)) { $show = true; break; } } if (!$show) { $this->_hidden[] = $p; } } }