예제 #1
0
 /**
  * Check if a user has access to a group-owned resource
  * Uses current user session if no user object is supplied
  *
  * @param   object   $resource  Resource
  * @param   object   $user      User (optional)
  * @return  boolean  True if user has access to a group-owned resource
  */
 private function checkGroupAccess($resource, $user = null)
 {
     if (!$user) {
         $user = User::getRoot();
     }
     if (!$user->get('guest')) {
         // Check if they're a site admin
         $this->config->set('access-admin-component', $user->authorise('core.admin', null));
         $this->config->set('access-manage-component', $user->authorise('core.manage', null));
         if ($this->config->get('access-admin-component') || $this->config->get('access-manage-component')) {
             return false;
         }
         $xgroups = \Hubzero\User\Helper::getGroups($user->get('id'), 'all');
         // Get the groups the user has access to
         $usersgroups = self::getUsersGroups($xgroups);
     } else {
         $usersgroups = array();
     }
     // Get the list of groups that can access this resource
     $allowedgroups = $resource->getGroups();
     if ($resource->standalone != 1) {
         $helper = new Helper($resource->id, $this->database);
         $helper->getParents();
         $parents = $helper->parents;
         if (count($parents) == 1) {
             $p = new Resource($this->database);
             $p->load($parents[0]->id);
             $allowedgroups = $p->getGroups();
         }
     }
     $this->allowedgroups = $allowedgroups;
     // Find what groups the user has in common with the resource, if any
     $common = array_intersect($usersgroups, $allowedgroups);
     // Make sure they have the proper group access
     $restricted = false;
     if ($resource->access == 4 || $resource->access == 3) {
         // Are they logged in?
         if ($user->get('guest')) {
             // Not logged in
             $restricted = true;
         } else {
             // Logged in
             // Check if the user is apart of the group that owns the resource
             // or if they have any groups in common
             if (!in_array($resource->group_owner, $usersgroups) && count($common) < 1) {
                 $restricted = true;
             }
         }
     }
     if (!$resource->standalone) {
         if (!isset($p) && isset($parents) && count($parents) == 1) {
             $p = new Resource($this->database);
             $p->load($parents[0]->id);
         }
         if (isset($p) && ($p->access == 4 || $p->access == 3) && count($common) < 1) {
             $restricted = true;
         }
     }
     return $restricted;
 }