/** * (non-PHPdoc) * @see \oat\generis\model\data\PermissionInterface::getPermissions() */ public function getPermissions(User $user, array $resourceIds) { if (in_array(INSTANCE_ROLE_SYSADMIN, $user->getRoles())) { $permissions = array(); foreach ($resourceIds as $id) { $permissions[$id] = $this->getSupportedRights(); } return $permissions; } $dbAccess = new DataBaseAccess(); $userIds = $user->getRoles(); $userIds[] = $user->getIdentifier(); return $dbAccess->getPermissions($userIds, $resourceIds); }
/** * (non-PHPdoc) * @see \oat\tao\model\accessControl\func\FuncAccessControl::accessPossible() */ public function accessPossible(User $user, $controller, $action) { $isUser = false; foreach ($user->getRoles() as $role) { if ($role == INSTANCE_ROLE_BASEUSER) { $isUser = true; break; } } return $isUser || $this->inWhiteList($controller, $action); }
/** * (non-PHPdoc) * @see \oat\tao\model\accessControl\func\FuncAccessControl::accessPossible() */ public function accessPossible(User $user, $controller, $action) { $userRoles = $user->getRoles(); try { $controllerAccess = funcAcl_helpers_Cache::getControllerAccess($controller); $allowedRoles = isset($controllerAccess['actions'][$action]) ? array_merge($controllerAccess['module'], $controllerAccess['actions'][$action]) : $controllerAccess['module']; $accessAllowed = count(array_intersect($userRoles, $allowedRoles)) > 0; if (!$accessAllowed) { common_Logger::i('Access denied to ' . $controller . '@' . $action . ' for user \'' . $user->getIdentifier() . '\''); } } catch (ReflectionException $e) { common_Logger::i('Unknown controller ' . $controller); $accessAllowed = false; } return (bool) $accessAllowed; }