/** * Create a backend confirmation link. * * @param string $title The link title. * @param array|string $url The url to link to. * @param array $options Options passed to the html link helper method. * @param bool $displayLinkTextIfUnauthorized Whether to display the link title if the user is * not authorized to access the link. * @return string */ public function protectedConfirmationLink($title, $url, $options, $displayLinkTextIfUnauthorized = false) { if (!isset($options['confirm-message'])) { user_error('\'confirm-message\' option is not set on protectedConfirmationLink.'); $options['confirm-message'] = ''; } if (!isset($options['confirm-title'])) { user_error('\'confirm-title\' option is not set on protectedConfirmationLink.'); $options['confirm-title'] = ''; } $url = $this->_getUrl($url); if (!guardian()->hasAccess($url)) { if ($displayLinkTextIfUnauthorized) { return $title; } return ''; } $linkOptions = ['data-modal-header' => $options['confirm-title'], 'data-modal-body' => '<p>' . $options['confirm-message'] . '</p>', 'data-method' => 'post', 'data-toggle' => 'confirm']; unset($options['confirm-title'], $options['confirm-message']); if (isset($options['ajax']) && $options['ajax'] === true) { $linkOptions['data-modal-ajax'] = 1; unset($options['ajax']); if (isset($options['notify'])) { $linkOptions['data-modal-notify'] = $options['notify']; unset($options['notify']); } if (isset($options['event'])) { $linkOptions['data-modal-event'] = $options['event']; unset($options['event']); } } if (isset($options['void']) && $options['void'] === true) { $linkOptions['data-modal-action'] = Router::url($url); $url = 'javascript:void(0)'; } $linkOptions = Hash::merge($linkOptions, $options); return $this->link($title, $url, $linkOptions); }
/** * Create a new GroupPermission entity for the provided $groupId, $path and $allowed setting. * * @param int $groupId The group id * @param string $path The plugin controller action path. * @param bool|int $allowed The access level. * @return GroupPermission */ public function newEntityFor($groupId, $path, $allowed) { if (empty($this->_actionMap)) { $this->_actionMap = guardian()->getActionMap(); } return $this->newEntity(['group_id' => $groupId, 'path' => $path, 'allowed' => $allowed, 'plugin' => $this->_actionMap[$path]['plugin'], 'controller' => $this->_actionMap[$path]['controller'], 'action' => $this->_actionMap[$path]['action']]); }
/** * Returns the access level of the user for the given plugin controller action path. * * @param array $url The url to get the access level for. * @return int|bool */ public function getAccessLevel($url = null) { if ($url === null) { $url = Wasabi::getCurrentUrlArray(); } $path = guardian()->getPathFromUrl($url); if (!array_key_exists($path, $this->permissions)) { return 0; } return $this->permissions[$path]; }
<?php $base_url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . '/'; $_SERVER['REQUEST_METHOD'] != 'POST' && header("Location: {$base_url}") && exit; $image = make_poster('../template/1.png', upload_guardian(), guardian()); $path = 'posters/' . md5(uniqid(mt_rand(), true)) . '.png'; !($fh = fopen($path, 'w')) && die('>.^'); fwrite($fh, $image) === FALSE && die('>.^'); fclose($fh); /* response by accpeted type */ if (strstr($_SERVER['HTTP_ACCEPT'], 'json') || strstr($_SERVER['HTTP_ACCEPT'], 'javascript')) { echo json_encode(array('path' => $path)); } else { echo <<<SUCCESS <html> <head> \t<script type="text/javascript"> \t\twindow.top.window.submit_ok('{$path}') \t</script> </head> <body> \t<img src="{$path}" alt="The Poster." title="Right-click to save." /> </body> </html> SUCCESS; } /* end */ function upload_guardian() { $path = 'images/unknown.png'; $file = $_FILES['picture'];