/**
* Determines if a given reason user has a given privilege
*
* Note: This function is *fast*. There's no need to carefully store and pass around its results -- just call it again.
*
* Privileges:
* - add
* - The privilege to create new (pending) entities.
* - edit_pending
* - The privilege to edit pending entities
* - delete_pending
* - The privilege to delete pending entities (e.g. mark them as "deleted")
* - edit
* - The privilege to edit live entities
* - delete
* - The privilege to delete live entities (e.g. mark them as "deleted")
* - publish
* - The privilege to publish entities (e.g. change their state from pending to live)
* - borrow
* - The privilege to borrow entities from other sites
* - expunge
* - The privilege to expunge deleted entities from the Reason database (That, is remove them forever)
* - duplicate
* - The privilege to duplicate entities (By default, limited to admins as of 3/08, as this is a experimental feature of Reason)
* - edit_html
* - The privilege to switch between WYSIWYG view and HTML view in the HTML editor
* - switch_theme
* - The privilege to change the site's theme (if the site's theme is not locked by an administrator)
* - pose_as_other_user
* - The privilege to interact with the Reason edministrative interface as if they were someone else. NOTE: This is a *very* powerful privilege, as it amounts to superuser rights!
* - assign_any_page_type
* - The privilege to choose from all Reason page types, rather than a select few
* - edit_head_items
* - The privilege to insert arbitrary HTML into the page head (css, scripts, meta tags, etc.)
* - edit_unique_names
* - The privilege to give Reason entities unique names. This is necessary for creating sites and types.
* edit_fragile_slugs
* - The privilege to modify a slug that may cause broken links if changed (e.g. publication feed URL slugs)
* edit_home_page_nav_link
* - The privilege to insert a custom link to site home pages in the navigation (instead of the standard "Sitename Home")
* - edit_form_advanced_options
* - The privilege to edit advanced options in the thor form content manager
* - manage_allowable_relationships
* - The privilege to modify, create, and delete the set of relationships can be made between Reason entities. NOTE: This is very powerful, and should only be given to highly trustworthy individuals
* - view_sensitive_data
* - The privilege to view any data in Reason (like a fulltext search of the entire Reason db)
* - manage_integration_settings
* - The privilege to modify or override foreign keys and other values in Reason that pertain to integration with external data sources
* - edit_raw_ldap_filters
* - The privilege to write full LDAP filters/queries (e.g. in the construction of dynamic groups)
* - upload_full_size_image
* - The privilege to keep images from being resized upon upload, thereby retaining their original dimensions
* - upgrade
* - The privilege to run Reason's upgrade scripts
* - db_maintenance
* - The privilege to run standard database cleanup and sanity-checking scripts
* - update_urls
* - The privilege to run Reason's .htaccess regeneration script
* - bypass_locks
* - The privilege edit any locked field or relationship
* - manage_locks
* - The privilege edit any locked field or relationship
* - customize_all_themes
* - The privilege to customize any site's theme
*
* @param integer $user_id The Reason entity id of the user
* @param string $privilege
* @return boolean true if the user has the privilege, false if not
*/
function reason_user_has_privs($user_id, $privilege)
{
$user_id = (int) $user_id;
if (empty($user_id)) {
return false;
}
static $privs_cache = array();
if (empty($cache[$user_id])) {
$roles = reason_user_roles($user_id);
} elseif (isset($privs_cache[$user_id][$privilege])) {
return $privs_cache[$user_id][$privilege];
}
$privs = reason_get_privs_table();
foreach ($roles as $role) {
if (isset($privs[$role]) && in_array($privilege, $privs[$role])) {
$privs_cache[$user_id][$privilege] = true;
return true;
}
}
$privs_cache[$user_id][$privilege] = false;
return false;
}
/**
* Can a given user edit at least one field or relationship
* of this entity?
*
* @param mixed $user user entity or null for currently logged-in user
* @param string $fields_or_rels limit question to just fields or just relationships -- 'all', 'fields', or 'relationships'
* @return boolean
*/
public function user_can_edit($user = null, $fields_or_rels = 'all')
{
static $cache = array('all' => array(), 'fields' => array(), 'relationships' => array());
if (!isset($cache[$fields_or_rels])) {
trigger_error('2nd parameter of user_can_edit must be one of: "' . implode('", "', array_keys($cache)) . '". Given "' . $fields_or_rels . '"; setting to "all".');
$fields_or_rels = 'all';
}
if (null === $user) {
$user = $this->_get_current_user();
}
if (empty($user)) {
return false;
}
if (isset($cache[$fields_or_rels][$this->_entity->id()][$user->id()])) {
return $cache[$fields_or_rels][$this->_entity->id()][$user->id()];
}
if (!isset($cache[$fields_or_rels][$this->_entity->id()])) {
$cache[$fields_or_rels][$this->_entity->id()] = array();
}
if ($this->_one_of_roles_could_edit(reason_user_roles($user->id()), $fields_or_rels)) {
$owner = $this->_entity->get_owner();
if (user_can_edit_site($user->id(), $owner->id())) {
return $cache[$fields_or_rels][$this->_entity->id()][$user->id()] = true;
}
}
return $cache[$fields_or_rels][$this->_entity->id()][$user->id()] = false;
}
