public function testhasAccess() { $this->assertFalse(ACLAction::hasAccess()); //check with defaults $this->assertTrue(ACLAction::hasAccess(false, false, 90)); //access All with is owner false $this->assertTrue(ACLAction::hasAccess(true, true, 90)); //access All with is owner true $this->assertFalse(ACLAction::hasAccess(false, false, -98)); // check access disabled $this->assertFalse(ACLAction::hasAccess(true, true, 89)); //check access enabled $this->assertTrue(ACLAction::hasAccess(true, true, 75)); //check owner access with is owner true $this->assertFalse(ACLAction::hasAccess(false, true, 75)); //check owner access with is owner false }
/** public static function userHasAccess($user_id, $category, $action,$type='module', $is_owner = false){ */ public static function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false, $in_group = false) { global $current_user; if ($current_user->isAdminForModule($category) && !isset($_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'])) { return true; } //check if we don't have it set in the cache if not lets reload the cache if (ACLAction::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) { return false; } if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { ACLAction::getUserActions($user_id, false); } if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { /** return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']); */ return ACLAction::hasAccess($is_owner, $in_group, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']); } return false; }
/** * static function userHasAccess($user_id, $category, $action, $is_owner = false) * * @param GUID $user_id the user id who you want to check access for * @param STRING $category the category you would like to check access for * @param STRING $action the action of that category you would like to check access for * @param BOOLEAN OPTIONAL $is_owner if the object is owned by the user you are checking access for */ function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false) { //check if we don't have it set in the cache if not lets reload the cache if (ACLAction::getUserAccessLevel($user_id, $category, 'access') < ACL_ALLOW_ENABLED) { return false; } if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { ACLAction::getUserActions($user_id, false); } if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']); } return false; }
/** * Get user access for the list of actions * @param string $module * @param array $access_list List of actions * @returns array - List of access levels. Access levels not returned are assumed to be "all allowed". */ public function getUserAccess($module, $access_list, $context) { $user = $this->getCurrentUser($context); if (empty($user) || empty($user->id) || is_admin($user)) { // no user or admin - do nothing return $access_list; } $is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false); if (isset(self::$non_module_acls[$module])) { $level = self::$non_module_acls[$module]; } else { $level = 'module'; } $actions = ACLAction::getUserActions($user->id, false, $module, $level); if (empty($actions)) { return $access_list; } // default implementation, specific ACLs can override $access = $access_list; // check 'access' first - if it's false all others will be false if (isset($access_list['access'])) { if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) { foreach ($access_list as $action => $value) { $access[$action] = false; } return $access; } // no need to check it second time unset($access_list['access']); } foreach ($access_list as $action => $value) { // may have the bean, so we need to use checkAccess if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) { $access[$action] = false; } } return $access; }
/** * static function userHasAccess($user_id, $category, $action, $is_owner = false) * * @param GUID $user_id the user id who you want to check access for * @param STRING $category the category you would like to check access for * @param STRING $action the action of that category you would like to check access for * @param BOOLEAN OPTIONAL $is_owner if the object is owned by the user you are checking access for */ public static function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false) { global $current_user; //check if we don't have it set in the cache if not lets reload the cache if (ACLAction::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) { return false; } if (empty(self::$acls[$user_id][$category][$type][$action])) { ACLAction::getUserActions($user_id, false); } if (!empty(self::$acls[$user_id][$category][$type][$action])) { if ($action == 'access' && self::$acls[$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_ENABLED) { return true; } return ACLAction::hasAccess($is_owner, self::$acls[$user_id][$category][$type][$action]['aclaccess']); } return false; }