public function testhasAccess()
{
$this->assertFalse(ACLAction::hasAccess());
//check with defaults
$this->assertTrue(ACLAction::hasAccess(false, false, 90));
//access All with is owner false
$this->assertTrue(ACLAction::hasAccess(true, true, 90));
//access All with is owner true
$this->assertFalse(ACLAction::hasAccess(false, false, -98));
// check access disabled
$this->assertFalse(ACLAction::hasAccess(true, true, 89));
//check access enabled
$this->assertTrue(ACLAction::hasAccess(true, true, 75));
//check owner access with is owner true
$this->assertFalse(ACLAction::hasAccess(false, true, 75));
//check owner access with is owner false
}
/**
public static function userHasAccess($user_id, $category, $action,$type='module', $is_owner = false){
*/
public static function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false, $in_group = false)
{
global $current_user;
if ($current_user->isAdminForModule($category) && !isset($_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'])) {
return true;
}
//check if we don't have it set in the cache if not lets reload the cache
if (ACLAction::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) {
return false;
}
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
ACLAction::getUserActions($user_id, false);
}
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
/**
return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']);
*/
return ACLAction::hasAccess($is_owner, $in_group, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']);
}
return false;
}
/**
* static function userHasAccess($user_id, $category, $action, $is_owner = false)
*
* @param GUID $user_id the user id who you want to check access for
* @param STRING $category the category you would like to check access for
* @param STRING $action the action of that category you would like to check access for
* @param BOOLEAN OPTIONAL $is_owner if the object is owned by the user you are checking access for
*/
function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false)
{
//check if we don't have it set in the cache if not lets reload the cache
if (ACLAction::getUserAccessLevel($user_id, $category, 'access') < ACL_ALLOW_ENABLED) {
return false;
}
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
ACLAction::getUserActions($user_id, false);
}
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']);
}
return false;
}
/**
* Get user access for the list of actions
* @param string $module
* @param array $access_list List of actions
* @returns array - List of access levels. Access levels not returned are assumed to be "all allowed".
*/
public function getUserAccess($module, $access_list, $context)
{
$user = $this->getCurrentUser($context);
if (empty($user) || empty($user->id) || is_admin($user)) {
// no user or admin - do nothing
return $access_list;
}
$is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false);
if (isset(self::$non_module_acls[$module])) {
$level = self::$non_module_acls[$module];
} else {
$level = 'module';
}
$actions = ACLAction::getUserActions($user->id, false, $module, $level);
if (empty($actions)) {
return $access_list;
}
// default implementation, specific ACLs can override
$access = $access_list;
// check 'access' first - if it's false all others will be false
if (isset($access_list['access'])) {
if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) {
foreach ($access_list as $action => $value) {
$access[$action] = false;
}
return $access;
}
// no need to check it second time
unset($access_list['access']);
}
foreach ($access_list as $action => $value) {
// may have the bean, so we need to use checkAccess
if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) {
$access[$action] = false;
}
}
return $access;
}
/**
* static function userHasAccess($user_id, $category, $action, $is_owner = false)
*
* @param GUID $user_id the user id who you want to check access for
* @param STRING $category the category you would like to check access for
* @param STRING $action the action of that category you would like to check access for
* @param BOOLEAN OPTIONAL $is_owner if the object is owned by the user you are checking access for
*/
public static function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false)
{
global $current_user;
//check if we don't have it set in the cache if not lets reload the cache
if (ACLAction::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) {
return false;
}
if (empty(self::$acls[$user_id][$category][$type][$action])) {
ACLAction::getUserActions($user_id, false);
}
if (!empty(self::$acls[$user_id][$category][$type][$action])) {
if ($action == 'access' && self::$acls[$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_ENABLED) {
return true;
}
return ACLAction::hasAccess($is_owner, self::$acls[$user_id][$category][$type][$action]['aclaccess']);
}
return false;
}
