function checkAccess($category, $action, $is_owner = false, $type = 'module')
{
global $current_user;
if (is_admin($current_user)) {
return true;
}
//calendar is a special case since it has 3 modules in it (calls, meetings, tasks)
if ($category == 'Calendar') {
return ACLAction::userHasAccess($current_user->id, 'Calls', $action, $type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action, 'module', $is_owner);
}
if ($category == 'Activities') {
return ACLAction::userHasAccess($current_user->id, 'Calls', $action, $type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Emails', $action, 'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Notes', $action, 'module', $is_owner);
}
return ACLAction::userHasAccess($current_user->id, $category, $action, $type, $is_owner);
}
public function testuserHasAccess()
{
$this->assertFalse(ACLAction::userHasAccess('', '', ''));
//test with empty module and action
$this->assertTrue(ACLAction::userHasAccess('', 'Accounts', 'list'));
//test with e,pty user and valid module and action
$this->assertTrue(ACLAction::userHasAccess('1', 'Accounts', 'list'));
//test with valid User, module and action
$this->assertTrue(ACLAction::userHasAccess('1', 'SecurityGroups', 'list'));
//test with valid User, module and action
$this->assertTrue(ACLAction::userHasAccess('1', 'Users', 'list'));
//test with valid User, module and action
}
/**
* Get user access for the list of actions
* @param string $module
* @param array $access_list List of actions
* @returns array - List of access levels. Access levels not returned are assumed to be "all allowed".
*/
public function getUserAccess($module, $access_list, $context)
{
$user = $this->getCurrentUser($context);
if (empty($user) || empty($user->id) || is_admin($user)) {
// no user or admin - do nothing
return $access_list;
}
$is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false);
if (isset(self::$non_module_acls[$module])) {
$level = self::$non_module_acls[$module];
} else {
$level = 'module';
}
$actions = ACLAction::getUserActions($user->id, false, $module, $level);
if (empty($actions)) {
return $access_list;
}
// default implementation, specific ACLs can override
$access = $access_list;
// check 'access' first - if it's false all others will be false
if (isset($access_list['access'])) {
if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) {
foreach ($access_list as $action => $value) {
$access[$action] = false;
}
return $access;
}
// no need to check it second time
unset($access_list['access']);
}
foreach ($access_list as $action => $value) {
// may have the bean, so we need to use checkAccess
if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) {
$access[$action] = false;
}
}
return $access;
}
