public function isAuthorized($user)
{
if (in_array(strtolower($this->action), array('add', 'edit', 'delete', 'index', 'adminlinks'))) {
return AuthComponent::User('role') == '3' ? true : false;
}
return true;
}
function beforeFilter()
{
$hasAdmin = $this->User->hasAdminUser();
$this->set('has_admin', $hasAdmin);
// RSS Authentication by user model
if ($this->RequestHandler->isRss()) {
$this->Auth->allow('index');
$this->Security->loginOptions = array('type' => 'basic', 'login' => 'authenticate', 'realm' => 'My_RSS_Feeds');
$this->Security->loginUsers = array();
$this->Security->requireLogin('*');
}
// UsersControllerの認証除外設定
if (get_class($this) == "UsersController") {
if (!$hasAdmin) {
$this->Auth->allow(array('add'));
}
$this->Auth->allow(array('reset_password', 'reset_password_mail'));
}
if (isset($this->Auth)) {
//コントローラー側でさらに詳細を判別
$this->Auth->authorize = 'controller';
//ログインできるユーザの条件をデータベースのフィールドの値で指定
$this->Auth->userScope = array("User.disabled" => 0);
//ログイン処理を行うactionを指定(/users/loginがデフォルト)。
$this->Auth->loginAction = "/users/login";
//ログインが失敗した際のエラーメッセージ
$this->Auth->loginError = __("Invalid username or password", true);
//権限が無いactionを実行した際のエラーメッセージ
$this->Auth->authError = __('You have no privileges', true);
//ログイン後にリダイレクトするURL
$this->Auth->loginRedirect = "/users/index";
//ユーザIDとパスワードがあるmodelを指定(’User’がデフォルト)
$this->Auth->userModel = "User";
//ユーザIDとパスワードのフィールドを指定(username、password がデフォルト)
$this->Auth->fields = array("username" => "loginname", "password" => "password");
//自動リダイレクトしない
$this->Auth->autoRedirect = false;
// ログインユーザ情報をviewに受け渡し
$login_user = $this->Auth->User();
$this->set('login_user', $login_user['User']);
}
$project = $this->Project->getProjectInfo();
$this->set('project_info', $project["Project"]);
$sprint = $this->Sprint->getActiveSprintList();
$this->set('sprint_info', $sprint);
}
protected function _getCurrentUserId()
{
if (isset($this->Auth)) {
$user_id = $this->Auth->User("id");
} else {
$user_id = AuthComponent::User("id");
}
return $user_id;
}
public function isSubscribed($subscribedUsers)
{
foreach ($subscribedUsers as $user) {
if ($user['User']['id'] == AuthComponent::User('id')) {
return $user['Notification']['token'];
}
}
return null;
}
public function isAuthorized($user)
{
parent::isAuthorized($user);
if ($this->request->action === 'add') {
return $this->Thread->SubForum->canPostHere($this->request->params['id']);
}
if ($this->request->action === 'sticky' || $this->request->action === 'lock' || $this->request->action === 'setHome') {
return AuthComponent::User('role') == '3';
}
if ($this->request->action === 'edit') {
$articleId = $this->request->params['id'];
return $this->Thread->isOwnedBy($articleId);
}
return true;
}
public function displayTopics($sub_forum_id = null, $slug = null)
{
$this->SubForum->id = $sub_forum_id;
if (!$this->SubForum->exists()) {
throw new NotFoundException('Sub forum not found');
}
$this->paginate = array('conditions' => array('Thread.sub_forum_id' => $sub_forum_id, 'Thread.thread_id' => '0'), 'order' => array('Thread.sticky' => 'DESC', 'Thread.latest_reply_thread_id' => 'DESC'), 'limit' => 15);
$this->SubForum->recursive = -1;
$subForum = $this->SubForum->read();
$this->set('subForum', $subForum);
$this->set('title_for_layout', 'Forums • ' . $subForum['SubForum']['name']);
$this->set('subForumName', $subForum['SubForum']['name']);
$this->set('threads', $this->paginate('SubForum.Thread'));
if (AuthComponent::User('role') == '3') {
$this->render('admin_display_topics');
}
}
public function canPostHere($id = null)
{
$subForumRole = $this->field('role', array('id' => $id));
return AuthComponent::User('role') >= $subForumRole;
}
public function editThread($data = null, $threadId = null)
{
$this->set($data);
$this->set('lasteditor', AuthComponent::User('id'));
if ($this->save($this->data)) {
if ($data[$this->alias]['notification']) {
$this->Notification->deleteAll(array('thread_id' => $this->id, 'user_id' => AuthComponent::User('id')));
$this->Notification->addNotification($threadId);
} else {
$this->Notification->deleteAll(array('thread_id' => $this->id, 'user_id' => AuthComponent::User('id')));
}
return true;
}
return false;
}
public function isAuthorized($user)
{
return AuthComponent::User('role') >= '1' ? true : false;
}
public function isOwnedBy($messageId)
{
return $this->field('id', array('id' => $messageId, 'user_id' => AuthComponent::User('id'))) == $messageId;
}
