function access_can_view_page($page = '', $user = '') { global $access_user, $is_admin, $login, $page_lookup, $page_lookup_ex, $PHP_SELF; if (!access_is_enabled()) { return true; } if (empty($user) && !empty($login)) { $user = $login; } assert('! empty ( $user )'); if (empty($page) && !empty($PHP_SELF)) { $page = $PHP_SELF; } assert('! empty ( $page )'); $page = basename($page); // Handle special cases for publish.php and freebusy.php. if (substr($page, -3) == 'ics') { $page = 'publish.php'; } if (substr($page, -3) == 'ifb') { $page = 'freebusy.php'; } // First, check list of exceptions to our rules. if (!empty($page_lookup_ex[$page])) { return true; } for ($i = 0; $i <= ACCESS_NUMBER_FUNCTIONS; $i++) { if (!empty($page_lookup[$i]) && preg_match("/{$page_lookup[$i]}/", $page)) { $page_id = $i; } } //echo "page_id = $page_id<br />page = $page<br />\n"; // If the specified user is the currently logged in user, then we have already // loaded this user's access, stored in the global variable $access_user. $access = !empty($login) && $user == $login && !empty($access_user) ? $access_user : access_load_user_functions($user); assert('! empty ( $access )'); // If we did not find a page id, then this is also a WebCalendar bug. // (Someone needs to add another entry in the $page_lookup[] array.) $yesno = substr($access, $page_id, 1); // No setting found. Use default values. if (empty($yesno)) { $yesno = get_default_function_access($page_id, $user); } //echo "yesno = $yesno<br />\n"; assert('! empty ( $yesno )'); return $yesno == 'Y'; }
<option value="__default__"' . ($guser == '__default__' ? $selected : '') . '>' . $defConfigStr . '</option>'; for ($i = 0, $cnt = count($userlist); $i < $cnt; $i++) { echo ' <option value="' . $userlist[$i]['cal_login'] . '"' . ($guser == $userlist[$i]['cal_login'] ? $selected : '') . '>' . $userlist[$i]['cal_fullname'] . '</option>'; } for ($i = 0, $cnt = count($nonuserlist); $i < $cnt; $i++) { echo ' <option value="' . $nonuserlist[$i]['cal_login'] . '"' . ($guser == $nonuserlist[$i]['cal_login'] ? $selected : '') . '>' . $nonuserlist[$i]['cal_fullname'] . ' ' . ($nonuserlist[$i]['cal_is_public'] == 'Y' ? '*' : '') . '</option>'; } echo $goStr; } //end admin $guser != default test if (!empty($guser) || !$is_admin) { if ($is_admin) { // Present a page to allow editing a user's rights. $access = access_load_user_functions($guser); $div = ceil(ACCESS_NUMBER_FUNCTIONS / 4); // We can reorder the display of user rights here. $order = array(1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 27, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27); // Make sure that we have defined all the types of // access defined in access.php assert(count($order) == ACCESS_NUMBER_FUNCTIONS + 1); echo ' <div class="boxall" style="margin-top: 5px; padding: 5px;"> <form action="access.php" method="post" name="accessform"> <input type="hidden" name="auser" value="' . $guser . '" /> <input type="hidden" name="guser" value="' . $guser . '" /> <table border="0" cellspacing="10"> <tbody> <tr> <td valign="top">';