function checkPermissions() { // first, make sure user is logged in $username = reason_check_authentication(); if (!$username) { $this->error("this page requires authentication"); } else { // next, figure out the form id $matches = array(); $res = preg_match("/form_(\\d*)/", $this->table, $matches); if (count($matches) != 2) { $this->error("invalid table name"); } else { $formId = $matches[1]; // now that we've got the form id, find out what site it belongs to $form = new entity($formId); $site = $form->get_owner(); // and finally, make sure the logged in user has access to the site, and is an admin $hasSiteAccess = reason_username_has_access_to_site($username, $site->id()); // $isAdmin = user_is_a(get_user_id($username), id_of("admin_role")); // return $hasSiteAccess && $isAdmin; return $hasSiteAccess; } } return false; }
/** * Combines reason_check_authentication with reason_username_has_access_to_site * * Checks if current user has admin access to given site * * @param integer $site_id * @param boolean $force_refresh * @return boolean */ function reason_check_access_to_site($site_id, $force_refresh = false) { $netid = reason_check_authentication(); return reason_username_has_access_to_site($netid, $site_id, $force_refresh); }
/** * If the admin form provides an authenticate method, that method is used. Otherwise, admin access * privileges are determined by checking (in order) if any of the following are true: * * 1. The person has access to administer the site (and has editing privileges) * 2. The person is in the group that can see all the form results * 3. The person is in the list of usernames that receive form submissions * * @return boolean */ function user_has_administrative_access() { if (!isset($this->_user_has_administrative_access)) { $netid = $this->get_user_netid(); $user_id = ($netid) ? get_user_id($netid) : false; if ( ($user_id) && reason_username_has_access_to_site($netid, $this->get_site_id()) && reason_user_has_privs($user_id, 'edit')) $access = true; else $access = false; $this->_user_has_administrative_access = $access; } return $this->_user_has_administrative_access; }
function _user_has_site_editing_access() { $netid = $this->get_user_netid(); $user_id = ($netid) ? get_user_id($netid) : false; return ( ($user_id) && reason_username_has_access_to_site($netid, $this->get_site_id()) && reason_user_has_privs($user_id, 'edit')); }
/** * Sends the uploader an email regarding the status of the media work's transcoding if they * wanted an email notification. * ** REASON_HOST must be set for the generated link to the media work to be correct. * * @param $media_work entity * @param $data object * @param $status string */ function send_email($media_work, $status, $netid) { if ($media_work->get_value('email_notification')) { $user = new entity(get_user_id($netid)); $dir = new directory_service(); $dir->search_by_attribute('ds_username', $netid, array('ds_email', 'ds_fullname', 'ds_phone')); $to = $dir->get_first_value('ds_email'); $owner = $media_work->get_owner(); $params = array('site_id' => $owner->id(), 'type_id' => id_of('av'), 'id' => $media_work->id(), 'cur_module' => 'Editor'); $query_string = carl_make_query_string($params); $link = html_entity_decode('https://' . REASON_HOST . '/reason/index.php' . $query_string); if ($status == 'success') { $subject = '[Reason] Media processing complete: ' . html_entity_decode(strip_tags($media_work->get_value('name'))); $message = 'Media Work Processed' . "\n\n"; $message .= 'Name:' . "\n" . html_entity_decode(strip_tags($media_work->get_value('name'))) . "\n\n"; $message .= 'Site:' . "\n" . html_entity_decode(strip_tags($owner->get_value('name'))) . "\n\n"; if (reason_username_has_access_to_site($netid, $owner->id())) { $message .= 'View it at this url: ' . $link . "\n\n"; } $message .= 'Uploaded by:' . "\n" . $user->get_value('name') . "\n\n"; } else { $subject = '[Reason] Media error: ' . html_entity_decode(strip_tags($media_work->get_value('name'))); $message = 'Media Work Error During Processing' . "\n\n"; $message .= 'Name:' . "\n" . html_entity_decode(strip_tags($media_work->get_value('name'))) . "\n\n"; $message .= 'Site:' . "\n" . html_entity_decode(strip_tags($owner->get_value('name'))) . "\n\n"; $message .= 'Uploaded by:' . "\n" . $user->get_value('name') . "\n\n"; if (reason_username_has_access_to_site($netid, $owner->id())) { $message .= 'View it at this url: ' . $link . "\n\n"; } $message .= 'If you continue to get this error after multiple attempts, please contact your Reason Administrator regarding this issue: ' . WEBMASTER_EMAIL_ADDRESS . "\n\n"; } mail($to, $subject, $message); } }