protected function saveAcls($acls, $role) { foreach ($acls as $acl) { $acl = explode("/", $acl); $dbAcl = new Acl(); $dbAcl->setIdRole($role); $dbAcl->setController($acl[0]); $dbAcl->setAction($acl[1]); $dbAcl->save(); } }
/** * Sets up permissions for the module * * @param \Acl $acl */ public static function addSongbookPrivileges($acl) { $acl->addRole('songbook - vstup'); $acl->addRole('songbook - vytváření/editace', 'songbook - vstup'); $acl->addRole('songbook - mazání', 'songbook - vytváření/editace'); $acl->addResource("Oddil:Songbook"); $acl->allow("base - člen", "Oddil:Songbook", "display"); $acl->allow("songbook - vstup", "Oddil:Songbook", "default"); $acl->allow("songbook - vytváření/editace", "Oddil:Songbook", ["add", "edit"]); $acl->allow("songbook - mazání", "Oddil:Songbook", "delete"); }
/** * listener version of redirect on fail acl validity check method * * @return void * @author Andy Bennett */ public static function fail() { // redirect if user doesn't have correct permissions if (!Acl::instance()->check(Event::$data['role'], Event::$data['name'], Event::$data['action'])) { throw new Kohana_403_Exception(Event::$data['name'], 'common/error_403'); } }
public static function user_streams($user = null, $course_id = null, $batch_id = null) { // first get the relevant user, if not the current user if ($user === null) { $user = Acl::instance()->relevant_user(); if (!$user) { $user = Auth::instance()->get_user(); } } $role = $user->role(); if ($course_id === null) { $courses = $user->courses->find_all()->as_array(null, 'id'); $courses[] = 0; } else { $courses = array($course_id); } if ($batch_id === null) { $batches = $user->batches->find_all()->as_array(null, 'id'); $batches[] = 0; } else { $batches = array($batch_id); } $streams = ORM::factory('feedstream')->where('user_id', ' IN', array($user->id, 0))->and_where('role_id', ' IN ', array($role->id, 0))->and_where('course_id', ' IN ', $courses)->and_where('batch_id', ' IN ', $batches)->find_all(); return $streams; }
private function auth($user, $pass) { $error = ''; $t = Variable::get('host_ban_time'); if ($t > 0) { $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error = 'Host banned.'; } } if ($error === '') { $ret = Base_User_LoginCommon::check_login($user, $pass); if (!$ret) { $error = 'Login failed.'; if ($t > 0) { DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t)); DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR'])); $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error .= ' Host banned.'; } } } else { $uid = Base_UserCommon::get_user_id($user); Acl::set_user($uid, true); } } return $error; }
public static function menu() { if (!Acl::is_user() || !Base_AclCommon::check_permission('Fax - Browse')) { return array(); } return array(_M('CRM') => array('__submenu__' => 1, _M('Fax') => array())); }
public function canAccessPage($id, $action) { $acl = Acl::getResourceData(Acl::RESOURCE_GROUP_PAGES, $id); if ($acl !== false) { return Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, $id, $action); } else { $finished = false; $ret = false; $next_id = $id; $safety_counter = 0; do { if ($next_id == Pages::ROOT_ID) { $ret = Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, Pages::ROOT_ID, $action); $finished = true; } else { $res = $this->pages->getProperties($next_id); if ($res !== false) { $acl = Acl::getResourceData(Acl::RESOURCE_GROUP_PAGES, $next_id); if ($acl !== false) { $ret = Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, $next_id, $action); $finished = true; } $next_id = $res['parent-id']; } else { $finished = true; } } $safety_counter++; } while (!$finished && $safety_counter < 50); return $ret; } }
/** * upload files */ protected function create($model, $form) { // check rights if (!Acl::instance()->allowed($this->_controller, 'create')) { throw HTTP_Exception::factory(403, 'Create not allowed on :controller', array(':controller' => $this->_controller)); } $hash = FALSE; Event::raise($this, Event::BEFORE_CREATE_FORM_PARSE, array('model' => NULL, 'form' => $form)); if ($form->valid()) { $hash = Upload::process('file', $this->_settings->get('path_temp'), $this->_settings->get('extensions'), $this->_settings->get('unzip')); } if ($hash !== FALSE) { return $hash; } else { if ($form->submitted()) { // set error in form $form->element('file', 0)->error('not_empty'); } // create viewer $viewer = Viewer::factory('Form', $form)->text(Text::instance()); // render form $view = View::factory($this->_settings->get('view.create'), array('viewer' => $viewer)); // event Event::raise($this, Event::BEFORE_CREATE_RENDER, array('model' => NULL, 'form' => $form, 'viewer' => $viewer, 'view' => $view)); // render $this->response->body($view->render()); return FALSE; } }
public static function modules() { $session = UserSession::get(); if ($session) { $user = $session->user(); if (!Acl::isAllowed($user->username, 'admin')) { return null; } } else { return null; } CoOrg::loadPluginInfo('admin'); $modules = array(); foreach (self::$_modules as $m) { if ($m->isAllowed($user)) { $modules[] = $m; } } usort($modules, array('Admin', 'cmpModule')); return $modules; }
/** * @return Acl */ public static function instance() { if (self::$_instance === null) { self::$_instance = new Acl(); } return self::$_instance; }
public static function get_options() { static $user; if (isset(self::$options) && $user == Acl::get_user()) { return self::$options; } $user = Acl::get_user(); self::$options = array(); $modules_menu = array(); $menus = Base_MenuCommon::get_menus(); //ksort($menus); foreach ($menus as $name => $ret) { if ($name == 'Base_Admin') { continue; } if ($name == Base_Menu_QuickAccessCommon::module_name()) { continue; } Base_MenuCommon::add_default_menu($ret, $name); $modules_menu = array_merge($modules_menu, self::check_for_links('', $ret, $name)); } usort($modules_menu, function ($a, $b) { return strcmp($a['label'], $b['label']); }); self::$options =& $modules_menu; return self::$options; }
function CT_Start_Default($target) { requireModel("blog.attachment"); requireComponent("Eolin.PHP.Core"); requireComponent("Textcube.Function.misc"); global $blogid, $blogURL, $database, $service; $target .= '<ul>'; $target .= '<li><a href="' . $blogURL . '/owner/entry/post">' . _t('새 글을 씁니다') . '</a></li>' . CRLF; $latestEntryId = Setting::getBlogSettingGlobal('LatestEditedEntry_user' . getUserId(), 0); if ($latestEntryId !== 0) { $latestEntry = CT_Start_Default_getEntry($blogid, $latestEntryId); if ($latestEntry != false) { $target .= '<li><a href="' . $blogURL . '/owner/entry/edit/' . $latestEntry['id'] . '">' . _f('최근글(%1) 수정', htmlspecialchars(Utils_Unicode::lessenAsEm($latestEntry['title'], 10))) . '</a></li>'; } } if (Acl::check('group.administrators')) { $target .= '<li><a href="' . $blogURL . '/owner/skin">' . _t('스킨을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/skin/sidebar">' . _t('사이드바 구성을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/skin/setting">' . _t('블로그에 표시되는 값들을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/entry/category">' . _t('카테고리를 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/plugin">' . _t('플러그인을 켜거나 끕니다') . '</a></li>' . CRLF; } if ($service['reader'] != false) { $target .= '<li><a href="' . $blogURL . '/owner/network/reader">' . _t('RSS 리더를 봅니다') . '</a></li>' . CRLF; } $target .= '</ul>'; return $target; }
function addOpenID() { global $openid_list; $context = Model_Context::getInstance(); if (empty($_GET['openid_identifier']) || strstr($_GET['openid_identifier'], ".") === false) { exitWithError(_t('오픈아이디를 입력하지 않았거나, 도메인 없는 오픈아이디를 입력하였습니다.')); } $currentOpenID = Acl::getIdentity('openid_temp'); $fc = new OpenIDConsumer(); $claimedOpenID = $fc->fetch($_GET['openid_identifier']); if (in_array($claimedOpenID, $openid_list)) { exitWithError(_t('이미 연결된 오픈아이디 입니다') . " : " . $claimedOpenID); } if ($_GET['authenticated'] === "0") { header("Location: " . $context->getProperty('uri.blog') . "/owner/setting/account"); exit(0); } if (empty($currentOpenID) || $claimedOpenID != $currentOpenID) { loginOpenIDforAdding($claimedOpenID); return; } if (!in_array($currentOpenID, $openid_list)) { for ($i = 0; $i < OPENID_REGISTERS; $i++) { $openid = Setting::getUserSetting("openid." . $i, null, true); if (empty($openid)) { Setting::setUserSetting("openid." . $i, $currentOpenID, true); break; } } } echo "<html><head><script type=\"text/javascript\">//<![CDATA[" . CRLF . "alert('" . _t('연결하였습니다.') . " : " . $currentOpenID . "'); document.location.href='" . $context->getProperty('uri.blog') . "/owner/setting/account'; //]]></script></head></html>"; }
public static function add_tracing_notes($dest_rset, $dest_id, $dest_label, $linkto_rset, $linkto_id, $linkto_label) { $after = __('Follow-up after') . ': '; $follow = __('Follow-up') . ': '; switch ($dest_rset) { case 'phonecall': $fwd_note_path = 'phonecall/' . $dest_id; $bck_note = $after . '[phone=' . $dest_id . ']' . $dest_label . '[/phone]'; break; case 'meeting': $fwd_note_path = 'crm_meeting/' . $dest_id; $bck_note = $after . '[meeting=' . $dest_id . ']' . $dest_label . '[/meeting]'; break; case 'task': $fwd_note_path = 'task/' . $dest_id; $bck_note = $after . '[task=' . $dest_id . ']' . $dest_label . '[/task]'; break; } switch ($linkto_rset) { case 'phonecall': $bck_note_path = 'phonecall/' . $linkto_id; $fwd_note = $follow . '[phone=' . $linkto_id . ']' . $linkto_label . '[/phone]'; break; case 'meeting': $bck_note_path = 'crm_meeting/' . $linkto_id; $fwd_note = $follow . '[meeting=' . $linkto_id . ']' . $linkto_label . '[/meeting]'; break; case 'task': $bck_note_path = 'task/' . $linkto_id; $fwd_note = $follow . '[task=' . $linkto_id . ']' . $linkto_label . '[/task]'; break; } Utils_AttachmentCommon::add($fwd_note_path, 0, Acl::get_user(), $fwd_note); Utils_AttachmentCommon::add($bck_note_path, 0, Acl::get_user(), $bck_note); }
/** * init: check if user is logged in * * if not: redirect to login */ public function init() { // call parent before first parent::init(); // only check if the controller is not auth if (Request::initial()->controller() != 'Auth') { // url to loginpage $url = URL::to('Auth@login'); // init identity $identity = Identity::instance(); //revert identity to original user (maybe assume was called somewhere else) $identity->revert(); // check authentication if (!$identity->authenticated()) { // if user is not allready authenticated, redirect to login page $this->redirect($url); } else { $website = Website::instance(); // else: initialise acl Acl::init($identity, new Model_Rights($website->websites())); // set current environment Acl::environment($website->id()); // if user is not entitled to access backend if (!Acl::instance()->allowed('Backend', 'access')) { $this->redirect($url); } // if user is not entitled to access controller if (!Acl::instance()->allowed(Request::initial()->controller(), 'access')) { $this->redirect($url); } } } }
public function action_index() { // get acl $acl = Acl::instance(); // get modules $modules = Settings::factory('modules')->as_array(); // get navigation $settings = Settings::factory('navigation', array('settings' . DIRECTORY_SEPARATOR . Website::instance()->id() . DIRECTORY_SEPARATOR, 'settings')); $navigation = $settings->get('menu'); // filter out allowed modules $allowedModules = array(); foreach ($modules as $module => $data) { if ($acl->allowed($module, 'access')) { $allowedModules[$module] = $data; } } // fill up sections $sections = array(); foreach ($navigation as $section => $modules) { foreach ($modules as $module) { if (isset($allowedModules[$module])) { // section has a allowed module, so include it if (!isset($sections[$section])) { $sections[$section] = array(); } // add module to section $sections[$section][$module] = $allowedModules[$module]; } } } $view = View::factory('start', array('sections' => $sections)); $this->response->body($view->render()); }
function CT_Start_Default($target) { importlib("model.blog.attachment"); $context = Model_Context::getInstance(); $blogURL = $context->getProperty('uri.blog'); $blogid = $context->getProperty('blog.id'); $target .= '<ul>'; $target .= '<li><a href="' . $blogURL . '/owner/entry/post">' . _t('새 글을 씁니다') . '</a></li>' . CRLF; $latestEntryId = Setting::getBlogSettingGlobal('LatestEditedEntry_user' . getUserId(), 0); if ($latestEntryId !== 0) { $latestEntry = CT_Start_Default_getEntry($blogid, $latestEntryId); if ($latestEntry != false) { $target .= '<li><a href="' . $blogURL . '/owner/entry/edit/' . $latestEntry['id'] . '">' . _f('최근글(%1) 수정', htmlspecialchars(Utils_Unicode::lessenAsEm($latestEntry['title'], 10))) . '</a></li>'; } } if (Acl::check('group.administrators')) { $target .= '<li><a href="' . $blogURL . '/owner/skin">' . _t('스킨을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/skin/sidebar">' . _t('사이드바 구성을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/skin/setting">' . _t('블로그에 표시되는 값들을 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/entry/category">' . _t('카테고리를 변경합니다') . '</a></li>' . CRLF; $target .= '<li><a href="' . $blogURL . '/owner/plugin">' . _t('플러그인을 켜거나 끕니다') . '</a></li>' . CRLF; } if ($context->getProperty('service.reader', false) != false) { $target .= '<li><a href="' . $blogURL . '/owner/network/reader">' . _t('RSS 리더를 봅니다') . '</a></li>' . CRLF; } $target .= '</ul>'; return $target; }
public static function write($id, $data) { if (is_null(self::$context)) { self::initialize(); } if (strlen($id) < 32) { return false; } $userid = Acl::getIdentity('textcube'); if (empty($userid)) { $userid = Acl::getIdentity('openid') ? SESSION_OPENID_USERID : ''; } if (empty($userid)) { $userid = 'null'; } $id = POD::escapeString($id); $data = POD::escapeString($data); $server = POD::escapeString($_SERVER['HTTP_HOST']); $request = POD::escapeString(substr($_SERVER['REQUEST_URI'], 0, 255)); $referer = isset($_SERVER['HTTP_REFERER']) ? POD::escapeString(substr($_SERVER['HTTP_REFERER'], 0, 255)) : ''; $timer = Timer::getMicroTime() - self::$sessionMicrotime; $current = Timestamp::getUNIXtime(); $result = self::query('count', "UPDATE " . self::$context->getProperty('database.prefix') . "Sessions\n\t\t\t\tSET userid = {$userid}, privilege = '{$data}', server = '{$server}', request = '{$request}', referer = '{$referer}', timer = {$timer}, updated = IF(updated,{$current},1)\n\t\t\t\tWHERE id = '{$id}' AND address = '{$_SERVER['REMOTE_ADDR']}'"); if ($result && $result == 1) { @POD::commit(); return true; } return false; }
/** * Default action in default controller */ public function action_index() { // get acl $acl = Acl::instance(); // get first allowed module // get modules $modules = Settings::factory('modules')->as_array(); $modules = array_keys($modules); $module = State::instance()->get('active.module'); if ($module !== FALSE && $module !== 'Default') { if ($acl->allowed($module, 'access', FALSE, $this->_website) === TRUE) { $url = URL::to($module, array('website' => $this->_website)); $this->redirect($url); exit; } } // find the first allowed module & redirect foreach ($modules as $module) { if ($acl->allowed($module, 'access', FALSE, $this->_website) === TRUE) { $url = URL::to($module, array('website' => $this->_website)); $this->redirect($url); exit; } } }
public static function initNavigation($id_fta, $id_fta_chapitre_encours, $synthese_action, $comeback, $id_fta_etat, $abrevation_etat, $id_fta_role, $paramActivationComplete, $paramSelectionChap) { /** * Modification */ self::$ftaModification = Acl::getValueAccesRights(Acl::ACL_FTA_MODIFICATION); /** * Consultation */ self::$ftaConsultation = Acl::getValueAccesRights(Acl::ACL_FTA_CONSULTATION); self::$selectionChap = $paramSelectionChap; self::$id_fta = $id_fta; self::$id_fta_chapitre_encours = $id_fta_chapitre_encours; self::$synthese_action = $synthese_action; if ($id_fta_etat == FtaEtatModel::ID_VALUE_MODIFICATION) { self::$synthese_action = FtaEtatModel::ETAT_AVANCEMENT_VALUE_EN_COURS; } self::$comeback = $comeback; self::$id_fta_etat = $id_fta_etat; self::$abreviation_etat = $abrevation_etat; self::$id_fta_role = $id_fta_role; self::$ftaModel = new FtaModel(self::$id_fta); self::$id_fta_workflow = self::$ftaModel->getDataField(FtaModel::FIELDNAME_WORKFLOW)->getFieldValue(); self::$id_fta_role_encours = FtaWorkflowStructureModel::getIdFtaRoleByChapitreAndWorkflow(self::$id_fta_chapitre_encours, self::$id_fta_workflow); $ftaWorkflowModel = new FtaWorkflowModel(self::$id_fta_workflow); self::$id_parent_intranet_actions = $ftaWorkflowModel->getDataField(FtaWorkflowModel::FIELDNAME_ID_INTRANET_ACTIONS)->getFieldValue(); self::$html_navigation_bar = self::buildNavigationBar($paramActivationComplete); }
/** * Returns an instance of Acl object * * @return Acl */ public static function getInstance() { if (self::$instance === null) { self::$instance = new self(); } return self::$instance; }
/** * constructor, acl check * * @author Andy Bennett */ function __construct() { parent::__construct(); parent::init(); Acl::instance()->redirect(steamauth_helper::get_role(), 'admin'); Display::instance()->set_template('template-admin'); }
public static function user_settings() { if (Acl::is_user()) { return array(__('Calendar') => array(array('name' => 'first_day_of_week', 'label' => __('First day of week'), 'type' => 'select', 'values' => array(0 => __('Sunday'), 1 => __('Monday'), 2 => __('Tuesday'), 3 => __('Wednesday'), 4 => __('Thursday'), 5 => __('Friday'), 6 => __('Saturday')), 'default' => 0))); } return array(); }
public function assert(Acl $acl, $role = null, $resource = null, $privilege = null) { if (is_object($resource)) { foreach ($this->_relations as $relation) { $relation = $resource->{$relation}; // If the relation doesn't exist, assume we're OK. if (!$relation->loaded()) { continue; } if (!$acl->is_allowed($role, $relation, $privilege)) { return FALSE; } } } return TRUE; }
/** * acl single point of entry. * * @static * @access public * @return Acl */ public static function acl() { if (empty(self::$instance)) { self::$instance = new Acl(); } return self::$instance; }
public function action_details() { $relevant_user = Acl::instance()->relevant_user(); // check if admin in which _case_ a user_id in the get param is required if (!$relevant_user) { $user_id = $this->request->param('user_id'); $relevant_user = ORM::factory('user', $user_id); } if (!$relevant_user) { echo 'Not allowed'; exit; } $user_id = $relevant_user->id; $examgroup_id = $this->request->param('examgroup_id'); $marksheet = ORM::factory('exam'); $marksheet->select('marks')->join('examresults', 'left')->on('examresults.exam_id', '=', 'id'); $marksheet->and_where_open()->where('examresults.user_id', '=', $user_id)->or_where('examresults.user_id', 'IS', NULL)->and_where_close()->and_where_open()->and_where('exams.examgroup_id', '=', $examgroup_id)->and_where_close(); $marksheet = $marksheet->find_all(); $flg = 0; foreach ($marksheet as $mark) { if ($mark->marks != NULL) { $flg++; } //echo "<br>"; } $view = View::factory('examresult/exammarksheet')->bind('marksheets', $marksheet)->bind('flg', $flg)->bind('relevant_user', $relevant_user); $this->content = $view; }
/** * Deletes a particular model. * If deletion is successful, the browser will be redirected to the 'admin' page. * @param integer $id the ID of the model to be deleted */ public function actionDelete($id) { Acl::hasPrivilege($this->privileges, $this->resource, Acl::ACTION_DELETE); SettingsEmailTemplate::model()->loadModel($id)->delete(); if (!isset($_GET['ajax'])) { $this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('index')); } }
/** * constructor, check acl * * @author Andy Bennett */ function __construct() { parent::__construct(); parent::init(); Acl::instance()->redirect(steamauth_helper::get_role(), 'admin'); Display::instance()->append_data('page_id', 'containers-admin'); Display::instance()->set_template('template-admin'); }
public function editLink() { if (Acl::instance()->is_allowed('document_edit')) { return '[<a href="#" onclick="KODELEARN.modules.get(\'document\').edit(' . $this->id . ')"> Edit </a>]'; //send link if permission is there } return ''; }
/** * constructor; set display template * * @author Andy Bennett */ function __construct() { Acl::instance()->redirect(Steamauth::instance()->get_role(), 'edit', null, '../'); parent::__construct(); parent::init(); $tpl = request::is_ajax() || isset($_GET['ajax']) ? 'template-ajax' : 'template-admin'; Display::instance()->set_template($tpl); }