protected function saveAcls($acls, $role)
{
foreach ($acls as $acl) {
$acl = explode("/", $acl);
$dbAcl = new Acl();
$dbAcl->setIdRole($role);
$dbAcl->setController($acl[0]);
$dbAcl->setAction($acl[1]);
$dbAcl->save();
}
}
/**
* Sets up permissions for the module
*
* @param \Acl $acl
*/
public static function addSongbookPrivileges($acl)
{
$acl->addRole('songbook - vstup');
$acl->addRole('songbook - vytváření/editace', 'songbook - vstup');
$acl->addRole('songbook - mazání', 'songbook - vytváření/editace');
$acl->addResource("Oddil:Songbook");
$acl->allow("base - člen", "Oddil:Songbook", "display");
$acl->allow("songbook - vstup", "Oddil:Songbook", "default");
$acl->allow("songbook - vytváření/editace", "Oddil:Songbook", ["add", "edit"]);
$acl->allow("songbook - mazání", "Oddil:Songbook", "delete");
}
/**
* listener version of redirect on fail acl validity check method
*
* @return void
* @author Andy Bennett
*/
public static function fail()
{
// redirect if user doesn't have correct permissions
if (!Acl::instance()->check(Event::$data['role'], Event::$data['name'], Event::$data['action'])) {
throw new Kohana_403_Exception(Event::$data['name'], 'common/error_403');
}
}
public static function user_streams($user = null, $course_id = null, $batch_id = null)
{
// first get the relevant user, if not the current user
if ($user === null) {
$user = Acl::instance()->relevant_user();
if (!$user) {
$user = Auth::instance()->get_user();
}
}
$role = $user->role();
if ($course_id === null) {
$courses = $user->courses->find_all()->as_array(null, 'id');
$courses[] = 0;
} else {
$courses = array($course_id);
}
if ($batch_id === null) {
$batches = $user->batches->find_all()->as_array(null, 'id');
$batches[] = 0;
} else {
$batches = array($batch_id);
}
$streams = ORM::factory('feedstream')->where('user_id', ' IN', array($user->id, 0))->and_where('role_id', ' IN ', array($role->id, 0))->and_where('course_id', ' IN ', $courses)->and_where('batch_id', ' IN ', $batches)->find_all();
return $streams;
}
private function auth($user, $pass)
{
$error = '';
$t = Variable::get('host_ban_time');
if ($t > 0) {
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error = 'Host banned.';
}
}
if ($error === '') {
$ret = Base_User_LoginCommon::check_login($user, $pass);
if (!$ret) {
$error = 'Login failed.';
if ($t > 0) {
DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t));
DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR']));
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error .= ' Host banned.';
}
}
} else {
$uid = Base_UserCommon::get_user_id($user);
Acl::set_user($uid, true);
}
}
return $error;
}
public static function menu()
{
if (!Acl::is_user() || !Base_AclCommon::check_permission('Fax - Browse')) {
return array();
}
return array(_M('CRM') => array('__submenu__' => 1, _M('Fax') => array()));
}
public function canAccessPage($id, $action)
{
$acl = Acl::getResourceData(Acl::RESOURCE_GROUP_PAGES, $id);
if ($acl !== false) {
return Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, $id, $action);
} else {
$finished = false;
$ret = false;
$next_id = $id;
$safety_counter = 0;
do {
if ($next_id == Pages::ROOT_ID) {
$ret = Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, Pages::ROOT_ID, $action);
$finished = true;
} else {
$res = $this->pages->getProperties($next_id);
if ($res !== false) {
$acl = Acl::getResourceData(Acl::RESOURCE_GROUP_PAGES, $next_id);
if ($acl !== false) {
$ret = Acl::canAccess(Acl::RESOURCE_GROUP_PAGES, $next_id, $action);
$finished = true;
}
$next_id = $res['parent-id'];
} else {
$finished = true;
}
}
$safety_counter++;
} while (!$finished && $safety_counter < 50);
return $ret;
}
}
/**
* upload files
*/
protected function create($model, $form)
{
// check rights
if (!Acl::instance()->allowed($this->_controller, 'create')) {
throw HTTP_Exception::factory(403, 'Create not allowed on :controller', array(':controller' => $this->_controller));
}
$hash = FALSE;
Event::raise($this, Event::BEFORE_CREATE_FORM_PARSE, array('model' => NULL, 'form' => $form));
if ($form->valid()) {
$hash = Upload::process('file', $this->_settings->get('path_temp'), $this->_settings->get('extensions'), $this->_settings->get('unzip'));
}
if ($hash !== FALSE) {
return $hash;
} else {
if ($form->submitted()) {
// set error in form
$form->element('file', 0)->error('not_empty');
}
// create viewer
$viewer = Viewer::factory('Form', $form)->text(Text::instance());
// render form
$view = View::factory($this->_settings->get('view.create'), array('viewer' => $viewer));
// event
Event::raise($this, Event::BEFORE_CREATE_RENDER, array('model' => NULL, 'form' => $form, 'viewer' => $viewer, 'view' => $view));
// render
$this->response->body($view->render());
return FALSE;
}
}
public static function modules()
{
$session = UserSession::get();
if ($session)
{
$user = $session->user();
if (!Acl::isAllowed($user->username, 'admin'))
{
return null;
}
}
else
{
return null;
}
CoOrg::loadPluginInfo('admin');
$modules = array();
foreach (self::$_modules as $m)
{
if ($m->isAllowed($user))
{
$modules[] = $m;
}
}
usort($modules, array('Admin', 'cmpModule'));
return $modules;
}
/**
* @return Acl
*/
public static function instance()
{
if (self::$_instance === null) {
self::$_instance = new Acl();
}
return self::$_instance;
}
public static function get_options()
{
static $user;
if (isset(self::$options) && $user == Acl::get_user()) {
return self::$options;
}
$user = Acl::get_user();
self::$options = array();
$modules_menu = array();
$menus = Base_MenuCommon::get_menus();
//ksort($menus);
foreach ($menus as $name => $ret) {
if ($name == 'Base_Admin') {
continue;
}
if ($name == Base_Menu_QuickAccessCommon::module_name()) {
continue;
}
Base_MenuCommon::add_default_menu($ret, $name);
$modules_menu = array_merge($modules_menu, self::check_for_links('', $ret, $name));
}
usort($modules_menu, function ($a, $b) {
return strcmp($a['label'], $b['label']);
});
self::$options =& $modules_menu;
return self::$options;
}
function CT_Start_Default($target)
{
requireModel("blog.attachment");
requireComponent("Eolin.PHP.Core");
requireComponent("Textcube.Function.misc");
global $blogid, $blogURL, $database, $service;
$target .= '<ul>';
$target .= '<li><a href="' . $blogURL . '/owner/entry/post">' . _t('새 글을 씁니다') . '</a></li>' . CRLF;
$latestEntryId = Setting::getBlogSettingGlobal('LatestEditedEntry_user' . getUserId(), 0);
if ($latestEntryId !== 0) {
$latestEntry = CT_Start_Default_getEntry($blogid, $latestEntryId);
if ($latestEntry != false) {
$target .= '<li><a href="' . $blogURL . '/owner/entry/edit/' . $latestEntry['id'] . '">' . _f('최근글(%1) 수정', htmlspecialchars(Utils_Unicode::lessenAsEm($latestEntry['title'], 10))) . '</a></li>';
}
}
if (Acl::check('group.administrators')) {
$target .= '<li><a href="' . $blogURL . '/owner/skin">' . _t('스킨을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/skin/sidebar">' . _t('사이드바 구성을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/skin/setting">' . _t('블로그에 표시되는 값들을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/entry/category">' . _t('카테고리를 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/plugin">' . _t('플러그인을 켜거나 끕니다') . '</a></li>' . CRLF;
}
if ($service['reader'] != false) {
$target .= '<li><a href="' . $blogURL . '/owner/network/reader">' . _t('RSS 리더를 봅니다') . '</a></li>' . CRLF;
}
$target .= '</ul>';
return $target;
}
function addOpenID()
{
global $openid_list;
$context = Model_Context::getInstance();
if (empty($_GET['openid_identifier']) || strstr($_GET['openid_identifier'], ".") === false) {
exitWithError(_t('오픈아이디를 입력하지 않았거나, 도메인 없는 오픈아이디를 입력하였습니다.'));
}
$currentOpenID = Acl::getIdentity('openid_temp');
$fc = new OpenIDConsumer();
$claimedOpenID = $fc->fetch($_GET['openid_identifier']);
if (in_array($claimedOpenID, $openid_list)) {
exitWithError(_t('이미 연결된 오픈아이디 입니다') . " : " . $claimedOpenID);
}
if ($_GET['authenticated'] === "0") {
header("Location: " . $context->getProperty('uri.blog') . "/owner/setting/account");
exit(0);
}
if (empty($currentOpenID) || $claimedOpenID != $currentOpenID) {
loginOpenIDforAdding($claimedOpenID);
return;
}
if (!in_array($currentOpenID, $openid_list)) {
for ($i = 0; $i < OPENID_REGISTERS; $i++) {
$openid = Setting::getUserSetting("openid." . $i, null, true);
if (empty($openid)) {
Setting::setUserSetting("openid." . $i, $currentOpenID, true);
break;
}
}
}
echo "<html><head><script type=\"text/javascript\">//<![CDATA[" . CRLF . "alert('" . _t('연결하였습니다.') . " : " . $currentOpenID . "'); document.location.href='" . $context->getProperty('uri.blog') . "/owner/setting/account'; //]]></script></head></html>";
}
public static function add_tracing_notes($dest_rset, $dest_id, $dest_label, $linkto_rset, $linkto_id, $linkto_label)
{
$after = __('Follow-up after') . ': ';
$follow = __('Follow-up') . ': ';
switch ($dest_rset) {
case 'phonecall':
$fwd_note_path = 'phonecall/' . $dest_id;
$bck_note = $after . '[phone=' . $dest_id . ']' . $dest_label . '[/phone]';
break;
case 'meeting':
$fwd_note_path = 'crm_meeting/' . $dest_id;
$bck_note = $after . '[meeting=' . $dest_id . ']' . $dest_label . '[/meeting]';
break;
case 'task':
$fwd_note_path = 'task/' . $dest_id;
$bck_note = $after . '[task=' . $dest_id . ']' . $dest_label . '[/task]';
break;
}
switch ($linkto_rset) {
case 'phonecall':
$bck_note_path = 'phonecall/' . $linkto_id;
$fwd_note = $follow . '[phone=' . $linkto_id . ']' . $linkto_label . '[/phone]';
break;
case 'meeting':
$bck_note_path = 'crm_meeting/' . $linkto_id;
$fwd_note = $follow . '[meeting=' . $linkto_id . ']' . $linkto_label . '[/meeting]';
break;
case 'task':
$bck_note_path = 'task/' . $linkto_id;
$fwd_note = $follow . '[task=' . $linkto_id . ']' . $linkto_label . '[/task]';
break;
}
Utils_AttachmentCommon::add($fwd_note_path, 0, Acl::get_user(), $fwd_note);
Utils_AttachmentCommon::add($bck_note_path, 0, Acl::get_user(), $bck_note);
}
/**
* init: check if user is logged in
*
* if not: redirect to login
*/
public function init()
{
// call parent before first
parent::init();
// only check if the controller is not auth
if (Request::initial()->controller() != 'Auth') {
// url to loginpage
$url = URL::to('Auth@login');
// init identity
$identity = Identity::instance();
//revert identity to original user (maybe assume was called somewhere else)
$identity->revert();
// check authentication
if (!$identity->authenticated()) {
// if user is not allready authenticated, redirect to login page
$this->redirect($url);
} else {
$website = Website::instance();
// else: initialise acl
Acl::init($identity, new Model_Rights($website->websites()));
// set current environment
Acl::environment($website->id());
// if user is not entitled to access backend
if (!Acl::instance()->allowed('Backend', 'access')) {
$this->redirect($url);
}
// if user is not entitled to access controller
if (!Acl::instance()->allowed(Request::initial()->controller(), 'access')) {
$this->redirect($url);
}
}
}
}
public function action_index()
{
// get acl
$acl = Acl::instance();
// get modules
$modules = Settings::factory('modules')->as_array();
// get navigation
$settings = Settings::factory('navigation', array('settings' . DIRECTORY_SEPARATOR . Website::instance()->id() . DIRECTORY_SEPARATOR, 'settings'));
$navigation = $settings->get('menu');
// filter out allowed modules
$allowedModules = array();
foreach ($modules as $module => $data) {
if ($acl->allowed($module, 'access')) {
$allowedModules[$module] = $data;
}
}
// fill up sections
$sections = array();
foreach ($navigation as $section => $modules) {
foreach ($modules as $module) {
if (isset($allowedModules[$module])) {
// section has a allowed module, so include it
if (!isset($sections[$section])) {
$sections[$section] = array();
}
// add module to section
$sections[$section][$module] = $allowedModules[$module];
}
}
}
$view = View::factory('start', array('sections' => $sections));
$this->response->body($view->render());
}
function CT_Start_Default($target)
{
importlib("model.blog.attachment");
$context = Model_Context::getInstance();
$blogURL = $context->getProperty('uri.blog');
$blogid = $context->getProperty('blog.id');
$target .= '<ul>';
$target .= '<li><a href="' . $blogURL . '/owner/entry/post">' . _t('새 글을 씁니다') . '</a></li>' . CRLF;
$latestEntryId = Setting::getBlogSettingGlobal('LatestEditedEntry_user' . getUserId(), 0);
if ($latestEntryId !== 0) {
$latestEntry = CT_Start_Default_getEntry($blogid, $latestEntryId);
if ($latestEntry != false) {
$target .= '<li><a href="' . $blogURL . '/owner/entry/edit/' . $latestEntry['id'] . '">' . _f('최근글(%1) 수정', htmlspecialchars(Utils_Unicode::lessenAsEm($latestEntry['title'], 10))) . '</a></li>';
}
}
if (Acl::check('group.administrators')) {
$target .= '<li><a href="' . $blogURL . '/owner/skin">' . _t('스킨을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/skin/sidebar">' . _t('사이드바 구성을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/skin/setting">' . _t('블로그에 표시되는 값들을 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/entry/category">' . _t('카테고리를 변경합니다') . '</a></li>' . CRLF;
$target .= '<li><a href="' . $blogURL . '/owner/plugin">' . _t('플러그인을 켜거나 끕니다') . '</a></li>' . CRLF;
}
if ($context->getProperty('service.reader', false) != false) {
$target .= '<li><a href="' . $blogURL . '/owner/network/reader">' . _t('RSS 리더를 봅니다') . '</a></li>' . CRLF;
}
$target .= '</ul>';
return $target;
}
public static function write($id, $data)
{
if (is_null(self::$context)) {
self::initialize();
}
if (strlen($id) < 32) {
return false;
}
$userid = Acl::getIdentity('textcube');
if (empty($userid)) {
$userid = Acl::getIdentity('openid') ? SESSION_OPENID_USERID : '';
}
if (empty($userid)) {
$userid = 'null';
}
$id = POD::escapeString($id);
$data = POD::escapeString($data);
$server = POD::escapeString($_SERVER['HTTP_HOST']);
$request = POD::escapeString(substr($_SERVER['REQUEST_URI'], 0, 255));
$referer = isset($_SERVER['HTTP_REFERER']) ? POD::escapeString(substr($_SERVER['HTTP_REFERER'], 0, 255)) : '';
$timer = Timer::getMicroTime() - self::$sessionMicrotime;
$current = Timestamp::getUNIXtime();
$result = self::query('count', "UPDATE " . self::$context->getProperty('database.prefix') . "Sessions\n\t\t\t\tSET userid = {$userid}, privilege = '{$data}', server = '{$server}', request = '{$request}', referer = '{$referer}', timer = {$timer}, updated = IF(updated,{$current},1)\n\t\t\t\tWHERE id = '{$id}' AND address = '{$_SERVER['REMOTE_ADDR']}'");
if ($result && $result == 1) {
@POD::commit();
return true;
}
return false;
}
/**
* Default action in default controller
*/
public function action_index()
{
// get acl
$acl = Acl::instance();
// get first allowed module
// get modules
$modules = Settings::factory('modules')->as_array();
$modules = array_keys($modules);
$module = State::instance()->get('active.module');
if ($module !== FALSE && $module !== 'Default') {
if ($acl->allowed($module, 'access', FALSE, $this->_website) === TRUE) {
$url = URL::to($module, array('website' => $this->_website));
$this->redirect($url);
exit;
}
}
// find the first allowed module & redirect
foreach ($modules as $module) {
if ($acl->allowed($module, 'access', FALSE, $this->_website) === TRUE) {
$url = URL::to($module, array('website' => $this->_website));
$this->redirect($url);
exit;
}
}
}
public static function initNavigation($id_fta, $id_fta_chapitre_encours, $synthese_action, $comeback, $id_fta_etat, $abrevation_etat, $id_fta_role, $paramActivationComplete, $paramSelectionChap)
{
/**
* Modification
*/
self::$ftaModification = Acl::getValueAccesRights(Acl::ACL_FTA_MODIFICATION);
/**
* Consultation
*/
self::$ftaConsultation = Acl::getValueAccesRights(Acl::ACL_FTA_CONSULTATION);
self::$selectionChap = $paramSelectionChap;
self::$id_fta = $id_fta;
self::$id_fta_chapitre_encours = $id_fta_chapitre_encours;
self::$synthese_action = $synthese_action;
if ($id_fta_etat == FtaEtatModel::ID_VALUE_MODIFICATION) {
self::$synthese_action = FtaEtatModel::ETAT_AVANCEMENT_VALUE_EN_COURS;
}
self::$comeback = $comeback;
self::$id_fta_etat = $id_fta_etat;
self::$abreviation_etat = $abrevation_etat;
self::$id_fta_role = $id_fta_role;
self::$ftaModel = new FtaModel(self::$id_fta);
self::$id_fta_workflow = self::$ftaModel->getDataField(FtaModel::FIELDNAME_WORKFLOW)->getFieldValue();
self::$id_fta_role_encours = FtaWorkflowStructureModel::getIdFtaRoleByChapitreAndWorkflow(self::$id_fta_chapitre_encours, self::$id_fta_workflow);
$ftaWorkflowModel = new FtaWorkflowModel(self::$id_fta_workflow);
self::$id_parent_intranet_actions = $ftaWorkflowModel->getDataField(FtaWorkflowModel::FIELDNAME_ID_INTRANET_ACTIONS)->getFieldValue();
self::$html_navigation_bar = self::buildNavigationBar($paramActivationComplete);
}
/**
* Returns an instance of Acl object
*
* @return Acl
*/
public static function getInstance()
{
if (self::$instance === null) {
self::$instance = new self();
}
return self::$instance;
}
/**
* constructor, acl check
*
* @author Andy Bennett
*/
function __construct()
{
parent::__construct();
parent::init();
Acl::instance()->redirect(steamauth_helper::get_role(), 'admin');
Display::instance()->set_template('template-admin');
}
public static function user_settings()
{
if (Acl::is_user()) {
return array(__('Calendar') => array(array('name' => 'first_day_of_week', 'label' => __('First day of week'), 'type' => 'select', 'values' => array(0 => __('Sunday'), 1 => __('Monday'), 2 => __('Tuesday'), 3 => __('Wednesday'), 4 => __('Thursday'), 5 => __('Friday'), 6 => __('Saturday')), 'default' => 0)));
}
return array();
}
public function assert(Acl $acl, $role = null, $resource = null, $privilege = null)
{
if (is_object($resource)) {
foreach ($this->_relations as $relation) {
$relation = $resource->{$relation};
// If the relation doesn't exist, assume we're OK.
if (!$relation->loaded()) {
continue;
}
if (!$acl->is_allowed($role, $relation, $privilege)) {
return FALSE;
}
}
}
return TRUE;
}
/**
* acl single point of entry.
*
* @static
* @access public
* @return Acl
*/
public static function acl()
{
if (empty(self::$instance)) {
self::$instance = new Acl();
}
return self::$instance;
}
public function action_details()
{
$relevant_user = Acl::instance()->relevant_user();
// check if admin in which _case_ a user_id in the get param is required
if (!$relevant_user) {
$user_id = $this->request->param('user_id');
$relevant_user = ORM::factory('user', $user_id);
}
if (!$relevant_user) {
echo 'Not allowed';
exit;
}
$user_id = $relevant_user->id;
$examgroup_id = $this->request->param('examgroup_id');
$marksheet = ORM::factory('exam');
$marksheet->select('marks')->join('examresults', 'left')->on('examresults.exam_id', '=', 'id');
$marksheet->and_where_open()->where('examresults.user_id', '=', $user_id)->or_where('examresults.user_id', 'IS', NULL)->and_where_close()->and_where_open()->and_where('exams.examgroup_id', '=', $examgroup_id)->and_where_close();
$marksheet = $marksheet->find_all();
$flg = 0;
foreach ($marksheet as $mark) {
if ($mark->marks != NULL) {
$flg++;
}
//echo "<br>";
}
$view = View::factory('examresult/exammarksheet')->bind('marksheets', $marksheet)->bind('flg', $flg)->bind('relevant_user', $relevant_user);
$this->content = $view;
}
/**
* Deletes a particular model.
* If deletion is successful, the browser will be redirected to the 'admin' page.
* @param integer $id the ID of the model to be deleted
*/
public function actionDelete($id)
{
Acl::hasPrivilege($this->privileges, $this->resource, Acl::ACTION_DELETE);
SettingsEmailTemplate::model()->loadModel($id)->delete();
if (!isset($_GET['ajax'])) {
$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('index'));
}
}
/**
* constructor, check acl
*
* @author Andy Bennett
*/
function __construct()
{
parent::__construct();
parent::init();
Acl::instance()->redirect(steamauth_helper::get_role(), 'admin');
Display::instance()->append_data('page_id', 'containers-admin');
Display::instance()->set_template('template-admin');
}
public function editLink()
{
if (Acl::instance()->is_allowed('document_edit')) {
return '[<a href="#" onclick="KODELEARN.modules.get(\'document\').edit(' . $this->id . ')"> Edit </a>]';
//send link if permission is there
}
return '';
}
/**
* constructor; set display template
*
* @author Andy Bennett
*/
function __construct()
{
Acl::instance()->redirect(Steamauth::instance()->get_role(), 'edit', null, '../');
parent::__construct();
parent::init();
$tpl = request::is_ajax() || isset($_GET['ajax']) ? 'template-ajax' : 'template-admin';
Display::instance()->set_template($tpl);
}
