function hasPriv($priv_id) { // We don't need to do much work if we're a superuser if ($this->is_superuser) { return true; } $settings = DevblocksPlatform::getPluginSettingsService(); $acl_enabled = $settings->get('feg.core', FegSettings::ACL_ENABLED); // ACL is a paid feature (please respect the licensing and support the project!) $license = FegLicense::getInstance(); if (!$acl_enabled || !isset($license['serial']) || isset($license['a'])) { return "core.setup" == substr($priv_id, 0, 11) ? false : true; } // Check the aggregated worker privs from roles $acl = DAO_WorkerRole::getACL(); $privs_by_worker = $acl[DAO_WorkerRole::CACHE_KEY_PRIVS_BY_WORKER]; if (!empty($priv_id) && isset($privs_by_worker[$this->id][$priv_id])) { return true; } return false; }
function saveRoleAction() { $translate = DevblocksPlatform::getTranslationService(); $worker = CerberusApplication::getActiveWorker(); if (!$worker || !$worker->is_superuser) { echo $translate->_('common.access_denied'); return; } @($id = DevblocksPlatform::importGPC($_REQUEST['id'], 'integer', 0)); @($name = DevblocksPlatform::importGPC($_REQUEST['name'], 'string', '')); @($worker_ids = DevblocksPlatform::importGPC($_REQUEST['worker_ids'], 'array', array())); @($acl_privs = DevblocksPlatform::importGPC($_REQUEST['acl_privs'], 'array', array())); @($do_delete = DevblocksPlatform::importGPC($_REQUEST['do_delete'], 'integer', 0)); // Sanity checks if (empty($name)) { $name = 'New Role'; } // Delete if (!empty($do_delete) && !empty($id)) { DAO_WorkerRole::delete($id); DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config', 'acl'))); } $fields = array(DAO_WorkerRole::NAME => $name); if (empty($id)) { // create $id = DAO_WorkerRole::create($fields); } else { // edit DAO_WorkerRole::update($id, $fields); } // Update role roster DAO_WorkerRole::setRoleWorkers($id, $worker_ids); // Update role privs DAO_WorkerRole::setRolePrivileges($id, $acl_privs, true); DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config', 'acl'))); }