/**
* check admin permission
* if account id is not set, get it from admin cookie.
*
* @param string $page_name
* @param string $action
* @param integer $account_id
* @return boolean
*/
public static function checkAdminPermission($page_name = '', $action = '', $account_id = '')
{
if ($account_id == null) {
// account id is empty, get it from cookie.
$model_accounts = new \Model_Accounts();
$ca_account = $model_accounts->getAccountCookie('admin');
$account_id = isset($ca_account['account_id']) ? $ca_account['account_id'] : '0';
unset($ca_account, $model_accounts);
}
// check level or role's permission.
$permission_result = static::checkLevelPermission($page_name, $action, $account_id);
if ($permission_result === true) {
return true;
} else {
// level or role's permission return false. check user's permission.
return \Model_AccountPermission::checkAccountPermission($page_name, $action, $account_id);
}
}
public function action_save($account_id = '')
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_user_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// if account id not set
if (!is_numeric($account_id)) {
$cookie_account = \Model_Accounts::forge()->getAccountCookie('admin');
$account_id = 0;
if (isset($cookie_account['account_id'])) {
$account_id = $cookie_account['account_id'];
}
unset($cookie_account);
}
$output['account_id'] = $account_id;
// check target account
$account_check_result = $this->checkAccountData($account_id);
$output['account_check_result'] = is_object($account_check_result) || is_array($account_check_result) ? true : $account_check_result;
unset($account_check_result);
if ($output['account_check_result'] === true) {
// if form submitted
if (\Input::method() == 'POST') {
if (\Extension\NoCsrf::check()) {
$data['permission_core'] = (int) trim(\Input::post('permission_core'));
if ($data['permission_core'] != '1') {
$data['permission_core'] = '0';
}
$data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name')));
if ($data['module_system_name'] == null || $data['permission_core'] == '1') {
$data['module_system_name'] = null;
}
$data['account_id'] = \Input::post('account_id');
$data['permission_page'] = \Input::post('permission_page');
$data['permission_action'] = \Input::post('permission_action');
\Model_AccountPermission::savePermissions($account_id, $data);
// set success message
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
} else {
// nocsrf error, set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token')));
}
// endif nocsrf check
}
// endif form submitted
} else {
// failed to check account. set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => $output['account_check_result']));
}
// endif check account result.
// go back
\Response::redirect($redirect);
}
