/** * Checks if user has access to specific area (for example admin or agency area) * Permissions are defined in www/admin/lib-permissions.inc.php file * * @access public * * @param integer $permissions * @param string $table Table name * @param integer $id Id (or empty if new is created) * @param unknown $allowed check allowed * @param OA_Permission Does the current call require only a subset of the permissions? * If set to null, equivalent to asking permission to do everything on the object * * @return boolean True if has access */ function checkPermissions($permissions, $table = '', $id = null, $allowed = null, $operationAccessType = OA_Permission::OPERATION_ALL) { $isError = false; if (isset($permissions) && !OA_Permission::isAccount($permissions)) { if (!OA_Permission::attemptToSwitchToAccount($permissions)) { $isError = true; } } // Should this check also be part of checkPermissions? if (!empty($id) && !$this->checkIdExistence($table, $id)) { return false; } if (isset($id) && !OA_Permission::hasAccessToObject($table, $id, $operationAccessType)) { if (!OA_Permission::attemptToSwitchForAccess($table, $id)) { $isError = true; } } if (isset($allowed)) { if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) { $isError = true; } } if ($isError) { $this->raiseError('Access forbidden'); return false; } else { // Set system timezone and return OA_setTimeZoneLocal(); return true; } }
/** * Checks if user has access to specific area (for example admin or agency area) * Permissions are defined in www/admin/lib-permissions.inc.php file * * @access public * * @param integer $permissions * @param string $table Table name * @param integer $id Id (or empty if new is created) * @param unknown $allowed check allowed * * @return boolean True if has access */ function checkPermissions($permissions, $table = '', $id = null, $allowed = null) { $isError = false; if (isset($permissions) && !OA_Permission::isAccount($permissions)) { if (!OA_Permission::attemptToSwitchToAccount($permissions)) { $isError = true; } } if (!empty($id) && !$this->checkIdExistence($table, $id)) { return false; } if (isset($id) && !OA_Permission::hasAccessToObject($table, $id)) { if (!OA_Permission::attemptToSwitchForAccess($table, $id)) { $isError = true; } } if (isset($allowed)) { if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) { $isError = true; } } if ($isError) { $this->raiseError('Access forbidden'); return false; } else { return true; } }
/** * A method to show an error if the current user/account doesn't have access * to the specified DB_DataObject (defined by table name and entity ID). * * @static * @param string $entityTable The name of the table. * @param integer $entityId Optional entity ID -- when set, tests if the current * account has access to the enity, when not set, tests * if the current account can create a new entity in the * table. * @param boolean $allowNewEntity Allow creation of a new entity, defaults to false. */ function enforceAccessToObject($entityTable, $entityId = null, $allowNewEntity = false) { if (!$allowNewEntity) { OA_Permission::enforceTrue(!empty($entityId)); } // Verify that the ID is numeric OA_Permission::enforceTrue(preg_match('/^\\d*$/D', $entityId)); $entityId = (int) $entityId; $hasAccess = OA_Permission::hasAccessToObject($entityTable, $entityId); if (!$hasAccess) { if (!OA_Permission::isManualAccountSwitch()) { if (OA_Permission::isUserLinkedToAdmin()) { // Check object existence OA_Permission::enforceTrue(OA_Permission::getAccountIdForEntity($entityTable, $entityId)); } // if has access switch to the manager account that owns this object if ($hasAccess) { if (OA_Permission::switchToManagerAccount($entityTable, $entityId)) { // Now that the admin user is working with the manager // account that owns the object, show to him the page. $url = $_SERVER['REQUEST_URI']; header("Location: {$url}"); exit; } else { // If is not possible to switch redirect the admin to his home page OX_Admin_Redirect::redirect(); } } } } if (!$hasAccess) { OA_Permission::redirectIfManualAccountSwitch(); $hasAccess = OA_Permission::attemptToSwitchForAccess($entityTable, $entityId); } OA_Permission::enforceTrue($hasAccess); }