/**
* Checks if user has access to specific area (for example admin or agency area)
* Permissions are defined in www/admin/lib-permissions.inc.php file
*
* @access public
*
* @param integer $permissions
* @param string $table Table name
* @param integer $id Id (or empty if new is created)
* @param unknown $allowed check allowed
* @param OA_Permission Does the current call require only a subset of the permissions?
* If set to null, equivalent to asking permission to do everything on the object
*
* @return boolean True if has access
*/
function checkPermissions($permissions, $table = '', $id = null, $allowed = null, $operationAccessType = OA_Permission::OPERATION_ALL)
{
$isError = false;
if (isset($permissions) && !OA_Permission::isAccount($permissions)) {
if (!OA_Permission::attemptToSwitchToAccount($permissions)) {
$isError = true;
}
}
// Should this check also be part of checkPermissions?
if (!empty($id) && !$this->checkIdExistence($table, $id)) {
return false;
}
if (isset($id) && !OA_Permission::hasAccessToObject($table, $id, $operationAccessType)) {
if (!OA_Permission::attemptToSwitchForAccess($table, $id)) {
$isError = true;
}
}
if (isset($allowed)) {
if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) {
$isError = true;
}
}
if ($isError) {
$this->raiseError('Access forbidden');
return false;
} else {
// Set system timezone and return
OA_setTimeZoneLocal();
return true;
}
}
/**
* Checks if user has access to specific area (for example admin or agency area)
* Permissions are defined in www/admin/lib-permissions.inc.php file
*
* @access public
*
* @param integer $permissions
* @param string $table Table name
* @param integer $id Id (or empty if new is created)
* @param unknown $allowed check allowed
*
* @return boolean True if has access
*/
function checkPermissions($permissions, $table = '', $id = null, $allowed = null)
{
$isError = false;
if (isset($permissions) && !OA_Permission::isAccount($permissions)) {
if (!OA_Permission::attemptToSwitchToAccount($permissions)) {
$isError = true;
}
}
if (!empty($id) && !$this->checkIdExistence($table, $id)) {
return false;
}
if (isset($id) && !OA_Permission::hasAccessToObject($table, $id)) {
if (!OA_Permission::attemptToSwitchForAccess($table, $id)) {
$isError = true;
}
}
if (isset($allowed)) {
if (OA_Permission::isAccount(OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER) && !OA_Permission::hasPermission($allowed)) {
$isError = true;
}
}
if ($isError) {
$this->raiseError('Access forbidden');
return false;
} else {
return true;
}
}
/**
* A method to show an error if the currently active account of an user
* doesn't match
*
* This function takes either an array as the first parameter or
* a variable number of parameters
*
* @static
* @param string $accountType user type
*/
function enforceAccount($accountType)
{
$aArgs = is_array($accountType) ? $accountType : func_get_args();
$isAccount = OA_Permission::isAccount($aArgs);
if (!$isAccount) {
OA_Permission::redirectIfManualAccountSwitch();
$isAccount = OA_Permission::attemptToSwitchToAccount($aArgs);
}
OA_Permission::enforceTrue($isAccount);
}
