/** * Unassigns a role-permission relation * * @param integer Id of the Role * @param integer Id of the Permission * @return boolean */ public function unassign($Role, $Permission) { $roles = new RoleManager($this->cfg); $roleId = $roles->returnId($Role); $permId = $this->returnId($Permission); $res = $this->dmap->unassign($roleId, $permId); return $res['success']; }
/** * @param $item * * @return bool */ protected function checkItemAccess($item) { if (isset($item["url"])) { if ($item["url"] != "#" && !isset($item["checkAccess"]) || !empty($item["checkAccess"])) { if (!RoleManager::checkAccessByUrl($item["url"])) { return false; } } } return true; }
<?php // Load configuration of the Galaxia Workflow Engine include_once dirname(__FILE__) . '/config.php'; include_once GALAXIA_LIBRARY . '/src/ProcessManager/ProcessManager.php'; include_once GALAXIA_LIBRARY . '/src/ProcessManager/InstanceManager.php'; include_once GALAXIA_LIBRARY . '/src/ProcessManager/RoleManager.php'; include_once GALAXIA_LIBRARY . '/src/ProcessManager/ActivityManager.php'; include_once GALAXIA_LIBRARY . '/src/ProcessManager/GraphViz.php'; /// $roleManager is the object that will be used to manipulate roles. $roleManager = new RoleManager(); /// $activityManager is the object that will be used to manipulate activities. $activityManager = new ActivityManager(); /// $processManager is the object that will be used to manipulate processes. $processManager = new ProcessManager(); /// $instanceManager is the object that will be used to manipulate instances. $instanceManager = new InstanceManager(); if (defined('GALAXIA_LOGFILE') && GALAXIA_LOGFILE) { include_once GALAXIA_LIBRARY . '/src/Observers/Logger.php'; $logger = new Logger(GALAXIA_LOGFILE); $processManager->attach_all($logger); $activityManager->attach_all($logger); $roleManager->attach_all($logger); }
/** * This function will ensure that the user who has submitted the form (and * hence is requesting that an event be triggered) is actually allowed to * do this request. * There are 2 action types, creation and editing. Creation is a simple yes/no * affair, whereas editing has three levels of permission, None, Own Entries * or All Entries: * - None: This user can't do process this event * - Own Entries: If the entry the user is trying to update is their own * determined by if the `entry_id` or, in the case of a SBL or * similar field, the `entry_id` of the linked entry matches the logged in * user's id, process the event. * - All Entries: The user can update any entry in Symphony. * If there are no Roles in this system, or the event is set to ignore permissions * (by including a function, `ignoreRolePermissions` that returns `true`, it will * immediately proceed to processing any of the Filters attached to the event * before returning. * * @uses EventPreSaveFilter * * @param array $context * @return null */ public function checkEventPermissions(array &$context) { // If this system has no Roles, or the event is set to ignore role permissions // continue straight to processing the Filters if (!FieldManager::isFieldUsed(extension_Members::getFieldType('role')) || method_exists($context['event'], 'ignoreRolePermissions') && $context['event']->ignoreRolePermissions() == true) { $this->__processEventFilters($context); return null; } // Prior to Symphony 2.2.2, the EventPreSaveFilter delegate doesn't // pass the `$entry_id`. This can cause an issue when an Event has the // `allow_multiple` filter set as we can't determine the correct `$entry_id` // This will check to see if the `$entry_id` is set, otherwise fallback // to the previous logic. This will mean that using `allow_multiple` will // not be compatible without Symphony 2.2.2 and Members 1.1 // @see https://github.com/symphonycms/members/issues/167 if (isset($context['entry_id']) && is_numeric($context['entry_id'])) { $entry_id = (int) $context['entry_id']; $action = 'edit'; } else { if (isset($_POST['id']) && !empty($_POST['id'])) { $entry_id = (int) $_POST['id']; $action = 'edit'; } else { $action = 'create'; $entry_id = 0; } } $required_level = $action == 'create' ? EventPermissions::CREATE : EventPermissions::ALL_ENTRIES; $role_id = Role::PUBLIC_ROLE; $isLoggedIn = $this->getMemberDriver()->isLoggedIn(); if ($isLoggedIn && $this->getMemberDriver()->initialiseMemberObject()) { if ($this->getMemberDriver()->getMember() instanceof Entry) { $required_level = EventPermissions::OWN_ENTRIES; $role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id')); $role_id = $role_data['role_id']; if ($action == 'edit' && method_exists($context['event'], 'getSource')) { $section_id = $context['event']->getSource(); $isOwner = false; // If the event is the same section as the Members section, then for `$isOwner` // to be true, the `$entry_id` must match the currently logged in user. if ($section_id == $this->getMemberDriver()->getMember()->get('section_id')) { // Check the logged in member is the same as the `entry_id` that is about to // be updated. If so the user is the Owner and can modify EventPermissions::OWN_ENTRIES $isOwner = $this->getMemberDriver()->getMemberID() == $entry_id; } else { $field_ids = array(); // Get the ID's of the fields that may be used for Linking (Username/Email) if (!is_null(extension_Members::getFieldHandle('identity'))) { $field_ids[] = extension_Members::getField('identity')->get('id'); } if (!is_null(extension_Members::getFieldHandle('email'))) { $field_ids[] = extension_Members::getField('email')->get('id'); } // Query for the `field_id` of any linking fields that link to the members // section AND to one of the linking fields (Username/Email) $fields = Symphony::Database()->fetchCol('child_section_field_id', sprintf("\n\t\t\t\t\t\t\t\t\tSELECT `child_section_field_id`\n\t\t\t\t\t\t\t\t\tFROM `tbl_sections_association`\n\t\t\t\t\t\t\t\t\tWHERE `parent_section_id` = %d\n\t\t\t\t\t\t\t\t\tAND `child_section_id` = %d\n\t\t\t\t\t\t\t\t\tAND `parent_section_field_id` IN ('%s')\n\t\t\t\t\t\t\t\t", $this->getMemberDriver()->getMember()->get('section_id'), $section_id, implode("','", $field_ids))); // If there was a link found, get the `relation_id`, which is the `member_id` of // an entry in the active Members section. if (!empty($fields)) { foreach ($fields as $field_id) { if ($isOwner === true) { break; } $field = FieldManager::fetch($field_id); if ($field instanceof Field) { // So we are trying to find all entries that have selected the Member entry // to determine ownership. This check will use the `fetchAssociatedEntryIDs` // function, which typically works backwards, by accepting the `entry_id` (in // this case, our logged in Member ID). This will return an array of all the // linked entries, so we then just check that the current entry that is going to // be updated is in that array $member_id = $field->fetchAssociatedEntryIDs($this->getMemberDriver()->getMemberID()); $isOwner = in_array($entry_id, $member_id); } } } } // User is not the owner, so they can edit EventPermissions::ALL_ENTRIES if ($isOwner === false) { $required_level = EventPermissions::ALL_ENTRIES; } } } } $role = RoleManager::fetch($role_id); $event_handle = strtolower(preg_replace('/^event/i', NULL, get_class($context['event']))); $success = false; if ($role) { $success = $role->canProcessEvent($event_handle, $action, $required_level) ? true : false; } $context['messages'][] = array('permission', $success, $success === false ? __('You are not authorised to perform this action.') : null); // Process the Filters for this event. $this->__processEventFilters($context); }
/** * This function will find a Role by it's handle. Should `$asObject` be * passed as true, this function will return a Role object, otherwise just * the `$role_id`. * * @param string $handle * @param boolean $asObject * @return integer|Role|null */ public static function fetchRoleIDByHandle($handle, $asObject = false) { $role_id = Symphony::Database()->fetchVar('id', 0, sprintf("\n\t\t\t\tSELECT `id` FROM `tbl_members_roles` WHERE `handle` = '%s' LIMIT 1", Symphony::Database()->cleanValue($handle))); if (!$role_id) { return null; } if (!$asObject) { return $role_id; } return RoleManager::fetch($role_id); }
private function sanitizeFields(&$fields) { if (!is_array($fields)) { return; } $actions = SE_PerMan::getControl('field')->getAllowedActions(); $levels = array(SE_Permissions::LEVEL_NONE, SE_Permissions::LEVEL_ALL); foreach ($fields as $fid => $data) { try { if (count($data) != 4) { throw new Exception('', 115); } if (!RoleManager::fetch($data['role_id']) instanceof Role) { throw new Exception('', 115); } foreach ($actions as $action) { if (!in_array($data[$action], $levels)) { throw new Exception('', 115); } } } catch (Exception $e) { if ($e->getCode() == 115) { unset($fields[$fid]); } } } }
public function groupRecords($records) { if (!is_array($records) || empty($records)) { return; } $groups = array($this->get('element_name') => array()); foreach ($records as $r) { $data = $r->getData($this->get('id')); $role_id = $this->getActivationRole($entry_id, $data['role_id']); if (!($role = RoleManager::fetch($role_id))) { continue; } if (!isset($groups[$this->get('element_name')][$role_id])) { $groups[$this->get('element_name')][$role_id] = array('attr' => array('id' => $role_id, 'handle' => $role->get('handle'), 'name' => General::sanitize($role->get('name'))), 'records' => array(), 'groups' => array()); } $groups[$this->get('element_name')][$role_id]['records'][] = $r; } return $groups; }
public function __actionDelete($role_id = null, $redirect = null, $purge_members = false) { if (array_key_exists('delete', $_POST['action'])) { if (!$role_id) { redirect(extension_Members::baseURL() . 'roles/'); } if ($role_id == Role::PUBLIC_ROLE) { return $this->pageAlert(__('The Public role cannot be removed'), Alert::ERROR); } if (!($existing = RoleManager::fetch($role_id))) { throw new SymphonyErrorPage(__('The role you requested to delete does not exist.'), __('Role not found')); } // @todo What should happen to any Members that had this Role? RoleManager::delete($role_id, $purge_members); if (!is_null($redirect)) { redirect($redirect); } } }
</div> </div> <div class="container text-right"> <a href='#' class="btn collapsed row" data-toggle="collapse" data-target="#logo"><i class="fa fa-caret-square-o-down"></i></a> </div> <div class="row collapse in" id="logo"> <div class="col-md-6"><img src="../images/yourLogo.png" alt="your logo"></div> <div class="col-md-6"><img class="pull-right" src="../images/bpmspace_icon-SQMS-right-200px-text.png" alt="BPMspace Logo Syllabus Question Managment System" width=80% height=80%></div> </div> </div> </br> <div class="clearfix"></div> <!--------------- MAIN MENU ---------> <?php include_once "inc/RequestHandler.inc.php"; $rm = new RoleManager(); /* $roleIDs = $rm->getRoleIDsByLIAMid($_SESSION['user_id']); // user_id = LIAM ID echo "LiamID: ".$_SESSION['user_id']."<br/>Roles: "; //var_dump($roleIDs); if ($roleIDs) echo implode(", ", $roleIDs); //var_dump($roles); //echo "Logged in as [Lastname: <b>".$_SESSION['lastname'].", UserID: ".$_SESSION['user_id'].", Roles: ".print_r($roles)."]</b><br/>"; */ ?> <div class="container"> <nav class="navbar navbar-light bg-faded"> <ul class="nav nav-tabs"> <?php if ($rm->isActUserAllowed("menu_dashboard")) { echo '<li><a title="Dashboard" href="#pagedashboard" data-toggle="tab"><i class="fa fa-tachometer"></i> Dashboard</a></li>';
<?php require_once 'initClass.php'; require_once 'init.php'; if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') { $JoueurManager = new JoueurManager($db); $Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant'])); $PermissionManager = new PermissionManager($db); $RoleManager = new RoleManager($db); $Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId())); if ($Privilege->hasPermission('rolePermission')) { if (isset($_POST) && count($_POST) > 0) { // Le traitement de l'insert if ($_POST['action'] == "ajouter") { // Test si un roleid est sélectionné if ($_POST['roleId'] != '') { // Suppression des enregistrements de la table de jointure $RoleManager->delete_permission_role($_POST['roleId']); // Insertion + verification du post permission id if (isset($_POST['permissionId']) && count($_POST['permissionId']) > 0) { $permissionIdCheckbox = $_POST['permissionId']; // Parcours de toute les permissions sélectionnés foreach ($permissionIdCheckbox as $key => $permissionId) { $RoleManager->insert_permission_role($_POST['roleId'], $permissionId); } // Pour que les options soit décoché après avoir fait un insert $_SESSION['listePermissionSelected'] = ''; $_SESSION['roleIdSelected'] = '';
<?php if (!isset($_SESSION)) { session_start(); } require_once 'initClass.php'; require_once 'init.php'; if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') { $JoueurManager = new JoueurManager($db); $RoleManager = new RoleManager($db); $Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant'])); $Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId())); if ($Privilege->hasPermission('role')) { if (isset($_POST['action']) && $_POST['action'] == "ajouter") { $insert = true; // Si un champ n'a pas été saisie par l'utisateur foreach ($_POST as $key => $value) { if ($value == '') { $insert = false; } } // Si champs complets, insertion en base de donnée if ($insert) { $role = new Role($_POST); $RoleManager->insert($role); } } // Liste des joueurs $listeJoueur = $JoueurManager->getAll(); // Contruction d'une variable selectJoueurs au format d'un optiongroup $selectJoueurs = array();
/** * Determine current member role ID. * * @return int */ private final function memberDetermineRoleId() { $driver = $this->memberGetDriver(); // not logged in? if (!$driver->isLoggedIn()) { return $this->memberGetDefaultRoleId(); } /** @var $member Entry */ $member = $driver->getMember(); $role_data = $member->getData(extension_Members::getField('role')->get('id')); $role = RoleManager::fetch($role_data['role_id']); // role doesn't exist? if (!$role instanceof Role) { return $this->memberGetDefaultRoleId(); } return (int) $role_data['role_id']; }
<?php if (!isset($_SESSION)) { session_start(); } require_once 'initClass.php'; require_once 'init.php'; if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') { $JoueurManager = new JoueurManager($db); $Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant'])); $RoleManager = new RoleManager($db); $Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId())); if ($Privilege->hasPermission('roleJoueur')) { if (isset($_POST) && count($_POST) > 0) { // Le traitement de l'insert if ($_POST['action'] == "ajouter") { $insert = true; // Si un champ n'a pas été saisie par l'utisateur foreach ($_POST as $key => $value) { if ($value == '') { $insert = false; } } if ($insert) { $joueurPost = $JoueurManager->login($_POST['login']); if ($joueurPost) { // Instance du joueur saisie par le formulaire $joueurPost = new Joueur($joueurPost); // Suppresion du joueur de son groupe précédent $RoleManager->delete_joueur_role($joueurPost->getId()); // Insertion table de liaison
function new_process_version($pId, $minor = true) { $oldpid = $pId; $proc_info = $this->get_process($pId); $name = $proc_info['name']; if (!$proc_info) { return false; } // Now update the version $version = $this->_new_version($proc_info['version'], $minor); while ($this->getOne("select count(*) from `" . GALAXIA_TABLE_PREFIX . "processes` where `name`=? and `version`=?", array($name, $version))) { $version = $this->_new_version($version, $minor); } // Make new versions unactive $proc_info['version'] = $version; $proc_info['isActive'] = 'n'; // create a new process, but don't create start/end activities $pid = $this->replace_process(0, $proc_info, false); // And here copy all the activities & so $am = new ActivityManager($this->db); $query = "select * from `" . GALAXIA_TABLE_PREFIX . "activities` where `pId`=?"; $result = $this->query($query, array($oldpid)); $newaid = array(); while ($res = $result->fetchRow()) { $oldaid = $res['activityId']; $newaid[$oldaid] = $am->replace_activity($pid, 0, $res); } // create transitions $query = "select * from `" . GALAXIA_TABLE_PREFIX . "transitions` where `pId`=?"; $result = $this->query($query, array($oldpid)); while ($res = $result->fetchRow()) { if (empty($newaid[$res['actFromId']]) || empty($newaid[$res['actToId']])) { continue; } $am->add_transition($pid, $newaid[$res['actFromId']], $newaid[$res['actToId']]); } // create roles $rm = new RoleManager($this->db); $query = "select * from `" . GALAXIA_TABLE_PREFIX . "roles` where `pId`=?"; $result = $this->query($query, array($oldpid)); $newrid = array(); while ($res = $result->fetchRow()) { if (!$rm->role_name_exists($pid, $res['name'])) { $rid = $rm->replace_role($pid, 0, $res); } else { $rid = $rm->get_role_id($pid, $res['name']); } $newrid[$res['roleId']] = $rid; } // map users to roles if (count($newrid) > 0) { $query = "select * from `" . GALAXIA_TABLE_PREFIX . "user_roles` where `pId`=?"; $result = $this->query($query, array($oldpid)); while ($res = $result->fetchRow()) { if (empty($newrid[$res['roleId']])) { continue; } $rm->map_user_to_role($pid, $res['user'], $newrid[$res['roleId']]); } } // add roles to activities if (count($newaid) > 0 && count($newrid) > 0) { foreach ($newaid as $ne) { $q[] = '?'; } $query = "select * from `" . GALAXIA_TABLE_PREFIX . "activity_roles` where `activityId` in (" . join(',', $q) . ")"; $result = $this->query($query, array_keys($newaid)); while ($res = $result->fetchRow()) { if (empty($newaid[$res['activityId']]) || empty($newrid[$res['roleId']])) { continue; } $am->add_activity_role($newaid[$res['activityId']], $newrid[$res['roleId']]); } } //Now since we are copying a process we should copy //the old directory structure to the new directory $oldname = $proc_info['normalized_name']; $newname = $this->_get_normalized_name($pid); $this->_rec_copy(GALAXIA_PROCESSES . "/{$oldname}", GALAXIA_PROCESSES . "/{$newname}"); // create a graph for the new process $am->build_process_graph($pid); return $pid; }
function remove_process($p_id) { $this->deactivate_process($p_id); $name = $this->_get_normalized_name($p_id); // Remove process activities $aM = new ActivityManager(); $query = "select `activity_id` from `" . GALAXIA_TABLE_PREFIX . "activities` where `p_id`=?"; $result = $this->mDb->query($query, array($p_id)); while ($res = $result->fetchRow()) { $aM->remove_activity($p_id, $res['activity_id']); } // Remove process roles $rM = new RoleManager(); $query = "select `role_id` from `" . GALAXIA_TABLE_PREFIX . "roles` where `p_id`=?"; $result = $this->mDb->query($query, array($p_id)); while ($res = $result->fetchRow()) { $rM->remove_role($p_id, $res['role_id']); } $query = "delete from `" . GALAXIA_TABLE_PREFIX . "instances` where `p_id`=?"; $this->mDb->query($query, array($p_id)); // Remove the directory structure if (!empty($name) && is_dir(GALAXIA_PROCESSES . "/{$name}")) { $this->_remove_directory(GALAXIA_PROCESSES . "/{$name}", true); } if (GALAXIA_TEMPLATES && !empty($name) && is_dir(GALAXIA_TEMPLATES . "/{$name}")) { $this->_remove_directory(GALAXIA_TEMPLATES . "/{$name}", true); } // And finally remove the proc $query = "delete from `" . GALAXIA_TABLE_PREFIX . "processes` where `p_id`={$p_id}"; $this->mDb->query($query); $msg = sprintf(tra('Process %s removed'), $name); $this->notify_all(5, $msg); return true; }
public function addMemberDetailsToPageParams(array $context = null) { if (!$this->isLoggedIn()) { return; } $this->initialiseMemberObject(); $context['params']['member-id'] = $this->getMemberID(); if (!is_null(extension_Members::getFieldHandle('role'))) { $role_data = $this->getMember()->getData(extension_Members::getField('role')->get('id')); $role = RoleManager::fetch($role_data['role_id']); if ($role instanceof Role) { $context['params']['member-role'] = $role->get('name'); } } if (!is_null(extension_Members::getFieldHandle('activation'))) { if ($this->getMember()->getData(extension_Members::getField('activation')->get('id'), true)->activated != "yes") { $context['params']['member-activated'] = 'no'; } } }
<?php session_start(); require_once 'includes/RoleManager.php'; require_once 'includes/ADAO.php'; require_once 'includes/UserFunctions.php'; $roleAssigned = new RoleManager($_SESSION['role']); $roleAssigned->getAvailableMenu(); $menuName = $roleAssigned->getMenuName(); $menuUrl = $roleAssigned->getMenuUrl(); $res = ADAO::getUsersListApproval(); //include('authen.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin-Home</title> <link href="css/style.css" type="text/css" rel="stylesheet" media="screen" /> <link rel="stylesheet" type="text/css" href="chrometheme/chromestyle.css" /> <script type="text/javascript" src="js/chrome.js"></script> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $(".edit_link").click(function(){ var id=$(this).attr("id"); $("#name_"+id).hide(); $("#username_"+id).hide();
public function displaySettingsPanel(XMLElement &$wrapper, $errors = NULL) { Field::displaySettingsPanel($wrapper, $errors); $group = new XMLElement('div'); $group->setAttribute('class', 'two columns'); // Add Activiation Code Expiry $div = new XMLElement('div'); $div->setAttribute('class', 'column'); $label = Widget::Label(__('Activation Code Expiry')); $label->appendChild(new XMLElement('i', __('How long a member\'s activation code will be valid for before it expires'))); $label->appendChild(Widget::Input("fields[{$this->get('sortorder')}][code_expiry]", $this->get('code_expiry'))); $ul = new XMLElement('ul', NULL, array('class' => 'tags singular')); $tags = fieldMemberActivation::findCodeExpiry(); foreach ($tags as $name => $time) { $ul->appendChild(new XMLElement('li', $name, array('class' => $time))); } $div->appendChild($label); $div->appendChild($ul); if (isset($errors['code_expiry'])) { $div = Widget::Error($div, $errors['code_expiry']); } // Get Roles in system $roles = RoleManager::fetch(); $options = array(); if (is_array($roles) && !empty($roles)) { foreach ($roles as $role) { $options[] = array($role->get('id'), $this->get('activation_role_id') == $role->get('id'), $role->get('name')); } } $label = new XMlElement('label', __('Role for Members who are awaiting activation')); $label->setAttribute('class', 'column'); $label->appendChild(Widget::Select("fields[{$this->get('sortorder')}][activation_role_id]", $options)); $group->appendChild($label); // Add Group $group->appendChild($div); $wrapper->appendChild($group); $div = new XMLElement('div', null, array('class' => 'two columns')); // Add Deny Login $div->appendChild(Widget::Input("fields[{$this->get('sortorder')}][deny_login]", 'no', 'hidden')); $label = Widget::Label(); $label->setAttribute('class', 'column'); $input = Widget::Input("fields[{$this->get('sortorder')}][deny_login]", 'yes', 'checkbox'); if ($this->get('deny_login') == 'yes') { $input->setAttribute('checked', 'checked'); } $label->setValue(__('%s Prevent unactivated members from logging in', array($input->generate()))); $div->appendChild($label); // Add Show Column $this->appendShowColumnCheckbox($div); $wrapper->appendChild($div); }