/** * Verifica se o usuario tem permissao para acessar uma url * @param url de acesso * @param conexao com banco de dados * @return efetuado ou rejeitado acesso a arquivo */ public static function check($url, connection_factory $conn) { $acl = new acl(); if (!$acl->has_access($url, $conn)) { die('<center><h2>Sem permissão para acessar esta página.</h2>' . '<a href="javascript:history.back(-1)">Voltar</a></center>'); } }
/** * 保存设定 */ public function action_save() { if ($this->isPost()) { $roleId = (int) $this->getQuery('role_id'); $this->acl->assign($roleId, $this->getPost('rule_id')); $this->request->redirect('/admin/acl/assign?role_id=' . $roleId . '&mod_name=' . $this->getQuery('mod_name')); } $this->auto_render = false; }
function post($message, $attachment = null) { // Check the ACL entries. Leaving out parameter 3 will cause the ACL // class to look up and open the current user. if (!acl::getAccess($this, 'post')) { // User doesn't have permission to post at all throw new AccessException("No access to post"); } // Check ACL entries for posting attachments. if ($attachment && !acl::getAccess($this, 'attach')) { // User doesn't have permission to attach stuff throw new AccessException("No access to attach"); } // All is well. Post the data }
/** * @brief Retrieve the effective access on the object * * If the subject is not specified, the current user will be used. * * @param IAclObject $object The object to for which the access is queried * @param IAclSubject $subject The subject whos access is being queried * @return Array The effective access for each of the roles */ static function getEffectiveAccess(IAclObject $object, IAclSubject $subject = null) { // If the subject is not specified, set it to the current user. if (!$subject) { $subject = user::getActiveUser(); } $am = acl::getAccessMatrix($object, $subject); $ar = end($am); return $ar['roles']; }
<?php /// Copyright (c) 2004-2016, Needlworks / Tatter Network Foundation /// All rights reserved. Licensed under the GPL. /// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT) $IV = array('POST' => array('email' => array('email'), 'name' => array('string', 'default' => ''), 'comment' => array('string', 'default' => ''), 'senderName' => array('string', 'default' => ''), 'senderEmail' => array('email'))); require ROOT . '/library/preprocessor.php'; requireStrictRoute(); if (!acl::check('group.owners')) { Respond::ResultPage(false); } $result = Blog::addUser($_POST['email'], $_POST['name'], $_POST['comment'], $_POST['senderName'], $_POST['senderEmail']); Respond::ResultPage($result);
* Installation: * 1 - Copy this file, cpconfig.php and classes/ folder in a public folder * 2 - Edit cpconfig.php and set correct values for your servers and user * 3 - Open this file with your browser */ include 'cpconfig.php'; // Edit this file to set the configuration include 'classes/tpl.php'; include 'classes/acl.php'; include 'classes/fields.php'; include 'classes/core.php'; include 'classes/history.php'; // start session session_start(); // check user $acl = new acl(); $acl->validate_user(); $acl->check_session(); $acl->check_logout(); // core functions $core = new core(); // general tpl class $tpl = new tpl(); // Setting credentials for curl commands if (isset($_GET['serverid']) and !empty($_GET['serverid'])) { $whmuser = $servers[$_GET['serverid']]['whmuser']; $ip_server = $servers[$_GET['serverid']]['ip_server']; $server = $servers[$_GET['serverid']]['server']; $hash = $servers[$_GET['serverid']]['hash']; } else { if (!isset($_POST['ajax'])) {
/** * @desc Check for suffient permissions * @param arr|int $vPermissions AclList or simple permissions int * @param int $iWhat Which permissions bit are involved * @param str $sUid uid to check * @param arr $aGid groups to check * @return bool success * @access private * @author Marc Groot Koerkamp */ function _checkPermission($vPermissions, $iWhat, $sUid, $aGid) { $bResult = true; if ($this->enable_acl) { // use tree defaults if uid/gid are not supplied if (!$sUid) { $sUid = $this->uid; } if (!count($aGid)) { $aGid = $this->gid; } $bResult = acl::checkaccess($vPermissions, $sUid, $aGid, $iWhat); } else { if ($vPermissions & $iWhat == $iWhat) { $bResult = true; } } return $bResult; }
<?php /** Account Form Index View */ if (!acl::may('/account/tax-form')) { radix_session::flash('fail', 'Access Denied'); radix::redirect(); } $_ENV['h1'] = $_ENV['title'] = array('Accounting', 'Tax Forms'); $res = radix_db_sql::fetchAll("select id,name from account_tax_form order by name"); echo '<p>Choose a Tax Form to Print!</p>'; echo '<ul>'; foreach ($res as $i => $f) { echo '<li><a href="' . radix::link('/account/tax-form/view?id=' . $f['id']) . '">' . $f['name'] . '</a></li>'; } echo '</ul>';
Radix::redirect(); } // Radix::dump($res); $_SESSION['uid'] = $res['id']; acl::permit('/index'); acl::permit('/dashboard'); acl::permit('/search'); acl::permit('/block*'); acl::permit('/email*'); acl::permit('/file*'); acl::permit('/note*'); acl::permit('/account*'); acl::permit('/contact*'); acl::permit('/invoice*'); acl::permit('/workorder*'); acl::permit('/settings*'); Session::flash('info', 'Sign In Successful'); // Redirect $ret = '/'; if (!empty($_SESSION['return-path'])) { $ret = $_SESSION['return-path']; unset($_SESSION['return-path']); } Radix::redirect($ret); break; } // $db = Zend_Registry::get('db'); // $ss = Zend_Registry::get('session'); // $this->view->title = 'Login'; // // $req = $this->getRequest();
/** * Construct Acl provider * @return \Directus\Acl */ private static function acl() { $acl = new acl(); $db = self::get('ZendDb'); $DirectusTablesTableGateway = new DirectusTablesTableGateway($acl, $db); $getTables = function () use($DirectusTablesTableGateway) { return $DirectusTablesTableGateway->select()->toArray(); }; $tableRecords = $DirectusTablesTableGateway->memcache->getOrCache(MemcacheProvider::getKeyDirectusTables(), $getTables, 1800); $magicOwnerColumnsByTable = []; foreach ($tableRecords as $tableRecord) { if (!empty($tableRecord['user_create_column'])) { $magicOwnerColumnsByTable[$tableRecord['table_name']] = $tableRecord['user_create_column']; } } $acl::$cms_owner_columns_by_table = $magicOwnerColumnsByTable; if (AuthProvider::loggedIn()) { $currentUser = AuthProvider::getUserInfo(); $Users = new DirectusUsersTableGateway($acl, $db); $cacheFn = function () use($currentUser, $Users) { return $Users->find($currentUser['id']); }; $cacheKey = MemcacheProvider::getKeyDirectusUserFind($currentUser['id']); $currentUser = $Users->memcache->getOrCache($cacheKey, $cacheFn, 10800); if ($currentUser) { $privilegesTable = new DirectusPrivilegesTableGateway($acl, $db); $acl->setGroupPrivileges($privilegesTable->getGroupPrivileges($currentUser['group'])); } } return $acl; }
<?php require_once dirname(__FILE__) . '/../setup.php'; require_once $BASE_DIR . 'core/web_diario.php'; require_once $BASE_DIR . 'core/login/acl.php'; $conn = new connection_factory($param_conn); // VERIFICA SE O USUARIO TEM DIREITO DE ACESSO $acl = new acl(); // @todo melhorar o retorno ao usuário usando um metódo de logout if (!$acl->has_role($sa_ref_pessoa, $PAPEIS_WEB_DIARIO, $conn)) { exit('<script language="javascript" type="text/javascript"> alert(\'Você não tem direito de acesso a estas informações!\'); window.history.back(1);</script>'); } // ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ // // @todo verificar se quem acessou possui pelo menos um diário ou coordena pelo menos um curso unset($_SESSION['conteudo']); unset($_SESSION['flag_falta']); $is_coordenador = FALSE; $is_professor = FALSE; // RECUPERA INFORMACOES SOBRE OS PERIODOS DO PROFESSOR $qry_periodo = 'SELECT DISTINCT o.ref_periodo,p.descricao FROM disciplinas_ofer o, disciplinas_ofer_prof dp, periodos p WHERE dp.ref_professor = ' . $sa_ref_pessoa . ' AND o.id = dp.ref_disciplina_ofer AND p.id = o.ref_periodo ORDER BY ref_periodo DESC LIMIT 1;'; $periodo = $conn->get_row($qry_periodo); if (count($periodo) > 0) { $_SESSION['web_diario_periodo_id'] = isset($_SESSION['web_diario_periodo_id']) ? $_SESSION['web_diario_periodo_id'] : $periodo['ref_periodo']; $is_professor = TRUE; } // ^ RECUPERA INFORMACOES SOBRE OS PERIODOS DO PROFESSOR ^ // // RECUPERA INFORMACOES SOBRE OS PERIODOS DO COORDENADOR $sql_coordena = 'SELECT DISTINCT o.ref_periodo,p.descricao FROM disciplinas_ofer o, periodos p WHERE o.ref_periodo = p.id AND o.ref_curso IN (SELECT DISTINCT ref_curso FROM coordenador WHERE ref_professor = ' . $sa_ref_pessoa . ') ORDER BY ref_periodo DESC LIMIT 1;'; $periodo_coordenacao = $conn->get_row($sql_coordena);
<?php // Turn on error reporting ini_set('display_errors', 'On'); error_reporting(E_ALL); require_once 'resources/db_connection.php'; require 'acl.php'; if (isset($_SESSION['id'])) { $acl = new acl(); $privilege = $acl->checkPrivilege($_SESSION['id'], 7); } else { header("Location: index.php"); } require 'layout/header.php'; ?> <body> <nav class="navbar navbar-inverse" data-spy="affix"> <div class="container-fluid"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#homeNavbar"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="#"> <?php //echo htmlentities($name); ?> </a> </div>
/** * @func checkAccess * @desc calculate if provided uid/gid has sufficient rights * @param arr $aAclList array with individual acl entries * @param str $sUid username * @param arr $aGid array with groups * @param int $iRights rights to check * @return bool sufficient rights * @access public * @author Marc Groot Koerkamp */ function checkAccess($aAclList, $sUid = '', $aGid = array(), $iRights) { $iMyRights = acl::effectiveRights($aAclList, $sUid, $aGid); return acl::suffRights($iMyRights, $iRights); }
$g['user']->add($_POST['username'], $_POST['password'], $_POST['fullname'], $_POST['email'], $_POST['role']); } } $roles = $g['user']->get_roles(); foreach ($roles as $i => $r) { if ($r == 'admin' || $r == 'member') { unset($roles[$i]); } } $g['smarty']->assign('roles', $roles); $g['template'] = 'form'; break; //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- case 'edit': if (!acl::has(__FILE__, $_GET['action'])) { break; } if (isset($_POST['submit'])) { $res = $g['user']->admin_edit($_GET['id'], $_POST['username'], $_POST['password'], $_POST['fullname'], $_POST['email'], $_POST['role'], $_POST['status']); if ($res['error']) { $g['error']->push($res['msg'], 'error'); } else { $g['error']->push('به درستی تغییر داده شد', 'info'); } } $user = $g['user']->get_one_by_id($_GET['id']); $g['smarty']->assign('user', $user['rows'][0]); $yegans = $g['user']->get_yegans($user['rows'][0]['id']); $g['smarty']->assign('yegans', $yegans['rows']); $roles = $g['user']->get_roles();
<?php require_once dirname(__FILE__) . '/setup.php'; require_once $BASE_DIR . 'core/login/acl.php'; $conn = new connection_factory($param_conn); // VERIFICA SE O USUARIO TEM DIREITO DE ACESSO $acl = new acl(); // @todo melhorar o retorno ao usuário usando um metódo de logout if (!$acl->has_role($sa_ref_pessoa, $PAPEIS_SA, $conn)) { exit('<script language="javascript" type="text/javascript"> alert(\'Você não tem direito de acesso a estas informações!\'); window.history.back(1);</script>'); } // ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ // ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>SA</title> <link href="../public/styles/style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript"> function iframeAutoHeight(quem){ if(navigator.appName.indexOf("Internet Explorer")>-1){ var func_temp = function(){ var val_temp = quem.contentWindow.document.body.scrollHeight + 30 quem.style.height = val_temp + "px"; } setTimeout(function() { func_temp() },100) //ie sucks }else { var val = quem.contentWindow.document.body.parentNode.offsetHeight + 30
<?php require_once dirname(__FILE__) . '/../setup.php'; require_once $BASE_DIR . 'core/login/acl.php'; require_once $BASE_DIR . 'core/date.php'; $conn = new connection_factory($param_conn); // VERIFICA SE O USUARIO TEM DIREITO DE ACESSO $acl = new acl(); $papeis = $acl->get_roles($sa_ref_pessoa, $conn); if (count(array_intersect($papeis, $PAPEIS_WEB_DIARIO)) == 0) { exit('<script language="javascript" type="text/javascript"> alert(\'Você não tem direito de acesso a estas informações!\'); window.history.back(1);</script>'); } // ^ VERIFICA SE O USUARIO TEM DIREITO DE ACESSO ^ / ?> <html> <head> <title><?php echo $IEnome; ?> - web diário</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" href="<?php echo $BASE_URL . 'public/styles/web_diario.css'; ?> " type="text/css"> <script type="text/javascript" src="<?php echo $BASE_URL . 'lib/prototype.js';
<?php /// Copyright (c) 2004-2016, Needlworks / Tatter Network Foundation /// All rights reserved. Licensed under the GPL. /// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT) $IV = array('POST' => array('useCustomSMTP' => array('bool', 'mandatory' => false), 'smtpHost' => array('ip'), 'smtpPort' => array('number', 'min' => '1', 'max' => '65535'))); require ROOT . '/library/preprocessor.php'; requireStrictRoute(); if (!acl::check('group.creators')) { Respond::ResultPage(false); } $result = setSmtpServer(empty($_POST['useCustomSMTP']) ? 0 : 1, $_POST['smtpHost'], $_POST['smtpPort']); Respond::ResultPage($result);
<?php require_once dirname(__FILE__) . "/../setup.php"; require_once dirname(__FILE__) . '/../../core/login/acl.php'; $conn = new connection_factory($param_conn); // Definindo as permissoes do usuario quanto ao arquivo $acl = new acl(); if (!$acl->has_access(__FILE__, $conn)) { exit('Você não tem permissão para acessar este formulário!'); } $id_usuario = $_GET["id_usuario"]; $sqlUsuario = ' SELECT u.id, u.nome, u.ativado, u.ref_pessoa, p.nome, s.nome_setor, c.nome_campus, u.ref_campus, u.ref_setor FROM usuario u, setor s, pessoas p, campus c WHERE s.id = u.ref_setor AND u.ref_pessoa = p.id AND c.id = u.ref_campus AND u.id = ' . $id_usuario; $RsUsuario = $conn->get_row($sqlUsuario); $setor = $conn->get_all('SELECT id, nome_setor FROM setor;');
public function testDenyNoPermissionException() { $this->setExpectedException('Pop\\Auth\\Exception'); $editor = Role::factory('editor'); $editor->addPermission('edit'); $page = Resource::factory('page'); $a = acl::factory($editor, $page); $a->deny('editor', 'page', 'read'); }