/** * Initializes the internal kajona session * @return void */ public function initInternalSession() { $arrTables = $this->objDB->getTables(); if (!in_array(_dbprefix_ . "session", $arrTables) || class_module_system_setting::getConfigValue("_guests_group_id_") === null) { return; } $this->bitLazyLoaded = true; if ($this->getSession("KAJONA_INTERNAL_SESSID") !== false) { $this->objInternalSession = class_module_system_session::getSessionById($this->getSession("KAJONA_INTERNAL_SESSID")); if ($this->objInternalSession != null && $this->objInternalSession->isSessionValid()) { $this->objInternalSession->setIntReleasetime(time() + (int) class_module_system_setting::getConfigValue("_system_release_time_")); $this->objInternalSession->setStrLasturl(getServer("QUERY_STRING")); } else { $this->objInternalSession = null; } if ($this->objInternalSession != null) { return; } } //try to load the matching groups $strGroups = class_module_system_setting::getConfigValue("_guests_group_id_"); if (validateSystemid($this->getUserID())) { $this->objUser = new class_module_user_user($this->getUserID()); $strGroups = implode(",", $this->objUser->getArrGroupIds()); } $objSession = new class_module_system_session(); $objSession->setStrPHPSessionId($this->getSessionId()); $objSession->setStrUserid($this->getUserID()); $objSession->setStrGroupids($strGroups); $objSession->setIntReleasetime(time() + (int) class_module_system_setting::getConfigValue("_system_release_time_")); $objSession->setStrLasturl(getServer("QUERY_STRING")); $objSession->setSystemid(generateSystemid()); //this update is removed. the internal session validates on destruct, if an update or an insert is required //$objSession->updateObjectToDb(); $this->setSession("KAJONA_INTERNAL_SESSID", $objSession->getSystemid()); $this->objInternalSession = $objSession; }
/** * Checks if a given user-id is granted the passed permission for the passed systemid. * * @param string $strUserid * @param string $strPermission * @param string $strSystemid * * @return bool */ public function checkPermissionForUserId($strUserid, $strPermission, $strSystemid) { if ($strSystemid == "") { return false; } if ($this->bitTestMode) { return true; } $arrGroupIds = array(); if (validateSystemid($strUserid)) { if ($strUserid == $this->objSession->getUserID()) { $arrGroupIds = $this->objSession->getGroupIdsAsArray(); } else { $objUser = new class_module_user_user($strUserid); $arrGroupIds = $objUser->getArrGroupIds(); } } else { if (validateSystemid($this->objSession->getUserID())) { $arrGroupIds = $this->objSession->getGroupIdsAsArray(); } else { $arrGroupIds[] = class_module_system_setting::getConfigValue("_guests_group_id_"); } } foreach ($arrGroupIds as $strOneGroupId) { if ($this->checkPermissionForGroup($strOneGroupId, $strPermission, $strSystemid)) { return true; } } return false; }
/** * Saves the memberships passed by param * * @return string "" in case of success * @permissions edit */ protected function actionSaveMembership() { $objUser = new class_module_user_user($this->getSystemid()); $objUsersources = new class_module_user_sourcefactory(); $objSourcesytem = $objUsersources->getUsersource($objUser->getStrSubsystem()); $arrGroups = $objSourcesytem->getAllGroupIds(); $arrUserGroups = $objUser->getArrGroupIds(); //validate possible blocked groups $objConfig = class_config::getInstance("blockedgroups.php"); $arrBlockedGroups = explode(",", $objConfig->getConfig("blockedgroups")); //Searching for groups to enter foreach ($arrGroups as $strSingleGroup) { $objGroup = new class_module_user_group($strSingleGroup); //skipped for blocked groups, those won't be updated if (!$this->isGroupEditable($objGroup)) { continue; } if ($this->getParam($strSingleGroup) != "") { //add the user to this group if (!in_array($strSingleGroup, $arrUserGroups)) { $objGroup->getObjSourceGroup()->addMember($objUser->getObjSourceUser()); } else { //user is already in the group, remove the marker foreach ($arrUserGroups as $strKey => $strValue) { if ($strValue == $strSingleGroup) { $arrUserGroups[$strKey] = null; } } } } } //check, if the current user is member of the admin-group. //if not, remain the admin-group as-is if (!class_carrier::getInstance()->getObjSession()->isSuperAdmin()) { $intKey = array_search(class_module_system_setting::getConfigValue("_admins_group_id_"), $arrUserGroups); if ($intKey !== false) { $arrUserGroups[$intKey] = null; } foreach ($arrBlockedGroups as $strOneGroup) { $intKey = array_search($strOneGroup, $arrUserGroups); if ($intKey !== false) { $arrUserGroups[$intKey] = null; } } } //loop the users' list in order to remove unwanted relations foreach ($arrUserGroups as $strValue) { if (validateSystemid($strValue)) { $objGroup = new class_module_user_group($strValue); $objGroup->getObjSourceGroup()->removeMember($objUser->getObjSourceUser()); } } if ($this->getParam("folderview")) { $this->adminReload(class_link::getLinkAdminHref($this->getArrModule("modul"), "list", "&peClose=1&blockAction=1")); } else { $this->adminReload(class_link::getLinkAdminHref($this->getArrModule("modul"), "list")); } }