/**
  * Determines whether or not the current user has access to the specified media work.  If no username is provided, this function defaults to the currently-loggin-in username.
  *
  * @param string $username
  * @return boolean user has access
  */
 public function user_has_access_to_media($username = '')
 {
     // First, get the restricted group--if one exists
     $es = new entity_selector();
     $es->add_type(id_of('group_type'));
     $es->add_right_relationship($this->media_work->id(), relationship_id_of('av_restricted_to_group'));
     $group = current($es->run_one());
     if (!empty($group)) {
         $gh = new group_helper();
         $gh->set_group_by_id($group->id());
         if ($gh->requires_login()) {
             if (!$username) {
                 $username = reason_check_authentication();
             }
             if ($username) {
                 if (!$gh->is_username_member_of_group($username)) {
                     return false;
                 }
             } else {
                 return false;
             }
         }
     }
     return true;
     // Return true if the user has access to view media work
 }
 /**
  * Run the group tester
  * 
  * @return void
  */
 function run()
 {
     echo '<p>Use this form to see if a particular username will be part of this group</p>' . "\n";
     $tester = new Disco();
     $tester->init(true);
     $tester->add_element('username_to_check', 'text', array('display_name' => ' '));
     $tester->actions = array('test' => 'Test this username');
     $tester->run();
     if (!empty($this->admin_page->request['username_to_check'])) {
         $username = $this->admin_page->request['username_to_check'];
         $gh = new group_helper();
         $gh->set_group_by_entity($this->group);
         if ($gh->is_username_member_of_group($username)) {
             echo '<p><strong>Yes</strong>, ' . $username . ' is a member of this group.</p>' . "\n";
         } else {
             echo '<p><strong>No</strong>, ' . $username . ' is not a member of this group.</p>' . "\n";
         }
     }
     echo '<p><a href="' . $this->admin_page->make_link(array('cur_module' => 'Editor', 'mode' => '')) . '">Return to editing the group</a>';
 }
/**
 * Checks whether the given user is a member of the given group.
 * @param string $username the username of the user whose group membership is
 *        in question
 * @param int|object $group a group entity or the ID of a group entity
 * @return boolean true if the user was determined to be a member of the group;
 *         false if otherwise
 * @since Reason 4.0 beta 8
 */
function reason_user_is_in_group($username, $group)
{	
	static $error_prefix = "cannot check if user is a member of a group:";	
	if (!$username)
	{
		return false;
		trigger_error("$error_prefix a username was not provided");
	}
	elseif (!$group || (!is_object($group) && !is_numeric($group)))	
	{
		trigger_error("$error_prefix an integer (group id) or entity was not provided");
		return false;
	}
	else
	{
		$group_entity = is_object($group) ? $group : new entity($group);
		if (reason_is_entity($group_entity, 'group_type'))
		{
			$helper = new group_helper();
			$helper->set_group_by_entity($group_entity);
			return $helper->is_username_member_of_group($username);
		}
		else
		{
			trigger_error("$error_prefix a valid group entity was not provided");
			return false;
		}
	}
}
示例#4
0
		/**
		*  Instantiates a group helper for the group that represents users who can post news items to this publication.
		*  @return entity the group helper for users who can post to this publication
		*/
		function get_post_group_helper()
		{
			reason_include_once( 'classes/group_helper.php' );
			
			$group = $this->get_post_group();
			$post_group_helper = new group_helper();
			$post_group_helper->set_group_by_entity($group);
			return $post_group_helper;
		}
示例#5
0
		protected function _get_access_group_helper($policy)
		{
			$rel = relationship_id_of('policy_to_access_group');
			if(!$rel)
				return null;
			$es = new entity_selector();
			$es->add_type(id_of('group_type'));
			$es->add_right_relationship($policy->id(), relationship_id_of('policy_to_access_group'));
			$es->set_num(1);
			$groups = $es->run_one();
			if(empty($groups))
				return null;
			$group = current($groups);
			$gh = new group_helper();
			$gh->set_group_by_entity($group);
			return $gh;
		}
示例#6
0
 /**
  * determines whether or not authentication is necessary for a particular asset
  * and whether the current user is a member of the group that has access
  * @return boolean true if the user has access
  */
 function access_allowed()
 {
     $es = new entity_selector();
     $es->add_right_relationship($this->asset->id(), relationship_id_of('asset_access_permissions_to_group'));
     $es->add_type(id_of('group_type'));
     $es->set_num(1);
     $groups = $es->run_one();
     if (empty($groups)) {
         return true;
     }
     $group = current($groups);
     $gh = new group_helper();
     $gh->set_group_by_entity($group);
     $access = $gh->is_username_member_of_group("") ? true : $gh->is_username_member_of_group($this->get_username());
     // else discover and check username
     if ($access === NULL) {
         reason_require_authentication('login_to_access_file');
         die;
     }
     return $access;
     // true or false
 }
示例#7
0
 function run($send_header = true)
 {
     $this->get_site_id();
     if ($page = $this->_get_page()) {
         if ($groups = $this->get_page_restriction_groups($page, $this->site)) {
             foreach ($groups as $group) {
                 $gh = new group_helper();
                 $gh->set_group_by_entity($group);
                 if ($gh->requires_login()) {
                     $username = reason_require_http_authentication();
                     if (!$gh->is_username_member_of_group($username)) {
                         $this->_send_unauthorized_output($send_header);
                         die;
                     }
                 }
             }
         }
     } else {
         $pages = $this->get_sitewide_media_pages($this->site);
         if (!empty($pages)) {
             $restricted_pages = array();
             $page_group_helpers = array();
             foreach ($pages as $page) {
                 if ($groups = $this->get_page_restriction_groups($page, $this->site)) {
                     foreach ($groups as $group) {
                         $gh = new group_helper();
                         $gh->set_group_by_entity($group);
                         if ($gh->requires_login()) {
                             $restricted_pages[$page->id()] = $page;
                             if (!isset($page_group_helpers[$page->id()])) {
                                 $page_group_helpers[$page->id()] = array();
                             }
                             $page_group_helpers[$page->id()][] = $gh;
                         }
                     }
                 }
             }
             if (count($restricted_pages) >= count($pages)) {
                 $username = reason_require_http_authentication();
                 $access_ok = false;
                 foreach ($restricted_pages as $page) {
                     $is_member = true;
                     foreach ($page_group_helpers[$page->id()] as $gh) {
                         if (!$gh->is_username_member_of_group($username)) {
                             $is_member = false;
                             break;
                         }
                     }
                     if ($is_member) {
                         $access_ok = true;
                         break;
                     }
                 }
                 if (!$access_ok) {
                     $this->_send_unauthorized_output($send_header);
                     die;
                 }
             }
         } else {
             $this->_send_unauthorized_output($send_header);
             die;
         }
     }
     parent::run($send_header);
 }
示例#8
0
	function _user_is_in_viewing_group()
	{
		if ($group =& $this->_get_group('form_to_authorized_viewing_group'))
		{
			$netid = $this->get_user_netid();
			$gh = new group_helper();
			$gh->set_group_by_entity($group);
			return $gh->has_authorization($netid);
		}
		else return true;
	}
示例#9
0
 /**
  * Determine if a given user has access to all of a set of assets
  *
  * @param array $access
  * @param string $username
  * @return boolean
  */
 function _has_access($assets, $username)
 {
     if (!is_array($assets)) {
         $assets = array($assets->id() => $assets);
     }
     if (!empty($assets)) {
         $es = new entity_selector();
         $es->add_right_relationship(array_keys($assets), relationship_id_of('asset_access_permissions_to_group'));
         $es->add_type(id_of('group_type'));
         $es->set_env('site', $this->site_id);
         $groups = $es->run_one();
         //pray($groups);
         //die();
         foreach ($groups as $group_id => $group) {
             $gh = new group_helper();
             $gh->set_group_by_entity($group);
             if (!$gh->has_authorization($username)) {
                 return false;
             }
         }
     }
     return true;
 }
示例#10
0
 /**
  * Get access information about whether the current user can access a given image at its original size
  * @return string 'no_group', 'authentication_required', 'ok', or 'not_authorized'
  */
 function current_user_original_size_access($item)
 {
     if (empty($this->params['original_size_access_group'])) {
         return 'no_group';
     }
     if (!($group_id = id_of($this->params['original_size_access_group']))) {
         trigger_error('Access group unique name parameter given in page type not a Reason entity.');
         return 'no_group';
     }
     $group = new entity($group_id);
     if ($group->get_value('type') != id_of('group_type')) {
         trigger_error('Access group unique name does not belong to a valid Reason group.');
         return 'no_group';
     }
     $helper = new group_helper();
     $helper->set_group_by_entity($group);
     $result = $helper->is_username_member_of_group(reason_check_authentication());
     if (null === $result) {
         return 'authentication_required';
     } elseif (true === $result) {
         return 'ok';
     } else {
         return 'not_authorized';
     }
 }