public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException('Access denied.'); } $app_id = waRequest::post('app_id'); $name = waRequest::post('name'); $value = (int) waRequest::post('value'); $contact_id = waRequest::get('id'); $has_backend_access_old = $this->hasBackendAccess($contact_id); if (!$name && !$value) { $values = waRequest::post('app'); if (!is_array($values)) { throw new waException('Bad values for access rights.'); } } else { $values = array($name => $value); } $right_model = new waContactRightsModel(); $is_admin = $right_model->get($contact_id, 'webasyst', 'backend', false); if ($is_admin && $app_id != 'webasyst') { throw new waException('Cannot change application rights for global admin.'); } // If $contact_id used to have limited access and we're changing global admin privileges, // then need to notify all applications to remove their custom access records. if (!$is_admin && $app_id == 'webasyst' && $name == 'backend') { foreach (wa()->getApps() as $aid => $app) { try { if (isset($app['rights']) && $app['rights']) { $app_config = SystemConfig::getAppConfig($aid); $class_name = $app_config->getPrefix() . "RightConfig"; $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php"); $right_config = null; if (!file_exists($file_path)) { continue; } waSystem::getInstance($aid, $app_config); include_once $file_path; /** * @var waRightConfig */ $right_config = new $class_name(); $right_config->clearRights($contact_id); } } catch (Exception $e) { // silently ignore other applications errors } } } // Update $app_id access records $app_config = SystemConfig::getAppConfig($app_id); $class_name = $app_config->getPrefix() . "RightConfig"; $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php"); $right_config = null; if (file_exists($file_path)) { // Init app waSystem::getInstance($app_id, $app_config); include_once $file_path; /** * @var waRightConfig */ $right_config = new $class_name(); } foreach ($values as $name => $value) { if ($right_config && $right_config->setRights($contact_id, $name, $value)) { // If we've got response from custom rights config, then no need to update main rights table continue; } // Set default limited rights if ($right_config && $name == 'backend' && $value == 1) { /** * @var $right_config waRightConfig */ foreach ($right_config->setDefaultRights($contact_id) as $n => $v) { $right_model->save($contact_id, $app_id, $n, $v); } } $right_model->save($contact_id, $app_id, $name, $value); } waSystem::setActive('contacts'); if ($contact_id) { // TODO: use waContact method for disabling $is_user = waRequest::post('is_user', null, 'int'); if ($is_user === -1 || $is_user === 0 || $is_user === 1) { $contact = new waContact($contact_id); $contact->save(array('is_user' => $is_user)); $this->response['access_disable_msg'] = contactsHelper::getAccessDisableMsg($contact); } } $has_backend_access_new = $this->hasBackendAccess($contact_id); if ($has_backend_access_new !== $has_backend_access_old) { if ($has_backend_access_new) { $this->logAction("grant_backend_access", null, $contact_id); } else { $this->logAction("revoke_backend_access", null, $contact_id); } } }
/** Save list using POST data from list settings form */ public function ListsaveAction() { $list = array('name' => waRequest::post('name', ''), 'color_class' => waRequest::post('color_class', 'c-yellow'), 'icon' => waRequest::post('icon', 'notebook')); if (strlen($list['name']) <= 0) { throw new waException('No name specified.'); } $id = waRequest::post('id', 0, 'int'); $lm = new checklistsListModel(); if ($id) { if ($this->getRights('list.' . $id) <= 1) { throw new waRightsException('Access denied.'); } $lm->updateById($id, $list); } else { if (!$this->getRights('add_list')) { throw new waRightsException('Access denied.'); } $lm->moveApart(0); $id = $lm->insert($list); // if user is not an admin then grant him full access on newly created list $admin = wa()->getUser()->getRights('checklists', 'backend') > 1; $rm = new waContactRightsModel(); if (!$admin) { $rm->save(wa()->getUser()->getId(), 'checklists', 'list.' . $id, 2); } $this->log('list_create', 1); } $this->response = $id; }
/** * Sets access rights for a user. * If a user has administrative access rights for the specified app, then an attempt to change his access rights * configuration using this method is ignored. * * @param string $app_id Id of the app for which contact's access rights must be set * @param string $name Access rights element id supported by specified app * @param int $value Access rights value * @return bool Whether access rights have been set successfully */ public function setRight($app_id, $name, $value) { if (!$this->isAdmin($app_id)) { $right_model = new waContactRightsModel(); return $right_model->save($this->id, $app_id, $name, $value); } return true; }