/** * Gets security context (access provider) for user. * Attention! File/Folder can use anywhere and SecurityContext have to check rights anywhere (any module). * @param mixed $user User which use for check rights. * @return SecurityContext */ public function getSecurityContextByUser($user) { if ($this->isCurrentUser($user)) { /** @noinspection PhpDynamicAsStaticMethodCallInspection */ if (Loader::includeModule('socialnetwork') && \CSocnetUser::isCurrentUserModuleAdmin()) { return new FakeSecurityContext($user); } if (UserModel::isCurrentUserAdmin()) { return new FakeSecurityContext($user); } } else { $userId = UserModel::resolveUserId($user); /** @noinspection PhpDynamicAsStaticMethodCallInspection */ if ($userId && Loader::includeModule('socialnetwork') && \CSocnetUser::isUserModuleAdmin($userId)) { return new FakeSecurityContext($user); } try { if ($userId && ModuleManager::isModuleInstalled('bitrix24') && Loader::includeModule('bitrix24') && \CBitrix24::isPortalAdmin($userId)) { return new FakeSecurityContext($user); } elseif ($userId) { //Check user group 1 ('Admins') $tmpUser = new \CUser(); $arGroups = $tmpUser->getUserGroup($userId); if (in_array(1, $arGroups)) { return new FakeSecurityContext($user); } } } catch (\Exception $e) { } } return new DiskSecurityContext($user); }
/** * Gets security context (access provider) for user. * Attention! File/Folder can use anywhere and SecurityContext have to check rights anywhere (any module). * @param mixed $user User which use for check rights. * @return SecurityContext */ public function getSecurityContextByUser($user) { if ($this->isCurrentUser($user)) { /** @noinspection PhpDynamicAsStaticMethodCallInspection */ if (Loader::includeModule('socialnetwork') && \CSocnetUser::isCurrentUserModuleAdmin()) { return new FakeSecurityContext($user); } if (UserModel::isCurrentUserAdmin()) { return new FakeSecurityContext($user); } } return new DiskSecurityContext($user); }
protected function getSecurityContextByUser($user) { $diskSecurityContext = new DiskSecurityContext($user); if (Loader::includeModule('socialnetwork')) { if (\CSocnetUser::isCurrentUserModuleAdmin()) { $diskSecurityContext = new FakeSecurityContext($user); } } if (User::isCurrentUserAdmin()) { $diskSecurityContext = new FakeSecurityContext($user); } return $diskSecurityContext; }
private function getSecurityContextByUser($user) { $diskSecurityContext = new DiskSecurityContext($user); if (Loader::includeModule('socialnetwork')) { /** @noinspection PhpDynamicAsStaticMethodCallInspection */ if (\CSocnetUser::isCurrentUserModuleAdmin()) { $diskSecurityContext = new FakeSecurityContext($user); } } if (User::isCurrentUserAdmin()) { $diskSecurityContext = new FakeSecurityContext($user); } return $diskSecurityContext; }
protected function processActionShowRightsOnStorageDetail() { $this->checkRequiredPostParams(array('storageId')); if ($this->errorCollection->hasErrors()) { $this->sendJsonErrorResponse(); } $storage = Storage::loadById((int) $this->request->getPost('storageId'), array('ROOT_OBJECT')); if (!$storage) { $this->errorCollection->add(array(new Error(Loc::getMessage('DISK_FOLDER_LIST_ERROR_COULD_NOT_FIND_OBJECT'), self::ERROR_COULD_NOT_FIND_OBJECT))); $this->sendJsonErrorResponse(); } $rightsManager = Driver::getInstance()->getRightsManager(); $securityContext = $storage->getCurrentUserSecurityContext(); if (!$storage->canChangeRights($securityContext)) { $this->sendJsonAccessDeniedResponse(); } $readOnlyAccessCodes = array(); if ($storage->getProxyType() instanceof Bitrix\Disk\ProxyType\User && !User::isCurrentUserAdmin()) { $readOnlyAccessCodes['IU' . $storage->getEntityId()] = true; $readOnlyAccessCodes['U' . $storage->getEntityId()] = true; } elseif ($storage->getProxyType() instanceof Bitrix\Disk\ProxyType\Group) { $readOnlyAccessCodes['SG' . $storage->getEntityId() . '_A'] = true; } $rightsByAccessCode = array(); foreach ($rightsManager->getAllListNormalizeRights($storage->getRootObject()) as $rightOnObject) { if (empty($rightOnObject['NEGATIVE'])) { if (isset($readOnlyAccessCodes[$rightOnObject['ACCESS_CODE']])) { $rightOnObject['READ_ONLY'] = true; } $rightOnObject['TASK'] = $rightsManager->getTaskById($rightOnObject['TASK_ID']); $rightsByAccessCode[$rightOnObject['ACCESS_CODE']][] = $rightOnObject; } } $access = new CAccess(); $names = $access->getNames(array_keys($rightsByAccessCode)); $this->sendJsonSuccessResponse(array('showExtendedRights' => $storage->isEnabledShowExtendedRights(), 'rights' => $rightsByAccessCode, 'accessCodeNames' => $names, 'tasks' => $rightsManager->getTasks())); }