/**
* Gets security context (access provider) for user.
* Attention! File/Folder can use anywhere and SecurityContext have to check rights anywhere (any module).
* @param mixed $user User which use for check rights.
* @return SecurityContext
*/
public function getSecurityContextByUser($user)
{
if ($this->isCurrentUser($user)) {
/** @noinspection PhpDynamicAsStaticMethodCallInspection */
if (Loader::includeModule('socialnetwork') && \CSocnetUser::isCurrentUserModuleAdmin()) {
return new FakeSecurityContext($user);
}
if (UserModel::isCurrentUserAdmin()) {
return new FakeSecurityContext($user);
}
} else {
$userId = UserModel::resolveUserId($user);
/** @noinspection PhpDynamicAsStaticMethodCallInspection */
if ($userId && Loader::includeModule('socialnetwork') && \CSocnetUser::isUserModuleAdmin($userId)) {
return new FakeSecurityContext($user);
}
try {
if ($userId && ModuleManager::isModuleInstalled('bitrix24') && Loader::includeModule('bitrix24') && \CBitrix24::isPortalAdmin($userId)) {
return new FakeSecurityContext($user);
} elseif ($userId) {
//Check user group 1 ('Admins')
$tmpUser = new \CUser();
$arGroups = $tmpUser->getUserGroup($userId);
if (in_array(1, $arGroups)) {
return new FakeSecurityContext($user);
}
}
} catch (\Exception $e) {
}
}
return new DiskSecurityContext($user);
}
/**
* Gets security context (access provider) for user.
* Attention! File/Folder can use anywhere and SecurityContext have to check rights anywhere (any module).
* @param mixed $user User which use for check rights.
* @return SecurityContext
*/
public function getSecurityContextByUser($user)
{
if ($this->isCurrentUser($user)) {
/** @noinspection PhpDynamicAsStaticMethodCallInspection */
if (Loader::includeModule('socialnetwork') && \CSocnetUser::isCurrentUserModuleAdmin()) {
return new FakeSecurityContext($user);
}
if (UserModel::isCurrentUserAdmin()) {
return new FakeSecurityContext($user);
}
}
return new DiskSecurityContext($user);
}
protected function getSecurityContextByUser($user)
{
$diskSecurityContext = new DiskSecurityContext($user);
if (Loader::includeModule('socialnetwork')) {
if (\CSocnetUser::isCurrentUserModuleAdmin()) {
$diskSecurityContext = new FakeSecurityContext($user);
}
}
if (User::isCurrentUserAdmin()) {
$diskSecurityContext = new FakeSecurityContext($user);
}
return $diskSecurityContext;
}
private function getSecurityContextByUser($user)
{
$diskSecurityContext = new DiskSecurityContext($user);
if (Loader::includeModule('socialnetwork')) {
/** @noinspection PhpDynamicAsStaticMethodCallInspection */
if (\CSocnetUser::isCurrentUserModuleAdmin()) {
$diskSecurityContext = new FakeSecurityContext($user);
}
}
if (User::isCurrentUserAdmin()) {
$diskSecurityContext = new FakeSecurityContext($user);
}
return $diskSecurityContext;
}
protected function processActionShowRightsOnStorageDetail()
{
$this->checkRequiredPostParams(array('storageId'));
if ($this->errorCollection->hasErrors()) {
$this->sendJsonErrorResponse();
}
$storage = Storage::loadById((int) $this->request->getPost('storageId'), array('ROOT_OBJECT'));
if (!$storage) {
$this->errorCollection->add(array(new Error(Loc::getMessage('DISK_FOLDER_LIST_ERROR_COULD_NOT_FIND_OBJECT'), self::ERROR_COULD_NOT_FIND_OBJECT)));
$this->sendJsonErrorResponse();
}
$rightsManager = Driver::getInstance()->getRightsManager();
$securityContext = $storage->getCurrentUserSecurityContext();
if (!$storage->canChangeRights($securityContext)) {
$this->sendJsonAccessDeniedResponse();
}
$readOnlyAccessCodes = array();
if ($storage->getProxyType() instanceof Bitrix\Disk\ProxyType\User && !User::isCurrentUserAdmin()) {
$readOnlyAccessCodes['IU' . $storage->getEntityId()] = true;
$readOnlyAccessCodes['U' . $storage->getEntityId()] = true;
} elseif ($storage->getProxyType() instanceof Bitrix\Disk\ProxyType\Group) {
$readOnlyAccessCodes['SG' . $storage->getEntityId() . '_A'] = true;
}
$rightsByAccessCode = array();
foreach ($rightsManager->getAllListNormalizeRights($storage->getRootObject()) as $rightOnObject) {
if (empty($rightOnObject['NEGATIVE'])) {
if (isset($readOnlyAccessCodes[$rightOnObject['ACCESS_CODE']])) {
$rightOnObject['READ_ONLY'] = true;
}
$rightOnObject['TASK'] = $rightsManager->getTaskById($rightOnObject['TASK_ID']);
$rightsByAccessCode[$rightOnObject['ACCESS_CODE']][] = $rightOnObject;
}
}
$access = new CAccess();
$names = $access->getNames(array_keys($rightsByAccessCode));
$this->sendJsonSuccessResponse(array('showExtendedRights' => $storage->isEnabledShowExtendedRights(), 'rights' => $rightsByAccessCode, 'accessCodeNames' => $names, 'tasks' => $rightsManager->getTasks()));
}
