isAllowed() public method

Apart from the route-based rules defined in permissions.yml, the following special cases are available: "overview:$contenttype" - view the overview for the content type. Alias for "contenttype:$contenttype:view". "contenttype:$contenttype", "contenttype:$contenttype:view", "contenttype:$contenttype:view:$id" - View any item or a particular item of the specified content type. "contenttype:$contenttype:edit", "contenttype:$contenttype:edit:$id" - Edit any item or a particular item of the specified content type. "contenttype:$contenttype:create" - Create a new item of the specified content type. (It doesn't make sense to provide this permission on a per-item basis, for obvious reasons) "contenttype:$contenttype:change-ownership", "contenttype:$contenttype:change-ownership:$id" - Change the ownership of the specified content type or item.
public isAllowed ( string $what, string $contenttype = null, integer $contentid = null ) : boolean
$what string The desired permission, as elaborated upon above.
$contenttype string
$contentid integer
return boolean TRUE if the permission is granted, FALSE if denied.
示例#1
0
 /**
  * When redirecting to the backend dashboard (while logged in),
  * if the user does not have access change the redirect to the homepage.
  *
  * @param \Symfony\Component\HttpFoundation\RedirectResponse $response
  */
 protected function handleNoBackendAccess(RedirectResponse $response)
 {
     $authCookie = $this->session->get('authentication');
     if (!$this->authentication->isValidSession((string) $authCookie)) {
         return;
     }
     $dashboardPath = $this->urlGenerator->generate('dashboard');
     $dashboardAccess = $this->users->isAllowed('dashboard');
     if ($response->getTargetUrl() === $dashboardPath && !$dashboardAccess) {
         $this->session->getFlashBag()->clear();
         $response->setTargetUrl($this->urlGenerator->generate('homepage'));
     }
 }
示例#2
0
文件: Edit.php 项目: robbert-vdh/bolt
 /**
  * Do the edit form for a record.
  *
  * @param Content $content     A content record
  * @param array   $contentType The contenttype data
  * @param boolean $duplicate   If TRUE create a duplicate record
  *
  * @return array
  */
 public function action(Content $content, array $contentType, $duplicate)
 {
     $contentTypeSlug = $contentType['slug'];
     $new = $content->getId() === null ?: false;
     $oldStatus = $content->getStatus();
     $allStatuses = ['published', 'held', 'draft', 'timed'];
     $allowedStatuses = [];
     foreach ($allStatuses as $status) {
         if ($this->users->isContentStatusTransitionAllowed($oldStatus, $status, $contentTypeSlug, $content->getId())) {
             $allowedStatuses[] = $status;
         }
     }
     // For duplicating a record, clear base field values.
     if ($duplicate) {
         $content->setId('');
         $content->setSlug('');
         $content->setDatecreated('');
         $content->setDatepublish('');
         $content->setDatedepublish(null);
         $content->setDatechanged('');
         $content->setUsername('');
         $content->setOwnerid('');
         $this->loggerFlash->info(Trans::__('contenttypes.generic.duplicated-finalize', ['%contenttype%' => $contentTypeSlug]));
     }
     // Set the users and the current owner of this content.
     if ($new || $duplicate) {
         // For brand-new and duplicated items, the creator becomes the owner.
         $contentowner = $this->users->getCurrentUser();
     } else {
         // For existing items, we'll just keep the current owner.
         $contentowner = $this->users->getUser($content->getOwnerid());
     }
     // Build list of incoming non inverted related records.
     $incomingNotInverted = [];
     foreach ($content->getRelation()->incoming($content) as $relation) {
         if ($relation->isInverted()) {
             continue;
         }
         $fromContentType = $relation->getFromContenttype();
         $record = $this->em->getContent($fromContentType . '/' . $relation->getFromId());
         if ($record) {
             $incomingNotInverted[$fromContentType][] = $record;
         }
     }
     // Test write access for uploadable fields.
     $contentType['fields'] = $this->setCanUpload($contentType['fields']);
     $templateFields = $content->getTemplatefields();
     if ($templateFields instanceof TemplateFields && ($templateFieldsData = $templateFields->getContenttype()->getFields())) {
         $templateFields->getContenttype()['fields'] = $this->setCanUpload($templateFields->getContenttype()->getFields());
     }
     // Build context for Twig.
     $contextCan = ['upload' => $this->users->isAllowed('files:uploads'), 'publish' => $this->users->isAllowed('contenttype:' . $contentTypeSlug . ':publish:' . $content->getId()), 'depublish' => $this->users->isAllowed('contenttype:' . $contentTypeSlug . ':depublish:' . $content->getId()), 'change_ownership' => $this->users->isAllowed('contenttype:' . $contentTypeSlug . ':change-ownership:' . $content->getId())];
     $contextHas = ['incoming_relations' => count($incomingNotInverted) > 0, 'relations' => isset($contentType['relations']), 'tabs' => $contentType['groups'] !== false, 'taxonomy' => isset($contentType['taxonomy']), 'templatefields' => empty($templateFieldsData) ? false : true];
     $contextValues = ['datepublish' => $this->getPublishingDate($content->getDatepublish(), true), 'datedepublish' => $this->getPublishingDate($content->getDatedepublish())];
     $context = ['incoming_not_inv' => $incomingNotInverted, 'contenttype' => $contentType, 'content' => $content, 'allowed_status' => $allowedStatuses, 'contentowner' => $contentowner, 'fields' => $this->config->fields->fields(), 'fieldtemplates' => $this->getTemplateFieldTemplates($contentType, $content), 'fieldtypes' => $this->getUsedFieldtypes($contentType, $content, $contextHas), 'groups' => $this->createGroupTabs($contentType, $contextHas), 'can' => $contextCan, 'has' => $contextHas, 'values' => $contextValues, 'relations_list' => $this->getRelationsList($contentType)];
     return $context;
 }
示例#3
0
文件: Manager.php 项目: bolt/Members
 public function onRequest(GetResponseEvent $event)
 {
     if (!Zone::isBackend($event->getRequest())) {
         return;
     }
     foreach ($this->config->getRolesAdmin() as $role) {
         if ($this->users->isAllowed($role)) {
             return;
         }
     }
     throw new AccessDeniedException('Logged in user does not have the correct rights to use this class.');
 }
示例#4
0
 /**
  * Transition a record's owner if permitted.
  *
  * @param Content $entity
  * @param integer $ownerId
  */
 protected function transistionRecordOwner(Content $entity, $ownerId)
 {
     $recordId = $entity->getId();
     $contentTypeName = (string) $entity->getContenttype();
     $canChangeOwner = $this->users->isAllowed("contenttype:{$contentTypeName}:change-ownership:{$recordId}");
     if (!$canChangeOwner) {
         $this->loggerFlash->error(Trans::__('general.access-denied.content-not-modified', ['%title%' => $entity->getTitle()]));
         return;
     }
     $entity->setOwnerid($ownerId);
     $entity->_modified = true;
 }
示例#5
0
文件: Save.php 项目: bolt/bolt
 /**
  * Set a ContentType record values from a HTTP POST.
  *
  * @param Entity\Content $content
  * @param array          $formValues
  * @param array          $contentType
  *
  * @throws AccessControlException
  */
 private function setPostedValues(Entity\Content $content, $formValues, $contentType)
 {
     // Ensure all fields have valid values
     $formValues = $this->setSuccessfulControlValues($formValues, $contentType['fields']);
     $formValues = Input::cleanPostedData($formValues);
     unset($formValues['contenttype']);
     $user = $this->users->getCurrentUser();
     if ($id = $content->getId()) {
         // Owner is set explicitly, is current user is allowed to do this?
         if (isset($formValues['ownerid']) && (int) $formValues['ownerid'] !== $content->getOwnerid()) {
             if (!$this->users->isAllowed("contenttype:{$contentType['slug']}:change-ownership:{$id}")) {
                 throw new AccessControlException('Changing ownership is not allowed.');
             }
             $content->setOwnerid($formValues['ownerid']);
         }
     } else {
         $content->setOwnerid($user['id']);
     }
     // Hack … remove soon
     $formValues += ['status' => 'draft'];
     // Make sure we have a proper status.
     if (!in_array($formValues['status'], ['published', 'timed', 'held', 'draft'])) {
         if ($status = $content->getStatus()) {
             $formValues['status'] = $status;
         } else {
             $formValues['status'] = 'draft';
         }
     }
     // Set the object values appropriately
     foreach ($formValues as $name => $value) {
         if ($name === 'relation' || $name === 'taxonomy') {
             continue;
         } else {
             $content->set($name, empty($value) ? null : $value);
         }
     }
     $this->setPostedRelations($content, $formValues);
     $this->setPostedTaxonomies($content, $formValues);
 }