/**
* Is user allowed to perform given action with given resource.
*
* @param mixed
* @param string for example 'view', 'edit'
* @return bool
* @throws \NetteAddons\InvalidArgumentException
*/
public function isAllowed($resource, $action)
{
$moderator = $this->user->isInRole('administrators') || $this->user->isInRole('moderators');
if ($resource instanceof Addon) {
$ownerId = $resource->userId;
$resource = 'addon';
} elseif ($resource instanceof \Nette\Database\Table\ActiveRow) {
$ownerId = $resource->user->id;
$resource = 'addon';
} elseif ($resource == 'page' && $action == 'manage') {
return $moderator;
} elseif ($resource != 'addon') {
throw new \NetteAddons\InvalidArgumentException();
}
if ($resource === 'addon') {
if ($action === 'delete' || $action === 'reports') {
return $moderator;
}
if ($action === 'view') {
return TRUE;
} elseif ($action === 'manage') {
return $this->user->isLoggedIn() && $ownerId === $this->user->getId() || $moderator;
} elseif ($action === 'vote') {
// you can't vote for your own addons
return $this->user->isLoggedIn() && $ownerId !== $this->user->getId();
} elseif ($action === 'create') {
return $this->user->isLoggedIn();
}
}
throw new \NetteAddons\InvalidArgumentException();
}
public function getDefaultQuota(Nette\Security\User $user)
{
$quota = '100G';
if ($user->isInRole('SO') || $user->isInRole('ZSO') || $user->isInRole('VV')) {
$quota = '3T';
}
$quotaNumeric = ByteHelper::humanToBytes($quota);
return $quotaNumeric;
}
public function check($resource, $privilege)
{
if ($this->user->isInRole(static::ROOT_ROLE)) {
return true;
}
if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
}, false)) {
throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
}
}
protected function checkRoles($element)
{
if ($element->hasAnnotation('role')) {
$roles = (array) $element->getAnnotation('role');
foreach ($roles as $role) {
if ($this->user->isInRole($role)) {
return true;
}
}
return false;
}
return true;
}
/**
* @param User $user
* @param DbTable\Registracia $registracia
* @param DbTable\Lang $lang
* @param DbTable\Hlavicka $hlavicka
* @param DbTable\Dlzka_novinky $dlzka_novinky
*/
public function __construct(User $user, DbTable\Registracia $registracia, DbTable\Lang $lang, DbTable\Hlavicka $hlavicka, DbTable\Dlzka_novinky $dlzka_novinky)
{
$this->user = $user;
$this->urovneReg = $registracia->urovneReg($this->user->isLoggedIn() ? $this->user->getIdentity()->id_registracia : 0);
$this->lang = $lang;
$this->hlavickaForm = $hlavicka->hlavickaForm();
$this->dlzkaNovinkyForm = $dlzka_novinky->dlzkaNovinkyForm();
}
/**
* Edit hlavne menu form component factory.
* @param int $uroven Uroven polozky v menu
* @param string $uloz Text tlacitka uloz
* @param boolean $vlastnik Vlastnictvo editovanej polozky
* @param boolean $edit Pre skrytie poloziek pri editacii
* @param boolean $opravnenia Opravnenia pre nevlastnikov
* @return Form
*/
public function form($uroven, $uloz, $vlastnik, $edit, $opravnenia)
{
$form = new Form();
$form->addProtection();
$form->addGroup();
$form->addHidden("id");
$form->addHidden("id_druh");
$form->addHidden("id_user_profiles");
$form->addHidden("spec_nazov");
$form->addHidden("langtxt");
$form->addHidden("id_hlavne_menu_cast");
$form->addHidden("uroven");
$form->addHidden("id_nadradenej");
$form->addHidden("modified");
if (!$edit) {
$form->addSelect('id_registracia', 'Povolené prezeranie pre min. úroveň:', $this->urovneReg);
}
if ($this->user->isInRole("admin")) {
$form->addText('nazov_ul_sub', 'Názov alternatívneho vzhľadu:', 20, 20);
$form->addText('ikonka', 'Názov class ikonky pre FontAwesome:', 90, 30);
if ($uroven) {
$form->addHidden('id_hlavicka');
} else {
$form->addSelect('id_hlavicka', 'Druh priradenej hlavičky:', $this->hlavickaForm)->addRule(Form::FILLED, 'Je nutné vybrať hlavičku.');
}
// $form->addCheckbox('zvyrazni', ' Zvýraznenie položky pri pridaní obsahu');
}
/**
* @return bool
*/
public function isAllowedToWrite()
{
if ($this->_isAllowedToWrite === NULL) {
$this->_isAllowedToWrite = FALSE;
if (!$this->author) {
$this->_isAllowedToWrite = TRUE;
} else {
if ($this->user) {
if ($this->author === $this->user->identity) {
$this->_isAllowedToWrite = TRUE;
} else {
if ($this->user->isInRole('admin')) {
$this->_isAllowedToWrite = TRUE;
} else {
foreach ($this->read as $role) {
if ($this->user->isInRole($role->getName())) {
$this->_isAllowedToWrite = TRUE;
}
}
}
}
}
}
}
return $this->_isAllowedToWrite;
}
/**
* Get event
* @param integer $eventId
* @return Event
*/
public function getEvent($eventId)
{
// Má právo na editaci? (výchozí: ano)
$canAccess = FALSE;
$hasAccess = FALSE;
$hasShare = FALSE;
/** @var null|Event $event */
$event = $this->eventDao->find($eventId);
if ($event->isDeleted()) {
throw new Nette\Application\BadRequestException($this->translator->translate('event.general.noId'));
}
// Is this api call?
if ($this->user->getId() === 0) {
$canAccess = TRUE;
} else {
/** @var \App\Model\Entity\User $userEntity */
$userEntity = $this->em->getDao('\\App\\Model\\Entity\\User')->find($this->user->getId());
/** @var \App\Model\Entity\Client $client */
$client = $userEntity->getClient();
// je uživatel ADMIN?
if (($this->user->isInRole('ADMIN') || $this->user->isInRole('ACCOUNTANT')) && $this->isClientsEvent($event, $client)) {
$canAccess = TRUE;
} elseif (($this->user->isInRole('USER') || $this->user->isInRole('ACCOUNTANT')) && $this->isClientsEvent($event, $client)) {
//požadavek klienta, aby šel
$canAccess = TRUE;
} else {
// pokud nemá přiřazené oprávnění, má přidělené sdílení?
if ($event->getShares() !== NULL) {
$hasShare = FALSE;
foreach ($event->getShares() as $clientShare) {
if ($client->getId() == $clientShare->getClient()->getId()) {
$hasShare = TRUE;
break;
}
}
}
// pokud ano, má přiřazená oprávnění pro event?
if ($event->getAccesses() !== NULL) {
foreach ($event->getAccesses() as $clientAccess) {
$hasAccess = FALSE;
if ($client->getId() == $clientAccess->getReceiver()->getId() || $client->getId() == $clientAccess->getCreator()->getId()) {
$hasAccess = TRUE;
break;
}
}
}
// pokud ne, patří událost klientovi nebo sdílení, anebo přístup?
if ($hasAccess || $hasShare) {
$canAccess = TRUE;
}
}
}
if ($canAccess) {
// má přístup do události?
return $event;
} else {
// jinak je přesměrován na dashboard s tím, že je upozorněn na to, že nemá oprávnění
throw new Nette\Application\ForbiddenRequestException($this->translator->translate('event.general.noRights'));
}
}
/**
* Panel prihlaseneho uzivatela
* @param string $baseUrl
* @param string $log_out
* @return \App\FrontModule\Components\User\MenuItem */
private function _panelPrihlaseny($baseUrl, $log_out)
{
$menu_user = [];
$udata = $this->user->getIdentity();
if ($this->nastavenie['view_avatar']) {
$obb = Html::el('img class="avatar"');
if ($udata->avatar_25 && is_file('www/' . $udata->avatar_25)) {
$obb = $obb->src($baseUrl . '/www/' . $udata->avatar_25)->alt('avatar');
} else {
$obb = $obb->src($baseUrl . '/www/ikonky/64/figurky_64.png')->alt('bez avatara');
}
} else {
$obb = "";
}
$menu_user[] = new MenuItem(['odkaz' => 'UserLog:', 'nazov' => $obb . " " . $udata->meno . ' ' . $udata->priezvisko, 'title' => $udata->meno . ' ' . $udata->priezvisko]);
if ($this->user->isAllowed('admin', 'enter')) {
$menu_user[] = new MenuItem(['odkaz' => ':Admin:Homepage:', 'title' => 'Administrácia', 'ikonka' => $this->nastavenie['admin_link'] & 1 ? 'pencil' : '', 'nazov' => $this->nastavenie['admin_link'] & 2 ? $this->texty['base_AdminLink_name'] : '']);
}
if ($this->user->isInRole('admin')) {
$hl_m_db_info = $this->lang->getDBInfo();
$menu_user[] = new MenuItem(['abs_link' => $baseUrl . "/www/adminer/?server=" . $hl_m_db_info['host'] . "&db=" . $hl_m_db_info['dbname'], 'title' => 'Adminer', 'target' => '_blank', 'nazov' => Html::el('img')->src($baseUrl . '/www/ikonky/16/graf_16.png')->alt('Adminer')]);
}
$menu_user[] = new MenuItem(['odkaz' => 'signOut!', 'ikonka' => "sign-out", 'nazov' => $log_out]);
return $menu_user;
}
/**
* @param \Reflector $element
*
* @return bool
*/
protected function checkRoles(\Reflector $element)
{
// Check if element has @Secured\Role annotation
if ($element->hasAnnotation('Secured\\Role')) {
$roles = (array) $element->getAnnotation('Secured\\Role');
foreach ($roles as $role) {
if ($this->user->isInRole($role)) {
return TRUE;
}
}
return FALSE;
}
return TRUE;
}
/**
* @param Utils\ArrayHash $element
*
* @return bool
*/
protected function checkRoles(Utils\ArrayHash $element)
{
// Check if element has role parameter
if ($element->offsetExists('role')) {
$roles = (array) $element->offsetGet('role');
foreach ($roles as $role) {
if ($this->user->isInRole($role)) {
return TRUE;
}
}
return FALSE;
}
return TRUE;
}
/** Vytvoření komponenty
*
* @return \Nette\Application\UI\Form
*/
protected function createComponentForm()
{
$form = new Form();
$form->addText("login", "Přihlašovací jméno:")->setAttribute("autocomplete", "off")->setRequired("Prosím zadejte přihlašovací jméno.");
$form->addPassword("password1", "Heslo:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
$form->addPassword("password2", "Heslo pro kontrolu:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
$roles = $this->roleRepository->read()->where("name != ?", "root");
if (!$this->user->isInRole("root")) {
$roles->where("name NOT(?)", $this->user->getRoles());
}
$roles = $roles->fetchPairs("aclRoleID", "name");
$form->addSelect("role", "Oprávnění:", $roles)->setAttribute("class", "form-control");
$form->addCheckbox("active", "Aktivní");
$form->addButton("cancel", "Storno")->setHtmlId("cancel");
$form->addSubmit("sender", "Uložit změny")->setHtmlId("sender");
$form->addHidden("userID");
$form['password2']->addRule(Form::EQUAL, 'Hesla se neshodují', $form['password1']);
if ($this->rsuserID) {
$userEntity = $this->userRepository->get($this->rsuserID);
if ($userEntity) {
$form['login']->setValue($userEntity->login);
$form['login']->setAttribute("readonly");
$form['userID']->setValue($this->rsuserID);
$form['active']->setValue($userEntity->getActive());
if ($userEntity->getUserID() == $this->user->getId()) {
$form['role']->setDisabled();
}
if ($userEntity->getLogin() != "root" && $userEntity->getUserID() !== $this->user->getId()) {
$form['role']->setValue($userEntity->aclRoleID);
}
}
} else {
$form['password1']->setRequired("Prosím zadejte heslo.");
}
$form->onSuccess[] = callback($this, "Submit");
$form->onError[] = callback($this, "FormError");
return $form;
}
/**
* @param User $user
* @param $permission
* @return bool
*/
private function baseIsAllowed(&$secured, &$source, &$cache, User $user, $permission)
{
if (!$secured) {
return TRUE;
}
if (!isset($cache[$user->id][$permission])) {
if (!isset($cache[$user->id])) {
$cache[$user->id] = array();
}
if ($user->isInRole('admin')) {
$cache[$user->id][$permission] = TRUE;
return TRUE;
}
if (isset($source[$permission])) {
$permissionEntity = $source[$permission];
if (!$user->isLoggedIn()) {
$cache[$user->id][$permission] = FALSE;
return FALSE;
}
if ($permissionEntity->getAll()) {
$cache[$user->id][$permission] = TRUE;
return TRUE;
}
foreach ($user->getRoles() as $role) {
if (isset($permissionEntity->roles[$role])) {
$cache[$user->id][$permission] = TRUE;
return TRUE;
}
}
}
$cache[$user->id][$permission] = FALSE;
}
return $cache[$user->id][$permission];
}
/**
* @return bool
*/
public function isAllowedToWrite()
{
if ($this->isAllowedToWrite === null) {
$this->isAllowedToWrite = false;
if (!$this->author) {
$this->isAllowedToWrite = true;
} elseif ($this->user) {
if ($this->author === $this->user->identity) {
$this->isAllowedToWrite = true;
} elseif ($this->user->isInRole('admin')) {
$this->isAllowedToWrite = true;
} else {
foreach ($this->readRoles as $role) {
if ($this->user->isInRole($role->getName())) {
$this->isAllowedToWrite = true;
}
}
}
}
}
return $this->isAllowedToWrite;
}