/** * Display list of all groups. */ public function getGroupList() { $thisUser = Auth::user(); $groups = ProjectHandler::listProjects(); $projects = []; $isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL); foreach ($groups as $group) { $canView = PermissionHandler::checkProject($thisUser, $group, Permissions::PROJECT_READ); $users = 0; foreach (Roles::$PROJECT_ROLE_NAMES as $role) { // List userts with $role in this group -- make [] when none $projectRole = Sentry::findGroupByName($group . ':' . $role); $users += sizeOf($projectRole['user_agent_ids']); } // if user is not admin, do not show the admin group if ($group != 'admin') { array_push($projects, ['name' => $group, 'canview' => $canView, 'users' => $users]); } } return View::make('projects.list')->with('projects', $projects)->with('isAdmin', $isAdmin); }
/** * Display list of all users */ public function getUserlist() { $userlist = UserAgent::getUserlist(); // Logged in user can view other user's profiles $viewProfiles = PermissionHandler::checkAdmin(Auth::user(), Permissions::ALLOW_ALL); $thisUser = Auth::user(); // List of groups this user can invite people to $groupsManaged = []; // For each group logged in user belongs to foreach (ProjectHandler::getUserProjects($thisUser) as $group) { // Check if user has admin permission.. if (PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN)) { array_push($groupsManaged, $group['name']); } } $userGroupInfo = []; foreach ($userlist as $user) { // List of groups $user belongs to $usergroups = ProjectHandler::getUserProjects($user); $usergroupnames = array_column($usergroups, 'name'); // List of groups logged in user can invite $user to join // and that $user is not already a member of. $inviteGroups = array_diff($groupsManaged, $usergroupnames); $belongGroups = []; foreach ($usergroups as $group) { // Can logged user assign roles for this group ? $canAssign = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN); // Can logged user view info for this group ? $canView = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_READ); // User cannot change his own permissions if ($user['_id'] == $thisUser['_id']) { $canAssign = false; } $group['canview'] = $canView; $group['assignrole'] = $canAssign; array_push($belongGroups, $group); } $userGroupInfo[$user['_id']] = ['groups' => $belongGroups, 'tojoin' => $inviteGroups]; } return View::make('users.list')->with('userlist', $userlist)->with('viewProfiles', $viewProfiles)->with('usergroups', $userGroupInfo); }
* Alternatively it should be passed in as a GET/POST parameter * * $permission needs to be passed in as a filter parameter * * 'before' => 'permission:'.Permissions::PROJECT_ADMIN */ Route::filter('permission', function ($route, $request, $permission) { $thisUser = Auth::user(); $groupName = Route::input('projectname'); // Passed in as route parameter if (is_null($groupName)) { $groupName = Input::get('projectname'); // Passed in as parameter parameter } // Check permissions $hasPermission = PermissionHandler::checkProject($thisUser, $groupName, $permission); if (!$hasPermission) { return Redirect::back()->with('flashError', 'You do not have permission to perform selected action'); } }); /** * Require routes to have admin permissions. */ Route::filter('adminPermission', function () { $thisUser = Auth::user(); // Check permissions $isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL); if (!$isAdmin) { return Redirect::back()->with('flashError', 'You do not have permission to perform selected action'); } });