/** * Recursively checks if a menuitem should be enabled or not. * * @param array $menuitem menuitem array * * @return bool enabled? */ public function isEnabled($menuitem) { $secManager = SecurityManager::getInstance(); $enable = $menuitem['enable']; if ((is_string($enable) || is_array($enable) && count($enable) == 2 && is_object(@$enable[0])) && is_callable($enable)) { $enable = call_user_func($enable); } else { if (is_array($enable)) { $enabled = false; for ($j = 0; $j < count($enable) / 2; ++$j) { $enabled = $enabled || $secManager->allowed($enable[2 * $j], $enable[2 * $j + 1]); } $enable = $enabled; } else { if (array_key_exists($menuitem['name'], $this->menuItems) && is_array($this->menuItems[$menuitem['name']])) { $enabled = false; foreach ($this->menuItems[$menuitem['name']] as $item) { $enabled = $enabled || $this->isEnabled($item); } $enable = $enabled; } } } return $enable; }
public function runCli() { Config::setGlobal('authentication', 'none'); Config::setGlobal('authorization', 'none'); $securityManager = SecurityManager::getInstance(); if ($securityManager->authenticate()) { $this->bootModules(); } }
/** * Checks whether the current user has the 'grantall' privilege (if such a * privilege exists; this is determined by the application by setting * $config_auth_grantall_privilege. * * @return bool */ public function canGrantAll() { $privilege_setting = Config::getGlobal('auth_grantall_privilege'); if ($privilege_setting != '') { $securityManager = SecurityManager::getInstance(); list($mod, $node, $priv) = explode('.', $privilege_setting); return $securityManager->allowed($mod . '.' . $node, $priv); } return false; }
/** * This function determines if the user has the privilege to perform a certain * action on the node. * * @param string $action The action to be checked. * @param array $record The record on which the action is to be performed. * The standard implementation ignores this * parameter, but derived classes may override this * method to implement their own record based * security policy. Keep in mind that a record is not * passed in every occasion. The method is called * several times without a record, to just see if * the user has the privilege for the action * regardless of the record being processed. * * @return bool True if the action may be performed, false if not. */ public function allowed($action, $record = array()) { $secMgr = SecurityManager::getInstance(); $alias = $this->atkNodeUri(); $this->resolveNodeTypeAndAction($alias, $action); return $this->hasFlag(self::NF_NO_SECURITY) || in_array($action, $this->m_unsecuredActions) || $secMgr->allowed($alias, $action) || isset($this->m_securityImplied[$action]) && $secMgr->allowed($alias, $this->m_securityImplied[$action]); }
/** * Does the actual loading of the dispatch page * And adds it to the page for the dispatch() method to render. * * @param array $postvars The request variables for the node. * @param Node $node */ public function loadDispatchPage($postvars, Node $node) { $node->m_postvars = $postvars; $node->m_action = $postvars['atkaction']; if (isset($postvars['atkpartial'])) { $node->m_partial = $postvars['atkpartial']; } $page = $node->getPage(); $page->setTitle(Tools::atktext('app_shorttitle') . ' - ' . $node->getUi()->title($node->m_module, $node->m_type, $node->m_action)); if ($node->allowed($node->m_action)) { $secMgr = SecurityManager::getInstance(); $secMgr->logAction($node->m_type, $node->m_action); $node->callHandler($node->m_action); $id = ''; if (isset($node->m_postvars['atkselector']) && is_array($node->m_postvars['atkselector'])) { $atkSelectorDecoded = []; foreach ($node->m_postvars['atkselector'] as $rowIndex => $selector) { list($selector, $pk) = explode('=', $selector); $atkSelectorDecoded[] = $pk; $id = implode(',', $atkSelectorDecoded); } } else { list(, $id) = explode('=', Tools::atkArrayNvl($node->m_postvars, 'atkselector', '=')); } $page->register_hiddenvars(array('atknodeuri' => $node->m_module . '.' . $node->m_type, 'atkselector' => str_replace("'", '', $id))); } else { $page->addContent($this->accessDeniedPage($node->getType())); } }