/**
* Recursively checks if a menuitem should be enabled or not.
*
* @param array $menuitem menuitem array
*
* @return bool enabled?
*/
public function isEnabled($menuitem)
{
$secManager = SecurityManager::getInstance();
$enable = $menuitem['enable'];
if ((is_string($enable) || is_array($enable) && count($enable) == 2 && is_object(@$enable[0])) && is_callable($enable)) {
$enable = call_user_func($enable);
} else {
if (is_array($enable)) {
$enabled = false;
for ($j = 0; $j < count($enable) / 2; ++$j) {
$enabled = $enabled || $secManager->allowed($enable[2 * $j], $enable[2 * $j + 1]);
}
$enable = $enabled;
} else {
if (array_key_exists($menuitem['name'], $this->menuItems) && is_array($this->menuItems[$menuitem['name']])) {
$enabled = false;
foreach ($this->menuItems[$menuitem['name']] as $item) {
$enabled = $enabled || $this->isEnabled($item);
}
$enable = $enabled;
}
}
}
return $enable;
}
public function runCli()
{
Config::setGlobal('authentication', 'none');
Config::setGlobal('authorization', 'none');
$securityManager = SecurityManager::getInstance();
if ($securityManager->authenticate()) {
$this->bootModules();
}
}
/**
* Checks whether the current user has the 'grantall' privilege (if such a
* privilege exists; this is determined by the application by setting
* $config_auth_grantall_privilege.
*
* @return bool
*/
public function canGrantAll()
{
$privilege_setting = Config::getGlobal('auth_grantall_privilege');
if ($privilege_setting != '') {
$securityManager = SecurityManager::getInstance();
list($mod, $node, $priv) = explode('.', $privilege_setting);
return $securityManager->allowed($mod . '.' . $node, $priv);
}
return false;
}
/**
* This function determines if the user has the privilege to perform a certain
* action on the node.
*
* @param string $action The action to be checked.
* @param array $record The record on which the action is to be performed.
* The standard implementation ignores this
* parameter, but derived classes may override this
* method to implement their own record based
* security policy. Keep in mind that a record is not
* passed in every occasion. The method is called
* several times without a record, to just see if
* the user has the privilege for the action
* regardless of the record being processed.
*
* @return bool True if the action may be performed, false if not.
*/
public function allowed($action, $record = array())
{
$secMgr = SecurityManager::getInstance();
$alias = $this->atkNodeUri();
$this->resolveNodeTypeAndAction($alias, $action);
return $this->hasFlag(self::NF_NO_SECURITY) || in_array($action, $this->m_unsecuredActions) || $secMgr->allowed($alias, $action) || isset($this->m_securityImplied[$action]) && $secMgr->allowed($alias, $this->m_securityImplied[$action]);
}
/**
* Does the actual loading of the dispatch page
* And adds it to the page for the dispatch() method to render.
*
* @param array $postvars The request variables for the node.
* @param Node $node
*/
public function loadDispatchPage($postvars, Node $node)
{
$node->m_postvars = $postvars;
$node->m_action = $postvars['atkaction'];
if (isset($postvars['atkpartial'])) {
$node->m_partial = $postvars['atkpartial'];
}
$page = $node->getPage();
$page->setTitle(Tools::atktext('app_shorttitle') . ' - ' . $node->getUi()->title($node->m_module, $node->m_type, $node->m_action));
if ($node->allowed($node->m_action)) {
$secMgr = SecurityManager::getInstance();
$secMgr->logAction($node->m_type, $node->m_action);
$node->callHandler($node->m_action);
$id = '';
if (isset($node->m_postvars['atkselector']) && is_array($node->m_postvars['atkselector'])) {
$atkSelectorDecoded = [];
foreach ($node->m_postvars['atkselector'] as $rowIndex => $selector) {
list($selector, $pk) = explode('=', $selector);
$atkSelectorDecoded[] = $pk;
$id = implode(',', $atkSelectorDecoded);
}
} else {
list(, $id) = explode('=', Tools::atkArrayNvl($node->m_postvars, 'atkselector', '='));
}
$page->register_hiddenvars(array('atknodeuri' => $node->m_module . '.' . $node->m_type, 'atkselector' => str_replace("'", '', $id)));
} else {
$page->addContent($this->accessDeniedPage($node->getType()));
}
}
