diff options
| author | Simon Rettberg | 2018-02-09 16:13:17 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2018-02-09 16:13:17 +0100 |
| commit | cfa60bc6dc68699efb74342ead37865c074bc66a (patch) | |
| tree | 6cb784505789838ddc3c470d1260ad3f651e3bf0 /inc | |
| parent | Merge branch 'master' into permission-manager (diff) | |
| download | slx-admin-cfa60bc6dc68699efb74342ead37865c074bc66a.tar.gz slx-admin-cfa60bc6dc68699efb74342ead37865c074bc66a.tar.xz slx-admin-cfa60bc6dc68699efb74342ead37865c074bc66a.zip | |
Permissions: Introduce helper functions for common tasks
assertPermission ensures the user has a given permission and
halts execution otherwise.
addGlobalTags is a helper to fill an array for the rendering
process with tags associated with (missing) permissions.
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/permission.inc.php | 20 | ||||
| -rw-r--r-- | inc/user.inc.php | 29 |
2 files changed, 47 insertions, 2 deletions
diff --git a/inc/permission.inc.php b/inc/permission.inc.php index d04e3c3b..defa9f4d 100644 --- a/inc/permission.inc.php +++ b/inc/permission.inc.php @@ -15,5 +15,25 @@ class Permission return self::$permissions[$permission]; } + + public static function addGlobalTags(&$array, $locationid, $disabled) + { + if (!Module::isAvailable('permissionmanager')) + return; + foreach ($disabled as $perm) { + if (User::hasPermission($perm, $locationid)) + continue; + if (strpos($perm, '.') === false) { + $array[$perm]['disabled'] = 'disabled'; + continue; + } + $temp =& $array; + foreach (explode('.', $perm) as $sub) { + $temp =& $temp[$sub]; + } + $temp['disabled'] = 'disabled'; + } + } + } diff --git a/inc/user.inc.php b/inc/user.inc.php index b5a364ee..eee4f883 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -31,8 +31,12 @@ class User if (!self::isLoggedIn()) return false; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + $module = Page::getModule(); + $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + } return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid); } if (self::$user['permissions'] & Permission::get('superadmin')) @@ -40,8 +44,29 @@ class User return (self::$user['permissions'] & Permission::get($permission)) != 0; } + /** + * Confirm current user has the given permission, stop execution and show error message + * otherwise. + * @param string $permission Permission to check for + * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient + * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page + */ + public static function assertPermission($permission, $locationid = NULL, $redirect = NULL) + { + if (User::hasPermission($permission, $locationid)) + return; + Message::addError('main.no-permission'); + if (is_null($redirect)) { + Util::redirect('?do=main'); + } else { + Util::redirect($redirect); + } + } + public static function getAllowedLocations($permission) { + if (!self::isLoggedIn()) + return []; if (Module::isAvailable("permissionmanager")) { $module = Page::getModule(); $permission = $module ? $module->getIdentifier().".".$permission : $permission; |