diff options
Diffstat (limited to 'inc/user.inc.php')
-rw-r--r-- | inc/user.inc.php | 69 |
1 files changed, 63 insertions, 6 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php index 81091e1b..20e8cd3d 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -31,8 +31,19 @@ class User if (!self::isLoggedIn()) return false; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + if (class_exists('Page')) { + $module = Page::getModule(); + if ($module !== false) { + $module = $module->getIdentifier(); + } + } else { + $module = strtolower(Request::any('do')); + } + $permission = $module ? $module . "." . $permission : $permission; + } return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid); } if (self::$user['permissions'] & Permission::get('superadmin')) @@ -40,15 +51,60 @@ class User return (self::$user['permissions'] & Permission::get($permission)) != 0; } + /** + * Confirm current user has the given permission, stop execution and show error message + * otherwise. + * @param string $permission Permission to check for + * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient + * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page + */ + public static function assertPermission($permission, $locationid = NULL, $redirect = NULL) + { + if (User::hasPermission($permission, $locationid)) + return; + if (AJAX) { + Message::renderList(); + exit; + } + if (!is_null($redirect)) { + Message::addError('main.no-permission'); + Util::redirect($redirect); + } elseif (Module::isAvailable('permissionmanager')) { + if ($permission{0} !== '.') { + $module = Page::getModule(); + if ($module !== false) { + $permission = '.' . $module->getIdentifier() . '.' . $permission; + } + } + Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission)); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=main'); + } + } + public static function getAllowedLocations($permission) { + if (!self::isLoggedIn()) + return []; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + $module = Page::getModule(); + $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + } return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission); } - if (self::$user['permissions'] & Permission::get('superadmin')) - return array_keys(Location::getLocationsAssoc()); + if (self::$user['permissions'] & Permission::get('superadmin')) { + if (Module::isAvailable('locations')) { + $a = array_keys(Location::getLocationsAssoc()); + $a[] = 0; + } else { + $a = [0]; + } + return $a; + } return array(); } @@ -63,6 +119,7 @@ class User self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid)); if (self::$user === false) self::logout(); + settype(self::$user['userid'], 'int'); return true; } return false; |