From cfa60bc6dc68699efb74342ead37865c074bc66a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 9 Feb 2018 16:13:17 +0100 Subject: Permissions: Introduce helper functions for common tasks assertPermission ensures the user has a given permission and halts execution otherwise. addGlobalTags is a helper to fill an array for the rendering process with tags associated with (missing) permissions. --- inc/permission.inc.php | 20 ++++++++++++++++++++ inc/user.inc.php | 29 +++++++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/permission.inc.php b/inc/permission.inc.php index d04e3c3b..defa9f4d 100644 --- a/inc/permission.inc.php +++ b/inc/permission.inc.php @@ -15,5 +15,25 @@ class Permission return self::$permissions[$permission]; } + + public static function addGlobalTags(&$array, $locationid, $disabled) + { + if (!Module::isAvailable('permissionmanager')) + return; + foreach ($disabled as $perm) { + if (User::hasPermission($perm, $locationid)) + continue; + if (strpos($perm, '.') === false) { + $array[$perm]['disabled'] = 'disabled'; + continue; + } + $temp =& $array; + foreach (explode('.', $perm) as $sub) { + $temp =& $temp[$sub]; + } + $temp['disabled'] = 'disabled'; + } + } + } diff --git a/inc/user.inc.php b/inc/user.inc.php index b5a364ee..eee4f883 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -31,8 +31,12 @@ class User if (!self::isLoggedIn()) return false; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + $module = Page::getModule(); + $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + } return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid); } if (self::$user['permissions'] & Permission::get('superadmin')) @@ -40,8 +44,29 @@ class User return (self::$user['permissions'] & Permission::get($permission)) != 0; } + /** + * Confirm current user has the given permission, stop execution and show error message + * otherwise. + * @param string $permission Permission to check for + * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient + * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page + */ + public static function assertPermission($permission, $locationid = NULL, $redirect = NULL) + { + if (User::hasPermission($permission, $locationid)) + return; + Message::addError('main.no-permission'); + if (is_null($redirect)) { + Util::redirect('?do=main'); + } else { + Util::redirect($redirect); + } + } + public static function getAllowedLocations($permission) { + if (!self::isLoggedIn()) + return []; if (Module::isAvailable("permissionmanager")) { $module = Page::getModule(); $permission = $module ? $module->getIdentifier().".".$permission : $permission; -- cgit v1.2.3-55-g7522