models/acl.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

<?php

namespace Model;

require_once __DIR__.'/base.php';

class Acl extends Base
{
    // Controllers and actions allowed from outside
    private $public_actions = array(
        'user' => array('login', 'check'),
        'task' => array('add'),
        'board' => array('readonly'),
    );

    // Controllers and actions allowed for regular users
    private $user_actions = array(
        'app' => array('index'),
        'board' => array('index', 'show', 'assign', 'assigntask', 'save'),
        'project' => array('tasks', 'index', 'forbidden'),
        'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen', 'comment', 'description'),
        'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index'),
        'config' => array('index'),
    );

    // Return true if the specified controller/action is allowed according to the given acl
    public function isAllowedAction(array $acl, $controller, $action)
    {
        if (isset($acl[$controller])) {
            return in_array($action, $acl[$controller]);
        }

        return false;
    }

    // Return true if the given action is public
    public function isPublicAction($controller, $action)
    {
        return $this->isAllowedAction($this->public_actions, $controller, $action);
    }

    // Return true if the given action is allowed for a regular user
    public function isUserAction($controller, $action)
    {
        return $this->isAllowedAction($this->user_actions, $controller, $action);
    }

    // Return true if the logged user is admin
    public function isAdminUser()
    {
        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '1';
    }

    // Return true if the logged user is not admin
    public function isRegularUser()
    {
        return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '0';
    }

    // Get the connected user id
    public function getUserId()
    {
        return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
    }

    // Check if an action is allowed for the logged user
    public function isPageAccessAllowed($controller, $action)
    {
        return $this->isPublicAction($controller, $action) ||
               $this->isAdminUser() ||
               ($this->isRegularUser() && $this->isUserAction($controller, $action));
    }
}