PHP Auth::has_access方法代码示例

 public function get_permission($arrParam = null)
 {
     $module = empty($arrParam['module']) ? $this->_arrParam['module'] : $arrParam['module'];
     $controller = empty($arrParam['controller']) ? $this->_arrParam['controller'] : $arrParam['controller'];
     $action = empty($arrParam['action']) ? $this->_arrParam['action'] : $arrParam['action'];
     return \Auth::has_access('module_' . $module . '.' . $controller . '.[' . $action . ']');
 }

 public function action_senior($center = null)
 {
     if (Auth::has_access('reports.all_centers')) {
         $view_all = TRUE;
     } else {
         $view_all = FALSE;
     }
     $all_call_centers = Model_Call_Center::find('all');
     $this->template->title = 'Senior Leaderboard';
     $this->template->content = View::forge('leaderboard/senior', array('view_all' => $view_all, 'all_call_centers' => $all_call_centers, 'center' => $center, 'url' => !is_null($center) ? '/reports/get_senior_report/' . $center . '.json' : '/reports/get_senior_report.json'));
 }

 public function get_get_view()
 {
     if (Auth::has_access('user.view')) {
         $users = Model_User::find('all');
         $user_parse = array();
         foreach ($users as $user) {
             $user_parse[] = array('<img src="https://secure.gravatar.com/avatar/' . md5(strtolower(trim($user->email))) . '?d=mm" alt="Gravatar Image" height="40" width="40">', $user->name, $user->username, Auth_Group_SimpleGroup::instance()->get_name($user->group), $user->email, $user->call_center->title, strlen($user->last_login) > 2 ? date("M j, Y g:i A", (int) $user->last_login) : "No previous Login");
         }
         $this->response(array("aaData" => $user_parse, "aoColumnDefs" => array(array("iDataSort" => 6, "asSorting" => array("desc"), "aTargets" => array(0))), "aoColumns" => array(array("mDataProp" => "id", "bSortable" => false), array("mDataProp" => "name", "sTitle" => "Name", "sType" => "string"), array("mDataProp" => "username", "sTitle" => "Username", "sType" => "string"), array("mDataProp" => "group", "sTitle" => "Group", "sType" => "string"), array("mDataProp" => "email", "sTitle" => "E-mail", "sType" => "string"), array("mDataProp" => "call_center", "sTitle" => "Call Center", "sType" => "string"), array("mDataProp" => "last_login", "sTitle" => "Last Login", "sType" => "date"))));
     } else {
         $this->response(array("error" => "You are not authorised to view this content!"));
     }
 }

 public function action_delete($id = null)
 {
     if (!Auth::has_access('news.delete')) {
         Session::set_flash('warning', 'You don\'t have the right to delete a news');
         Response::redirect('admin');
     }
     if ($news = Model_News::find($id)) {
         $news->delete();
         Session::set_flash('success', 'Deleted news #' . $id);
     } else {
         Session::set_flash('error', 'Could not delete news #' . $id);
     }
     Response::redirect('news');
 }

 public function action_delete($id = null)
 {
     if (Auth::has_access('country.delete') == false) {
         Session::set_flash("error", "Only admins may delete countries!");
         Response::redirect("country/") and die;
     }
     if ($country = Model_Country::find($id)) {
         $country->delete();
         Session::set_flash('success', 'Deleted country #' . $id);
     } else {
         Session::set_flash('error', 'Could not delete country #' . $id);
     }
     Response::redirect('country');
 }

 public function action_add()
 {
     if (Auth::has_access('ppi.admin')) {
         if (Input::method() == "POST") {
             \Crm\Creditor\Creditor_model::addCreditor(array('name' => \Input::post('name', ""), 'department_id' => \Input::post('department_id', ""), 'street_and_number' => \Input::post('street_and_number', ""), 'area' => \Input::post('area', ""), 'district' => \Input::post('district', ""), 'town' => \Input::post('town', ""), 'county' => \Input::post('county', ""), 'post_code' => \Input::post('post_code', ""), 'telephone' => \Input::post('telephone', ""), 'fax' => \Input::post('fax', ""), 'email' => \Input::post('email', ""), 'payee_name' => \Input::post('payee_name', ""), 'bacs_account_number' => \Input::post('bacs_account_number', ""), 'bacs_sortcode' => \Input::post('bacs_sortcode', ""), 'notes' => \Input::post('notes', "")));
             \Session::set_flash('success', "Creditor named " . \Input::post('name', "") . " has been added!");
             \Response::redirect('crm/creditor/add');
         } else {
             $this->template->title = "Add Creditor";
             $this->template->content = View::forge(static::$_viewPath . '/add.php');
         }
     } else {
         \Session::set_flash('fail', "You do not have access to this section. This has been logged!");
         \Response::redirect('/');
     }
 }

 public function before()
 {
     parent::before();
     if (\Auth::check()) {
         $access = Auth::has_access(\Request::active()->controller . "." . \Request::active()->action);
         if ($access) {
             $this->user_id = Auth::instance()->get_user_id();
             $this->user_id = $this->user_id[1];
             View::set_global('usuario', Auth::instance()->get_screen_name());
         } else {
             Response::redirect('welcome/404');
         }
     } else {
         Response::redirect('user/login');
     }
 }

 public function action_create()
 {
     //assumption: this will only be called using ajax
     if (!Input::is_ajax()) {
         return Response::forge("Access forbidden, only AJAX calls allowed", 403);
     }
     if (!Auth::has_access("location.create")) {
         return Response::forge("Only admins allowed here", 403);
     }
     if (Input::post("location_title", null) != null) {
         $loc = Model_Orm_Location::forge();
         $loc->title = Input::post("location_title");
         $loc->save();
         $ret = array("id" => $loc->id);
         return Response::forge(Format::forge()->to_json($ret), 200, array("Content-Type" => "application/json"));
     }
 }

 public static function _init()
 {
     // static::$_properties = \Arr::merge(static::$_properties, array(
     // 	'default_id' => array(
     // 		'form' => array(
     // 			'options' => function($model) {
     // 				$model->items;
     // 				$model = $model->to_array();
     // 				return \Arr::pluck($model['items'], 'name', 'id');
     // 			}
     // 		)
     // 	),
     // ));
     if (\Auth::has_access('enum.enum[all]')) {
         \Arr::set(static::$_properties, 'read_only.form', array('type' => 'checkbox', 'template' => 'switch', 'options' => array(gettext('No'), gettext('Yes'))));
     }
 }

 public function action_disposition()
 {
     $this->template->title = "PPI Disposition Report";
     if (\Auth::has_access('reports.all_centers')) {
         $center = \Input::post('center');
         $view_all = TRUE;
     } else {
         $view_all = FALSE;
         list($driver, $user_id) = \Auth::get_user_id();
         $this_user = \Model_User::find($user_id);
         $center = $this_user->call_center_id;
     }
     $all_call_centers = \Model_Call_Center::find('all');
     $hourlyStatsReport = array('Referrals' => \Crm\Reports\Model_Ppi::perPeriod('referral', $center, \Input::post('startdate'), \Input::post('enddate')), 'Pack Outs' => \Crm\Reports\Model_Ppi::perPeriod('packOut', $center, \Input::post('startdate'), \Input::post('enddate')), 'Pack In' => \Crm\Reports\Model_Ppi::perPeriod('packIn', $center, \Input::post('startdate'), \Input::post('enddate')));
     $quickView = array(array('No Contacts' => count(\Crm\Reports\Model_Ppi::simpleStats('noContact', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Referrals' => count(\Crm\Reports\Model_Ppi::simpleStats('referral', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Pack Outs' => count(\Crm\Reports\Model_Ppi::simpleStats('packOut', $center, \Input::post('startdate'), \Input::post('enddate'))), 'Pack Ins' => count(\Crm\Reports\Model_Ppi::packIns($center, \Input::post('startdate'), \Input::post('enddate')))));
     $report = Report\Create::forge(array('hourlyStats' => array('reportResults' => $hourlyStatsReport, 'displayType' => 'chart'), 'noContacts' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('noContact', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'referrals' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('referral', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'packOuts' => array('reportResults' => \Crm\Reports\Model_Ppi::simpleStats('packOut', $center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'packIns' => array('reportResults' => \Crm\Reports\Model_Ppi::packIns($center, \Input::post('startdate'), \Input::post('enddate')), 'options' => array('class' => 'zebra-striped datatable')), 'quickView' => array('reportResults' => $quickView, 'options' => array('direction' => 'vertical'))), 3600);
     $this->template->content = View::forge(static::$_viewPath . 'ppi/disposition.php', array('reports' => $report->generate(), 'all_call_centers' => $all_call_centers, 'center' => $center, 'start_date' => \Input::post('startdate'), 'end_date' => \Input::post('enddate'), 'view_all' => $view_all));
 }

 /**
  * Creation of new events.
  * Works on both the first load, which is typically 
  * a GET request as on later requests, which are POST.
  * When POST-ing, a validation is run on input data.
  * Validation rules taken from "Event" model.
  */
 public function action_create()
 {
     if (!Auth::has_access('event.create')) {
         //if ($this->_user_id == 0){
         Session::set_flash("error", __('ERR_CREATE_AUTH'));
         Response::redirect("/") and die;
     }
     $data = array();
     //to be passed into the view
     if (Input::method() == "POST") {
         $val = Model_Orm_Event::validate('create');
         if ($val->run()) {
             $newEvent = new Model_Orm_Event();
             $newEvent->title = $val->validated("title");
             $newEvent->start = $val->validated("start");
             $newEvent->description = $val->validated("description");
             $location = Model_Orm_Location::find(Input::post("location"));
             $newEvent->location = $location;
             //first, we save the item without attachments
             $newEvent->save();
             $errors = $this->try_get_attachments($newEvent);
             Session::set_flash("success", __('ACTION_CREATE_CREATED') . $val->validated("title"));
             Response::redirect("event/view/" . $newEvent->id);
         } else {
             //validation did not work.
             //But still, there may be uploaded files!
             $errors = $this->try_get_attachments();
             Session::set_flash("error", array_merge($val->error(), $errors));
         }
         $this->template->title = __("ACTION_CREATE_TITLE");
         $data["form_key"] = Input::post("form_key");
     } else {
         //the first GET request
         $this->template->title = __("ACTION_CREATE_TITLE");
         //we assign a random value to the form
         $data["form_key"] = md5(mt_rand(1000, 10000));
     }
     $data["locations"] = Model_Orm_Location::get_locations();
     $this->add_rich_form_scripts();
     $this->template->page_content = View::forge("event/create", $data);
 }

 public function check_auth()
 {
     if (!Auth::has_access(array($this->request->controller, $this->request->action))) {
         if (Auth::check()) {
             $this->set_user();
             Session::set_flash('error', 'Permission Denied.');
             Response::redirect('');
         } else {
             Session::set_flash('error', "Not Logged in.");
             $request_uri = urlencode($this->request->uri->uri);
             if (preg_match('/Controller_Admin/', $this->request->controller)) {
                 Response::redirect('admin/login/?uri=' . $request_uri);
             } else {
                 Response::redirect('users/login');
             }
         }
     } else {
         if (Auth::check()) {
             $this->set_user();
         }
     }
 }

 public static function check_exists_accessible_uri($paths)
 {
     if (!is_array($paths)) {
         if (!$paths) {
             return true;
         }
         if ($paths == '/') {
             return true;
         }
         return \Auth::has_access(\Site_Util::get_acl_path($paths) . '.GET');
     }
     foreach ($paths as $name => $path) {
         if (is_array($path)) {
             if (isset($path['href']) && isset($path['method']) && \Auth::has_access(\Site_Util::get_acl_path($path['href']) . '.' . $path['method'])) {
                 return true;
             }
         } else {
             if (\Auth::has_access(\Site_Util::get_acl_path($path) . '.GET')) {
                 return true;
             }
         }
     }
     return false;
 }

 protected function check_acl($is_return_true_for_not_auth_action = true)
 {
     if ($is_return_true_for_not_auth_action && $this->check_not_auth_action()) {
         return true;
     }
     return \Auth::has_access(sprintf('%s.%s', \Site_Util::get_action_path(), \Input::method()));
 }

function anchor($href, $text, $is_admin = false, $attr = array(), $is_absolute_ext_uri = false, $acl_method = 'GET')
{
    if (is_null($attr)) {
        $attr = array();
    }
    if ($is_absolute_ext_uri || ($is_ext_url = Site_Util::check_ext_uri($href, $is_admin))) {
        $attr['target'] = '_blank';
        $text .= ' ' . icon('new-window');
    }
    if ($is_admin && !$is_ext_url) {
        if (Auth::check() && !Auth::has_access(Site_Util::get_acl_path($href) . '.' . $acl_method)) {
            $attr['class'] = empty($attr['class']) ? '' : $attr['class'] . ' ';
            $attr['class'] .= 'disabled';
            return html_tag('span', $attr, $text);
        }
    }
    return Html::anchor($href, $text, $attr);
}