PHP User::isInRole方法代码示例

 /**
  * Is user allowed to perform given action with given resource.
  *
  * @param mixed
  * @param string for example 'view', 'edit'
  * @return bool
  * @throws \NetteAddons\InvalidArgumentException
  */
 public function isAllowed($resource, $action)
 {
     $moderator = $this->user->isInRole('administrators') || $this->user->isInRole('moderators');
     if ($resource instanceof Addon) {
         $ownerId = $resource->userId;
         $resource = 'addon';
     } elseif ($resource instanceof \Nette\Database\Table\ActiveRow) {
         $ownerId = $resource->user->id;
         $resource = 'addon';
     } elseif ($resource == 'page' && $action == 'manage') {
         return $moderator;
     } elseif ($resource != 'addon') {
         throw new \NetteAddons\InvalidArgumentException();
     }
     if ($resource === 'addon') {
         if ($action === 'delete' || $action === 'reports') {
             return $moderator;
         }
         if ($action === 'view') {
             return TRUE;
         } elseif ($action === 'manage') {
             return $this->user->isLoggedIn() && $ownerId === $this->user->getId() || $moderator;
         } elseif ($action === 'vote') {
             // you can't vote for your own addons
             return $this->user->isLoggedIn() && $ownerId !== $this->user->getId();
         } elseif ($action === 'create') {
             return $this->user->isLoggedIn();
         }
     }
     throw new \NetteAddons\InvalidArgumentException();
 }

 public function getDefaultQuota(Nette\Security\User $user)
 {
     $quota = '100G';
     if ($user->isInRole('SO') || $user->isInRole('ZSO') || $user->isInRole('VV')) {
         $quota = '3T';
     }
     $quotaNumeric = ByteHelper::humanToBytes($quota);
     return $quotaNumeric;
 }

 public function check($resource, $privilege)
 {
     if ($this->user->isInRole(static::ROOT_ROLE)) {
         return true;
     }
     if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
         return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
     }, false)) {
         throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
     }
 }

 protected function checkRoles($element)
 {
     if ($element->hasAnnotation('role')) {
         $roles = (array) $element->getAnnotation('role');
         foreach ($roles as $role) {
             if ($this->user->isInRole($role)) {
                 return true;
             }
         }
         return false;
     }
     return true;
 }

  /**
 * @param User $user
 * @param DbTable\Registracia $registracia
 * @param DbTable\Lang $lang
 * @param DbTable\Hlavicka $hlavicka
 * @param DbTable\Dlzka_novinky $dlzka_novinky
 */
  public function __construct(User $user, DbTable\Registracia $registracia, DbTable\Lang $lang, DbTable\Hlavicka $hlavicka, DbTable\Dlzka_novinky $dlzka_novinky)
  {
      $this->user = $user;
      $this->urovneReg = $registracia->urovneReg($this->user->isLoggedIn() ? $this->user->getIdentity()->id_registracia : 0);
      $this->lang = $lang;
      $this->hlavickaForm = $hlavicka->hlavickaForm();
      $this->dlzkaNovinkyForm = $dlzka_novinky->dlzkaNovinkyForm();
  }
  /**
 * Edit hlavne menu form component factory.
 * @param int $uroven Uroven polozky v menu
 * @param string $uloz Text tlacitka uloz
 * @param boolean $vlastnik Vlastnictvo editovanej polozky
 * @param boolean $edit Pre skrytie poloziek pri editacii
 * @param boolean $opravnenia Opravnenia pre nevlastnikov
 * @return Form
 */
  public function form($uroven, $uloz, $vlastnik, $edit, $opravnenia)
  {
      $form = new Form();
      $form->addProtection();
      $form->addGroup();
      $form->addHidden("id");
      $form->addHidden("id_druh");
      $form->addHidden("id_user_profiles");
      $form->addHidden("spec_nazov");
      $form->addHidden("langtxt");
      $form->addHidden("id_hlavne_menu_cast");
      $form->addHidden("uroven");
      $form->addHidden("id_nadradenej");
      $form->addHidden("modified");
      if (!$edit) {
          $form->addSelect('id_registracia', 'Povolené prezeranie pre min. úroveň:', $this->urovneReg);
      }
      if ($this->user->isInRole("admin")) {
          $form->addText('nazov_ul_sub', 'Názov alternatívneho vzhľadu:', 20, 20);
          $form->addText('ikonka', 'Názov class ikonky pre FontAwesome:', 90, 30);
          if ($uroven) {
              $form->addHidden('id_hlavicka');
          } else {
              $form->addSelect('id_hlavicka', 'Druh priradenej hlavičky:', $this->hlavickaForm)->addRule(Form::FILLED, 'Je nutné vybrať hlavičku.');
          }
          //      $form->addCheckbox('zvyrazni', ' Zvýraznenie položky pri pridaní obsahu');
      }

 /**
  * @return bool
  */
 public function isAllowedToWrite()
 {
     if ($this->_isAllowedToWrite === NULL) {
         $this->_isAllowedToWrite = FALSE;
         if (!$this->author) {
             $this->_isAllowedToWrite = TRUE;
         } else {
             if ($this->user) {
                 if ($this->author === $this->user->identity) {
                     $this->_isAllowedToWrite = TRUE;
                 } else {
                     if ($this->user->isInRole('admin')) {
                         $this->_isAllowedToWrite = TRUE;
                     } else {
                         foreach ($this->read as $role) {
                             if ($this->user->isInRole($role->getName())) {
                                 $this->_isAllowedToWrite = TRUE;
                             }
                         }
                     }
                 }
             }
         }
     }
     return $this->_isAllowedToWrite;
 }

 /**
  * Get event
  * @param integer $eventId
  * @return Event
  */
 public function getEvent($eventId)
 {
     // Má právo na editaci? (výchozí: ano)
     $canAccess = FALSE;
     $hasAccess = FALSE;
     $hasShare = FALSE;
     /** @var null|Event $event */
     $event = $this->eventDao->find($eventId);
     if ($event->isDeleted()) {
         throw new Nette\Application\BadRequestException($this->translator->translate('event.general.noId'));
     }
     // Is this api call?
     if ($this->user->getId() === 0) {
         $canAccess = TRUE;
     } else {
         /** @var \App\Model\Entity\User $userEntity */
         $userEntity = $this->em->getDao('\\App\\Model\\Entity\\User')->find($this->user->getId());
         /** @var \App\Model\Entity\Client $client */
         $client = $userEntity->getClient();
         // je uživatel ADMIN?
         if (($this->user->isInRole('ADMIN') || $this->user->isInRole('ACCOUNTANT')) && $this->isClientsEvent($event, $client)) {
             $canAccess = TRUE;
         } elseif (($this->user->isInRole('USER') || $this->user->isInRole('ACCOUNTANT')) && $this->isClientsEvent($event, $client)) {
             //požadavek klienta, aby šel
             $canAccess = TRUE;
         } else {
             // pokud nemá přiřazené oprávnění, má přidělené sdílení?
             if ($event->getShares() !== NULL) {
                 $hasShare = FALSE;
                 foreach ($event->getShares() as $clientShare) {
                     if ($client->getId() == $clientShare->getClient()->getId()) {
                         $hasShare = TRUE;
                         break;
                     }
                 }
             }
             // pokud ano, má přiřazená oprávnění pro event?
             if ($event->getAccesses() !== NULL) {
                 foreach ($event->getAccesses() as $clientAccess) {
                     $hasAccess = FALSE;
                     if ($client->getId() == $clientAccess->getReceiver()->getId() || $client->getId() == $clientAccess->getCreator()->getId()) {
                         $hasAccess = TRUE;
                         break;
                     }
                 }
             }
             // pokud ne, patří událost klientovi nebo sdílení, anebo přístup?
             if ($hasAccess || $hasShare) {
                 $canAccess = TRUE;
             }
         }
     }
     if ($canAccess) {
         // má přístup do události?
         return $event;
     } else {
         // jinak je přesměrován na dashboard s tím, že je upozorněn na to, že nemá oprávnění
         throw new Nette\Application\ForbiddenRequestException($this->translator->translate('event.general.noRights'));
     }
 }

 /** 
  * Panel prihlaseneho uzivatela
  * @param string $baseUrl
  * @param string $log_out
  * @return \App\FrontModule\Components\User\MenuItem */
 private function _panelPrihlaseny($baseUrl, $log_out)
 {
     $menu_user = [];
     $udata = $this->user->getIdentity();
     if ($this->nastavenie['view_avatar']) {
         $obb = Html::el('img class="avatar"');
         if ($udata->avatar_25 && is_file('www/' . $udata->avatar_25)) {
             $obb = $obb->src($baseUrl . '/www/' . $udata->avatar_25)->alt('avatar');
         } else {
             $obb = $obb->src($baseUrl . '/www/ikonky/64/figurky_64.png')->alt('bez avatara');
         }
     } else {
         $obb = "";
     }
     $menu_user[] = new MenuItem(['odkaz' => 'UserLog:', 'nazov' => $obb . " " . $udata->meno . ' ' . $udata->priezvisko, 'title' => $udata->meno . ' ' . $udata->priezvisko]);
     if ($this->user->isAllowed('admin', 'enter')) {
         $menu_user[] = new MenuItem(['odkaz' => ':Admin:Homepage:', 'title' => 'Administrácia', 'ikonka' => $this->nastavenie['admin_link'] & 1 ? 'pencil' : '', 'nazov' => $this->nastavenie['admin_link'] & 2 ? $this->texty['base_AdminLink_name'] : '']);
     }
     if ($this->user->isInRole('admin')) {
         $hl_m_db_info = $this->lang->getDBInfo();
         $menu_user[] = new MenuItem(['abs_link' => $baseUrl . "/www/adminer/?server=" . $hl_m_db_info['host'] . "&db=" . $hl_m_db_info['dbname'], 'title' => 'Adminer', 'target' => '_blank', 'nazov' => Html::el('img')->src($baseUrl . '/www/ikonky/16/graf_16.png')->alt('Adminer')]);
     }
     $menu_user[] = new MenuItem(['odkaz' => 'signOut!', 'ikonka' => "sign-out", 'nazov' => $log_out]);
     return $menu_user;
 }

 /**
  * @param \Reflector $element
  *
  * @return bool
  */
 protected function checkRoles(\Reflector $element)
 {
     // Check if element has @Secured\Role annotation
     if ($element->hasAnnotation('Secured\\Role')) {
         $roles = (array) $element->getAnnotation('Secured\\Role');
         foreach ($roles as $role) {
             if ($this->user->isInRole($role)) {
                 return TRUE;
             }
         }
         return FALSE;
     }
     return TRUE;
 }

 /**
  * @param Utils\ArrayHash $element
  *
  * @return bool
  */
 protected function checkRoles(Utils\ArrayHash $element)
 {
     // Check if element has role parameter
     if ($element->offsetExists('role')) {
         $roles = (array) $element->offsetGet('role');
         foreach ($roles as $role) {
             if ($this->user->isInRole($role)) {
                 return TRUE;
             }
         }
         return FALSE;
     }
     return TRUE;
 }

 /** Vytvoření komponenty
  *
  * @return \Nette\Application\UI\Form
  */
 protected function createComponentForm()
 {
     $form = new Form();
     $form->addText("login", "Přihlašovací jméno:")->setAttribute("autocomplete", "off")->setRequired("Prosím zadejte přihlašovací jméno.");
     $form->addPassword("password1", "Heslo:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
     $form->addPassword("password2", "Heslo pro kontrolu:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
     $roles = $this->roleRepository->read()->where("name != ?", "root");
     if (!$this->user->isInRole("root")) {
         $roles->where("name NOT(?)", $this->user->getRoles());
     }
     $roles = $roles->fetchPairs("aclRoleID", "name");
     $form->addSelect("role", "Oprávnění:", $roles)->setAttribute("class", "form-control");
     $form->addCheckbox("active", "Aktivní");
     $form->addButton("cancel", "Storno")->setHtmlId("cancel");
     $form->addSubmit("sender", "Uložit změny")->setHtmlId("sender");
     $form->addHidden("userID");
     $form['password2']->addRule(Form::EQUAL, 'Hesla se neshodují', $form['password1']);
     if ($this->rsuserID) {
         $userEntity = $this->userRepository->get($this->rsuserID);
         if ($userEntity) {
             $form['login']->setValue($userEntity->login);
             $form['login']->setAttribute("readonly");
             $form['userID']->setValue($this->rsuserID);
             $form['active']->setValue($userEntity->getActive());
             if ($userEntity->getUserID() == $this->user->getId()) {
                 $form['role']->setDisabled();
             }
             if ($userEntity->getLogin() != "root" && $userEntity->getUserID() !== $this->user->getId()) {
                 $form['role']->setValue($userEntity->aclRoleID);
             }
         }
     } else {
         $form['password1']->setRequired("Prosím zadejte heslo.");
     }
     $form->onSuccess[] = callback($this, "Submit");
     $form->onError[] = callback($this, "FormError");
     return $form;
 }

 /**
  * @param User $user
  * @param $permission
  * @return bool
  */
 private function baseIsAllowed(&$secured, &$source, &$cache, User $user, $permission)
 {
     if (!$secured) {
         return TRUE;
     }
     if (!isset($cache[$user->id][$permission])) {
         if (!isset($cache[$user->id])) {
             $cache[$user->id] = array();
         }
         if ($user->isInRole('admin')) {
             $cache[$user->id][$permission] = TRUE;
             return TRUE;
         }
         if (isset($source[$permission])) {
             $permissionEntity = $source[$permission];
             if (!$user->isLoggedIn()) {
                 $cache[$user->id][$permission] = FALSE;
                 return FALSE;
             }
             if ($permissionEntity->getAll()) {
                 $cache[$user->id][$permission] = TRUE;
                 return TRUE;
             }
             foreach ($user->getRoles() as $role) {
                 if (isset($permissionEntity->roles[$role])) {
                     $cache[$user->id][$permission] = TRUE;
                     return TRUE;
                 }
             }
         }
         $cache[$user->id][$permission] = FALSE;
     }
     return $cache[$user->id][$permission];
 }

 /**
  * @return bool
  */
 public function isAllowedToWrite()
 {
     if ($this->isAllowedToWrite === null) {
         $this->isAllowedToWrite = false;
         if (!$this->author) {
             $this->isAllowedToWrite = true;
         } elseif ($this->user) {
             if ($this->author === $this->user->identity) {
                 $this->isAllowedToWrite = true;
             } elseif ($this->user->isInRole('admin')) {
                 $this->isAllowedToWrite = true;
             } else {
                 foreach ($this->readRoles as $role) {
                     if ($this->user->isInRole($role->getName())) {
                         $this->isAllowedToWrite = true;
                     }
                 }
             }
         }
     }
     return $this->isAllowedToWrite;
 }