<?php
/*********************************************************************************
* TES is a Time and Expense Management program developed by
* Initechs, LLC. Copyright (C) 2009 - 2010 Initechs LLC.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation with the addition of the following permission added
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
* IN WHICH THE COPYRIGHT IS OWNED BY INITECHS, INITECHS DISCLAIMS THE WARRANTY
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, see http://www.gnu.org/licenses or write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*
* You can contact Initechs headquarters at 1841 Piedmont Road, Suite 301,
* Marietta, GA, USA. or at email address hide@address.com
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display od the "Initechs" logo.
* If the display of the logo is not reasonably feasible for technical reasons,
* the Appropriate Legal Notices must display the words "Powered by Initechs".
********************************************************************************/
$basedir = dirname(__FILE__) . '/..';
require_once("$basedir/baseclass/DBCommonFunctions.php");
require_once("$basedir/menu/menuconfig.php");
class dbObjAuth extends DBCommonFunctions {}
class userauthorization
{
private static $s_authority = 'none';
private static $s_module = NULL;
private static $s_action = NULL;
public function isauthorized_module_level($module)
{
global $menu_config_array;
$module = strtolower($module);
if (strtolower(loggedUserID()) == 'admin')
return true;
if ($module == 'about')
return true;
$authId = getUserAuthID();
if ($authId == null)
return false;
$dbObj = new dbObjAuth();
$where = "authorizations_id = '$authId' and module = '$module' and authlevel <> '0'";
$authData = $dbObj->fetchRowbyWhereClause('authorizations', $where);
if ($authData != null)
return true;
foreach ($menu_config_array[$module]['actions'] as $submodule => $submenu)
{
if (isset($menu_config_array[$submodule]) // This is an iteration, be careful. - Kallol.
and ($this->isauthorized_module_level($submodule)))
return true;
}
return false;
}
public function isauthorized_module_action_level($module, $action)
{
global $authArray;
$module = strtolower($module);
$action = strtolower($action);
if (strtolower(loggedUserID()) == 'admin')
return true;
if ($module == 'about')
return true;
$authId = getUserAuthID();
if ($authId == null)
return flase;
$auth_action = isset($authArray[$module][$action]) ? $authArray[$module][$action] : $action;
$where = " authorizations_id = '$authId' and module = '$module' and action = '$auth_action' and authlevel <> '0'";
$dbObj = new dbObjAuth();
$authData = $dbObj->fetchRowbyWhereClause('authorizations', $where);
return $authData == null ? false : true;
}
public function isauthorized_record_level($module, $action, $createby='')
{
global $authArray;
global $authLevel;
$module = strtolower($module);
$action = strtolower($action);
if (strtolower(loggedUserID()) == 'admin')
return true;
if ($module == 'about')
return true;
$authId = getUserAuthID();
if ($authId == null)
return false;
$auth_action = isset($authArray[$module][$action]) ? $authArray[$module][$action] : $action;
$where = " authorizations_id = '$authId' and module = '$module' and action = '$auth_action' and authlevel <> '0'";
$dbObj = new dbObjAuth();
$authData = $dbObj->fetchRowbyWhereClause('authorizations', $where);
if ($authData == null)
return false;
$authLevelValue = $authLevel[$authData['authlevel']];
if ($authLevelValue == 'all' or $authLevelValue == 'group')
return true;
// For own check record creator
if ($createby == '')
$createby = $_SESSION['postdata']['createby'];
if (loggedUserID() == $createby)
return true;
$userID = isset($_SESSION['postdata']['users_id'])? $_SESSION['postdata']['users_id'] : "";
if (($module == 'users')
and (($action == 'browse')
or ($action == 'changepassword'))
and (loggedUserID() == $userID))
return true;
return false;
}
public function chkauthorityLevel($module, $action)
{
global $authArray;
global $authLevel;
$module = strtolower($module);
$action = strtolower($action);
$user = loggedUserID();
if (strtolower($user) == 'admin')
return($authLevel['3']);
if ((self::$s_module == $module)
and (self::$s_action == $action))
return self::$s_authority;
$auth_action = $action;
$authId = getUserAuthID();
if ($authId == null)
$authority = $authLevel['0'];
else
{
if (isset($authArray[$module][$action]))
$auth_action = $authArray[$module][$action];
$where = "authorizations_id = '$authId' and module = '$module' and action = '$auth_action' ";
$dbObj = new dbObjAuth();
$authData = $dbObj->fetchRowbyWhereClause('authorizations', $where);
$authority = ($authData == null) ? $authLevel['0'] : $authLevel[$authData['authlevel']];
}
self::$s_module = $module;
self::$s_action = $auth_action;
self::$s_authority = $authority;
return $authority;
}
public function checkauthority_for_display($ControlDS, $uid)
{
if ($ControlDS->action == 'Login')
return true;
if ($ControlDS->module == 'install')
return true;
$loggedinUser = loggedUserID();
$authority = $this->chkauthorityLevel($ControlDS->module, $ControlDS->action);
if ($authority == 'none')
return false;
if ($uid <> null)
{
$dbObj = new dbObjAuth();
$recordCreator = $dbObj->getRecordCreator($ControlDS->table, $uid);
if ($authority == 'own')
{
if (($ControlDS->table == 'expensedetails')
or ($ControlDS->table == 'expenseheaders')
or ($ControlDS->table == 'times')
or ($ControlDS->table == 'users'))
{
$recordUserId = $dbObj->getRecordUserid($ControlDS->table, $uid);
if (($recordCreator <> $loggedinUser)
and ($recordUserId <> $loggedinUser))
return false;
}
else if ($recordCreator <> $loggedinUser)
return false;
}
}
return true;
}
}
?>