1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: function cCatPerm($widcat, $db = null) {
19: global $cfg, $sess, $auth, $group_id, $_arrCatIDs_cCP;
20:
21: if (strpos($auth->auth['perm'], 'admin') !== FALSE) {
22: return true;
23: }
24:
25: if (is_null($db) || !is_object($db)) {
26: $db = cRegistry::getDb();
27: }
28:
29: $group_ids = getGroupIDs($db);
30: $group_ids[] = cSecurity::escapeDB($auth->auth['uid'], $db);
31:
32: if (!is_array($_arrCatIDs_cCP)) {
33: $_arrCatIDs_cCP = array();
34:
35: $sql_inc = " user_id='";
36: $sql_inc .= implode("' OR user_id='", $group_ids) . "' ";
37: $sql = "SELECT idcat FROM " . $cfg['tab']['rights'] . "
38: WHERE idarea=6 AND idaction=359 AND ($sql_inc)";
39:
40: $db->query($sql);
41:
42: while ($db->nextRecord()) {
43: $_arrCatIDs_cCP[$db->f('idcat')] = '';
44: }
45: }
46:
47: return array_key_exists($widcat, $_arrCatIDs_cCP);
48: }
49:
50: function getGroupIDs(&$db) {
51: global $cfg, $sess, $auth, $group_id, $_arrGroupIDs_gGI;
52:
53: if (is_array($_arrGroupIDs_gGI)) {
54: return $_arrGroupIDs_gGI;
55: }
56:
57: $sql = "SELECT group_id FROM " . $cfg["tab"]["groupmembers"] . " WHERE user_id='" . cSecurity::escapeDB($auth->auth["uid"], $db) . "'";
58: $db->query($sql);
59:
60: $_arrGroupIDs_gGI = array();
61:
62: while ($db->nextRecord())
63: $_arrGroupIDs_gGI[] = $db->f('group_id');
64:
65: return $_arrGroupIDs_gGI;
66: }
67:
68: ?>