1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23: 24:
25: function cecFrontendCategoryAccess_Backend($idlang, $idcat, $user) {
26: global $cfg, $perm;
27:
28: if ($perm->have_perm()) {
29:
30: return true;
31: }
32:
33: $db2 = cRegistry::getDb();
34:
35: $arrSearchFor = array("'" . $db2->escape($user) . "'");
36:
37: $sql = "SELECT * FROM " . $cfg['tab']['groupmembers'] . " WHERE user_id = '" . $db2->escape($user) . "'";
38:
39: $db2->query($sql);
40:
41: while ($db2->nextRecord()) {
42: $arrSearchFor[] = "'" . $db2->escape($db2->f('group_id')) . "'";
43: }
44:
45: $sSearchFor = implode(",", $arrSearchFor);
46:
47: $sql = "SELECT idright
48: FROM ".$cfg["tab"]["rights"]." AS A,
49: ".$cfg["tab"]["actions"]." AS B,
50: ".$cfg["tab"]["area"]." AS C
51: WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id IN (" . $sSearchFor . ") AND A.idcat = " . cSecurity::toInteger($idcat) . "
52: AND A.idarea = C.idarea AND B.idaction = A.idaction AND A.idlang = " . cSecurity::toInteger($idlang);
53:
54: $db2->query($sql);
55:
56: if (!$db2->nextRecord()) {
57: return false;
58: } else {
59: return true;
60: }
61: }
62: