File includes/chains/include.chain.frontend.cat_backendaccess.php

 1: <?php
 2: /**
 3:  * CONTENIDO Chain.
 4:  * Category backend access feature.
 5:  *
 6:  * @package          Core
 7:  * @subpackage       Chain
 8:  * @version          SVN Revision $Rev:$
 9:  *
10:  * @author           Unknown
11:  * @copyright        four for business AG <www.4fb.de>
12:  * @license          http://www.contenido.org/license/LIZENZ.txt
13:  * @link             http://www.4fb.de
14:  * @link             http://www.contenido.org
15:  */
16: 
17: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
18: 
19: function cecFrontendCategoryAccess_Backend($idlang, $idcat, $user)
20: {
21:     global $cfg, $perm;
22: 
23:     if ($perm->have_perm()) {
24:         // sysadmin or client admin can always access to protected areas
25:         return true;
26:     }
27: 
28:     $db2 = cRegistry::getDb();
29: 
30:     $arrSearchFor = array("'" . $db2->escape($user) . "'");
31: 
32:     $sql = "SELECT * FROM " . $cfg['tab']['groupmembers'] . " WHERE user_id = '" . $db2->escape($user) . "'";
33: 
34:     $db2->query($sql);
35: 
36:     while ($db2->nextRecord()) {
37:         $arrSearchFor[] = "'" . $db2->escape($db2->f('group_id')) . "'";
38:     }
39: 
40:     $sSearchFor = implode(",", $arrSearchFor);
41: 
42:     $sql = "SELECT idright
43:             FROM ".$cfg["tab"]["rights"]." AS A,
44:                  ".$cfg["tab"]["actions"]." AS B,
45:                  ".$cfg["tab"]["area"]." AS C
46:             WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id IN (" . $sSearchFor . ") AND A.idcat = " . cSecurity::toInteger($idcat) . "
47:             AND A.idarea = C.idarea AND B.idaction = A.idaction AND A.idlang = " . cSecurity::toInteger($idlang);
48: 
49:     $db2->query($sql);
50: 
51:     if (!$db2->nextRecord()) {
52:         return false;
53:     } else {
54:         return true;
55:     }
56: }
57:
Packages

Classes

Interfaces
