1: <?php
 2: 
 3: /**
 4:  * CONTENIDO Chain.
 5:  * Category backend access feature.
 6:  *
 7:  * @package          Core
 8:  * @subpackage       Chain
 9:  * @version          SVN Revision $Rev:$
10:  *
11:  * @author           Unknown
12:  * @copyright        four for business AG <www.4fb.de>
13:  * @license          http://www.contenido.org/license/LIZENZ.txt
14:  * @link             http://www.4fb.de
15:  * @link             http://www.contenido.org
16:  */
17: 
18: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
19: 
20: /**
21:  *
22:  * @param int $idlang
23:  * @param int $idcat
24:  * @param unknown_type $user
25:  * @return boolean
26:  */
27: function cecFrontendCategoryAccess_Backend($idlang, $idcat, $user) {
28:     global $cfg, $perm;
29: 
30:     if ($perm->have_perm()) {
31:         // sysadmin or client admin can always access to protected areas
32:         return true;
33:     }
34: 
35:     $db2 = cRegistry::getDb();
36: 
37:     $arrSearchFor = array("'" . $db2->escape($user) . "'");
38: 
39:     $sql = "SELECT * FROM " . $cfg['tab']['groupmembers'] . " WHERE user_id = '" . $db2->escape($user) . "'";
40: 
41:     $db2->query($sql);
42: 
43:     while ($db2->nextRecord()) {
44:         $arrSearchFor[] = "'" . $db2->escape($db2->f('group_id')) . "'";
45:     }
46: 
47:     $sSearchFor = implode(",", $arrSearchFor);
48: 
49:     $sql = "SELECT idright
50:             FROM ".$cfg["tab"]["rights"]." AS A,
51:                  ".$cfg["tab"]["actions"]." AS B,
52:                  ".$cfg["tab"]["area"]." AS C
53:             WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id IN (" . $sSearchFor . ") AND A.idcat = " . cSecurity::toInteger($idcat) . "
54:             AND A.idarea = C.idarea AND B.idaction = A.idaction AND A.idlang = " . cSecurity::toInteger($idlang);
55: 
56:     $db2->query($sql);
57: 
58:     if (!$db2->nextRecord()) {
59:         return false;
60:     } else {
61:         return true;
62:     }
63: }
64: