ordersprinter/webapp/php/utilities/permissions.php

58 lines
1.8 KiB
PHP

<?php
class Permissions {
public static function checkRights($command,$rights) {
if (session_id() == '') {
session_start();
}
if (!array_key_exists($command, $rights)) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_FOUND, "msg" => ERROR_COMMAND_NOT_FOUND_MSG));
return false;
}
$cmdRights = $rights[$command];
if ($cmdRights["loggedin"] == 1) {
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
}
}
if ($cmdRights["isadmin"] == 1) {
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
} else {
if ($_SESSION['is_admin'] == false) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG));
return false;
}
}
}
if (!is_null($cmdRights["rights"])) {
foreach ($cmdRights["rights"] as $aRight) {
if ($aRight == 'timetracking') {
if (($_SESSION['is_admin']) || ($_SESSION['right_timetracking'])) {
return true;
}
} else if ($aRight == 'timemanager') {
if ($_SESSION['right_timemanager']) {
return true;
}
} else if ($aRight == 'tasks') {
if (($_SESSION['is_admin']) || ($_SESSION['right_tasks'])) {
return true;
}
} else if ($aRight == 'tasksmanagement') {
if ($_SESSION['right_tasksmanagement']) {
return true;
}
}
}
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
}
return true;
}
}