public function userHasAccess( $identity = '', $module = '', $controller = '', $action = '' ) { $select = $this->select() ->where('module = ?', $module) ->where('controller = ?', $controller) ->where('action = ?', $action); $action = $this->fetchRow($select); if (!$action) { return false; } if (!$action['is_secure']) { return true; } if (!$identity) { return false; } $User = new Application_Model_DbTable_User(); $select = $User->select()->where('username = ?', $identity); $u = $User->fetchRow($select); if (!$u) { return false; } $ahu = new Application_Model_DbTable_ActionHasUser(); $select = $ahu->select() ->where('action_id = ?', $action['action_id']) ->where('user_id = ?', $u['user_id']); $row = $ahu->fetchRow($select); return (bool)$row; }
Listing 38.1. Metoda sprawdzająca, czy użytkownik ma uprawnienia do wykonania akcji
Rozdział 38. Ograniczanie uprawnień użytkowników