basic rights managment

14 years ago · c138cb6baa
parent efe4c42bd7
commit c138cb6baa
3 changed files with 45 additions and 2 deletions
--- a/main/inc/banner.inc.php
+++ b/main/inc/banner.inc.php
@ -265,7 +265,7 @@ if ($_user['user_id'] && !api_is_anonymous()) {

 	// Reports
 	if (api_get_setting('show_tabs', 'reports') == 'true') {
-		if (api_is_platform_admin() || api_is_drh() || api_is_session_admin()) {
+		if ((api_is_platform_admin() || api_is_drh() || api_is_session_admin()) && Rights::hasRight('show_tabs:reports')) {
 			$navigation['reports'] = $possible_tabs['reports'];
 		}
 	} else{
--- a/main/inc/global.inc.php
+++ b/main/inc/global.inc.php
@ -98,6 +98,7 @@ require_once $lib_path.'text.lib.php';
 require_once $lib_path.'security.lib.php';
 require_once $lib_path.'events.lib.inc.php';
 require_once $lib_path.'debug.lib.php';
+require_once $lib_path.'rights.lib.php';


 /*  DATABASE CONNECTION  */
@ -535,4 +536,4 @@ if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as']) && isse
 		$s_sql_update_logout_date = "UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
 		Database::query($s_sql_update_logout_date);
 	}
-}
+}
--- a/main/inc/lib/rights.lib.php
+++ b/main/inc/lib/rights.lib.php
@ -0,0 +1,42 @@
+<?php
+
+class Rights {
+	private static $rights_cache = array();
+	private static $rights = array (
+		'show_tabs:reports' => 
+			array (
+				'type' => 'const',
+				'const' => 'true' )
+		);
+
+	// warning the goal of this function is to enforce rights managment in Chamilo
+	// thus default return value is always true
+	public static function hasRight($handler) {
+		if (array_key_exists($handler, self::$rights_cache)) 
+			return self::$rights_cache[$handler];
+
+		if (!array_key_exists($handler, self::$rights))
+			return true; // handler does not exists
+
+		if (self::$rights[$handler]['type'] == 'sql') {
+			$result = Database::query(self::$rights[$handler]['sql']);
+			if (Database::num_rows($result) > 0) 
+				$result = true;
+			else
+				$result = false;
+		} else if (self::$rights[$handler]['type'] == 'const')
+			$result = self::$rights[$handler]['const'];
+		else if (self::$rights[$handler]['type'] == 'func')
+			$result = self::$rights[$handler]['func']();
+		else // handler type not implemented
+			return true;
+		self::$rights_cache[$handler] = $result;
+		return $result;
+	}
+			 
+	public static function hasRightClosePageWithError($handler) {
+		if (hasRight($handler) == false)
+			die("You are not allowed here"); //FIXME
+	}
+
+}