1<?php 2// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 3// 4// All Rights Reserved. See copyright.txt for details and a complete list of authors. 5// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 6// $Id$ 7 8/** 9 * Smarty plugin 10 * @package Smarty 11 * @subpackage plugins 12 * 13 */ 14 15//this script may only be included - so its better to die if called directly. 16if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) { 17 header("location: index.php"); 18 exit; 19} 20 21function smarty_block_permission($params, $content, $smarty, &$repeat) 22{ 23 if ($repeat) { 24 return; 25 } 26 27 // Removing and Modifying a tracker item require a special permissions check 28 if (! empty($params['type']) && $params['type'] == 'trackeritem') { 29 $removePerms = ['remove_tracker_items','remove_tracker_items_pending','remove_tracker_items_closed']; 30 $modifyPerms = ['modify_tracker_items','modify_tracker_items_pending','modify_tracker_items_closed']; 31 32 $trklib = TikiLib::lib('trk'); 33 $itemInfo = $trklib->get_tracker_item($params['object']); 34 35 if (! $itemInfo) { 36 return ""; //invalid tracker item. 37 } 38 39 $itemObject = Tracker_Item::fromInfo($itemInfo); 40 41 if (in_array($params['name'], $removePerms)) { 42 if ($itemObject->canRemove()) { 43 return $content; 44 } 45 } elseif (in_array($params['name'], $modifyPerms)) { 46 if ($itemObject->canModify()) { 47 return $content; 48 } 49 } 50 } 51 52 //Standard permissions check 53 $context = []; 54 55 if (isset($params['type'], $params['object'])) { 56 $context['type'] = $params['type']; 57 $context['object'] = $params['object']; 58 } 59 60 $perms = Perms::get($context); 61 $name = $params['name']; 62 63 if ($perms->$name) { 64 return $content; 65 } else { 66 return ''; 67 } 68} 69