From c33940f64a1e5b59afd700010247382f5b7b2df3 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Mon, 12 Nov 2018 14:41:23 +0100 Subject: Moved permission checks to Authenticator class --- includes/controller/angeltypes_controller.php | 26 ++++++++------------- includes/controller/event_config_controller.php | 4 +--- includes/controller/rooms_controller.php | 4 +--- includes/controller/shift_entries_controller.php | 3 +-- includes/controller/shifts_controller.php | 16 ++++--------- includes/controller/user_angeltypes_controller.php | 9 +++----- .../controller/user_driver_licenses_controller.php | 3 +-- includes/controller/user_worklog_controller.php | 3 +-- includes/controller/users_controller.php | 18 ++++++--------- includes/engelsystem.php | 6 ----- includes/model/Shifts_model.php | 11 ++++----- includes/pages/admin_free.php | 3 +-- includes/pages/admin_news.php | 5 ++-- includes/pages/admin_questions.php | 4 ++-- includes/pages/admin_user.php | 5 ++-- includes/pages/guest_login.php | 7 ++---- includes/pages/user_atom.php | 2 +- includes/pages/user_ical.php | 2 +- includes/pages/user_myshifts.php | 7 +++--- includes/pages/user_news.php | 11 ++++----- includes/pages/user_shifts.php | 6 ++--- includes/sys_auth.php | 27 ---------------------- includes/sys_menu.php | 20 ++++++++-------- includes/view/AngelTypes_view.php | 4 +--- includes/view/Rooms_view.php | 4 +--- includes/view/ShiftCalendarShiftRenderer.php | 8 ++----- includes/view/ShiftTypes_view.php | 3 +-- includes/view/Shifts_view.php | 10 ++++---- includes/view/User_view.php | 6 ++--- 29 files changed, 75 insertions(+), 162 deletions(-) (limited to 'includes') diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 821d101a..6e78db45 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -78,9 +78,7 @@ function angeltypes_about_controller() */ function angeltype_delete_controller() { - global $privileges; - - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { redirect(page_link_to('angeltypes')); } @@ -105,10 +103,8 @@ function angeltype_delete_controller() */ function angeltype_edit_controller() { - global $privileges; - // In supporter mode only allow to modify description - $supporter_mode = !in_array('admin_angel_types', $privileges); + $supporter_mode = !auth()->can('admin_angel_types'); $request = request(); if ($request->has('angeltype_id')) { @@ -178,10 +174,9 @@ function angeltype_edit_controller() */ function angeltype_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -210,8 +205,8 @@ function angeltype_controller() $angeltype, $members, $user_angeltype, - in_array('admin_user_angeltypes', $privileges) || $user_angeltype['supporter'], - in_array('admin_angel_types', $privileges), + auth()->can('admin_user_angeltypes') || $user_angeltype['supporter'], + auth()->can('admin_angel_types'), $user_angeltype['supporter'], $user_driver_license, $user, @@ -250,11 +245,9 @@ function angeltype_controller_shiftsFilterDays($angeltype) */ function angeltype_controller_shiftsFilter($angeltype, $days) { - global $privileges; - $request = request(); $shiftsFilter = new ShiftsFilter( - in_array('user_shifts_admin', $privileges), + auth()->can('user_shifts_admin'), Room_ids(), [$angeltype['id']] ); @@ -278,10 +271,9 @@ function angeltype_controller_shiftsFilter($angeltype, $days) */ function angeltypes_list_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('angeltypes', $privileges)) { + if (!auth()->can('angeltypes')) { redirect(page_link_to('/')); } @@ -296,7 +288,7 @@ function angeltypes_list_controller() ) ]; - if (in_array('admin_angel_types', $privileges)) { + if (auth()->can('admin_angel_types')) { $actions[] = button( page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), __('edit'), @@ -340,7 +332,7 @@ function angeltypes_list_controller() return [ angeltypes_title(), - AngelTypes_list_view($angeltypes, in_array('admin_angel_types', $privileges)) + AngelTypes_list_view($angeltypes, auth()->can('admin_angel_types')) ]; } diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php index e9b27cba..ff68c3ea 100644 --- a/includes/controller/event_config_controller.php +++ b/includes/controller/event_config_controller.php @@ -16,9 +16,7 @@ function event_config_title() */ function event_config_edit_controller() { - global $privileges; - - if (!in_array('admin_event_config', $privileges)) { + if (!auth()->can('admin_event_config')) { redirect(page_link_to('/')); } diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index f95184f0..01d4fd37 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -14,9 +14,7 @@ use Engelsystem\ShiftsFilterRenderer; */ function room_controller() { - global $privileges; - - if (!in_array('view_rooms', $privileges)) { + if (!auth()->can('view_rooms')) { redirect(page_link_to()); } diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 16f0c0a1..a6659598 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -35,7 +35,6 @@ function shift_entries_controller() */ function shift_entry_create_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -50,7 +49,7 @@ function shift_entry_create_controller() $angeltype = AngelType($request->input('angeltype_id')); - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { return shift_entry_create_controller_admin($shift, $angeltype); } diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 375ea6b6..caf124ba 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -43,13 +43,11 @@ function shift_edit_link($shift) */ function shift_edit_controller() { - global $privileges; - $msg = ''; $valid = true; $request = request(); - if (!in_array('admin_shifts', $privileges)) { + if (!auth()->can('admin_shifts')) { redirect(page_link_to('user_shifts')); } @@ -203,10 +201,9 @@ function shift_edit_controller() */ function shift_delete_controller() { - global $privileges; $request = request(); - if (!in_array('user_shifts_admin', $privileges)) { + if (!auth()->can('user_shifts_admin')) { redirect(page_link_to('user_shifts')); } @@ -253,11 +250,10 @@ function shift_delete_controller() */ function shift_controller() { - global $privileges; $user = auth()->user(); $request = request(); - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -332,9 +328,7 @@ function shifts_controller() */ function shift_next_controller() { - global $privileges; - - if (!in_array('user_shifts', $privileges)) { + if (!auth()->can('user_shifts')) { redirect(page_link_to('/')); } @@ -363,7 +357,7 @@ function shifts_json_export_controller() if (!$user) { engelsystem_error('Key invalid.'); } - if (!in_array('shifts_json_export', privileges_for_user($user->id))) { + if (!auth()->can('shifts_json_export')) { engelsystem_error('No privilege for shifts_json_export.'); } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index e03bd293..ad62416a 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -80,7 +80,6 @@ function user_angeltypes_delete_all_controller() */ function user_angeltypes_confirm_all_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -95,7 +94,7 @@ function user_angeltypes_confirm_all_controller() redirect(page_link_to('angeltypes')); } - if (!in_array('admin_user_angeltypes', $privileges) && !User_is_AngelType_supporter($user, $angeltype)) { + if (!auth()->can('admin_user_angeltypes') && !User_is_AngelType_supporter($user, $angeltype)) { error(__('You are not allowed to confirm all users for this angeltype.')); redirect(page_link_to('angeltypes')); } @@ -235,11 +234,10 @@ function user_angeltype_delete_controller() */ function user_angeltype_update_controller() { - global $privileges; $supporter = false; $request = request(); - if (!in_array('admin_angel_types', $privileges)) { + if (!auth()->can('admin_angel_types')) { error(__('You are not allowed to set supporter rights.')); redirect(page_link_to('angeltypes')); } @@ -360,7 +358,6 @@ function user_angeltype_add_controller() */ function user_angeltype_join_controller($angeltype) { - global $privileges; $user = auth()->user(); $user_angeltype = UserAngelType_by_User_and_AngelType($user->id, $angeltype); @@ -380,7 +377,7 @@ function user_angeltype_join_controller($angeltype) )); success($success_message); - if (in_array('admin_user_angeltypes', $privileges)) { + if (auth()->can('admin_user_angeltypes')) { UserAngelType_confirm($user_angeltype_id, $user->id); engelsystem_log(sprintf( 'User %s confirmed as %s.', diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php index 69179b35..9dc15f15 100644 --- a/includes/controller/user_driver_licenses_controller.php +++ b/includes/controller/user_driver_licenses_controller.php @@ -96,13 +96,12 @@ function user_driver_license_load_user() */ function user_driver_license_edit_controller() { - global $privileges; $user = auth()->user(); $request = request(); $user_source = user_driver_license_load_user(); // only privilege admin_user can edit other users driver license information - if ($user->id != $user_source->id && !in_array('admin_user', $privileges)) { + if ($user->id != $user_source->id && !auth()->can('admin_user')) { redirect(user_driver_license_edit_link()); } diff --git a/includes/controller/user_worklog_controller.php b/includes/controller/user_worklog_controller.php index 4eaa5e91..bf0eb1cf 100644 --- a/includes/controller/user_worklog_controller.php +++ b/includes/controller/user_worklog_controller.php @@ -182,10 +182,9 @@ function user_worklog_delete_link($userWorkLog, $parameters = []) */ function user_worklog_controller() { - global $privileges; $user = auth()->user(); - if (!in_array('admin_user_worklog', $privileges)) { + if (!auth()->can('admin_user_worklog')) { redirect(user_link($user->id)); } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 51b6e432..2fcd90b9 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -46,7 +46,6 @@ function users_controller() */ function user_delete_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -56,7 +55,7 @@ function user_delete_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -138,7 +137,6 @@ function user_link($userId) */ function user_edit_vouchers_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -148,7 +146,7 @@ function user_edit_vouchers_controller() $user_source = $user; } - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } @@ -190,7 +188,6 @@ function user_edit_vouchers_controller() */ function user_controller() { - global $privileges; $user = auth()->user(); $request = request(); @@ -203,7 +200,7 @@ function user_controller() } } - $shifts = Shifts_by_user($user_source->id, in_array('user_shifts_admin', $privileges)); + $shifts = Shifts_by_user($user_source->id, auth()->can('user_shifts_admin')); foreach ($shifts as &$shift) { // TODO: Move queries to model $shift['needed_angeltypes'] = DB::select(' @@ -242,15 +239,15 @@ function user_controller() $user_source->name, User_view( $user_source, - in_array('admin_user', $privileges), + auth()->can('admin_user'), User_is_freeloader($user_source), User_angeltypes($user_source->id), User_groups($user_source->id), $shifts, $user->id == $user_source->id, $tshirt_score, - in_array('admin_active', $privileges), - in_array('admin_user_worklog', $privileges), + auth()->can('admin_active'), + auth()->can('admin_user_worklog'), UserWorkLogsForUser($user_source->id) ) ]; @@ -263,10 +260,9 @@ function user_controller() */ function users_list_controller() { - global $privileges; $request = request(); - if (!in_array('admin_user', $privileges)) { + if (!auth()->can('admin_user')) { redirect(page_link_to('')); } diff --git a/includes/engelsystem.php b/includes/engelsystem.php index caebe09b..ca121cc2 100644 --- a/includes/engelsystem.php +++ b/includes/engelsystem.php @@ -21,9 +21,3 @@ if ($app->get('config')->get('maintenance')) { echo $maintenance; die(); } - - -/** - * Init authorization - */ -load_auth(); diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index d6fbe3b6..4be65dda 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -422,17 +422,16 @@ function Shift_signup_allowed_admin($needed_angeltype, $shift_entries) */ function Shift_signout_allowed($shift, $angeltype, $signout_user_id) { - global $privileges; $user = auth()->user(); // user shifts admin can sign out any user at any time - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { return true; } // angeltype supporter can sign out any user at any time from their supported angeltype if ( - in_array('shiftentry_edit_angeltype_supporter', $privileges) + auth()->can('shiftentry_edit_angeltype_supporter') && User_is_AngelType_supporter($user, $angeltype) ) { return true; @@ -466,14 +465,12 @@ function Shift_signup_allowed( $needed_angeltype, $shift_entries ) { - global $privileges; - - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { return Shift_signup_allowed_admin($needed_angeltype, $shift_entries); } if ( - in_array('shiftentry_edit_angeltype_supporter', $privileges) + auth()->can('shiftentry_edit_angeltype_supporter') && User_is_AngelType_supporter(auth()->user(), $angeltype) ) { return Shift_signup_allowed_angeltype_supporter($needed_angeltype, $shift_entries); diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index d8787f36..7b694659 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -17,7 +17,6 @@ function admin_free_title() */ function admin_free() { - global $privileges; $request = request(); $search = ''; @@ -88,7 +87,7 @@ function admin_free() 'dect' => $usr->contact->dect, 'email' => $usr->settings->email_human ? ($usr->contact->email ? $usr->contact->email : $usr->email) : glyph('eye-close'), 'actions' => - in_array('admin_user', $privileges) + auth()->can('admin_user') ? button(page_link_to('admin_user', ['id' => $usr->id]), __('edit'), 'btn-xs') : '' ]; diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 90aeb439..21245eb9 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -8,7 +8,6 @@ use Engelsystem\Models\User\User; */ function admin_news() { - global $privileges; $user = auth()->user(); $request = request(); @@ -32,7 +31,7 @@ function admin_news() case 'edit': $user_source = User::find($news['UID']); if ( - !in_array('admin_news_html', $privileges) + !auth()->can('admin_news_html') && strip_tags($news['Text']) != $news['Text'] ) { $html .= warning( @@ -62,7 +61,7 @@ function admin_news() case 'save': $text = $request->postData('eText'); - if (!in_array('admin_news_html', $privileges)) { + if (!auth()->can('admin_news_html')) { $text = strip_tags($text); } diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 60df1ebf..0b5940cc 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -18,10 +18,10 @@ function admin_questions_title() */ function admin_new_questions() { - global $privileges, $page; + global $page; if ($page != 'admin_questions') { - if (in_array('admin_questions', $privileges)) { + if (auth()->can('admin_questions')) { $new_messages = count(DB::select('SELECT `QID` FROM `Questions` WHERE `AID` IS NULL')); if ($new_messages > 0) { diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 3894e724..63993fc9 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -16,7 +16,6 @@ function admin_user_title() */ function admin_user() { - global $privileges; $user = auth()->user(); $tshirt_sizes = config('tshirt_sizes'); $request = request(); @@ -83,7 +82,7 @@ function admin_user() $html .= html_options('eAktiv', $options, $user_source->state->active) . '' . "\n"; // Aktiv erzwingen - if (in_array('admin_active', $privileges)) { + if (auth()->can('admin_active')) { $html .= ' ' . __('Force active') . '' . "\n"; $html .= html_options('force_active', $options, $user_source->state->force_active) . '' . "\n"; } @@ -249,7 +248,7 @@ function admin_user() case 'save': $force_active = $user->state->force_active; $user_source = User::find($user_id); - if (in_array('admin_active', $privileges)) { + if (auth()->can('admin_active')) { $force_active = $request->input('force_active'); } if ($user_source->settings->email_human) { diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index e1c6dfa4..2df09d79 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -39,7 +39,6 @@ function logout_title() */ function guest_register() { - global $privileges; $authUser = auth()->user(); $tshirt_sizes = config('tshirt_sizes'); $enable_tshirt_size = config('enable_tshirt_size'); @@ -71,7 +70,7 @@ function guest_register() } } - if (!in_array('register', $privileges) || (!$authUser && !config('registration_enabled'))) { + if (!auth()->can('register') || (!$authUser && !config('registration_enabled'))) { error(__('Registration is disabled.')); return page_with_title(register_title(), [ @@ -472,9 +471,7 @@ function guest_login() */ function get_register_hint() { - global $privileges; - - if (in_array('register', $privileges) && config('registration_enabled')) { + if (auth()->can('register') && config('registration_enabled')) { return join('', [ '

' . __('Please sign up, if you want to help us!') . '

', buttons([ diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 6aafb74f..e624ceb4 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -17,7 +17,7 @@ function user_atom() if (empty($user)) { engelsystem_error('Key invalid.'); } - if (!in_array('atom', privileges_for_user($user->id))) { + if (!auth()->can('atom')) { engelsystem_error('No privilege for atom.'); } diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index 8a80d681..ee3a8340 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -15,7 +15,7 @@ function user_ical() if (!$user) { engelsystem_error('Key invalid.'); } - if (!in_array('ical', privileges_for_user($user->id))) { + if (!auth()->can('ical')) { engelsystem_error('No privilege for ical.'); } diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 1eab016d..11bbc9f4 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -18,13 +18,12 @@ function myshifts_title() */ function user_myshifts() { - global $privileges; $user = auth()->user(); $request = request(); if ( $request->has('id') - && in_array('user_shifts_admin', $privileges) + && auth()->can('user_shifts_admin') && preg_match('/^\d{1,}$/', $request->input('id')) && User::find($request->input('id')) ) { @@ -79,7 +78,7 @@ function user_myshifts() if ($request->hasPostData('submit')) { $valid = true; - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { $freeloaded = $request->has('freeloaded'); $freeload_comment = strip_request_item_nl('freeload_comment'); if ($freeloaded && $freeload_comment == '') { @@ -120,7 +119,7 @@ function user_myshifts() $shift['Comment'], $shift['freeloaded'], $shift['freeload_comment'], - in_array('user_shifts_admin', $privileges) + auth()->can('user_shifts_admin') ); } else { redirect(page_link_to('user_myshifts')); diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index e101be6b..34be033f 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -91,7 +91,7 @@ function news_text($news) */ function display_news($news) { - global $privileges, $page; + global $page; $html = ''; $html .= '
'; @@ -101,7 +101,7 @@ function display_news($news) $html .= '
' . news_text($news) . '
'; $html .= '
'; - if (in_array('admin_news', $privileges)) { + if (auth()->can('admin_news')) { $html .= '
' . button_glyph( page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), @@ -198,7 +198,6 @@ function user_news_comments() */ function user_news() { - global $privileges; $user = auth()->user(); $display_news = config('display_news'); $request = request(); @@ -206,13 +205,13 @@ function user_news() $html = '

' . news_title() . '

' . msg(); $isMeeting = $request->postData('treffen'); - if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { + if ($request->has('text') && $request->has('betreff') && auth()->can('admin_news')) { if (!$request->has('treffen')) { $isMeeting = 0; } $text = $request->postData('text'); - if (!in_array('admin_news_html', $privileges)) { + if (!auth()->can('admin_news_html')) { $text = strip_tags($text); } @@ -266,7 +265,7 @@ function user_news() } $html .= '
'; - if (in_array('admin_news', $privileges)) { + if (auth()->can('admin_news')) { $html .= '
'; $html .= '

' . __('Create news:') . '

'; diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index cef6af73..942b8849 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -168,7 +168,7 @@ function load_types() */ function view_user_shifts() { - global $privileges, $ical_shifts; + global $ical_shifts; $user = auth()->user(); $session = session(); @@ -182,13 +182,13 @@ function view_user_shifts() $rooms[0]['id'] ]; $type_ids = array_map('get_ids_from_array', $types); - $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); + $shiftsFilter = new ShiftsFilter(auth()->can('user_shifts_admin'), $room_ids, $type_ids); $session->set('shifts-filter', $shiftsFilter->sessionExport()); } $shiftsFilter = new ShiftsFilter(); $shiftsFilter->sessionImport($session->get('shifts-filter')); - update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); + update_ShiftsFilter($shiftsFilter, auth()->can('user_shifts_admin'), $days); $session->set('shifts-filter', $shiftsFilter->sessionExport()); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 5d2fa8be..520b13eb 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,35 +1,8 @@ has('uid')) { - $user = auth()->user(); - - if ($user) { - $user->last_login_at = new Carbon(); - $user->save(); - - $privileges = privileges_for_user($user->id); - return; - } - - $session->remove('uid'); - } - - // guest privileges - $privileges = privileges_for_group(-10); -} - /** * generate a salt (random string) of arbitrary length suitable for the use with crypt() * diff --git a/includes/sys_menu.php b/includes/sys_menu.php index e4f79766..b4c04a98 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -45,15 +45,15 @@ function header_render_hints() */ function make_user_submenu() { - global $privileges, $page; + global $page; $user_submenu = make_language_select(); - if (in_array('user_settings', $privileges) || in_array('logout', $privileges)) { + if (auth()->can('user_settings') || auth()->can('logout')) { $user_submenu[] = toolbar_item_divider(); } - if (in_array('user_settings', $privileges)) { + if (auth()->can('user_settings')) { $user_submenu[] = toolbar_item_link( page_link_to('user_settings'), 'list-alt', @@ -62,7 +62,7 @@ function make_user_submenu() ); } - if (in_array('logout', $privileges)) { + if (auth()->can('logout')) { $user_submenu[] = toolbar_item_link( page_link_to('logout'), 'log-out', @@ -79,7 +79,7 @@ function make_user_submenu() */ function make_navigation() { - global $page, $privileges; + global $page; $menu = []; $pages = [ @@ -91,7 +91,7 @@ function make_navigation() ]; foreach ($pages as $menu_page => $title) { - if (in_array($menu_page, $privileges)) { + if (auth()->can($menu_page)) { $menu[] = toolbar_item_link(page_link_to($menu_page), '', $title, $menu_page == $page); } } @@ -115,7 +115,7 @@ function make_navigation() ]; foreach ($admin_pages as $menu_page => $title) { - if (in_array($menu_page, $privileges)) { + if (auth()->can($menu_page)) { $admin_menu[] = toolbar_item_link( page_link_to($menu_page), '', @@ -140,16 +140,14 @@ function make_navigation() */ function make_room_navigation($menu) { - global $privileges; - - if (!in_array('view_rooms', $privileges)) { + if (!auth()->can('view_rooms')) { return $menu; } // Get a list of all rooms $rooms = Rooms(); $room_menu = []; - if (in_array('admin_rooms', $privileges)) { + if (auth()->can('admin_rooms')) { $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', __('Manage rooms')); } if (count($room_menu) > 0) { diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index ab4ce517..f4e83758 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -564,14 +564,12 @@ function AngelTypes_about_view_angeltype($angeltype) */ function AngelTypes_about_view($angeltypes, $user_logged_in) { - global $privileges; - $buttons = []; if ($user_logged_in) { $buttons[] = button(page_link_to('angeltypes'), angeltypes_title(), 'back'); } else { - if (in_array('register', $privileges) && config('registration_enabled')) { + if (auth()->can('register') && config('registration_enabled')) { $buttons[] = button(page_link_to('register'), register_title()); } diff --git a/includes/view/Rooms_view.php b/includes/view/Rooms_view.php index 93351e28..4ea78e86 100644 --- a/includes/view/Rooms_view.php +++ b/includes/view/Rooms_view.php @@ -64,9 +64,7 @@ function Room_view($room, ShiftsFilterRenderer $shiftsFilterRenderer, ShiftCalen */ function Room_name_render($room) { - global $privileges; - - if (in_array('view_rooms', $privileges)) { + if (auth()->can('view_rooms')) { return '' . glyph('map-marker') . $room['Name'] . ''; } diff --git a/includes/view/ShiftCalendarShiftRenderer.php b/includes/view/ShiftCalendarShiftRenderer.php index 6a01949e..3f427ea0 100644 --- a/includes/view/ShiftCalendarShiftRenderer.php +++ b/includes/view/ShiftCalendarShiftRenderer.php @@ -97,8 +97,6 @@ class ShiftCalendarShiftRenderer */ private function renderShiftNeededAngeltypes($shift, $needed_angeltypes, $shift_entries, $user) { - global $privileges; - $shift_entries_filtered = []; foreach ($needed_angeltypes as $needed_angeltype) { $shift_entries_filtered[$needed_angeltype['id']] = []; @@ -130,7 +128,7 @@ class ShiftCalendarShiftRenderer $shift_signup_state = new ShiftSignupState(ShiftSignupState::SHIFT_ENDED, 0); } - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { $html .= '
  • '; $html .= button(shift_entry_create_link_admin($shift), glyph('plus') . __('Add more angels'), @@ -253,10 +251,8 @@ class ShiftCalendarShiftRenderer */ private function renderShiftHead($shift, $class) { - global $privileges; - $header_buttons = ''; - if (in_array('admin_shifts', $privileges)) { + if (auth()->can('admin_shifts')) { $header_buttons = '
    ' . table_buttons([ button( page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), diff --git a/includes/view/ShiftTypes_view.php b/includes/view/ShiftTypes_view.php index 72d119ff..634f9760 100644 --- a/includes/view/ShiftTypes_view.php +++ b/includes/view/ShiftTypes_view.php @@ -6,8 +6,7 @@ */ function ShiftType_name_render($shifttype) { - global $privileges; - if (in_array('shifttypes', $privileges)) { + if (auth()->can('shifttypes')) { return '' . $shifttype['name'] . ''; } return $shifttype['name']; diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php index 4c329f1b..4daaec8e 100644 --- a/includes/view/Shifts_view.php +++ b/includes/view/Shifts_view.php @@ -102,12 +102,10 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null) */ function Shift_view($shift, $shifttype, $room, $angeltypes_source, ShiftSignupState $shift_signup_state) { - global $privileges; - - $shift_admin = in_array('admin_shifts', $privileges); - $user_shift_admin = in_array('user_shifts_admin', $privileges); - $admin_rooms = in_array('admin_rooms', $privileges); - $admin_shifttypes = in_array('shifttypes', $privileges); + $shift_admin = auth()->can('admin_shifts'); + $user_shift_admin = auth()->can('user_shifts_admin'); + $admin_rooms = auth()->can('admin_rooms'); + $admin_shifttypes = auth()->can('shifttypes'); $parsedown = new Parsedown(); diff --git a/includes/view/User_view.php b/includes/view/User_view.php index 2b4154b4..275a31ca 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -352,8 +352,6 @@ function User_view_shiftentries($needed_angel_type) */ function User_view_myshift($shift, $user_source, $its_me) { - global $privileges; - $shift_info = '' . $shift['name'] . ''; if ($shift['title']) { $shift_info .= '
    ' . $shift['title'] . ''; @@ -382,7 +380,7 @@ function User_view_myshift($shift, $user_source, $its_me) $myshift['duration'] = '

    ' . round(-($shift['end'] - $shift['start']) / 3600 * 2, 2) . ' h' . '

    '; - if (in_array('user_shifts_admin', $privileges)) { + if (auth()->can('user_shifts_admin')) { $myshift['comment'] .= '
    ' . '

    ' . __('Freeloaded') . ': ' . $shift['freeload_comment'] . '

    '; } else { @@ -393,7 +391,7 @@ function User_view_myshift($shift, $user_source, $its_me) $myshift['actions'] = [ button(shift_link($shift), glyph('eye-open') . __('view'), 'btn-xs') ]; - if ($its_me || in_array('user_shifts_admin', $privileges)) { + if ($its_me || auth()->can('user_shifts_admin')) { $myshift['actions'][] = button( page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source->id]), glyph('edit') . __('edit'), -- cgit v1.2.3-54-g00ecf