2020-05-29 13:41:58 +02:00
< ? php
namespace App\Controller\Component ;
use Cake\Controller\Component ;
2020-06-21 21:27:11 +02:00
use App\Model\Entity\User ;
use Cake\Http\Exception\NotFoundException ;
use Cake\Http\Exception\MethodNotAllowedException ;
use Cake\Http\Exception\ForbiddenException ;
use Cake\ORM\TableRegistry ;
2020-06-21 23:53:38 +02:00
use Cake\Core\Configure ;
use Cake\Core\Configure\Engine\PhpConfig ;
2020-09-29 13:18:28 +02:00
use Cake\Utility\Inflector ;
2021-09-07 15:51:21 +02:00
use Cake\Routing\Router ;
2020-05-29 13:41:58 +02:00
class ACLComponent extends Component
{
2020-06-21 21:27:11 +02:00
private $user = null ;
2021-09-09 11:05:00 +02:00
protected $components = [ 'Navigation' ];
2020-06-21 21:27:11 +02:00
public function initialize ( array $config ) : void
{
$this -> request = $config [ 'request' ];
$this -> Authentication = $config [ 'Authentication' ];
}
2020-05-29 13:41:58 +02:00
// syntax:
// $__aclList[$controller][$action] = $permission_rules
// $controller == '*' - any controller can have this action
2020-06-21 21:27:11 +02:00
// $action == [] - site admin only has access
2020-05-29 13:41:58 +02:00
// $action == '*' - any role has access
2020-06-21 21:27:11 +02:00
// $action == array('OR' => []) - any role in the array has access
// $action == array('AND' => []) - roles with all permissions in the array have access
2020-05-29 13:41:58 +02:00
// If we add any new functionality to MISP and we don't add it to this list, it will only be visible to site admins.
2020-06-21 21:27:11 +02:00
private $aclList = array (
2020-09-29 13:18:28 +02:00
'*' => [
'checkPermission' => [ '*' ],
'generateUUID' => [ '*' ],
2021-12-01 14:22:02 +01:00
'getRoleAccess' => [ '*' ],
2020-09-29 13:18:28 +02:00
'queryACL' => [ 'perm_admin' ]
],
'Alignments' => [
'add' => [ 'perm_admin' ],
'delete' => [ 'perm_admin' ],
'index' => [ '*' ],
'view' => [ '*' ]
],
2021-11-29 23:37:41 +01:00
'AuditLogs' => [
2022-02-23 09:59:47 +01:00
'filtering' => [ 'perm_admin' ],
'index' => [ 'perm_admin' ],
2021-11-29 23:37:41 +01:00
],
2020-09-29 13:18:28 +02:00
'AuthKeys' => [
'add' => [ '*' ],
'delete' => [ '*' ],
'index' => [ '*' ]
],
2020-09-28 01:25:07 +02:00
'Broods' => [
'add' => [ 'perm_admin' ],
'delete' => [ 'perm_admin' ],
2021-06-28 23:55:24 +02:00
'downloadIndividual' => [ 'perm_admin' ],
'downloadOrg' => [ 'perm_admin' ],
'downloadSharingGroup' => [ 'perm_admin' ],
2020-09-28 01:25:07 +02:00
'edit' => [ 'perm_admin' ],
'index' => [ 'perm_admin' ],
2021-06-28 23:55:24 +02:00
'interconnectTools' => [ 'perm_admin' ],
'previewIndex' => [ 'perm_admin' ],
'testConnection' => [ 'perm_admin' ],
2020-09-28 01:25:07 +02:00
'view' => [ 'perm_admin' ]
],
2020-09-29 13:18:28 +02:00
'EncryptionKeys' => [
2022-01-17 15:29:58 +01:00
'view' => [ '*' ],
2020-09-29 13:18:28 +02:00
'add' => [ '*' ],
2021-06-28 23:55:24 +02:00
'edit' => [ '*' ],
2020-09-29 13:18:28 +02:00
'delete' => [ '*' ],
'index' => [ '*' ]
],
2021-06-28 23:55:24 +02:00
'Inbox' => [
2021-06-29 11:51:29 +02:00
'createEntry' => [ 'OR' => [ 'perm_admin' , 'perm_sync' ]],
2021-06-28 23:55:24 +02:00
'delete' => [ 'perm_admin' ],
'filtering' => [ 'perm_admin' ],
'index' => [ 'perm_admin' ],
2021-06-29 11:51:29 +02:00
'listProcessors' => [ 'OR' => [ 'perm_admin' , 'perm_sync' ]],
2021-06-28 23:55:24 +02:00
'process' => [ 'perm_admin' ],
'view' => [ 'perm_admin' ],
],
2020-09-29 13:18:28 +02:00
'Individuals' => [
'add' => [ 'perm_admin' ],
'delete' => [ 'perm_admin' ],
'edit' => [ 'perm_admin' ],
2021-11-29 23:37:41 +01:00
'filtering' => [ '*' ],
2020-09-29 13:18:28 +02:00
'index' => [ '*' ],
2021-11-29 23:37:41 +01:00
'tag' => [ 'perm_tagger' ],
'untag' => [ 'perm_tagger' ],
'view' => [ '*' ],
'viewTags' => [ '*' ]
2020-09-29 13:18:28 +02:00
],
2020-09-28 01:25:07 +02:00
'Instance' => [
'home' => [ '*' ],
2021-06-28 23:55:24 +02:00
'migrate' => [ 'perm_admin' ],
'migrationIndex' => [ 'perm_admin' ],
'rollback' => [ 'perm_admin' ],
2021-11-29 23:37:41 +01:00
'saveSetting' => [ 'perm_admin' ],
'searchAll' => [ '*' ],
'settings' => [ 'perm_admin' ],
2020-09-28 01:25:07 +02:00
'status' => [ '*' ]
],
2021-06-28 23:55:24 +02:00
'LocalTools' => [
'action' => [ 'perm_admin' ],
'add' => [ 'perm_admin' ],
2021-11-29 23:37:41 +01:00
'batchAction' => [ 'perm_admin' ],
2021-06-28 23:55:24 +02:00
'broodTools' => [ 'perm_admin' ],
'connectionRequest' => [ 'perm_admin' ],
2022-01-17 13:15:26 +01:00
// 'connectLocal' => ['perm_admin'],
2021-06-28 23:55:24 +02:00
'delete' => [ 'perm_admin' ],
'edit' => [ 'perm_admin' ],
2021-06-29 16:17:56 +02:00
'exposedTools' => [ 'OR' => [ 'perm_admin' , 'perm_sync' ]],
2021-06-28 23:55:24 +02:00
'index' => [ 'perm_admin' ],
'connectorIndex' => [ 'perm_admin' ],
'view' => [ 'perm_admin' ],
'viewConnector' => [ 'perm_admin' ]
],
2020-09-29 13:18:28 +02:00
'MetaTemplateFields' => [
'index' => [ 'perm_admin' ]
],
'MetaTemplates' => [
'disable' => [ 'perm_admin' ],
'enable' => [ 'perm_admin' ],
'index' => [ 'perm_admin' ],
'update' => [ 'perm_admin' ],
2021-06-28 23:55:24 +02:00
'toggle' => [ 'perm_admin' ],
2020-09-29 13:18:28 +02:00
'view' => [ 'perm_admin' ]
2020-06-21 21:27:11 +02:00
],
2020-09-29 11:48:47 +02:00
'Organisations' => [
'add' => [ 'perm_admin' ],
'delete' => [ 'perm_admin' ],
'edit' => [ 'perm_admin' ],
2021-06-28 23:55:24 +02:00
'filtering' => [ '*' ],
2020-09-29 11:48:47 +02:00
'index' => [ '*' ],
2021-11-29 23:37:41 +01:00
'tag' => [ 'perm_tagger' ],
'untag' => [ 'perm_tagger' ],
'view' => [ '*' ],
'viewTags' => [ '*' ]
2020-09-29 11:48:47 +02:00
],
2021-06-28 23:55:24 +02:00
'Outbox' => [
'createEntry' => [ 'perm_admin' ],
'delete' => [ 'perm_admin' ],
'filtering' => [ 'perm_admin' ],
'index' => [ 'perm_admin' ],
'listProcessors' => [ 'perm_admin' ],
'process' => [ 'perm_admin' ],
'view' => [ 'perm_admin' ]
],
2020-09-29 13:18:28 +02:00
'Pages' => [
'display' => [ '*' ]
],
'Roles' => [
2020-09-29 11:48:47 +02:00
'add' => [ 'perm_admin' ],
2020-09-29 13:18:28 +02:00
'delete' => [ 'perm_admin' ],
'edit' => [ 'perm_admin' ],
'index' => [ '*' ],
'view' => [ '*' ]
2020-09-29 11:48:47 +02:00
],
'SharingGroups' => [
2021-11-24 01:29:39 +01:00
'add' => [ 'perm_org_admin' ],
'addOrg' => [ 'perm_org_admin' ],
'delete' => [ 'perm_org_admin' ],
'edit' => [ 'perm_org_admin' ],
2020-09-29 11:48:47 +02:00
'index' => [ '*' ],
2020-09-29 13:18:28 +02:00
'listOrgs' => [ '*' ],
2021-11-24 01:29:39 +01:00
'removeOrg' => [ 'perm_org_admin' ],
2020-09-29 11:48:47 +02:00
'view' => [ '*' ]
],
2020-06-21 21:27:11 +02:00
'Users' => [
2021-11-24 01:29:39 +01:00
'add' => [ 'perm_org_admin' ],
'delete' => [ 'perm_org_admin' ],
2020-06-21 21:27:11 +02:00
'edit' => [ '*' ],
2021-11-24 01:29:39 +01:00
'index' => [ 'perm_org_admin' ],
2020-06-21 21:27:11 +02:00
'login' => [ '*' ],
'logout' => [ '*' ],
2021-06-28 23:55:24 +02:00
'register' => [ '*' ],
2021-11-29 23:37:41 +01:00
'settings' => [ '*' ],
2021-11-24 01:29:39 +01:00
'toggle' => [ 'perm_org_admin' ],
2020-06-21 21:27:11 +02:00
'view' => [ '*' ]
2021-11-29 23:37:41 +01:00
],
'UserSettings' => [
'index' => [ '*' ],
'view' => [ '*' ],
'add' => [ '*' ],
'edit' => [ '*' ],
'delete' => [ '*' ],
2022-01-26 12:11:44 +01:00
'getMySettingByName' => [ '*' ],
'setMySetting' => [ '*' ],
2021-11-29 23:37:41 +01:00
'saveSetting' => [ '*' ],
2022-01-26 12:11:44 +01:00
'getMyBookmarks' => [ '*' ],
'saveMyBookmark' => [ '*' ],
'deleteMyBookmark' => [ '*' ]
2022-01-07 13:45:52 +01:00
],
'Api' => [
'index' => [ '*' ]
2020-09-29 13:18:28 +02:00
]
2020-05-29 13:41:58 +02:00
);
private function __checkLoggedActions ( $user , $controller , $action )
{
$loggedActions = array (
'servers' => array (
'index' => array (
'role' => array (
'NOT' => array (
'perm_site_admin'
)
),
'message' => __ ( 'This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)' )
)
)
);
foreach ( $loggedActions as $k => $v ) {
$loggedActions [ $k ] = array_change_key_case ( $v );
}
$message = '' ;
if ( ! empty ( $loggedActions [ $controller ])) {
if ( ! empty ( $loggedActions [ $controller ][ $action ])) {
$message = $loggedActions [ $controller ][ $action ][ 'message' ];
$hit = false ;
if ( empty ( $loggedActions [ $controller ][ $action ][ 'role' ])) {
$hit = true ;
} else {
$role_req = $loggedActions [ $controller ][ $action ][ 'role' ];
if ( empty ( $role_req [ 'OR' ]) && empty ( $role_req [ 'AND' ]) && empty ( $role_req [ 'NOT' ])) {
$role_req = array ( 'OR' => $role_req );
}
if ( ! empty ( $role_req [ 'NOT' ])) {
foreach ( $role_req [ 'NOT' ] as $k => $v ) {
if ( ! $user [ 'Role' ][ $v ]) {
$hit = true ;
continue ;
}
}
}
if ( ! $hit && ! empty ( $role_req [ 'AND' ])) {
$subhit = true ;
foreach ( $role_req [ 'AND' ] as $k => $v ) {
$subhit = $subhit && $user [ 'Role' ][ $v ];
}
if ( $subhit ) {
$hit = true ;
}
}
if ( ! $hit && ! empty ( $role_req [ 'OR' ])) {
foreach ( $role_req [ 'OR' ] as $k => $v ) {
if ( $user [ 'Role' ][ $v ]) {
$hit = true ;
continue ;
}
}
}
if ( $hit ) {
2020-06-21 21:27:11 +02:00
$this -> Log = TableRegistry :: get ( 'Log' );
2020-05-29 13:41:58 +02:00
$this -> Log -> create ();
$this -> Log -> save ( array (
'org' => 'SYSTEM' ,
'model' => 'User' ,
'model_id' => $user [ 'id' ],
'email' => $user [ 'email' ],
'action' => 'security' ,
'user_id' => $user [ 'id' ],
'title' => __ ( 'User triggered security alert by attempting to access /%s/%s. Reason why this endpoint is of interest: %s' , $controller , $action , $message ),
));
}
}
}
}
}
2020-06-21 21:27:11 +02:00
public function setUser ( User $user ) : void
{
$this -> user = $user ;
}
2022-01-26 14:16:28 +01:00
public function getUser () : ? User
2020-06-21 21:27:11 +02:00
{
2022-01-26 14:16:28 +01:00
if ( ! empty ( $this -> user )) {
return $this -> user ;
}
return null ;
}
public function canEditUser ( User $currentUser , User $user ) : bool
{
if ( empty ( $user ) || empty ( $currentUser )) {
return false ;
}
if ( ! $currentUser [ 'role' ][ 'perm_admin' ]) {
2022-01-26 16:10:33 +01:00
if ( $user [ 'role' ][ 'perm_admin' ]) {
return false ; // org_admins cannot edit admins
}
2022-01-26 14:16:28 +01:00
if ( ! $currentUser [ 'role' ][ 'perm_org_admin' ]) {
return false ;
} else {
if ( $currentUser [ 'organisation_id' ] !== $user [ 'organisation_id' ]) {
return false ;
}
}
}
return true ;
2020-06-21 21:27:11 +02:00
}
/*
* By default nothing besides the login is public . If configured , override the list with the additional interfaces
*/
public function setPublicInterfaces () : void
{
2021-10-20 22:29:23 +02:00
$this -> Authentication -> allowUnauthenticated ([ 'login' , 'register' ]);
2020-06-21 21:27:11 +02:00
}
2020-09-29 13:18:28 +02:00
private function checkAccessInternal ( $controller , $action , $soft ) : bool
2020-05-29 13:41:58 +02:00
{
2020-06-21 21:27:11 +02:00
if ( empty ( $this -> user )) {
// we have to be in a publically allowed scope otherwise the Auth component will kick us out anyway.
2020-05-29 13:41:58 +02:00
return true ;
}
2020-06-21 21:27:11 +02:00
if ( ! empty ( $this -> user -> role -> perm_admin )) {
2020-05-29 13:41:58 +02:00
return true ;
}
2020-06-21 21:27:11 +02:00
//$this->__checkLoggedActions($user, $controller, $action);
2021-11-28 23:42:22 +01:00
if ( isset ( $this -> aclList [ '*' ][ $action ])) {
if ( $this -> evaluateAccessLeaf ( '*' , $action )) {
return true ;
}
}
2020-06-21 21:27:11 +02:00
if ( ! isset ( $this -> aclList [ $controller ])) {
return $this -> __error ( 404 , __ ( 'Invalid controller.' ), $soft );
}
2021-11-28 23:42:22 +01:00
return $this -> evaluateAccessLeaf ( $controller , $action );
}
private function evaluateAccessLeaf ( string $controller , string $action ) : bool
{
2020-06-21 21:27:11 +02:00
if ( isset ( $this -> aclList [ $controller ][ $action ]) && ! empty ( $this -> aclList [ $controller ][ $action ])) {
if ( in_array ( '*' , $this -> aclList [ $controller ][ $action ])) {
2020-05-29 13:41:58 +02:00
return true ;
}
2020-06-21 21:27:11 +02:00
if ( isset ( $this -> aclList [ $controller ][ $action ][ 'OR' ])) {
foreach ( $this -> aclList [ $controller ][ $action ][ 'OR' ] as $permission ) {
2021-06-29 11:51:29 +02:00
if ( $this -> user [ 'role' ][ $permission ]) {
2020-05-29 13:41:58 +02:00
return true ;
}
}
2020-06-21 21:27:11 +02:00
} elseif ( isset ( $this -> aclList [ $controller ][ $action ][ 'AND' ])) {
2020-05-29 13:41:58 +02:00
$allConditionsMet = true ;
2020-06-21 21:27:11 +02:00
foreach ( $this -> aclList [ $controller ][ $action ][ 'AND' ] as $permission ) {
2021-06-29 11:51:29 +02:00
if ( ! $this -> user [ 'role' ][ $permission ]) {
2020-05-29 13:41:58 +02:00
$allConditionsMet = false ;
}
}
if ( $allConditionsMet ) {
return true ;
}
2021-11-24 01:29:39 +01:00
} else {
foreach ( $this -> aclList [ $controller ][ $action ] as $permission ) {
if ( $this -> user [ 'role' ][ $permission ]) {
return true ;
}
}
2020-05-29 13:41:58 +02:00
}
}
2020-09-29 13:18:28 +02:00
return false ;
}
public function checkAccessUrl ( $url , $soft = false ) : bool
{
$urlParts = explode ( '/' , $url );
if ( $urlParts [ 1 ] === 'open' ) {
return in_array ( $urlParts [ 2 ], Configure :: read ( 'Cerebrate.open' ));
} else {
return $this -> checkAccessInternal ( Inflector :: camelize ( $urlParts [ 1 ]), $urlParts [ 2 ], $soft );
}
}
// The check works like this:
// If the user is a site admin, return true
// If the requested action has an OR-d list, iterate through the list. If any of the permissions are set for the user, return true
// If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
// If the requested action has a permission, check if the user's role has it flagged. If yes, return true
// If we fall through all of the checks, return an exception.
public function checkAccess ( bool $soft = false ) : bool
{
$controller = $this -> request -> getParam ( 'controller' );
$action = $this -> request -> getParam ( 'action' );
if ( $this -> checkAccessInternal ( $controller , $action , $soft ) === true ) {
return true ;
}
2020-05-29 13:41:58 +02:00
return $this -> __error ( 403 , 'You do not have permission to use this functionality.' , $soft );
}
private function __error ( $code , $message , $soft = false )
{
if ( $soft ) {
2020-09-29 13:18:28 +02:00
return false ;
2020-05-29 13:41:58 +02:00
}
switch ( $code ) {
case 404 :
throw new NotFoundException ( $message );
break ;
case 403 :
throw new MethodNotAllowedException ( $message );
default :
throw new InternalErrorException ( 'Unknown error: ' . $message );
}
}
private function __findAllFunctions ()
{
2020-09-29 13:18:28 +02:00
$functionFinder = '/public.function[\s\n]+(\S+)[\s\n]*\(/' ;
$files = scandir ( ROOT . '/src/Controller/' );
foreach ( $files as $k => $file ) {
if ( substr ( $file , - 14 ) !== 'Controller.php' ) {
unset ( $files [ $k ]);
}
}
2020-06-21 21:27:11 +02:00
$results = [];
2020-05-29 13:41:58 +02:00
foreach ( $files as $file ) {
$controllerName = lcfirst ( str_replace ( 'Controller.php' , " " , $file ));
if ( $controllerName === 'app' ) {
$controllerName = '*' ;
}
2020-06-21 21:27:11 +02:00
$functionArray = [];
2020-05-29 13:41:58 +02:00
$fileContents = file_get_contents ( APP . 'Controller' . DS . $file );
$fileContents = preg_replace ( '/\/\*[^\*]+?\*\//' , '' , $fileContents );
preg_match_all ( $functionFinder , $fileContents , $functionArray );
foreach ( $functionArray [ 1 ] as $function ) {
if ( substr ( $function , 0 , 1 ) !== '_' && $function !== 'beforeFilter' && $function !== 'afterFilter' ) {
$results [ $controllerName ][] = $function ;
}
}
}
return $results ;
}
public function printAllFunctionNames ( $content = false )
{
$results = $this -> __findAllFunctions ();
ksort ( $results );
return $results ;
}
public function findMissingFunctionNames ( $content = false )
{
$results = $this -> __findAllFunctions ();
2020-06-21 21:27:11 +02:00
$missing = [];
2020-05-29 13:41:58 +02:00
foreach ( $results as $controller => $functions ) {
2020-09-29 13:18:28 +02:00
$controller = Inflector :: camelize ( $controller );
2020-05-29 13:41:58 +02:00
foreach ( $functions as $function ) {
2020-09-29 13:18:28 +02:00
if ( in_array ( $function , [ 'beforeFilter' , 'beforeRender' , 'initialize' , 'afterFilter' ])) {
continue ;
}
if ( ! isset ( $this -> aclList [ $controller ])
|| ! in_array ( $function , array_keys ( $this -> aclList [ $controller ]))) {
2020-05-29 13:41:58 +02:00
$missing [ $controller ][] = $function ;
}
}
}
return $missing ;
}
2021-12-01 14:22:02 +01:00
public function getRoleAccess ( $role = false , $url_mode = true )
2021-11-30 00:00:05 +01:00
{
2021-12-01 14:22:02 +01:00
return $this -> __checkRoleAccess ( $role , $url_mode );
2021-11-30 00:00:05 +01:00
}
2020-05-29 13:41:58 +02:00
public function printRoleAccess ( $content = false )
{
2020-06-21 21:27:11 +02:00
$results = [];
2021-11-30 00:00:05 +01:00
$this -> Role = TableRegistry :: get ( 'Roles' );
2020-06-21 21:27:11 +02:00
$conditions = [];
2020-05-29 13:41:58 +02:00
if ( is_numeric ( $content )) {
2021-11-30 00:00:05 +01:00
$conditions = array ( 'id' => $content );
2020-05-29 13:41:58 +02:00
}
$roles = $this -> Role -> find ( 'all' , array (
'recursive' => - 1 ,
'conditions' => $conditions
));
if ( empty ( $roles )) {
throw new NotFoundException ( 'Role not found.' );
}
foreach ( $roles as $role ) {
$urls = $this -> __checkRoleAccess ( $role [ 'Role' ]);
$results [ $role [ 'Role' ][ 'id' ]] = array ( 'name' => $role [ 'Role' ][ 'name' ], 'urls' => $urls );
}
return $results ;
}
2021-12-01 14:22:02 +01:00
private function __formatControllerAction ( array $results , string $controller , string $action , $url_mode = true ) : array
2020-05-29 13:41:58 +02:00
{
2021-12-01 14:22:02 +01:00
if ( $url_mode ) {
$results [] = DS . $controller . DS . $action . DS . '*' ;
} else {
$results [ $controller ][] = $action ;
}
return $results ;
}
private function __checkRoleAccess ( $role = false , $url_mode = true )
{
$results = [];
2021-11-30 00:00:05 +01:00
if ( $role === false ) {
$role = $this -> getUser ()[ 'role' ];
}
foreach ( $this -> aclList as $controller => $actions ) {
foreach ( $actions as $action => $permissions ) {
if ( $role [ 'perm_admin' ]) {
2021-12-01 14:22:02 +01:00
$results = $this -> __formatControllerAction ( $results , $controller , $action , $url_mode );
2021-11-30 00:00:05 +01:00
} elseif ( in_array ( '*' , $permissions )) {
2021-12-01 14:22:02 +01:00
$results = $this -> __formatControllerAction ( $results , $controller , $action , $url_mode );
2021-11-30 00:00:05 +01:00
} elseif ( isset ( $permissions [ 'OR' ])) {
$access = false ;
foreach ( $permissions [ 'OR' ] as $permission ) {
if ( $role [ $permission ]) {
$access = true ;
2020-05-29 13:41:58 +02:00
}
2021-11-30 00:00:05 +01:00
}
if ( $access ) {
2021-12-01 14:22:02 +01:00
$results = $this -> __formatControllerAction ( $results , $controller , $action , $url_mode );
2021-11-30 00:00:05 +01:00
}
} elseif ( isset ( $permissions [ 'AND' ])) {
$access = true ;
foreach ( $permissions [ 'AND' ] as $permission ) {
if ( $role [ $permission ]) {
$access = false ;
2020-05-29 13:41:58 +02:00
}
}
2021-11-30 00:00:05 +01:00
if ( $access ) {
2021-12-01 14:22:02 +01:00
$results = $this -> __formatControllerAction ( $results , $controller , $action , $url_mode );
2021-11-30 00:00:05 +01:00
}
} elseif ( isset ( $permissions [ 0 ]) && $role [ $permissions [ 0 ]]) {
2021-12-01 14:22:02 +01:00
$results = $this -> __formatControllerAction ( $results , $controller , $action , $url_mode );
2020-05-29 13:41:58 +02:00
}
}
}
2021-12-01 14:22:02 +01:00
return $results ;
2020-05-29 13:41:58 +02:00
}
2020-09-29 13:18:28 +02:00
public function getMenu ()
{
2021-09-09 11:05:00 +02:00
$menu = $this -> Navigation -> getSideMenu ();
2020-09-29 13:18:28 +02:00
foreach ( $menu as $group => $subMenu ) {
2021-10-08 16:57:38 +02:00
if ( $group == '__bookmarks' ) {
continue ;
}
2020-09-29 13:18:28 +02:00
foreach ( $subMenu as $subMenuElementName => $subMenuElement ) {
if ( ! empty ( $subMenuElement [ 'url' ]) && ! $this -> checkAccessUrl ( $subMenuElement [ 'url' ], true ) === true ) {
unset ( $menu [ $group ][ $subMenuElementName ]);
continue ;
}
if ( ! empty ( $subMenuElement [ 'children' ])) {
foreach ( $subMenuElement [ 'children' ] as $menuItem => $menuItemData ) {
if ( ! empty ( $menuItemData [ 'url' ]) && ! $this -> checkAccessUrl ( $menuItemData [ 'url' ], true ) === true ) {
unset ( $menu [ $group ][ $subMenuElementName ][ 'children' ][ $menuItem ]);
continue ;
}
}
if ( empty ( $menu [ $group ][ $subMenuElementName ][ 'children' ])) {
unset ( $subMenu [ $subMenuElementName ]);
}
}
}
if ( empty ( $menu [ $group ])) {
unset ( $menu [ $group ]);
}
}
return $menu ;
}
2020-05-29 13:41:58 +02:00
}