X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttUser.class.php;h=dd42a64c46e4520e5fb727186e2698b0fba3ab44;hb=c138ab042a599beb780895e5a5f54a1b287d67ae;hp=3d85023836edc35b555ec54db83db301c3a30304;hpb=5b9acb439654fd5f612b877ed8173b95bb22bfe2;p=timetracker.git diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php index 3d850238..dd42a64c 100644 --- a/WEB-INF/lib/ttUser.class.php +++ b/WEB-INF/lib/ttUser.class.php @@ -60,8 +60,8 @@ class ttUser { var $custom_logo = 0; // Whether to use a custom logo for team. var $lock_spec = null; // Cron specification for record locking. var $workday_minutes = 480; // Number of work minutes in a regular day. - var $rights_mask = 0; // A mask of user rights. TODO: remove after roles revamp. - var $rights = array(); // An array of user rights, planned replacement of $rights_mask. + var $rights = array(); // An array of user rights such as 'track_own_time', etc. + var $is_client = false; // Whether user is a client as determined by missing 'track_own_time' right. // Constructor. function __construct($login, $id = null) { @@ -97,6 +97,7 @@ class ttUser { $this->role = $val['role']; $this->role_id = $val['role_id']; $this->rights = explode(',', $val['rights']); + $this->is_client = !in_array('track_own_time', $this->rights); $this->rank = $val['rank']; // Downgrade rank to legacy role, if it is still in use. if ($this->role > 0 && $this->rank > $this->role) @@ -138,30 +139,22 @@ class ttUser { $this->behalf_id = $_SESSION['behalf_id']; $this->behalf_name = $_SESSION['behalf_name']; } - - // Set user rights. TODO: remove during roles revamp, whe we redo access checks. - if ($this->role == ROLE_USER) { - $this->rights_mask = right_data_entry|right_view_charts|right_view_reports; - } elseif ($this->role == ROLE_CLIENT) { - $this->rights_mask = right_view_reports|right_view_invoices; - } elseif ($this->role == ROLE_COMANAGER) { - $this->rights_mask = right_data_entry|right_view_charts|right_view_reports|right_view_invoices|right_manage_team; - } elseif ($this->role == ROLE_MANAGER) { - $this->rights_mask = right_data_entry|right_view_charts|right_view_reports|right_view_invoices|right_manage_team|right_assign_roles|right_export_team; - } elseif ($this->role == ROLE_SITE_ADMIN) { - $this->rights_mask = right_administer_site; - } } } - // The getActiveUser returns user id on behalf of whom current user is operating. + // The getActiveUser returns user id on behalf of whom the current user is operating. function getActiveUser() { return ($this->behalf_id ? $this->behalf_id : $this->id); } + // can - determines whether user has a right to do something. + function can($do_something) { + return in_array($do_something, $this->rights); + } + // isAdmin - determines whether current user is admin (has right_administer_site). function isAdmin() { - return (right_administer_site & $this->role); + return $this->can('administer_site'); } // isManager - determines whether current user is team manager. @@ -176,7 +169,7 @@ class ttUser { // isClient - determines whether current user is a client. function isClient() { - return (ROLE_CLIENT == $this->role); + return $this->is_client; } // canManageTeam - determines whether current user is manager or co-manager.