permission.php (1319B)
1 <?php 2 class ControllerStartupPermission extends Controller { 3 public function index() { 4 if (isset($this->request->get['route'])) { 5 $route = ''; 6 7 $part = explode('/', $this->request->get['route']); 8 9 if (isset($part[0])) { 10 $route .= $part[0]; 11 } 12 13 if (isset($part[1])) { 14 $route .= '/' . $part[1]; 15 } 16 17 // If a 3rd part is found we need to check if its under one of the extension folders. 18 $extension = array( 19 'extension/dashboard', 20 'extension/analytics', 21 'extension/captcha', 22 'extension/extension', 23 'extension/feed', 24 'extension/fraud', 25 'extension/module', 26 'extension/payment', 27 'extension/shipping', 28 'extension/theme', 29 'extension/total', 30 'extension/report', 31 'extension/openbay' 32 ); 33 34 if (isset($part[2]) && in_array($route, $extension)) { 35 $route .= '/' . $part[2]; 36 } 37 38 // We want to ingore some pages from having its permission checked. 39 $ignore = array( 40 'common/dashboard', 41 'common/login', 42 'common/logout', 43 'common/forgotten', 44 'common/reset', 45 'error/not_found', 46 'error/permission' 47 ); 48 49 if (!in_array($route, $ignore) && !$this->user->hasPermission('access', $route)) { 50 return new Action('error/permission'); 51 } 52 } 53 } 54 }