Re: [psa-users] Feature Request?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Peter Hiltz wrote:
> My homegrown system on an internal site isn't that good, but one thing it does 
> (which doesn't seem quite as easy in phpsecurityadm) is a simple test of: 
> 
> Does the current user have X profile?
> 
> This allows me to show sections of pages, depending on the profile of the 
> user. E.g. 
> 
> if(current_user->profile == 99) show_module1();
> else show_module2();
> 
> Actually, since I have a numerical security scale, it tends to be more:
> 
> if(current_user->securityclearance > 9) show_module1();
> else show_module2();
> 
> Is there an easy way to do this with phpsecurityadmin that I am just missing?

One way to do this is to put each section of a page in a separate php 
script using the _restrict.php file in it. Then you can assign each 
script a security profile. If you don't want to see a message about not 
having rights, you can suppress the output using either the ob_* 
functions or the $PSA_DISPLAY_OUTPUT flag in the PSA config file.

What Albert was thinking of (with psaug) was in an older version... To 
do this now, you need to go through and do the following:

$users=$sec_sys->getUsers();
$groups_for_user=explode(',',$users[$_SESSION['psaun']]['groups']);

This will give you an array of all the groups (or profiles) that the 
user belongs to. In your case, you'd likely want something like:

function isGroupMember($user,$group,$sec_sys){
     $users=$sec_sys->getUsers();
     $groups=explode(',',$users[$user]['groups']);
     foreach($groups as $grp){
         if($grp==$group) return TRUE;
     }
     return FALSE;
}

Then, in your script, you could call it like:

if(isGroupMember($_SESSION['psaun'],$group_number,$PSA_object)){
     // display it
}else{
     // don't display it
}

For that matter, that should be added to the class... (when I (or 
someone else) gets around to it.)

Hope this helps!