/** * Check whether the current user can add a node * * @throws Exception */ function canadd($viewid, $nodeid) { global $DB, $USER, $HUB_SQL, $LNG; // needs to be logged in api_check_login(); //You need to be able to view the node you are adding to the map //and you need permission to edit the map try { $node = new CNode($nodeid); $node->canview(); $view = new View($viewid); $view->canedit(); } catch (Exception $e) { return access_denied_error(); } }
/** * Check whether the current user can view this map * * @throws Exception */ function canview() { global $DB, $USER, $HUB_SQL, $LNG; // need to be allowed to view the associated view node. //Or if it is private, you need to be logged in and in the group try { $node = new CNode($this->nodeid); $node->canview(); } catch (Exception $e) { return access_denied_error(); } /*$currentuser = ''; if (isset($USER->userid)) { $currentuser = $USER->userid; }*/ /** To add the the map, either it needs to be public and not in a group, or you are the owner of the map, or you are in the group the map is in **/ /*$params = array(); $params[0] = $this->nodeid; $params[1] = $currentuser; $params[2] = $this->nodeid; $params[3] = $currentuser; $resArray = $DB->select($HUB_SQL->DATAMODEL_VIEW_CAN_EDIT, $params); if($resArray !== false){ if (count($resArray) == 0) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } } else { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } */ }
/** * Check whether the current user can view the current ViewConnection record * * @throws Exception */ function canview() { global $DB, $CFG, $USER, $HUB_SQL, $LNG; //check if you can view the map node and you can view this node in the map try { $view = new CNode($this->viewid); $view->canview(); $con = new Connection($this->connid); $con->canview(); } catch (Exception $e) { return access_denied_error(); } }