function test_basic_check_array()
 {
     $pt =& Dataface_PermissionsTool::getInstance();
     $this->assertTrue($pt->checkPermission('view', array('view' => 'View')));
     $this->assertTrue(Dataface_PermissionsTool::checkPermission('view', array('view' => 'View')));
     $this->assertTrue(!$pt->checkPermission('view', array()));
     $this->assertTrue(!Dataface_PermissionsTool::checkPermission('view', array()));
     $this->assertTrue($pt->checkPermission('edit', array('view' => 'View', 'edit' => 'Edit')));
     $perms = array('view' => 'View');
     $this->assertTrue($pt->view($perms));
     $perms = array('view' => 'View');
     $this->assertTrue(Dataface_PermissionsTool::view($perms));
     $perms = array('edit' => 'Edit');
     $this->assertTrue(!$pt->view($perms));
     $perms = array('edit' => 'Edit');
     $this->assertTrue(!Dataface_PermissionsTool::view($perms));
     $this->assertTrue($pt->edit($perms));
     $this->assertTrue(Dataface_PermissionsTool::edit($perms));
     $perms = array('delete' => 'Delete');
     $this->assertTrue(!$pt->edit($perms));
     $this->assertTrue(!Dataface_PermissionsTool::edit($perms));
     $this->assertTrue($pt->delete($perms));
     $this->assertTrue(Dataface_PermissionsTool::delete($perms));
 }
Beispiel #2
0
 /**
  * Handles initialization and control for the delete form.
  */
 function _delete_init()
 {
     import('Dataface/DeleteForm.php');
     $record = new Dataface_Record($this->_tablename, @$_REQUEST['--__keys__']);
     if (!Dataface_PermissionsTool::delete($record)) {
         $this->_vars['error'] = "<div class=\"error\">Error.  Permission Denied.<!-- At line " . __LINE__ . " of file " . __FILE__ . " --></div>";
         return;
     }
     $form = new Dataface_DeleteForm($this->_tablename, $this->_db, $this->_query);
     $form->_build();
     $form->addElement('hidden', '-table');
     $form->setDefaults(array('-table' => $this->_tablename));
     $this->_vars['form'] =& $form;
     if ($form->validate()) {
         $res = $form->process(array(&$form, 'delete'), true);
         $response = Dataface_Application::getResponse();
         if (PEAR::isError($res) && !Dataface_Error::isNotice($res)) {
             $msg = $res->getMessage();
             $msg .= "\n" . $res->getUserInfo();
         } else {
             if (Dataface_Error::isNotice($res)) {
                 $response['--msg'] = @$response['--msg'] . "\n" . $res->getMessage();
             } else {
                 $msg = 'Records successfully deleted.';
             }
         }
         $msg = urlencode(trim($msg . "\n" . $response['--msg']));
         header('Location: ' . $_SERVER['HOST_URI'] . DATAFACE_SITE_HREF . '?-table=' . $this->_tablename . '&--msg=' . $msg);
         exit;
     }
 }
Beispiel #3
0
 /**
  * Validates the input to make sure that the delete can take place.
  */
 function checkPermissions()
 {
     $errors = array();
     if ($this->isSubmitted()) {
         $errCounter = 1;
         import('Dataface/PermissionsTool.php');
         import('dataface-public-api.php');
         $query = $this->_buildDeleteQuery($this->exportValues());
         if (PEAR::isError($query)) {
             $errors[$errCounter++] = $query->getMessage();
         }
         $records =& df_get_records_array($this->_tablename, $query);
         if (PEAR::isError($records)) {
             $errors[$errCounter++] = $query->getMessage();
             // we attach this error to the '-submit' field because I don't know how to attach it to the form.
         }
         if (!is_array($records)) {
             $errors[$errCounter++] = df_translate('scripts.Dataface.DeleteForm.display.ERROR_NO_RECORDS_FOUND', "No records matched the query, so no records can be deleted.");
         } else {
             foreach (array_keys($records) as $index) {
                 if (!Dataface_PermissionsTool::delete($records[$index])) {
                     $errors[$errCounter++] = df_translate('scripts.Dataface.DeleteForm.checkPermissions.ERROR_PERMISSION_DENIED', "Permission Denied: You do not have permission to delete this record (" . $records[$index]->getTitle() . ")", array('title' => $records[$index]->getTitle()));
                     // we attach this error to the '-submit' field because I don't know how to attach it to the form.
                 }
             }
         }
     }
     if (count($errors) > 0) {
         return $errors;
     }
     return true;
 }