/**
* A method to check if the user has specific permissions to perform
* an action on an account
*
* TODOPERM - consider caching permissions in user session so they could
* be reused across many user requests
*
* @static
* @param integer $permissionId
* @param int $accountId
* @return boolean
*/
function hasPermission($permissionId, $accountId = null, $userId = null)
{
if (empty($userId)) {
$userId = OA_Permission::getUserId();
}
if (OA_Permission::isUserLinkedToAdmin($userId)) {
return true;
}
static $aCache = array();
if (empty($accountId)) {
$accountId = OA_Permission::getAccountId();
$accountType = OA_Permission::getAccountType();
} else {
$oAccounts = OA_Dal::staticGetDO('accounts', $accountId);
if ($oAccounts) {
$accountType = $oAccounts->accountType;
} else {
// Account does not exist
Max::raiseError('No such account ID: ' . $accountId);
return false;
}
}
if (OA_Permission::isPermissionRelatedToAccountType($accountType, $permissionId)) {
$aCache[$userId][$accountId] = OA_Permission::getAccountUsersPermissions($userId, $accountId);
} else {
$aCache[$userId][$accountId][$permissionId] = true;
}
return isset($aCache[$userId][$accountId][$permissionId]) ? $aCache[$userId][$accountId][$permissionId] : false;
}
