/**
* A method to show an error if the current user/account doesn't have access
* to the specified DB_DataObject (defined by table name and entity ID).
*
* @static
* @param string $entityTable The name of the table.
* @param integer $entityId Optional entity ID -- when set, tests if the current
* account has access to the enity, when not set, tests
* if the current account can create a new entity in the
* table.
* @param boolean $allowNewEntity Allow creation of a new entity, defaults to false.
*/
function enforceAccessToObject($entityTable, $entityId = null, $allowNewEntity = false)
{
if (!$allowNewEntity) {
OA_Permission::enforceTrue(!empty($entityId));
}
// Verify that the ID is numeric
OA_Permission::enforceTrue(preg_match('/^\\d*$/D', $entityId));
$entityId = (int) $entityId;
$hasAccess = OA_Permission::hasAccessToObject($entityTable, $entityId);
if (!$hasAccess) {
if (!OA_Permission::isManualAccountSwitch()) {
if (OA_Permission::isUserLinkedToAdmin()) {
// Check object existence
OA_Permission::enforceTrue(OA_Permission::getAccountIdForEntity($entityTable, $entityId));
}
// if has access switch to the manager account that owns this object
if ($hasAccess) {
if (OA_Permission::switchToManagerAccount($entityTable, $entityId)) {
// Now that the admin user is working with the manager
// account that owns the object, show to him the page.
$url = $_SERVER['REQUEST_URI'];
header("Location: {$url}");
exit;
} else {
// If is not possible to switch redirect the admin to his home page
OX_Admin_Redirect::redirect();
}
}
}
}
if (!$hasAccess) {
OA_Permission::redirectIfManualAccountSwitch();
$hasAccess = OA_Permission::attemptToSwitchForAccess($entityTable, $entityId);
}
OA_Permission::enforceTrue($hasAccess);
}
