/**
* Check if logged user has access to DataObject (defined by it's table name)
*
* @static
* @param string $entityTable Table name
* @param int $entityId Id (or empty if new is created)
* @param int $accountId Account Id (if null account from session is taken)
* @return boolean True if has access
*/
function hasAccessToObject($entityTable, $entityId, $accountId = null, $accountType = null)
{
if (empty($entityId)) {
// when a new object is created
return true;
}
// Verify that the ID is numeric
if (!preg_match('/^\\d*$/D', $entityId)) {
return false;
}
$do = OA_Dal::factoryDO($entityTable);
if (!$do) {
return false;
}
$key = $do->getFirstPrimaryKey();
if (!$key) {
return false;
}
$do->{$key} = $entityId;
$accountTable = OA_Permission::getAccountTable($accountType);
if (!$accountTable) {
return false;
}
if ($entityTable == $accountTable) {
// user has access to itself
if ($accountId === null) {
return $entityId == OA_Permission::getEntityId();
} else {
$do->account_id = OA_Permission::getAccountId();
return (bool) $do->count();
}
}
if ($accountId === null) {
$accountId = OA_Permission::getAccountId();
}
return $do->belongsToAccount($accountId);
}
