/** * Check right on an item * * @param $ID ID of the item (-1 if new item) * @param $right Right to check : r / w / recursive * @param $input array of input data (used for adding item) * * @return boolean **/ function can($ID, $right, &$input = NULL) { // Create process if ($this->isNewID($ID)) { if (!isset($this->fields['id'])) { // Only once $this->getEmpty(); } if (is_array($input)) { // Copy input field to allow getEntityID() to work // from entites_id field or from parent item ref foreach ($input as $key => $val) { if (isset($this->fields[$key])) { $this->fields[$key] = $val; } } } if ($this->isPrivate() && $this->fields['users_id'] === getLoginUserID()) { return true; } return $this->canCreate() && $this->canCreateItem(); } // else : Get item if not already loaded if (!isset($this->fields['id']) || $this->fields['id'] != $ID) { // Item not found : no right if (!$this->getFromDB($ID)) { return false; } } switch ($right) { case 'r': // Personnal item if ($this->isPrivate() && $this->fields['users_id'] === getLoginUserID()) { return true; } return $this->canView() && $this->canViewItem(); case 'w': // Personnal item if ($this->isPrivate() && $this->fields['users_id'] === getLoginUserID()) { return true; } return $this->canUpdate() && $this->canUpdateItem(); case 'd': // Personnal item if ($this->isPrivate() && $this->fields['users_id'] === getLoginUserID()) { return true; } return $this->canDelete() && $this->canDeleteItem(); case 'recursive': if ($this->isEntityAssign() && $this->maybeRecursive()) { if ($this->canCreate() && haveAccessToEntity($this->getEntityID())) { // Can make recursive if recursive access to entity return haveRecursiveAccessToEntity($this->getEntityID()); } } break; } return false; }
function canCreateItem() { // Check the parent return haveRecursiveAccessToEntity($this->getField('entities_id')); }
function prepareInputForUpdate($input) { global $LANG; manageBeginAndEndPlanDates($input['plan']); $input["name"] = trim($input["name"]); if (empty($input["name"])) { $input["name"] = $LANG['reminder'][15]; } if (isset($input['plan'])) { if (!empty($input['plan']["begin"]) && !empty($input['plan']["end"]) && $input['plan']["begin"] < $input['plan']["end"]) { $input['_plan'] = $input['plan']; unset($input['plan']); $input['is_planned'] = 1; $input["begin"] = $input['_plan']["begin"]; $input["end"] = $input['_plan']["end"]; $input["state"] = $input['_plan']["state"]; } else { addMessageAfterRedirect($LANG['planning'][1], false, ERROR); } } if (isset($input['is_helpdesk_visible']) && $input['is_helpdesk_visible'] && (!isset($input['is_private']) || $input['is_private'])) { unset($input['is_helpdesk_visible']); } if (isset($input['is_recursive']) && $input['is_recursive'] && !$input['is_private']) { if (!haveRecursiveAccessToEntity($input["entities_id"])) { unset($input['is_recursive']); addMessageAfterRedirect($LANG['common'][75], false, ERROR); } } return $input; }