function can_navigate_by_proofer($projectid, $L_user) { global $pguser; $answer = FALSE; // If user isn't logged in, they definitely can't if ($pguser == '') { return FALSE; } $project = new Project($projectid); // if user can manage project, or is evaluator they can $answer = $project->can_be_managed_by_current_user || user_is_an_access_request_reviewer(); // otherwise, they can if this diff is one of theirs if (!$answer) { $answer = $pguser == $L_user; } return $answer; }
// if the user isn't a site manager or an access request reviewer // they can only access their own pages if (!(user_is_a_sitemanager() || user_is_an_access_request_reviewer())) { $username = $pguser; } if ($username && !User::is_valid_user($username)) { die("Invalid username"); } // start the page $title = _('Reviewing work'); output_header($title, NO_STATSBAR); echo "<h1>{$title}</h1>\n"; // show form echo "<form action='review_work.php' method='GET'>"; echo "<table>"; if (user_is_a_sitemanager() || user_is_an_access_request_reviewer()) { // only let site admins or reviewers to access non-self records echo "<tr>"; echo "<td>" . _("Username") . "</td>"; echo "<td><input name='username' type='text' size='26' value='{$username}'></td>"; echo "</tr>"; } echo "<tr>"; echo "<td>" . _("Work Round") . "</td>"; echo "<td><select name='work_round_id'>"; _echo_round_select($rounds, $work_round_id); echo "</select>"; echo "</tr>"; echo "<tr>"; echo "<td>" . _("Review Round") . "</td>"; echo "<td><select name='review_round_id'>";