function validate() { $section_id = isset($_REQUEST['type']) && $_REQUEST['type'] ? $_REQUEST['type'] : false; if ($section_id && !AMP_allow('access', 'section', $section_id)) { $flash = AMP_System_Flash::instance(); $flash->add_error(sprintf(AMP_TEXT_ERROR_ACTION_NOT_ALLOWED, AMP_TEXT_SAVE)); return false; } return parent::validate(); }
function allowed($section_id) { if ($this->_permission_level == 'none') { return true; } if ($this->readAncestors($section_id, 'secure') && !(AMP_Authenticate('admin') || AMP_Authenticate('content'))) { return false; } if ($this->_permission_level == 'default') { return true; } return AMP_allow('access', 'section', $section_id); }
function isAllowed($action, $id = false) { if ($this->_gacl_obj && $id) { if (!AMP_allow($action, $this->_gacl_obj, $id)) { return false; } } $allow_var = '_allow_' . $action; if (!isset($this->{$allow_var})) { //if edit is not allowed -- allow nothing $allow_any_action = 'edit'; if ($action != $allow_any_action && $action != 'search') { if (!$this->isAllowed($allow_any_action)) { return false; } } return true; } if (!$this->{$allow_var}) { return false; } if ($this->{$allow_var} === true) { return true; } return AMP_Authorized($this->{$allow_var}); }