public function manageGroupAccessForm()
{
$form = Form::load('logbook.views.ManageGroupAccess');
$group_access_options = array(new FormOption(LogbookAccess::VIEW, 'View'), new FormOption(LogbookAccess::EDIT, 'Edit'), new FormOption(LogbookAccess::DELETE, 'Delete'), new FormOption(LogbookAccess::MANAGE_ACCESS, 'Manage Access'));
$form->setOptions('group_access_options', $group_access_options);
if (is_object($this->group_to_manage_for) && is_object($this->entry_to_manage_for)) {
$form->setInputValue('author_id', $this->entry_to_manage_for->get('author_id'));
$form->setInputValue('entry_id', $this->entry_to_manage_for->id());
$form->setInputValue('group_id', $this->group_to_manage_for->id());
$ega = new EntryGroupAccess();
$ega->clause('author_id', $this->entry_to_manage_for->get('author_id'));
$ega->clause('entry_id', $this->entry_to_manage_for->id());
$ega->clause('group_id', $this->group_to_manage_for->id());
if ($ega->id()) {
$option_values = array();
if ($ega->get(LogbookAccess::VIEW)) {
$option_values[] = new FormOption(LogbookAccess::VIEW, $ega->get(LogbookAccess::VIEW));
}
if ($ega->get(LogbookAccess::EDIT)) {
$option_values[] = new FormOption(LogbookAccess::EDIT, $ega->get(LogbookAccess::EDIT));
}
if ($ega->get(LogbookAccess::DELETE)) {
$option_values[] = new FormOption(LogbookAccess::DELETE, $ega->get(LogbookAccess::DELETE));
}
if ($ega->get(LogbookAccess::MANAGE_ACCESS)) {
$option_values[] = new FormOption(LogbookAccess::MANAGE_ACCESS, $ega->get(LogbookAccess::MANAGE_ACCESS));
}
if (count($option_values)) {
$form->setInputValue('group_access_options', $option_values);
}
}
}
return $form;
}
public function userCanDoAction($user, $entry, $action)
{
//DEFAULT RETURN VALUE IS TRUE
$ret = true;
//GRANT ALL PERMISSIONS TO THE AUTHOR
$author = new Author();
$author->clause('author_id', $entry->get('author_id'));
$author->noForeign();
$author_user_id = $author->get('user_id');
if ($author_user_id != $user->id()) {
//FIRST CHECK IF WE ARE EXCLUDED BASED ON ACCESS LEVEL
$min_level = Application::user()->minAccessLevel();
$check_entry = $entry->restrict();
//IF THE ENTRY ACCESS ID IS GREATER THAN THE MIN LEVEL
//OF THE CURRENT APP USER (0 IS ROOT LEVEL ACCESS)
if ($access = $check_entry->fetchSingle('Access')) {
$level = $access->get('access_level');
} else {
$level = 0;
}
if ($level >= $min_level) {
if ($user->id()) {
$access = new EntryGroupAccess();
//NOW CHECK IF THERE IS GROUP ACCESS CONTROL FOR
//ANY GROUPS THIS USER IS A MEMBER OF
$user = $user->restrict();
$user->also('Group');
$access->clause('author_id', $entry->get('author_id'));
$access->clause('entry_id', $entry->get('entry_id'));
//IF THE USER IS IN ANY GROUPS
if ($groups = $user->fetch('Group')) {
$access->clause('group_id', $groups, Clause::IN);
} else {
$access->clause('group_id', 0);
}
//IF THERE WERE ACCESS ENTRIES FOR GROUPS THAT THIS USER IS IN
if ($entries = $access->fetch()) {
//LOOP THROUGH UNTIL WE FIND A GROUP THAT DIASALLOWS
//THEN STOP
foreach ($entries as $access_entry) {
if ($ret) {
$ret = $access_entry->get($action);
} else {
end($entries);
}
}
} else {
if ($action != LogbookAccess::VIEW) {
$ret = false;
}
}
} else {
if ($action != LogbookAccess::VIEW) {
$ret = false;
}
}
} else {
$ret = false;
}
}
return $ret;
}
