function update_action_rights() { global $params, $actions, $path, $cright_read, $cright_write_admin, $obm, $profiles; $cright_forbidden = 32; $id = $params['contact_id']; if ($id > 0) { $c = get_contact_info($id); // Allow public contact handling only if write_admin right if ($c['privacy'] != 1) { $actions['contact']['detailupdate']['Right'] = $cright_write_admin; $actions['contact']['update']['Right'] = $cright_write_admin; $actions['contact']['insert']['Right'] = $cright_write_admin; $actions['contact']['check_delete']['Right'] = $cright_write_admin; $actions['contact']['delete']['Right'] = $cright_write_admin; } else { // update the admin rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canAdmin($obm['uid'], 'contact', $id)) { $actions['contact']['rights_admin']['Right'] = $cright_read; $actions['contact']['rights_update']['Right'] = $cright_read; } else { $actions['contact']['rights_admin']['Right'] = $cright_write_admin; $actions['contact']['rights_update']['Right'] = $cright_write_admin; } // update the update rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canWrite($obm['uid'], 'contact', $id)) { $actions['contact']['update']['Right'] = $cright_read; $actions['contact']['delete']['Right'] = $cright_read; $actions['contact']['detailupdate']['Right'] = $cright_read; $actions['contact']['check_delete']['Right'] = $cright_read; } else { $actions['contact']['update']['Right'] = $cright_forbidden; $actions['contact']['delete']['Right'] = $cright_forbidden; $actions['contact']['detailupdate']['Right'] = $cright_forbidden; $actions['contact']['check_delete']['Right'] = $cright_forbidden; } // update the read rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canRead($obm['uid'], 'contact', $id)) { $actions['contact']['detailconsult']['Right'] = $cright_read; } else { $actions['contact']['detailconsult']['Right'] = $cright_forbidden; } } } }
public function testPublicRights() { OBM_Acl::initialize(); $this->assertFalse(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1)); OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0)); $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1)); OBM_Acl::allow(2, 'cv', 1, 'admin'); $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canAdmin(2, 'cv', 1)); $this->assertEquals(OBM_Acl::getAllowedEntities(2, 'cv', 'read', null, 'title'), array(1 => 'CV Admin')); OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0, 'admin' => 1)); $this->assertTrue(OBM_Acl::canAccess(3, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(3, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(3, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(3, 'cv', 1)); $this->assertEquals(OBM_Acl::getPublicRights('cv', 1), array( 'access' => 1, 'read' => 1, 'write' => 0, 'admin' => 0 )); }