/** * A method to show an error if the current user/account doesn't have access * to the specified DB_DataObject (defined by table name and entity ID). * * @static * @param string $entityTable The name of the table. * @param integer $entityId Optional entity ID -- when set, tests if the current * account has access to the enity, when not set, tests * if the current account can create a new entity in the * table. * @param boolean $allowNewEntity Allow creation of a new entity, defaults to false. */ function enforceAccessToObject($entityTable, $entityId = null, $allowNewEntity = false) { if (!$allowNewEntity) { OA_Permission::enforceTrue(!empty($entityId)); } // Verify that the ID is numeric OA_Permission::enforceTrue(preg_match('/^\\d*$/D', $entityId)); $entityId = (int) $entityId; $hasAccess = OA_Permission::hasAccessToObject($entityTable, $entityId); if (!$hasAccess) { if (!OA_Permission::isManualAccountSwitch()) { if (OA_Permission::isUserLinkedToAdmin()) { // Check object existence OA_Permission::enforceTrue(OA_Permission::getAccountIdForEntity($entityTable, $entityId)); } // if has access switch to the manager account that owns this object if ($hasAccess) { if (OA_Permission::switchToManagerAccount($entityTable, $entityId)) { // Now that the admin user is working with the manager // account that owns the object, show to him the page. $url = $_SERVER['REQUEST_URI']; header("Location: {$url}"); exit; } else { // If is not possible to switch redirect the admin to his home page OX_Admin_Redirect::redirect(); } } } } if (!$hasAccess) { OA_Permission::redirectIfManualAccountSwitch(); $hasAccess = OA_Permission::attemptToSwitchForAccess($entityTable, $entityId); } OA_Permission::enforceTrue($hasAccess); }