" ondblclick="jQuery('input[name=news_remove_areas]').click()"> <? foreach ($area_structure as $area_key => $area_data) : ?> <? if (count($area_options_selected[$area_key])) : ?> <option disabled class="news_area_title" style="background-image: url('<?php echo Icon::create($area_data['icon'], 'info')->asImagePath(); ?> ');"> <?php echo htmlReady($area_data['title']); ?> </option> <? foreach ($area_options_selected[$area_key] as $area_option_key => $area_option_title) : ?> <option <?php echo (StudipNews::haveRangePermission('edit', $area_option_key) or $may_delete) ? 'value="' . $area_option_key . '"' : 'disabled'; ?> <?php echo tooltip($area_option_title); ?> > <?php echo htmlReady(mila($area_option_title)); ?> </option> <? endforeach ?> <? endif ?> <? endforeach ?> </select> </label> </div>
/** * checks, if user has permission to perform given operation on news object * * @param string $operation delete, unassign, edit, copy, or view * @param string $check_range_id specified range-id, used only for unassign-operation * @param string $user_id optional; check permission for * given user ID; otherwise for the * global $user's ID * @return boolean true or false */ function havePermission($operation, $check_range_id = '', $user_id = null) { if (!$user_id) { $user_id = $GLOBALS['auth']->auth['uid']; } if (!in_array($operation, array('delete', 'unassign', 'edit', 'copy', 'view'))) { return false; } // in order to unassign, there must be more than one range assigned; $check_range_id must be specified. if ($operation == 'unassign' and count($this->getRanges()) < 2) { return false; } // root, owner, and owner's deputy have full permission if ($GLOBALS['perm']->have_perm('root', $user_id) or $user_id == $this->user_id and $GLOBALS['perm']->have_perm('autor') or isDeputyEditAboutActivated() and isDeputy($user_id, $this->user_id, true)) { return true; } // check news' ranges for edit, copy or view permission if ($operation == 'unassign' or $operation == 'delete') { $range_operation = 'edit'; } else { $range_operation = $operation; } foreach ($this->getRanges() as $range_id) { if (StudipNews::haveRangePermission($range_operation, $range_id, $user_id)) { // in order to view, edit, copy, or unassign, access to one of the ranges is sufficient if ($operation == 'view' or $operation == 'edit' or $operation == 'copy') { return true; // in order to unassign, access to the specified range is needed } elseif ($operation == 'unassign' and $range_id == $check_range_id) { return true; } // in order to delete, access to all ranges is necessary $permission_ranges++; } elseif ($operation == 'delete') { return false; } } if ($operation == 'delete' and count($this->getRanges()) == $permission_ranges) { return true; } return false; }
private static function checkRangePermission($range_id, $user_id) { return \StudipNews::haveRangePermission('view', $range_id, $user_id); }
function rss_config_action($range_id) { if (!get_config('NEWS_RSS_EXPORT_ENABLE') || !StudipNews::haveRangePermission('edit', $range_id)) { throw new AccessDeniedException(); } if (Request::isPost()) { if (Request::submitted('rss_on')) { StudipNews::SetRssId($range_id); } else { StudipNews::UnsetRssId($range_id); } } $this->range_id = $range_id; $this->rss_id = StudipNews::GetRssIdFromRangeId($range_id); }