/** * Fetches data from the $args array and updates the bean with that data * @param $api ServiceBase The API class of the request, used in cases where the API changes how the bean is retrieved * @param $args array The arguments array passed in from the API * @param $aclToCheck string What kind of ACL to verify when loading a bean. Supports: view,edit,create,import,export * @param $options Options array to pass to the retrieveBean method * @return SugarBean The loaded bean */ protected function loadBean(ServiceBase $api, $args, $aclToCheck = 'view', $options = array()) { $this->requireArgs($args, array('module', 'record')); $bean = BeanFactory::retrieveBean($args['module'], $args['record'], $options); if ($api->action == 'save' && ($bean == false || $bean->deleted == 1)) { throw new SugarApiExceptionNotAuthorized('SUGAR_API_EXCEPTION_RECORD_NOT_AUTHORIZED', array('save')); } if ($bean == FALSE || $bean->deleted == 1) { // Couldn't load the bean throw new SugarApiExceptionNotFound('Could not find record: ' . $args['record'] . ' in module: ' . $args['module']); } if (SugarACLStatic::fixUpActionName($aclToCheck) != 'view' && !$bean->ACLAccess(SugarACLStatic::fixUpActionName($aclToCheck))) { throw new SugarApiExceptionNotAuthorized('SUGAR_API_EXCEPTION_RECORD_NOT_AUTHORIZED', array($aclToCheck)); } return $bean; }
/** * Check bean ACLs * @param string $module * @param string $action * @param array $context */ protected function beanACL($module, $action, $context) { $accessGranted = $this->portalAccess($module, $action, $context); if (!isset($accessGranted)) { $accessGranted = parent::beanACL($module, $action, $context); } return $accessGranted; }