$is_allowedToRead = $is_editor || $is_groupMember && WikiAccessControl::isAllowedToReadPage($accessControlList, 'group') || $is_courseMember && WikiAccessControl::isAllowedToReadPage($accessControlList, 'course') || WikiAccessControl::isAllowedToReadPage($accessControlList, 'other'); $is_allowedToEdit = $is_editor || $is_groupMember && WikiAccessControl::isAllowedToEditPage($accessControlList, 'group') || $is_courseMember && WikiAccessControl::isAllowedToEditPage($accessControlList, 'course') || WikiAccessControl::isAllowedToEditPage($accessControlList, 'other'); $is_allowedToCreate = $is_editor || $is_groupMember && WikiAccessControl::isAllowedToCreatePage($accessControlList, 'group') || $is_courseMember && WikiAccessControl::isAllowedToCreatePage($accessControlList, 'course') || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'other'); } } else { // course context if (is_array($accessControlList)) { // course member if ($is_courseMember) { $is_allowedToRead = $is_editor || WikiAccessControl::isAllowedToReadPage($accessControlList, 'course'); $is_allowedToEdit = $is_editor || WikiAccessControl::isAllowedToEditPage($accessControlList, 'course'); $is_allowedToCreate = $is_editor || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'course'); } else { $is_allowedToRead = $is_editor || WikiAccessControl::isAllowedToReadPage($accessControlList, 'other'); $is_allowedToEdit = $is_editor || WikiAccessControl::isAllowedToEditPage($accessControlList, 'other'); $is_allowedToCreate = $is_editor || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'other'); } } } // --------------- End of access rights management ---------------- // filter action if ($is_allowedToEdit || $is_allowedToCreate) { $valid_actions = array("edit", "preview", "save", "delete", "show", "recent", "diff", "all", "history", "rqSearch", "exSearch"); } else { $valid_actions = array("show", "recent", "diff", "all", "history", "rqSearch", "exSearch"); } $_CLEAN = filter_by_key('action', $valid_actions, "R", false); $action = isset($_CLEAN['action']) ? $_CLEAN['action'] : 'show'; // get request variables $creatorId = $uid; $versionId = isset($_REQUEST['versionId']) ? intval($_REQUEST['versionId']) : 0;
$is_allowedToRead = $is_allowedToAdmin || claro_is_group_member() && WikiAccessControl::isAllowedToReadPage($accessControlList, 'group') || claro_is_course_member() && WikiAccessControl::isAllowedToReadPage($accessControlList, 'course') || WikiAccessControl::isAllowedToReadPage($accessControlList, 'other'); $is_allowedToEdit = $is_allowedToRead && ($is_allowedToAdmin || claro_is_group_member() && WikiAccessControl::isAllowedToEditPage($accessControlList, 'group') || claro_is_course_member() && WikiAccessControl::isAllowedToEditPage($accessControlList, 'course') || WikiAccessControl::isAllowedToEditPage($accessControlList, 'other')); $is_allowedToCreate = $is_allowedToEdit && ($is_allowedToAdmin || claro_is_group_member() && WikiAccessControl::isAllowedToCreatePage($accessControlList, 'group') || claro_is_course_member() && WikiAccessControl::isAllowedToCreatePage($accessControlList, 'course') || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'other')); } } else { // course context if (is_array($accessControlList)) { // course member if (claro_is_course_member() || claro_is_platform_admin()) { $is_allowedToRead = $is_allowedToAdmin || WikiAccessControl::isAllowedToReadPage($accessControlList, 'course'); $is_allowedToEdit = $is_allowedToRead && ($is_allowedToAdmin || WikiAccessControl::isAllowedToEditPage($accessControlList, 'course')); $is_allowedToCreate = $is_allowedToEdit && ($is_allowedToAdmin || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'course')); } else { $is_allowedToRead = $is_allowedToAdmin || WikiAccessControl::isAllowedToReadPage($accessControlList, 'other'); $is_allowedToEdit = $is_allowedToRead && ($is_allowedToAdmin || WikiAccessControl::isAllowedToEditPage($accessControlList, 'other')); $is_allowedToCreate = $is_allowedToEdit && ($is_allowedToAdmin || WikiAccessControl::isAllowedToCreatePage($accessControlList, 'other')); } } } if (!$is_allowedToRead) { claro_die(get_lang("You are not allowed to read this page")); } // --------------- End of access rights management ---------------- // filter action if ($is_allowedToEdit || $is_allowedToCreate) { $valid_actions = array('edit', 'preview', 'save', 'show', 'recent', 'diff', 'all', 'history', 'rqSearch', 'exSearch'); } else { $valid_actions = array('show', 'recent', 'diff', 'all', 'history', 'rqSearch', 'exSearch'); } $_CLEAN = filter_by_key('action', $valid_actions, "R", false); $action = isset($_CLEAN['action']) ? $_CLEAN['action'] : 'show';