public static function get($db, $coll_ascii_id, $eid) { $cm = new Dase_DBO_CollectionManager($db); $cm->collection_ascii_id = $coll_ascii_id; $cm->dase_user_eid = $eid; if ($cm->findOne()) { return $cm; } else { return false; } }
public function deleteManager($r) { $manager = new Dase_DBO_CollectionManager($this->db); if ($r->get('manager_eid') == $this->user->eid) { $r->renderError('400', 'existential crisis: cannot delete yourself'); } $manager->dase_user_eid = $r->get('manager_eid'); $manager->collection_ascii_id = $this->collection->ascii_id; $manager->findOne(); $eid = $manager->dase_user_eid; if ($manager->id && $manager->dase_user_eid && $manager->collection_ascii_id) { $manager->delete(); } $r->renderResponse('deleted manager ' . $eid); }
function checkCollectionAuth($collection, $auth_level) { if (!$collection) { Dase_Log::debug(LOG_FILE, 'attempting get to authorization for non-existing collection'); return false; } if ('read' == $auth_level) { if ($collection->is_public || 'user' == $collection->visibility || 'public' == $collection->visibility) { return true; } } /** this seems wrong (too permissive!) if ('write' == $auth_level) { if ( 'user' == $collection->visibility || 'public' == $collection->visibility ) { return true; } } */ $cm = new Dase_DBO_CollectionManager($this->db); $cm->collection_ascii_id = $collection->ascii_id; //todo: need to account for case here! //needs to be case-insensitive $cm->dase_user_eid = $this->eid; $cm->findOne(); if ($cm->auth_level) { if ('read' == $auth_level) { return true; } elseif ('write' == $auth_level && in_array($cm->auth_level, array('write', 'admin', 'manager', 'superuser'))) { return true; } elseif ('admin' == $auth_level && in_array($cm->auth_level, array('admin', 'manager', 'superuser'))) { return true; } else { return false; } } else { return false; } }