public function isModuleActionPermitted($module = false, $action = false) { if ($module === false && isset($_REQUEST["m"])) { $module = $_REQUEST["m"]; } if ($action === false && isset($_REQUEST["a"])) { $action = $_REQUEST["a"]; } /** * if module not set, it is home module. It is allowed */ if ($module === false) { return true; } $data_item_type = 0; $actionMapping = array(); switch ($module) { case 'candidates': $data_item_type = 100; $actionMapping = Candidates::actionMapping(); break; case 'companies': $data_item_type = 200; $actionMapping = Companies::actionMapping(); break; case 'contacts': $data_item_type = 300; $actionMapping = Contacts::actionMapping(); break; case 'joborders': $data_item_type = 400; $actionMapping = JobOrders::actionMapping(); break; } /** * if $data_item_type is 0, it indicates other modules. so it is allowed */ if ($data_item_type <= 0) { return true; } $modulePermission = isset($this->permission[$data_item_type]) ? $this->permission[$data_item_type] : array(); /** * checks whether any one operation is allowed */ $isModulePermited = false; if ($modulePermission) { foreach ($modulePermission as $operation => $permission) { if ($permission > 0) { $isModulePermited = true; break; } } } /** * since all the operation is not allowed, don't allow */ if ($isModulePermited === false) { return false; } /** * if $action is false, check whether default action exist in action mapping */ if ($action === false) { if (isset($actionMapping["default"])) { $action = $actionMapping["default"]; } } if (!isset($actionMapping[$action])) { return true; } $operation = $actionMapping[$action]; /** * if the action allowed */ if (isset($modulePermission[$operation]) && $modulePermission[$operation] > 0) { return true; } return false; }
<?php endif; ?> </td> <td style="vertical-align:top;"> <?php echo($this->pipelineGraph); ?> </td> </tr> </table> </td> </tr> </table> <?php $objRole=Users::getInstance()->getRole(); $allowDelete=$objRole->getModulePermission(400, JobOrders::actionMapping("delete")); $allowEdit=$objRole->getModulePermission(400, JobOrders::actionMapping("edit")); if (!isset($this->isPopup)): ?> <div id="actionbar"> <span style="float:left;"> <?php if ($allowEdit && $this->accessLevel >= ACCESS_LEVEL_EDIT): ?> <a id="edit_link" href="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&a=edit&jobOrderID=<?php echo($this->jobOrderID); ?>"> <img src="images/actions/edit.gif" width="16" height="16" class="absmiddle" alt="edit" border="0" /> Edit </a> <?php endif; ?> <?php if ($allowDelete && $this->accessLevel >= ACCESS_LEVEL_DELETE): ?> <a id="delete_link" href="<?php echo(CATSUtility::getIndexName()); ?>?m=joborders&a=delete&jobOrderID=<?php echo($this->jobOrderID); ?>" onclick="javascript:return confirm('Delete this job order?');"> <img src="images/actions/delete.gif" width="16" height="16" class="absmiddle" alt="delete" border="0" /> Delete </a> <?php endif; ?>