예제 #1
0
function update_action_rights() {
  global $params, $actions, $path, $cright_read, $cright_write_admin, $obm, $profiles;

  $cright_forbidden = 32;

  $id = $params['contact_id'];
  if ($id > 0) {
    $c = get_contact_info($id);

    // Allow public contact handling only if write_admin right
    if ($c['privacy'] != 1) {
      $actions['contact']['detailupdate']['Right'] = $cright_write_admin;
      $actions['contact']['update']['Right'] = $cright_write_admin;
      $actions['contact']['insert']['Right'] = $cright_write_admin;
      $actions['contact']['check_delete']['Right'] = $cright_write_admin;
      $actions['contact']['delete']['Right'] = $cright_write_admin;

    } else {
      // update the admin rights on the current contact
      if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canAdmin($obm['uid'], 'contact', $id)) {
        $actions['contact']['rights_admin']['Right'] = $cright_read;
        $actions['contact']['rights_update']['Right'] = $cright_read;
      } else {
        $actions['contact']['rights_admin']['Right'] = $cright_write_admin;
        $actions['contact']['rights_update']['Right'] = $cright_write_admin;
      }

      // update the update rights on the current contact
      if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canWrite($obm['uid'], 'contact', $id)) {
        $actions['contact']['update']['Right'] = $cright_read;
        $actions['contact']['delete']['Right'] = $cright_read;
        $actions['contact']['detailupdate']['Right'] = $cright_read;
        $actions['contact']['check_delete']['Right'] = $cright_read;
      } else {
        $actions['contact']['update']['Right'] = $cright_forbidden;
        $actions['contact']['delete']['Right'] = $cright_forbidden;
        $actions['contact']['detailupdate']['Right'] = $cright_forbidden;
        $actions['contact']['check_delete']['Right'] = $cright_forbidden;
      }

      // update the read rights on the current contact
      if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canRead($obm['uid'], 'contact', $id)) {
        $actions['contact']['detailconsult']['Right'] = $cright_read;
      } else {
        $actions['contact']['detailconsult']['Right'] = $cright_forbidden;
      }

    }

  }

}
예제 #2
0
$params = get_resource_params();
page_open(array('sess' => 'OBM_Session', 'auth' => $auth_class_name, 'perm' => 'OBM_Perm'));
include_once("$obminclude/global_pref.inc");
require_once('resource_display.inc');
require_once('resource_query.inc');
require_once('resource_js.inc');
require_once("$obminclude/of/of_right.inc");
include_once("$obminclude/of/of_category.inc");

get_resource_action();

// If user has individual admin right on the selected resource,	give access
// if user does not have admin right on module, check for the resource right
if (($params['resource_id'] > 0)
  && (! $perm->check_right('resource', $cright_write_admin))) {
  if (OBM_Acl::canAdmin($obm['uid'], 'resource', $params['resource_id'])) {
    $actions['resource']['rights_admin']['Right'] = $cright_read;
    $actions['resource']['rights_update']['Right'] = $cright_read;
  }
}

$perm->check_permissions($module, $action);
if (! check_privacy($module, 'Resource', $action, $params['resource_id'], $obm['uid'])) {
  $display['msg'] = display_err_msg($l_error_visibility);
  $action = 'index';
} else {
  update_last_visit('resource', $params['resource_id'], $action);
}
page_close();

예제 #3
0
파일: AclTest.php 프로젝트: Kervinou/OBM
 public function testPublicRights() {
   OBM_Acl::initialize();
   $this->assertFalse(OBM_Acl::canAccess(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canRead(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
   OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0));
   $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
   $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
   OBM_Acl::allow(2, 'cv', 1, 'admin');
   $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
   $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
   $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
   $this->assertTrue(OBM_Acl::canAdmin(2, 'cv', 1));
   $this->assertEquals(OBM_Acl::getAllowedEntities(2, 'cv', 'read', null, 'title'), array(1 => 'CV Admin'));
   OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0, 'admin' => 1));
   $this->assertTrue(OBM_Acl::canAccess(3, 'cv', 1));
   $this->assertTrue(OBM_Acl::canRead(3, 'cv', 1));
   $this->assertFalse(OBM_Acl::canWrite(3, 'cv', 1));
   $this->assertFalse(OBM_Acl::canAdmin(3, 'cv', 1));
   $this->assertEquals(OBM_Acl::getPublicRights('cv', 1), array(
     'access' => 1, 'read' => 1, 'write' => 0, 'admin' => 0
   ));
 }