function update_action_rights() {
global $params, $actions, $path, $cright_read, $cright_write_admin, $obm, $profiles;
$cright_forbidden = 32;
$id = $params['contact_id'];
if ($id > 0) {
$c = get_contact_info($id);
// Allow public contact handling only if write_admin right
if ($c['privacy'] != 1) {
$actions['contact']['detailupdate']['Right'] = $cright_write_admin;
$actions['contact']['update']['Right'] = $cright_write_admin;
$actions['contact']['insert']['Right'] = $cright_write_admin;
$actions['contact']['check_delete']['Right'] = $cright_write_admin;
$actions['contact']['delete']['Right'] = $cright_write_admin;
} else {
// update the admin rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canAdmin($obm['uid'], 'contact', $id)) {
$actions['contact']['rights_admin']['Right'] = $cright_read;
$actions['contact']['rights_update']['Right'] = $cright_read;
} else {
$actions['contact']['rights_admin']['Right'] = $cright_write_admin;
$actions['contact']['rights_update']['Right'] = $cright_write_admin;
}
// update the update rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canWrite($obm['uid'], 'contact', $id)) {
$actions['contact']['update']['Right'] = $cright_read;
$actions['contact']['delete']['Right'] = $cright_read;
$actions['contact']['detailupdate']['Right'] = $cright_read;
$actions['contact']['check_delete']['Right'] = $cright_read;
} else {
$actions['contact']['update']['Right'] = $cright_forbidden;
$actions['contact']['delete']['Right'] = $cright_forbidden;
$actions['contact']['detailupdate']['Right'] = $cright_forbidden;
$actions['contact']['check_delete']['Right'] = $cright_forbidden;
}
// update the read rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canRead($obm['uid'], 'contact', $id)) {
$actions['contact']['detailconsult']['Right'] = $cright_read;
} else {
$actions['contact']['detailconsult']['Right'] = $cright_forbidden;
}
}
}
}
$params = get_resource_params();
page_open(array('sess' => 'OBM_Session', 'auth' => $auth_class_name, 'perm' => 'OBM_Perm'));
include_once("$obminclude/global_pref.inc");
require_once('resource_display.inc');
require_once('resource_query.inc');
require_once('resource_js.inc');
require_once("$obminclude/of/of_right.inc");
include_once("$obminclude/of/of_category.inc");
get_resource_action();
// If user has individual admin right on the selected resource, give access
// if user does not have admin right on module, check for the resource right
if (($params['resource_id'] > 0)
&& (! $perm->check_right('resource', $cright_write_admin))) {
if (OBM_Acl::canAdmin($obm['uid'], 'resource', $params['resource_id'])) {
$actions['resource']['rights_admin']['Right'] = $cright_read;
$actions['resource']['rights_update']['Right'] = $cright_read;
}
}
$perm->check_permissions($module, $action);
if (! check_privacy($module, 'Resource', $action, $params['resource_id'], $obm['uid'])) {
$display['msg'] = display_err_msg($l_error_visibility);
$action = 'index';
} else {
update_last_visit('resource', $params['resource_id'], $action);
}
page_close();
public function testPublicRights() {
OBM_Acl::initialize();
$this->assertFalse(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0));
$this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
OBM_Acl::allow(2, 'cv', 1, 'admin');
$this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canAdmin(2, 'cv', 1));
$this->assertEquals(OBM_Acl::getAllowedEntities(2, 'cv', 'read', null, 'title'), array(1 => 'CV Admin'));
OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0, 'admin' => 1));
$this->assertTrue(OBM_Acl::canAccess(3, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(3, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(3, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(3, 'cv', 1));
$this->assertEquals(OBM_Acl::getPublicRights('cv', 1), array(
'access' => 1, 'read' => 1, 'write' => 0, 'admin' => 0
));
}