function update_action_rights() { global $params, $actions, $path, $cright_read, $cright_write_admin, $obm, $profiles; $cright_forbidden = 32; $id = $params['contact_id']; if ($id > 0) { $c = get_contact_info($id); // Allow public contact handling only if write_admin right if ($c['privacy'] != 1) { $actions['contact']['detailupdate']['Right'] = $cright_write_admin; $actions['contact']['update']['Right'] = $cright_write_admin; $actions['contact']['insert']['Right'] = $cright_write_admin; $actions['contact']['check_delete']['Right'] = $cright_write_admin; $actions['contact']['delete']['Right'] = $cright_write_admin; } else { // update the admin rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canAdmin($obm['uid'], 'contact', $id)) { $actions['contact']['rights_admin']['Right'] = $cright_read; $actions['contact']['rights_update']['Right'] = $cright_read; } else { $actions['contact']['rights_admin']['Right'] = $cright_write_admin; $actions['contact']['rights_update']['Right'] = $cright_write_admin; } // update the update rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canWrite($obm['uid'], 'contact', $id)) { $actions['contact']['update']['Right'] = $cright_read; $actions['contact']['delete']['Right'] = $cright_read; $actions['contact']['detailupdate']['Right'] = $cright_read; $actions['contact']['check_delete']['Right'] = $cright_read; } else { $actions['contact']['update']['Right'] = $cright_forbidden; $actions['contact']['delete']['Right'] = $cright_forbidden; $actions['contact']['detailupdate']['Right'] = $cright_forbidden; $actions['contact']['check_delete']['Right'] = $cright_forbidden; } // update the read rights on the current contact if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canRead($obm['uid'], 'contact', $id)) { $actions['contact']['detailconsult']['Right'] = $cright_read; } else { $actions['contact']['detailconsult']['Right'] = $cright_forbidden; } } } }
function update_calendar_action() { global $actions, $params, $path, $obm, $writable_calendars; if (!$writable_calendars) { unset($actions['calendar']['new']); } $id = $params['calendar_id']; if($id) { $event_info = get_calendar_event_info($id); $owner = $event_info['owner']; if ($owner != $obm['uid'] && !OBM_Acl::canWrite($obm['uid'], 'calendar', $owner)) { // Detail Update unset($actions['calendar']['detailupdate']); // Duplicate unset($actions['calendar']['duplicate']); $data = "<a href=\"$datas[0]\">$datas[0]</a>"; // Update unset($actions['calendar']['update']); // Check Delete unset($actions['calendar']['check_delete']); // Delete unset($actions['calendar']['delete']); } } }
public function testPublicRights() { OBM_Acl::initialize(); $this->assertFalse(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1)); OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0)); $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1)); OBM_Acl::allow(2, 'cv', 1, 'admin'); $this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(2, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1)); $this->assertTrue(OBM_Acl::canAdmin(2, 'cv', 1)); $this->assertEquals(OBM_Acl::getAllowedEntities(2, 'cv', 'read', null, 'title'), array(1 => 'CV Admin')); OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0, 'admin' => 1)); $this->assertTrue(OBM_Acl::canAccess(3, 'cv', 1)); $this->assertTrue(OBM_Acl::canRead(3, 'cv', 1)); $this->assertFalse(OBM_Acl::canWrite(3, 'cv', 1)); $this->assertFalse(OBM_Acl::canAdmin(3, 'cv', 1)); $this->assertEquals(OBM_Acl::getPublicRights('cv', 1), array( 'access' => 1, 'read' => 1, 'write' => 0, 'admin' => 0 )); }