/** * check grant for action (CRUD) * * @param Tinebase_Record_Interface $record * @param string $action * @param boolean $throw * @param string $errorMessage * @param Tinebase_Record_Interface $oldRecord * @return boolean * @throws Tinebase_Exception_AccessDenied * * @todo allow to skip this (ignoreACL) */ protected function _checkGrant($record, $action, $throw = true, $errorMessage = 'No Permission.', $oldRecord = null) { $hasGrant = parent::_checkGrant($record, $action, $throw, $errorMessage, $oldRecord); if (!$record->getId() || $action === 'create') { // no record based grants for new records return $hasGrant; } // always get current record grants $currentRecord = $this->_backend->get($record->getId()); $this->_getGrants($currentRecord); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Checked record (incl. grants): ' . print_r($currentRecord->toArray(), true)); } switch ($action) { case 'get': $hasGrant = $this->hasGrant($currentRecord, Tinebase_Model_Grants::GRANT_READ); break; case 'update': $hasGrant = $this->hasGrant($currentRecord, Tinebase_Model_Grants::GRANT_EDIT); break; case 'delete': $hasGrant = $this->hasGrant($currentRecord, Tinebase_Model_Grants::GRANT_DELETE); break; } if (!$hasGrant) { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' No permissions to ' . $action . ' record.'); if ($throw) { throw new Tinebase_Exception_AccessDenied($errorMessage); } } return $hasGrant; }
protected function _checkGrant($_record, $_action, $_throw = TRUE, $_errorMessage = 'No Permission.', $_oldRecord = NULL) { $this->doContainerACLChecks($this->_doContainerACLChecks && !Tinebase_Core::getUser()->hasRight('Calendar', Calendar_Acl_Rights::MANAGE_RESOURCES)); return parent::_checkGrant($_record, $_action, $_throw, $_errorMessage, $_oldRecord); }