/** * check grant for action (CRUD) * * @param Tinebase_Record_Interface $_record * @param string $_action * @param boolean $_throw * @param string $_errorMessage * @param Tinebase_Record_Interface $_oldRecord * @return boolean * @throws Tinebase_Exception_AccessDenied * * @todo use this function in other create + update functions * @todo invent concept for simple adding of grants (plugins?) */ protected function _checkGrant($_record, $_action, $_throw = TRUE, $_errorMessage = 'No Permission.', $_oldRecord = NULL) { if (!$this->_doContainerACLChecks || $_record->container_id && $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADMIN)) { return TRUE; } switch ($_action) { case 'get': // NOTE: free/busy is not a read grant! $hasGrant = $_record->hasGrant(Tinebase_Model_Grants::GRANT_READ); if (!$hasGrant) { $_record->doFreeBusyCleanup(); } break; case 'create': $hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADD); break; case 'update': $hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_EDIT); break; case 'delete': $hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_DELETE); break; case 'sync': $hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_SYNC); break; case 'export': $hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_EXPORT); break; } if (!$hasGrant) { if ($_throw) { throw new Tinebase_Exception_AccessDenied($_errorMessage); } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . 'No permissions to ' . $_action . ' in container ' . $_record->container_id); } } } return $hasGrant; }
/** * check grant for action (CRUD) * * @param Tinebase_Record_Interface $_record * @param string $_action * @param boolean $_throw * @param string $_errorMessage * @param Tinebase_Record_Interface $_oldRecord * @return boolean * @throws Tinebase_Exception_AccessDenied * * @todo use this function in other create + update functions * @todo invent concept for simple adding of grants (plugins?) */ protected function _checkGrant($_record, $_action, $_throw = TRUE, $_errorMessage = 'No Permission.', $_oldRecord = NULL) { if (!$this->_doContainerACLChecks || !$_record->has('container_id') || $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADMIN)) { return TRUE; } $hasGrant = FALSE; switch ($_action) { case 'get': $hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_READ); break; case 'create': $hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADD); break; case 'update': $hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_EDIT); break; case 'delete': $container = Tinebase_Container::getInstance()->getContainerById($_record->container_id); $hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_DELETE); break; } if (!$hasGrant) { if ($_throw) { throw new Tinebase_Exception_AccessDenied($_errorMessage); } else { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' No permissions to ' . $_action . ' in container ' . $_record->container_id); } } return $hasGrant; }