Exemplo n.º 1
0
 /**
  * A method to check if the user has specific permissions to perform
  * an action on an account
  *
  * TODOPERM - consider caching permissions in user session so they could
  *            be reused across many user requests
  *
  * @static
  * @param integer $permissionId
  * @param int $accountId
  * @return boolean
  */
 function hasPermission($permissionId, $accountId = null, $userId = null)
 {
     if (empty($userId)) {
         $userId = OA_Permission::getUserId();
     }
     if (OA_Permission::isUserLinkedToAdmin($userId)) {
         return true;
     }
     static $aCache = array();
     if (empty($accountId)) {
         $accountId = OA_Permission::getAccountId();
         $accountType = OA_Permission::getAccountType();
     } else {
         $oAccounts = OA_Dal::staticGetDO('accounts', $accountId);
         if ($oAccounts) {
             $accountType = $oAccounts->accountType;
         } else {
             // Account does not exist
             Max::raiseError('No such account ID: ' . $accountId);
             return false;
         }
     }
     if (OA_Permission::isPermissionRelatedToAccountType($accountType, $permissionId)) {
         $aCache[$userId][$accountId] = OA_Permission::getAccountUsersPermissions($userId, $accountId);
     } else {
         $aCache[$userId][$accountId][$permissionId] = true;
     }
     return isset($aCache[$userId][$accountId][$permissionId]) ? $aCache[$userId][$accountId][$permissionId] : false;
 }