Exemplo n.º 1
0
 /**
  * Checks that the user has permission for modifying the item, in this case for uploading or deleting files.
  * If not, prints an error, terminating script execution.
  *
  * @param Phprojekt_Model_Interface $model  Current module.
  * @param integer                   $itemId Current item id.
  *
  * @return void
  */
 private function _fileCheckWritePermission($model, $itemId)
 {
     $model->find($itemId);
     $rights = $model->getRights();
     if (!$rights['currentUser']['write']) {
         $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.');
         // Log error
         Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName());
         // Show error to user and stop script execution
         die($error);
     }
 }
Exemplo n.º 2
0
 /**
  * Check if the user has write access to the item if is not a global module.
  *
  * @param Phprojekt_Model_Interface $model      The model to save.
  * @param string                    $moduleName The current module.
  *
  * @return boolean False if not.
  */
 private static function _checkItemRights($model, $moduleName)
 {
     $canWrite = false;
     if ($moduleName == 'Core') {
         return Phprojekt_Auth::isAdminUser();
     } else {
         if (Phprojekt_Module::saveTypeIsNormal(Phprojekt_Module::getId($moduleName))) {
             $itemRights = $model->getRights();
             if (isset($itemRights['currentUser'])) {
                 if (!$itemRights['currentUser']['write'] && !$itemRights['currentUser']['create'] && !$itemRights['currentUser']['copy'] && !$itemRights['currentUser']['admin']) {
                     $canWrite = false;
                 } else {
                     $canWrite = true;
                 }
             }
         } else {
             $canWrite = true;
         }
     }
     return $canWrite;
 }