/**
* Checks that the user has permission for modifying the item, in this case for uploading or deleting files.
* If not, prints an error, terminating script execution.
*
* @param Phprojekt_Model_Interface $model Current module.
* @param integer $itemId Current item id.
*
* @return void
*/
private function _fileCheckWritePermission($model, $itemId)
{
$model->find($itemId);
$rights = $model->getRights();
if (!$rights['currentUser']['write']) {
$error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.');
// Log error
Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName());
// Show error to user and stop script execution
die($error);
}
}
/**
* Check if the user has write access to the item if is not a global module.
*
* @param Phprojekt_Model_Interface $model The model to save.
* @param string $moduleName The current module.
*
* @return boolean False if not.
*/
private static function _checkItemRights($model, $moduleName)
{
$canWrite = false;
if ($moduleName == 'Core') {
return Phprojekt_Auth::isAdminUser();
} else {
if (Phprojekt_Module::saveTypeIsNormal(Phprojekt_Module::getId($moduleName))) {
$itemRights = $model->getRights();
if (isset($itemRights['currentUser'])) {
if (!$itemRights['currentUser']['write'] && !$itemRights['currentUser']['create'] && !$itemRights['currentUser']['copy'] && !$itemRights['currentUser']['admin']) {
$canWrite = false;
} else {
$canWrite = true;
}
}
} else {
$canWrite = true;
}
}
return $canWrite;
}
