/** * Checks access control list for currently loaded row for the specified user and returns an access value. Values are: * * __CA_ACL_NO_ACCESS__ (0) * __CA_ACL_READONLY_ACCESS__ (1) * __CA_ACL_EDIT_ACCESS__ (2) * __CA_ACL_EDIT_DELETE_ACCESS__ (3) * * @param ca_users $t_user A ca_users object * @param int $pn_id Optional row_id to check ACL for; if omitted currently loaded row_id is used * @return int An access value */ public function checkACLAccessForUser($t_user, $pn_id = null) { if (!$this->supportsACL()) { return __CA_ACL_EDIT_DELETE_ACCESS__; } if (!$pn_id) { $pn_id = (int) $this->getPrimaryKey(); if (!$pn_id) { return null; } } if ($t_user->canDoAction('is_administrator')) { return __CA_ACL_EDIT_DELETE_ACCESS__; } require_once __CA_MODELS_DIR__ . '/ca_acl.php'; return ca_acl::accessForRow($t_user, $this->tableNum(), $pn_id); }
* * This source code is free and modifiable under the terms of * GNU General Public License. (http://www.gnu.org/copyleft/gpl.html). See * the "license.txt" file for details, or visit the CollectiveAccess web site at * http://www.CollectiveAccess.org * * ---------------------------------------------------------------------- */ $vs_id_prefix = $this->getVar('id_prefix'); $t_instance = $this->getVar('t_instance'); $t_item = $this->getVar('t_user'); // user $t_subject = $this->getVar('t_subject'); $va_settings = $this->getVar('settings'); $vs_add_label = $this->getVar('add_label'); $t_acl = new ca_acl(); $vb_read_only = isset($va_settings['readonly']) && $va_settings['readonly'] || $this->request->user->getBundleAccessLevel($t_instance->tableName(), 'ca_users') == __CA_BUNDLE_ACCESS_READONLY__; $t_acl->set('access', (int) $this->getVar('initialValue')); ?> <div id="<?php print $vs_id_prefix . '_world'; ?> "> <div class="bundleContainer"> <div class="caItemList"> <div id="<?php print $vs_id_prefix; ?> _World" class="labelInfo"> <table class="caListItem"> <tr>
* This source code is free and modifiable under the terms of * GNU General Public License. (http://www.gnu.org/copyleft/gpl.html). See * the "license.txt" file for details, or visit the CollectiveAccess web site at * http://www.CollectiveAccess.org * * ---------------------------------------------------------------------- */ $vs_id_prefix = $this->getVar('id_prefix') . '_group'; $t_instance = $this->getVar('t_instance'); $t_item = $this->getVar('t_group'); // user group $t_subject = $this->getVar('t_subject'); $va_settings = $this->getVar('settings'); $vs_add_label = $this->getVar('add_label'); $vb_read_only = isset($va_settings['readonly']) && $va_settings['readonly'] || $this->request->user->getBundleAccessLevel($t_instance->tableName(), 'ca_users') == __CA_BUNDLE_ACCESS_READONLY__; $t_acl = new ca_acl(); $va_initial_values = $this->getVar('initialValues'); if (!is_array($va_initial_values)) { $va_initial_values = array(); } ?> <div id="<?php print $vs_id_prefix . $t_item->tableNum() . '_rel'; ?> "> <?php // // The bundle template - used to generate each bundle in the form // ?> <textarea class='caItemTemplate' style='display: none;'>
/** * * * @param array $pa_options Array of options passed through to _initView */ public function SetAccess($pa_options = null) { list($vn_subject_id, $t_subject) = $this->_initView($pa_options); if (!$this->_checkAccess($t_subject)) { return false; } if (!$t_subject->isSaveable($this->request) || !$this->request->user->canDoAction('can_change_acl_' . $t_subject->tableName())) { $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2570?r=' . urlencode($this->request->getFullUrlPath())); return; } $vs_form_prefix = $this->request->getParameter('_formName', pString); // Save user ACL's $va_users_to_set = array(); foreach ($_REQUEST as $vs_key => $vs_val) { if (preg_match("!^{$vs_form_prefix}_user_id(.*)\$!", $vs_key, $va_matches)) { $vn_user_id = (int) $this->request->getParameter($vs_form_prefix . '_user_id' . $va_matches[1], pInteger); $vn_access = $this->request->getParameter($vs_form_prefix . '_user_access_' . $va_matches[1], pInteger); if ($vn_access >= 0) { $va_users_to_set[$vn_user_id] = $vn_access; } } } $t_subject->setACLUsers($va_users_to_set); // Save group ACL's $va_groups_to_set = array(); foreach ($_REQUEST as $vs_key => $vs_val) { if (preg_match("!^{$vs_form_prefix}_group_id(.*)\$!", $vs_key, $va_matches)) { $vn_group_id = (int) $this->request->getParameter($vs_form_prefix . '_group_id' . $va_matches[1], pInteger); $vn_access = $this->request->getParameter($vs_form_prefix . '_group_access_' . $va_matches[1], pInteger); if ($vn_access >= 0) { $va_groups_to_set[$vn_group_id] = $vn_access; } } } $t_subject->setACLUserGroups($va_groups_to_set); // Save "world" ACL $t_subject->setACLWorldAccess($this->request->getParameter("{$vs_form_prefix}_access_world", pInteger)); // Propagate ACL settings to records that inherit from this one if ((bool) $t_subject->getProperty('SUPPORTS_ACL_INHERITANCE')) { ca_acl::applyACLInheritanceToChildrenFromRow($t_subject); if (is_array($va_inheritors = $t_subject->getProperty('ACL_INHERITANCE_LIST'))) { foreach ($va_inheritors as $vs_inheritor_table) { ca_acl::applyACLInheritanceToRelatedFromRow($t_subject, $vs_inheritor_table); } } } // Set ACL-related intrinsic fields if ($t_subject->hasField('acl_inherit_from_ca_collections') || $t_subject->hasField('acl_inherit_from_parent')) { $t_subject->setMode(ACCESS_WRITE); if ($t_subject->hasField('acl_inherit_from_ca_collections')) { $t_subject->set('acl_inherit_from_ca_collections', $this->request->getParameter('acl_inherit_from_ca_collections', pString)); } if ($t_subject->hasField('acl_inherit_from_parent')) { $t_subject->set('acl_inherit_from_parent', $this->request->getParameter('acl_inherit_from_parent', pString)); } $t_subject->update(); if ($t_subject->numErrors()) { $this->postError(1250, _t('Could not set ACL inheritance settings: %1', join("; ", $t_subject->getErrors())), "BaseEditorController->SetAccess()"); } } $this->Access(); }
/** * */ public function delete($pb_delete_related = false, $pa_options = null, $pa_fields = null, $pa_table_list = null) { $t_left = $this->getAppDatamodel()->getInstanceByTableNum($this->getLeftTableNum()); $vn_left_id = $this->get($this->getLeftTableFieldName()); $vn_right_id = $this->get($this->getRightTableFieldName()); $t_right = $this->getAppDatamodel()->getInstanceByTableNum($this->getRightTableNum()); if ($vn_rc = parent::delete($pb_delete_related, $pa_options, $pa_fields, $pa_table_list)) { foreach (array($this->getRightTableName() => $t_left, $this->getLeftTableName() => $t_right) as $vs_other_table_name => $t_instance) { if ((bool) $t_instance->getProperty('SUPPORTS_ACL_INHERITANCE')) { if (is_array($va_inheritors = $t_instance->getProperty('ACL_INHERITANCE_LIST')) && in_array($vs_other_table_name, $va_inheritors)) { ca_acl::applyACLInheritanceToRelatedRowFromRow($t_instance, $vs_other_table_name == $this->getLeftTableName() ? $vn_right_id : $vn_left_id, $vs_other_table_name, $vs_other_table_name == $this->getLeftTableName() ? $vn_left_id : $vn_right_id, array('deleteACLOnly' => true)); } } } } return $vn_rc; }