public function setMayauthorize($mayauthorize)
{
$this->__load();
return parent::setMayauthorize($mayauthorize);
}
/**
* Preparation hook that can be overridden by subclasses for add and edit.
*
* This is called just before we process a possible POST / submission and
* will allow us to change / alter the form or object.
*
* @param IXP_Form_Contact $form The Send form object
* @param \Entities\Contact $object The Doctrine2 entity (being edited or blank for add)
* @param bool $isEdit True if we are editing, otherwise false
*/
protected function addPrepare($form, $object, $isEdit)
{
if ($isEdit && $this->getUser()->getPrivs() != \Entities\User::AUTH_SUPERUSER) {
if ($this->getUser()->getCustomer() != $object->getCustomer()) {
$this->addMessage('Illegal attempt to edit a user not under your control. The security team have been notified.');
$this->getLogger()->alert("User {$this->getUser()->getUsername()} illegally tried to edit {$object->getName()}");
$this->redirect();
}
}
if (!$isEdit) {
// defaults
$object->setFacilityaccess(false);
$object->setMayauthorize(false);
}
}
