/** * Check whether the current user can add a new map * * @throws Exception */ function canadd() { global $LNG, $USER; // needs to be logged in that's all! if (api_check_login() instanceof Error) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } }
/** * Check whether the current user can delete the current connection * * @throws Exception */ function candelete() { global $DB, $USER, $LNG, $HUB_SQL; if (api_check_login() instanceof Error) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } $currentuser = ''; if (isset($USER->userid)) { $currentuser = $USER->userid; } //can delete only if owner of the connection $params = array(); $params[0] = $currentuser; $params[1] = $this->connid; $resArray = $DB->select($HUB_SQL->DATAMODEL_CONNECTION_CAN_DELETE, $params); if ($resArray !== false) { $count = count($resArray); if ($count == 0) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } } else { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } }
/** * Check whether the current user can delete the current node * * @throws Exception */ function candelete() { global $DB, $USER, $HUB_SQL, $LNG; api_check_login(); $currentuser = ''; if (isset($USER->userid)) { $currentuser = $USER->userid; } //can delete only if owner of the node $params = array(); $params[0] = $currentuser; $params[1] = $this->nodeid; $resArray = $DB->select($HUB_SQL->DATAMODEL_NODE_CAN_EDIT, $params); if ($resArray !== false) { if (count($resArray) == 0) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } } else { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } }
/** * Add the given user to this Group's joining request list. * @param $userid the id of the user who wishes to join the group. * @return true if it all went well, else Error. */ function joinrequest($userid) { global $CFG, $DB, $USER, $HUB_SQL; if (api_check_login() instanceof Error) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } // check user exists $user = new User($userid); if ($user->load() instanceof Error) { global $ERROR; $ERROR = new error(); return $ERROR->createUserNotFoundError($userid); } $dt = time(); $params = array(); $params[0] = $this->groupid; $params[1] = $userid; $params[2] = $userid; $params[3] = $dt; $res = $DB->insert($HUB_SQL->DATAMODEL_GROUP_JOIN_ADD, $params); if ($res) { return true; } else { return database_error($DB->conn); } }
/** * Check whether the current user can delete the current ViewNode record * * @throws Exception */ function candelete() { global $DB, $USER, $HUB_SQL, $LNG; api_check_login(); /** CHANGED: If you can edit the map you can remove a node from the map **/ try { $view = new View($this->viewid); $view->canedit(); } catch (Exception $e) { return access_denied_error(); } /*$currentuser = ''; if (isset($USER->userid)) { $currentuser = $USER->userid; } if ($currentuser !== $this->userid) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } //can delete only if owner of this ViewNode record $params = array(); $params[0] = $this->viewid; $params[1] = $this->nodeid; $params[2] = $currentuser; $resArray = $DB->select($HUB_SQL->DATAMODEL_VIEWNODE_CAN_EDIT, $params); if($resArray !== false){ if (count($resArray) == 0) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } } else { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } */ }
/** * Check whether the given user is an admin for this group * * @return true if given use is a group admin else false or error if there is a database error */ function isgroupadmin($userid) { global $DB, $HUB_SQL; if (api_check_login() instanceof Error) { return false; } //can edit only if admin for the group $params = array(); $params[0] = $this->groupid; $params[1] = $userid; $params[2] = 'Y'; $resArray = $DB->select($HUB_SQL->DATAMODEL_GROUP_IS_ADMIN, $params); if ($resArray !== false) { $count = count($resArray); if ($count == 0) { return false; } else { return true; } } else { return database_error(); } }
/** * Check whether the current user can delete the current following entry * * @throws Exception */ function candelete() { global $DB, $USER, $LNG; //can delete only if owner of the following entry api_check_login(); if ($this->userid != $USER->userid) { throw new Exception($LNG->ERROR_ACCESS_DENIED_MESSAGE); } }