function test_basic_check_array() { $pt =& Dataface_PermissionsTool::getInstance(); $this->assertTrue($pt->checkPermission('view', array('view' => 'View'))); $this->assertTrue(Dataface_PermissionsTool::checkPermission('view', array('view' => 'View'))); $this->assertTrue(!$pt->checkPermission('view', array())); $this->assertTrue(!Dataface_PermissionsTool::checkPermission('view', array())); $this->assertTrue($pt->checkPermission('edit', array('view' => 'View', 'edit' => 'Edit'))); $perms = array('view' => 'View'); $this->assertTrue($pt->view($perms)); $perms = array('view' => 'View'); $this->assertTrue(Dataface_PermissionsTool::view($perms)); $perms = array('edit' => 'Edit'); $this->assertTrue(!$pt->view($perms)); $perms = array('edit' => 'Edit'); $this->assertTrue(!Dataface_PermissionsTool::view($perms)); $this->assertTrue($pt->edit($perms)); $this->assertTrue(Dataface_PermissionsTool::edit($perms)); $perms = array('delete' => 'Delete'); $this->assertTrue(!$pt->edit($perms)); $this->assertTrue(!Dataface_PermissionsTool::edit($perms)); $this->assertTrue($pt->delete($perms)); $this->assertTrue(Dataface_PermissionsTool::delete($perms)); }
/** * Handles initialization and control for the delete form. */ function _delete_init() { import('Dataface/DeleteForm.php'); $record = new Dataface_Record($this->_tablename, @$_REQUEST['--__keys__']); if (!Dataface_PermissionsTool::delete($record)) { $this->_vars['error'] = "<div class=\"error\">Error. Permission Denied.<!-- At line " . __LINE__ . " of file " . __FILE__ . " --></div>"; return; } $form = new Dataface_DeleteForm($this->_tablename, $this->_db, $this->_query); $form->_build(); $form->addElement('hidden', '-table'); $form->setDefaults(array('-table' => $this->_tablename)); $this->_vars['form'] =& $form; if ($form->validate()) { $res = $form->process(array(&$form, 'delete'), true); $response = Dataface_Application::getResponse(); if (PEAR::isError($res) && !Dataface_Error::isNotice($res)) { $msg = $res->getMessage(); $msg .= "\n" . $res->getUserInfo(); } else { if (Dataface_Error::isNotice($res)) { $response['--msg'] = @$response['--msg'] . "\n" . $res->getMessage(); } else { $msg = 'Records successfully deleted.'; } } $msg = urlencode(trim($msg . "\n" . $response['--msg'])); header('Location: ' . $_SERVER['HOST_URI'] . DATAFACE_SITE_HREF . '?-table=' . $this->_tablename . '&--msg=' . $msg); exit; } }
/** * Validates the input to make sure that the delete can take place. */ function checkPermissions() { $errors = array(); if ($this->isSubmitted()) { $errCounter = 1; import('Dataface/PermissionsTool.php'); import('dataface-public-api.php'); $query = $this->_buildDeleteQuery($this->exportValues()); if (PEAR::isError($query)) { $errors[$errCounter++] = $query->getMessage(); } $records =& df_get_records_array($this->_tablename, $query); if (PEAR::isError($records)) { $errors[$errCounter++] = $query->getMessage(); // we attach this error to the '-submit' field because I don't know how to attach it to the form. } if (!is_array($records)) { $errors[$errCounter++] = df_translate('scripts.Dataface.DeleteForm.display.ERROR_NO_RECORDS_FOUND', "No records matched the query, so no records can be deleted."); } else { foreach (array_keys($records) as $index) { if (!Dataface_PermissionsTool::delete($records[$index])) { $errors[$errCounter++] = df_translate('scripts.Dataface.DeleteForm.checkPermissions.ERROR_PERMISSION_DENIED', "Permission Denied: You do not have permission to delete this record (" . $records[$index]->getTitle() . ")", array('title' => $records[$index]->getTitle())); // we attach this error to the '-submit' field because I don't know how to attach it to the form. } } } } if (count($errors) > 0) { return $errors; } return true; }