public function setShareData($projectId) { try { if ($this->_wasCalled) { return; } $this->_wasCalled = true; $this->loadModel('FinanceShare'); $this->_isOwner = $this->FinanceShare->isProjectOwner($this->currUserID, (int) $projectId); $this->_currUserShare = $this->FinanceShare->findUserShare((int) $projectId, (int) $this->currUserID); // Not owner and not share user if (!$this->_isOwner && empty($this->_currUserShare)) { throw new Exception(__('Permission denied')); } // Denied rules for full access share type $controller = $this->request->params['controller']; $action = $this->request->params['action']; if (!$this->_isOwner) { foreach ($this->onlyOwnerAccess as $item) { if ($controller == $item['controller'] && ($item['actions'] == '*' || in_array($action, $item['actions']))) { throw new Exception(__('Permission denied')); } } } // view global variables assigned $this->set(array('isOwner' => $this->_isOwner, 'isFullAccess' => !$this->_isOwner && $this->getShare('full_access'), 'isPartAccess' => !$this->_isOwner && !$this->getShare('full_access'), 'currUserShare' => $this->_currUserShare, 'getShare' => function ($name) { return $this->getShare($name); })); // for model access FinanceShare::$isOwner = $this->_isOwner; FinanceShare::$get = $this->_currUserShare; FinanceShare::$isInit = true; } catch (Exception $e) { return $this->redirect(array('controller' => 'Errors', 'action' => 'error404')); } }