/** * Checks that the user has permission for modifying the item, in this case for uploading or deleting files. * * @param Phprojekt_Model_Interface $model Current module. * @param integer $itemId Current item id. * * @throws Exception On no write access. * * @return void */ private static function _checkWritePermission($model, $itemId) { if ($itemId != 0) { $model->find($itemId); } if (!$model->hasRight(Phprojekt_Auth_Proxy::getEffectiveUserId(), Phprojekt_Acl::WRITE)) { $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.'); self::_logError("Error: trying to Delete or Upload a file without write access.", array(get_class($model), $itemId)); throw new Exception($error); } }
/** * Checks that the user has permission for modifying the item, in this case for uploading or deleting files. * If not, prints an error, terminating script execution. * * @param Phprojekt_Model_Interface $model Current module. * @param integer $itemId Current item id. * * @return void */ private function _fileCheckWritePermission($model, $itemId) { $model->find($itemId); $rights = $model->getRights(); if (!$rights['currentUser']['write']) { $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.'); // Log error Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName()); // Show error to user and stop script execution die($error); } }