protected function runUntrustedAction($action) { switch ($action) { case 'add': // Add action valid only for anonymous users return isset($this->keys['CID']) ? null : $this->actionAdd(); case 'edit': return !is_null($id = $this->fromGetOrPost(null, $this->id_type)) && $this->isOwner($id) && $this->actionEdit($id); case 'delete': return !is_null($id = $this->fromGet(null, $this->id_type)) && $this->isOwner($id) && $this->actionDelete($id); case 'logout': return isset($this->keys['CID']) ? $this->actionLogout() : null; } return parent::runUntrustedAction($action); }