/** * Return categories that have documents $user can see * * Only if $user is administrator or can see private objects all categories * are returned * * @param User $user * @return array */ function findAll($user) { if ($user->isAdministrator() || $user->canSeePrivate()) { return DocumentCategories::find(array('order' => 'name')); } else { $document_categories_table = TABLE_PREFIX . 'document_categories'; $documents_table = TABLE_PREFIX . 'documents'; return DocumentCategories::findBySQL("SELECT DISTINCT {$document_categories_table}.* FROM {$document_categories_table}, {$documents_table} WHERE {$document_categories_table}.id = {$documents_table}.category_id AND {$documents_table}.visibility >= ? ORDER BY {$document_categories_table}.name", array(VISIBILITY_NORMAL)); } // if }
/** * Returns true if $user can view specific document * * @param User $user * @return boolean */ function canView($user) { return $this->getVisibility() == VISIBILITY_PRIVATE ? $user->canSeePrivate() : true; }
/** * Returns true if $user can delete this object * * @param User $user * @param string $manage_permission_name * @return boolean */ function canDelete($user) { $project = $this->getProject(); if (!instance_of($project, 'Project')) { return false; } // if if ($user->isProjectManager() || $user->isProjectLeader($this->getProject())) { return true; // administrators and project managers have all permissions } // if if ($this->getVisibility() < VISIBILITY_NORMAL && !$user->canSeePrivate()) { return false; } // if if ($this->permission_name && $user->getProjectPermission($this->permission_name, $project) >= PROJECT_PERMISSION_MANAGE) { return true; } // if // Author in the next three hours if ($this->getCreatedById() == $user->getId()) { $created_on = $this->getCreatedOn(); return time() < $created_on->getTimestamp() + 10800; } // if return false; }