/**
* "Pre-flight" checks for create method
*
* Separated so that dbfactory->import() can reuse the code
*
* @param midcom_core_dbaobject $object The DBA object we're working on
*/
public static function create_pre_checks(midcom_core_dbaobject $object)
{
$parent = $object->get_parent();
if (!is_null($parent)) {
// Attachments are a special case
if (midcom::get('dbfactory')->is_a($object, 'midgard_attachment')) {
if (!midcom::get('auth')->can_do('midgard:attachments', $parent) || !midcom::get('auth')->can_do('midgard:update', $parent)) {
debug_add("Failed to create attachment, update or attachments privilege on the parent " . get_class($parent) . " {$parent->guid} not granted for the current user.", MIDCOM_LOG_ERROR);
midcom_connection::set_error(MGD_ERR_ACCESS_DENIED);
return false;
}
} elseif (!midcom::get('auth')->can_do('midgard:create', $parent) && !midcom::get('auth')->can_user_do('midgard:create', null, get_class($object))) {
debug_add("Failed to create object, create privilege on the parent " . get_class($parent) . " {$parent->guid} or the actual object class not granted for the current user.", MIDCOM_LOG_ERROR);
midcom_connection::set_error(MGD_ERR_ACCESS_DENIED);
return false;
}
} else {
if (!midcom::get('auth')->can_user_do('midgard:create', null, get_class($object))) {
debug_add("Failed to create object, general create privilege not granted for the current user.", MIDCOM_LOG_ERROR);
midcom_connection::set_error(MGD_ERR_ACCESS_DENIED);
return false;
}
}
if (!$object->_on_creating()) {
debug_add("The _on_creating event handler returned false.");
return false;
}
// Still check name uniqueness
return self::_pre_check_name($object);
}