/** * "Pre-flight" checks for create method * * Separated so that dbfactory->import() can reuse the code * * @param midcom_core_dbaobject $object The DBA object we're working on */ public static function create_pre_checks(midcom_core_dbaobject $object) { $parent = $object->get_parent(); if (!is_null($parent)) { // Attachments are a special case if (midcom::get('dbfactory')->is_a($object, 'midgard_attachment')) { if (!midcom::get('auth')->can_do('midgard:attachments', $parent) || !midcom::get('auth')->can_do('midgard:update', $parent)) { debug_add("Failed to create attachment, update or attachments privilege on the parent " . get_class($parent) . " {$parent->guid} not granted for the current user.", MIDCOM_LOG_ERROR); midcom_connection::set_error(MGD_ERR_ACCESS_DENIED); return false; } } elseif (!midcom::get('auth')->can_do('midgard:create', $parent) && !midcom::get('auth')->can_user_do('midgard:create', null, get_class($object))) { debug_add("Failed to create object, create privilege on the parent " . get_class($parent) . " {$parent->guid} or the actual object class not granted for the current user.", MIDCOM_LOG_ERROR); midcom_connection::set_error(MGD_ERR_ACCESS_DENIED); return false; } } else { if (!midcom::get('auth')->can_user_do('midgard:create', null, get_class($object))) { debug_add("Failed to create object, general create privilege not granted for the current user.", MIDCOM_LOG_ERROR); midcom_connection::set_error(MGD_ERR_ACCESS_DENIED); return false; } } if (!$object->_on_creating()) { debug_add("The _on_creating event handler returned false."); return false; } // Still check name uniqueness return self::_pre_check_name($object); }