protected function check_record_access($entity, $id, $website_id, $sharing = false) { // if $id is null, then we have a new record, so no need to check if we have access to the record if (is_null($id)) { return true; } $table = inflector::plural($entity); $viewname = 'list_' . $table; if (!$this->db) { $this->db = new Database(); } $fields = postgreSQL::list_fields($viewname, $this->db); if (empty($fields)) { Kohana::log('info', $viewname . ' not present so cannot access entity'); throw new EntityAccessError('Access to entity ' . $entity . ' not available via requested view.', 1003); } $this->db->from("{$viewname} as record"); $this->db->where(array('record.id' => $id)); if (!in_array($entity, $this->allow_full_access)) { if (array_key_exists('website_id', $fields)) { // check if a request for shared data is being made. Also check this is valid to prevent injection. if ($sharing && preg_match('/[reporting|peer_review|verification|data_flow|moderation]/', $sharing)) { // request specifies the sharing mode (i.e. the task being performed, such as verification, moderation). So // we can use this to work out access to other website data. $this->db->join('index_websites_website_agreements as iwwa', array('iwwa.from_website_id' => 'record.website_id', 'iwwa.receive_for_' . $sharing . "='t'" => ''), NULL, 'LEFT'); $this->db->where('record.website_id IS NULL'); $this->db->orwhere('iwwa.to_website_id', $this->website_id); } else { $this->db->in('record.website_id', array(null, $this->website_id)); } } elseif (!$this->in_warehouse) { Kohana::log('info', $viewname . ' does not have a website_id - access denied'); throw new EntityAccessError('No access to entity ' . $entity . ' allowed.', 1004); } } $number_rec = $this->db->count_records(); return $number_rec > 0 ? true : false; }
/** * Override the reload_columns method to add the vague_date virtual field * @param bool $force Reload the columns from the db even if already loaded * @return $this|\ORM * @throws \Kohana_Database_Exception */ public function reload_columns($force = FALSE) { if ($force === TRUE or empty($this->table_columns)) { // Load table columns $this->table_columns = postgreSQL::list_fields($this->table_name, $this->db); // Vague date if (array_key_exists('date_type', $this->table_columns)) { $this->table_columns['date']['type'] = 'String'; } } return $this; }