function getDefaultView() { $context = $this->getContext(); $controller = $context->getController(); $request = $context->getRequest(); $user = $context->getUser(); $acs_user_info_row = $user->getAttribute('acs_user_info_row'); $community_id = $request->getParameter('community_id'); $bbs_id = $request->getParameter('bbs_id'); $bbs_res_id = $request->getParameter('bbs_res_id'); // コミュニティ情報 $community_row = ACSCommunity::get_community_row($community_id); // BBS記事一覧 $bbs_res_row = ACSBBS::get_bbs_res_row($bbs_res_id); // set $request->setAttribute('community_row', $community_row); $request->setAttribute('bbs_res_row', $bbs_res_row); // (投稿者本人 or コミュニティ管理者)のみがアクセスできる if ($acs_user_info_row['user_community_id'] != $bbs_res_row['user_community_id'] && !ACSCommunity::is_community_admin($acs_user_info_row['user_community_id'], $community_row['community_id'])) { $controller->forward(SECURE_MODULE, SECURE_ACTION); return; } return View::INPUT; }
function get_execute_privilege() { $context = $this->getContext(); $controller = $context->getController(); $request = $context->getRequest(); $user = $context->getUser(); $acs_user_info_row = $user->getAttribute('acs_user_info_row'); // 本人はOK if ($user->hasCredential('COMMUNITY_ADMIN')) { return true; } // 書き込んだメンバ本人はOK if ($user->hasCredential('COMMUNITY_MEMBER')) { $bbs_res_row = ACSBBS::get_bbs_res_row($request->getParameter('bbs_res_id')); if ($acs_user_info_row['user_community_id'] == $bbs_res_row['user_community_id']) { return true; } } return false; }