function handle($params) { $app = Dataface_Application::getInstance(); $query =& $app->getQuery(); $related_record = df_get_record_by_id($query['-related-record-id']); if (!$related_record || PEAR::isError($related_record)) { $this->out_404(); } $app->_conf['orig_permissions'] = $related_record->_record->getPermissions(); Dataface_PermissionsTool::addContextMask($related_record); $perms = $related_record->getPermissions(); //print_r($perms);exit; if (!@$perms['view']) { return Dataface_Error::permissionDenied('You don\'t have permission to view this record.'); } $query['-relationship'] = $related_record->_relationship->getName(); Dataface_JavascriptTool::getInstance()->import('xataface/actions/view_related_record.js'); df_display(array('related_record' => $related_record), 'xataface/actions/view_related_record.html'); }
/** * @brief Adds a related record to the current context. This provides * a lense through which to view the destination records of this related * record so that their permissions are evaluated as if they are part * of the relationship. * * @param Dataface_RelatedRecord $rec The related record to add for context. * @returns void * @since 2.0 * @see getRecordContext() * @see clearRecordContext() */ function addRecordContext(Dataface_RelatedRecord $rec) { $this->getRecordContext(); $destRecords = $rec->toRecords(); foreach ($destRecords as $destRec) { $this->recordContext[$destRec->getId()] = $rec; } Dataface_PermissionsTool::addContextMask($rec); }