public function manageGroupAccessForm() { $form = Form::load('logbook.views.ManageGroupAccess'); $group_access_options = array(new FormOption(LogbookAccess::VIEW, 'View'), new FormOption(LogbookAccess::EDIT, 'Edit'), new FormOption(LogbookAccess::DELETE, 'Delete'), new FormOption(LogbookAccess::MANAGE_ACCESS, 'Manage Access')); $form->setOptions('group_access_options', $group_access_options); if (is_object($this->group_to_manage_for) && is_object($this->entry_to_manage_for)) { $form->setInputValue('author_id', $this->entry_to_manage_for->get('author_id')); $form->setInputValue('entry_id', $this->entry_to_manage_for->id()); $form->setInputValue('group_id', $this->group_to_manage_for->id()); $ega = new EntryGroupAccess(); $ega->clause('author_id', $this->entry_to_manage_for->get('author_id')); $ega->clause('entry_id', $this->entry_to_manage_for->id()); $ega->clause('group_id', $this->group_to_manage_for->id()); if ($ega->id()) { $option_values = array(); if ($ega->get(LogbookAccess::VIEW)) { $option_values[] = new FormOption(LogbookAccess::VIEW, $ega->get(LogbookAccess::VIEW)); } if ($ega->get(LogbookAccess::EDIT)) { $option_values[] = new FormOption(LogbookAccess::EDIT, $ega->get(LogbookAccess::EDIT)); } if ($ega->get(LogbookAccess::DELETE)) { $option_values[] = new FormOption(LogbookAccess::DELETE, $ega->get(LogbookAccess::DELETE)); } if ($ega->get(LogbookAccess::MANAGE_ACCESS)) { $option_values[] = new FormOption(LogbookAccess::MANAGE_ACCESS, $ega->get(LogbookAccess::MANAGE_ACCESS)); } if (count($option_values)) { $form->setInputValue('group_access_options', $option_values); } } } return $form; }
public function userCanDoAction($user, $entry, $action) { //DEFAULT RETURN VALUE IS TRUE $ret = true; //GRANT ALL PERMISSIONS TO THE AUTHOR $author = new Author(); $author->clause('author_id', $entry->get('author_id')); $author->noForeign(); $author_user_id = $author->get('user_id'); if ($author_user_id != $user->id()) { //FIRST CHECK IF WE ARE EXCLUDED BASED ON ACCESS LEVEL $min_level = Application::user()->minAccessLevel(); $check_entry = $entry->restrict(); //IF THE ENTRY ACCESS ID IS GREATER THAN THE MIN LEVEL //OF THE CURRENT APP USER (0 IS ROOT LEVEL ACCESS) if ($access = $check_entry->fetchSingle('Access')) { $level = $access->get('access_level'); } else { $level = 0; } if ($level >= $min_level) { if ($user->id()) { $access = new EntryGroupAccess(); //NOW CHECK IF THERE IS GROUP ACCESS CONTROL FOR //ANY GROUPS THIS USER IS A MEMBER OF $user = $user->restrict(); $user->also('Group'); $access->clause('author_id', $entry->get('author_id')); $access->clause('entry_id', $entry->get('entry_id')); //IF THE USER IS IN ANY GROUPS if ($groups = $user->fetch('Group')) { $access->clause('group_id', $groups, Clause::IN); } else { $access->clause('group_id', 0); } //IF THERE WERE ACCESS ENTRIES FOR GROUPS THAT THIS USER IS IN if ($entries = $access->fetch()) { //LOOP THROUGH UNTIL WE FIND A GROUP THAT DIASALLOWS //THEN STOP foreach ($entries as $access_entry) { if ($ret) { $ret = $access_entry->get($action); } else { end($entries); } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { $ret = false; } } return $ret; }