private static function user_can_modify_entry($action, $form_id, $user_id, $entry_id)
{
if (!in_array($action, array("update", "delete"))) {
throw new Exception("Error: specify either update or delete when calling user_can_modify_entry();");
}
$cache_key = "{$action} {$form_id} {$user_id} {$entry_id}";
if (!isset(self::$cached_permissions[$cache_key])) {
self::$cached_permissions[$cache_key] = false;
if (null == self::$formulize_module_id) {
self::$formulize_module_id = getFormulizeModId();
}
$gperm_handler =& xoops_gethandler('groupperm');
$member_handler =& xoops_gethandler('member');
$groups = $member_handler->getGroupsByUser($user_id);
if ("new" == $entry_id or "" == $entry_id) {
if ("update" == $action) {
// user has permission to add new entries
self::$cached_permissions[$cache_key] = $gperm_handler->checkRight("add_own_entry", $form_id, $groups, self::$formulize_module_id);
if (!self::$cached_permissions[$cache_key]) {
self::$cached_permissions[$cache_key] = $gperm_handler->checkRight("add_proxy_entries", $form_id, $groups, self::$formulize_module_id);
}
} else {
self::$cached_permissions[$cache_key] = false;
// cannot delete an entry which has not been saved
}
} else {
// first check if this an entry by current user and they can edit their own entries
if (getEntryOwner($entry_id, $form_id) == $user_id) {
// user can update entry because it is their own and they have permission to update their own entries
self::$cached_permissions[$cache_key] = $gperm_handler->checkRight("{$action}_own_entry", $form_id, $groups, self::$formulize_module_id);
}
// next, check group and other permissions, even for own entries
if (!self::$cached_permissions[$cache_key]) {
// user can update entry because they have permission to update entries by others
self::$cached_permissions[$cache_key] = $gperm_handler->checkRight("{$action}_other_entries", $form_id, $groups, self::$formulize_module_id);
if (!self::$cached_permissions[$cache_key]) {
// check if the user belongs to a group with group-edit permission
if ($gperm_handler->checkRight("{$action}_group_entries", $form_id, $groups, self::$formulize_module_id)) {
// sometimes users can have a special group scope set, so use that if available
$formulize_permHandler = new formulizePermHandler($form_id);
$view_form_groups = $formulize_permHandler->getGroupScopeGroupIds($groups);
if ($view_form_groups === false) {
// no special group scope, so use normal view-form permissions
$view_form_groups = $gperm_handler->getGroupIds("view_form", $form_id, self::$formulize_module_id);
// need the groups the user is a member of, that have view form permission
$view_form_groups = array_intersect($view_form_groups, $groups);
}
// get the owner groups for the entry
$data_handler = new formulizeDataHandler($form_id);
$owner_groups = $data_handler->getEntryOwnerGroups($entry_id);
// check if the entry belongs to a group that is part of the scope that the user is permitted to interact with
self::$cached_permissions[$cache_key] = count(array_intersect($owner_groups, $view_form_groups));
}
}
}
}
//Second update to include custom edit check code
if ("update" == $action && $entry_id > 0) {
$formHandler = xoops_getmodulehandler('forms', 'formulize');
$formObject = $formHandler->get($form_id);
self::$cached_permissions[$cache_key] = $formObject->customEditCheck($form_id, $entry_id, $user_id, self::$cached_permissions[$cache_key]);
}
}
return self::$cached_permissions[$cache_key];
}
