Index: trunk/core/kernel/db/db_event_handler.php =================================================================== diff -u -r4625 -r4627 --- trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 4625) +++ trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 4627) @@ -50,6 +50,63 @@ $this->Conn =& $this->Application->GetADODBConnection(); } + /** + * Checks permissions of user + * + * @param kEvent $event + */ + function CheckPermission(&$event) + { + if ($event->Name == 'OnSave') { + // check is made in OnPreSave subevent + return true; + } + + if (substr($event->Name, 0, 9) == 'OnPreSave') { + $section = $event->getSection(); + if ($this->isNewItemCreate($event)) { + return $this->Application->CheckPermission($section.'.add'); + } + else { + return $this->Application->CheckPermission($section.'.add', 1) || $this->Application->CheckPermission($section.'.edit', 1); + } + } + + return parent::CheckPermission($event); + } + + /** + * Allows to override standart permission mapping + * + */ + function mapPermissions() + { + parent::mapPermissions(); + $permissions = Array( + 'OnCreate' => Array('self' => 'add', 'subitem' => 'add|edit'), + 'OnDelete' => Array('self' => 'delete', 'subitem' => 'edit|add'), + 'OnMassDelete' => Array('self' => 'delete', 'subitem' => 'edit|add'), + 'OnSelectItems' => Array('self' => 'add|edit', 'subitem' => 'add|edit'), + + 'OnMassApprove' => Array('self' => 'advanced:approve|add|edit', 'subitem' => 'advanced:approve|add|edit'), + 'OnMassDecline' => Array('self' => 'advanced:decline|add|edit', 'subitem' => 'advanced:decline|add|edit'), + + + 'OnPreCreate' => Array('self' => 'add'), + 'OnEdit' => Array('self' => 'edit'), + + + + + // theese event do not harm, but just in case check them too :) + 'OnCancelEdit' => Array('self' => 'add|edit'), + 'OnCancel' => Array('self' => 'add|edit', 'subitem' => 'add|edit'), + + 'OnSetSorting' => Array('self' => 'view', 'subitem' => 'view'), + ); + $this->permMapping = array_merge($this->permMapping, $permissions); + } + function mapEvents() { $events_map = Array('OnRemoveFilters' => 'FilterAction', @@ -930,7 +987,20 @@ $this->Application->RemoveVar($event->getPrefixSpecial().'_modified'); } + /** + * Allows to determine if we are creating new item or editing already created item + * + * @param kEvent $event + * @return bool + */ + function isNewItemCreate(&$event) + { + $item_id = $this->getPassedID($event); + return ($item_id == '') ? true : false; + } + + /** * Saves edited item into temp table * If there is no id, new item is created in temp table * @@ -943,35 +1013,30 @@ if (is_object($event->MasterEvent)) { $event->MasterEvent->setEventParam('IsNew',false); } - $item_id = $this->getPassedID($event); - if($item_id == '') - { + + if ($this->isNewItemCreate($event)) { $event->CallSubEvent('OnPreSaveCreated'); if (is_object($event->MasterEvent)) { $event->MasterEvent->setEventParam('IsNew',true); } return; } - + $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); $object =& $event->getObject(); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); - if($items_info) - { - foreach($items_info as $id => $field_values) - { + if ($items_info) { + foreach ($items_info as $id => $field_values) { $object->SetDefaultValues(); $object->Load($id); $object->SetFieldsFromHash($field_values); - if( $object->Update($id) ) - { - $event->status=erSUCCESS; + if ($object->Update($id)) { + $event->status = erSUCCESS; } - else - { - $event->status=erFAIL; - $event->redirect=false; + else { + $event->status = erFAIL; + $event->redirect = false; break; } }