Index: trunk/core/kernel/event_handler.php
===================================================================
diff -u -r4622 -r4625
--- trunk/core/kernel/event_handler.php (.../event_handler.php) (revision 4622)
+++ trunk/core/kernel/event_handler.php (.../event_handler.php) (revision 4625)
@@ -35,9 +35,16 @@
* @var Array
* @access protected
*/
- var $eventMethods=Array();
+ var $eventMethods = Array();
/**
+ * Defines mapping vs event names and permission names
+ *
+ * @var Array
+ */
+ var $permMapping = Array();
+
+ /**
* Define alternative event processing method names
*
* @see $eventMethods
@@ -48,6 +55,29 @@
}
+ /**
+ * Allows to override standart permission mapping
+ *
+ */
+ function mapPermissions()
+ {
+ $this->permMapping = Array(
+ 'OnCreate' => Array('self' => 'add', 'subitem' => 'add|edit'),
+ 'OnDelete' => Array('self' => 'delete', 'subitem' => 'edit|add'),
+
+ 'OnEdit' => Array('self' => 'add|edit'),
+ 'OnPreCreate' => Array('self' => 'add'),
+
+ 'OnPreSaveAndGoToTab' => Array('self' => 'add|edit'),
+
+ // theese event do not harm, but just in case check them too :)
+ 'OnCancelEdit' => Array('self' => 'add|edit'),
+ 'OnCancel' => Array('self' => 'add|edit', 'subitem' => 'add|edit'),
+
+ 'OnSetSorting' => Array('self' => 'view', 'subitem' => 'view'),
+ );
+ }
+
function getPrefixSpecial()
{
trigger_error('Usage of getPrefixSpecial() this method is forbidden in kEventHandler class children. Use $event->getPrefixSpecial(true); instead', E_USER_ERROR);
@@ -64,6 +94,7 @@
{
parent::Init($prefix,$special);
$this->mapEvents();
+ $this->mapPermissions();
}
/**
@@ -289,14 +320,58 @@
*
* @param kEvent $event
*/
- function checkPermissions(&$event)
+ function CheckPermission(&$event)
{
if ($this->Application->GetVar('u_id') == -1) {
// "root" has all permissions
return true;
}
- return true;
+ $main_prefix = $this->Application->GetTopmostPrefix($event->Prefix);
+ $section = $this->Application->getUnitOption($main_prefix, 'Section');
+
+ if (!$section) {
+ trigger_error('Permission section not specified for prefix '.$main_prefix.'', E_USER_ERROR);
+ }
+
+ $pefix_type = ($main_prefix == $event->Prefix) ? 'self' : 'subitem';
+ $perm_mapping = getArrayValue($this->permMapping, $event->Name);
+
+ if (!$perm_mapping[$pefix_type]) {
+ trigger_error('Permission mappings not defined for event '.$main_prefix.':'.$event->Name.'', E_USER_ERROR);
+ }
+
+ $perm_status = false;
+ if ($perm_mapping[$pefix_type] === true) {
+ // event is defined in mapping but is not checked by permissions
+ return true;
+ }
+
+ $check_perms = explode('|', $perm_mapping[$pefix_type]);
+
+ foreach ($check_perms as $perm_name) {
+ // check if at least one of required permissions is set
+ $perm_name = $section.'.'.$perm_name;
+ $perm_status = $this->Application->CheckPermission($perm_name, 1);
+ if (($perm_name == $section.'.add') && $perm_status && ($main_prefix == $event->Prefix)) {
+ // main item, add permission allowed, but ID is > 0, then deny permission
+ // how to get id here
+ }
+ if ($perm_status) {
+ return $perm_status;
+ }
+ }
+
+ if (!$perm_status) {
+ // permission not found -> redirect to "no permissions" template
+ $event->setEventParam('no_permissions_template', 'no_permissions');
+
+ // for debugging purposes
+ $event->SetRedirectParam('section', $section);
+ $event->SetRedirectParam('main_prefix', $main_prefix);
+ $event->SetRedirectParam('event_name', $event->Name);
+ }
+ return $perm_status;
}
}