Index: trunk/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r5514 -r6093
--- trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5514)
+++ trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6093)
@@ -9,12 +9,10 @@
*/
var $Permissions = Array();
- function LoadPermissions($group_id, $cat_id, $type = 1, $temp_mode = false)
+ function LoadPermissions($group_id, $cat_id, $type = 1)
{
$perm_table = $this->Application->getUnitOption('perm', 'TableName');
- if ($temp_mode) {
- $perm_table = $this->Application->GetTempName($perm_table);
- }
+ $perm_table = $this->Application->GetTempName($perm_table);
$sql = 'SELECT *
FROM '.$perm_table.'
WHERE (GroupId = '.$group_id.') AND (CatId = '.$cat_id.') AND (Type = '.$type.')';
@@ -130,7 +128,7 @@
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
- $perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
+ $perm_mapping = Array('add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY', 'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW');
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
@@ -142,8 +140,6 @@
$id = $event_handler->getPassedID($event);
}
- $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
@@ -153,21 +149,31 @@
// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
$category_id = $this->Application->RecallVar('m_cat_id');
}
+ elseif ($top_prefix == 'c') {
+ $category_id = $id;
+ }
else {
// item being edited -> check by it's primary category permissions
- $sql = 'SELECT ci.CategoryId
+ $sql = 'SELECT ci.CategoryId, main_table.CreatedById
FROM '.$table_name.' main_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
- $category_id = $this->Conn->GetOne($sql);
+ $item_info = $this->Conn->GetRow($sql);
+ $category_id = $item_info['CategoryId'];
+ $owner_id = $item_info['CreatedById'];
}
- if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
+ $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+
+ if (substr($event->Name, 0, 9) == 'OnPreSave') {
if ($event_handler->isNewItemCreate($event)) {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id);
}
else {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id) ||
+ $this->ModifyCheckPermission($owner_id, $category_id, $top_prefix);
}
}
@@ -217,18 +223,28 @@
function TagPermissionCheck($params, $tag_name)
{
+ $perm_prefix = getArrayValue($params, 'perm_prefix');
$perm_event = getArrayValue($params, 'perm_event');
$permission_groups = getArrayValue($params, 'permissions');
if ($permission_groups) {
+ // check permissions by permission names in current category
$this->showDebug('Tag '.$tag_name.' permission(-s): '.$permission_groups.'', $params);
$permission_groups = explode('|', $permission_groups);
$group_has_permission = false;
+
+ $perm_category = $this->Application->GetVar('m_cat_id');
+
+ if ($perm_prefix) {
+ // use primary category of item with id from {perm_prefix}_id as base for permission checking
+ $perm_category = $this->getPrimaryCategory($perm_prefix);
+ }
+
foreach ($permission_groups as $permission_group) {
$permissions = explode(',', $permission_group);
$has_permission = true;
foreach ($permissions as $permission) {
- $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+ $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0, $perm_category);
}
$group_has_permission = $group_has_permission || $has_permission;
@@ -239,6 +255,7 @@
return false;
}
elseif ($perm_event) {
+ // check permission by event name
$this->showDebug('Tag '.$tag_name.' permission_event: '.$perm_event.'', $params);
list($prefix, $event) = explode(':', $perm_event);
$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
@@ -249,6 +266,31 @@
}
/**
+ * Returns item's primary category (get item_id from request)
+ *
+ * @param string $prefix
+ * @return int
+ */
+ function getPrimaryCategory($prefix)
+ {
+ $id_field = $this->Application->getUnitOption($prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($prefix, 'TableName');
+ $id = $this->Application->GetVar($prefix.'_id');
+
+ if (!$id) return $this->Application->GetVar('m_cat_id');
+
+ $sql = 'SELECT ResourceId
+ FROM '.$table_name.'
+ WHERE '.$id_field.' = '.$id;
+ $resource_id = $this->Conn->GetOne($sql);
+
+ $sql = 'SELECT CategoryId
+ FROM '.$this->Application->getUnitOption('ci', 'TableName').'
+ WHERE ItemResourceId = '.$resource_id.' AND PrimaryCat = 1';
+ return $this->Conn->GetOne($sql);
+ }
+
+ /**
* Returns no permission template to redirect to
*
* @param Array $params
@@ -323,7 +365,7 @@
FROM '.TABLE_PREFIX.'PermissionConfig
WHERE PermissionName = '.$this->Conn->qstr($name);
$perm_id = $this->Conn->GetOne($sql);
-
+
$sql = 'SELECT PermId
FROM '.TABLE_PREFIX.'PermCache
WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
@@ -349,9 +391,7 @@
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
- $cat_hierarchy = explode('|', $cat_hierarchy);
- array_shift($cat_hierarchy);
- array_pop($cat_hierarchy);
+ $cat_hierarchy = explode('|', substr($cat_hierarchy, 1, -1));
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
@@ -372,6 +412,40 @@
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
+
+ /**
+ * Allows to check MODIFY & OWNER.MODFY +/- PENDING permission combinations on item
+ *
+ * @param int $owner_id user_id, that is owner of the item
+ * @param int $category_id primary category of item
+ * @param string $prefix prefix of item
+ * @return int {0 - no MODIFY permission, 1 - has MODIFY permission, 2 - has MODIFY.PENDING permission}
+ */
+ function ModifyCheckPermission($owner_id, $category_id, $prefix)
+ {
+ $perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
+
+ $live_modify = $this->CheckPermission($perm_prefix.'.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+
+ if ($owner_id == $this->Application->GetVar('u_id')) {
+ // user is item's OWNER -> check this permissions first
+ $live_modify = $this->CheckPermission($perm_prefix.'.OWNER.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.OWNER.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+ }
+
+ return 0;
+ }
}
?>
\ No newline at end of file