Index: trunk/core/units/general/helpers/permissions_helper.php =================================================================== diff -u -N -r8409 -r8417 --- trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 8409) +++ trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 8417) @@ -136,15 +136,14 @@ $id_field = $this->Application->getUnitOption($prefix, 'IDField'); $table_name = $this->Application->getUnitOption($prefix, 'TableName'); $ci_table = $this->Application->getUnitOption('ci', 'TableName'); - + $sql = 'SELECT '.$id_field.', CreatedById, ci.CategoryId FROM '.$table_name.' item_table LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = item_table.ResourceId WHERE '.$id_field.' IN ('.$ids.') AND (ci.PrimaryCat = 1)'; return $this->Conn->Query($sql, $id_field); } - - + /** * Checks non-system permission on event per category basis * @@ -158,7 +157,7 @@ $top_prefix = $event->getEventParam('top_prefix'); $event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler'); /* @var $event_handler kCatDBEventHandler */ - + if ($event->Prefix != $top_prefix) { $top_event = new kEvent($top_prefix.':'.$event->Name); $id = $event_handler->getPassedID($top_event); @@ -189,7 +188,7 @@ return $check_status; } // specific permission check for pending & owner permissions: end - + $perm_status = false; $check_perms = $this->getPermissionByEvent($event, $event_perm_mapping); @@ -240,7 +239,7 @@ { $ret = null; // true/false when used, null when not used $top_prefix = $event->getEventParam('top_prefix'); - + // check admin permission if (substr($event->Name, 0, 9) == 'OnPreSave') { if ($new_item) { @@ -255,28 +254,25 @@ // check front-end permissions switch ($event->Name) { - case 'OnItemLoad': - break; - case 'OnCreate': $ret = $this->AddCheckPermission($category_id, $top_prefix); break; - + case 'OnUpdate': $ret = $this->ModifyCheckPermission($owner_id, $category_id, $top_prefix); - break; - - case 'OnDelete': + break; + + case 'OnDelete': case 'OnMassDelete': $ret = $this->DeleteCheckPermission($owner_id, $category_id, $top_prefix); break; } - + if ($ret === 0) { // permission check failed (user has no permission) $event->status = erPERM_FAIL; } - + return $ret; } @@ -470,7 +466,7 @@ WHERE CategoryId = '.$cat_id; $cat_hierarchy = $this->Conn->GetOne($sql); } - + $cat_hierarchy = explode('|', substr($cat_hierarchy, 1, -1)); $cat_hierarchy = array_reverse($cat_hierarchy); array_push($cat_hierarchy, 0); @@ -526,39 +522,7 @@ return 0; } - - /** - * Allows to check VIEW & "OWNER.VIEW.PENDING" permission combinations on item - * - * @param int $owner_id user_id, that is owner of the item - * @param int $category_id primary category of item - * @param string $prefix prefix of item - * @return int {0 - no VIEW permission, 1 - has VIEW permission} - */ - function ViewCheckPermission($owner_id, $category_id, $prefix) - { - $perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix'); - // in progress - $use_pending_editing = $this->Application->getUnitOption($prefix, 'UsePendingEditing'); - - - $live_delete = $this->CheckPermission($perm_prefix.'.VIEW', ptCATEGORY, $category_id); - if ($live_delete) { - return 1; - } - - if ($owner_id == $this->Application->RecallVar('user_id')) { - // user is item's OWNER -> check this permissions first - $live_delete = $this->CheckPermission($perm_prefix.'.OWNER.DELETE', ptCATEGORY, $category_id); - if ($live_delete) { - return 1; - } - } - - return 0; - } - /** * Allows to check DELETE & OWNER.DELETE permission combinations on item * @@ -586,7 +550,7 @@ return 0; } - + /** * Allows to check ADD +/- PENDING permission combinations on item * @@ -605,7 +569,7 @@ else if ($this->CheckPermission($perm_prefix.'.ADD.PENDING', ptCATEGORY, $category_id)) { return 2; } - + return 0; } }