informationobject: actions config

david Thu, 01 Oct 2009 17:00:53 -0700

Author: david
Date: Thu Oct  1 17:02:37 2009
New Revision: 3631

Log:
Use Acl to check permissions for move action and ability to drag in treeview.  
Completes issue #1015 (I think?).


Modified:
   trunk/apps/qubit/modules/informationobject/actions/moveAction.class.php
   
trunk/apps/qubit/modules/informationobject/actions/treeViewComponent.class.php
   trunk/apps/qubit/modules/informationobject/config/security.yml

Modified: 
trunk/apps/qubit/modules/informationobject/actions/moveAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/informationobject/actions/moveAction.class.php     
Thu Oct  1 16:35:43 2009        (r3630)
+++ trunk/apps/qubit/modules/informationobject/actions/moveAction.class.php     
Thu Oct  1 17:02:37 2009        (r3631)
@@ -31,6 +31,13 @@
       $this->forward404();
     }
 
+    // Don't update if user doesn't have update permissions
+    if (!QubitAcl::check($this->informationObject, QubitAclAction::UPDATE_ID))
+    {
+
+      return $this->renderText('');
+    }
+
     $this->form->setValidator('parent', new sfValidatorString);
 
     if ($request->isMethod('post'))

Modified: 
trunk/apps/qubit/modules/informationobject/actions/treeViewComponent.class.php
==============================================================================
--- 
trunk/apps/qubit/modules/informationobject/actions/treeViewComponent.class.php  
    Thu Oct  1 16:35:43 2009        (r3630)
+++ 
trunk/apps/qubit/modules/informationobject/actions/treeViewComponent.class.php  
    Thu Oct  1 17:02:37 2009        (r3631)
@@ -64,6 +64,6 @@
     $this->treeViewExpands[$id = $this->informationObject->getId()] = $id;
 
     // Is treeView draggable?
-    $this->treeViewDraggable = 
SecurityPriviliges::editCredentials($this->getUser(), 'informationObject') ? 
'true' : 'false';
+    $this->treeViewDraggable = 
QubitAcl::check(QubitInformationObject::getRoot(), QubitAclAction::UPDATE_ID) ? 
'true' : 'false';
   }
 }

Modified: trunk/apps/qubit/modules/informationobject/config/security.yml
==============================================================================
--- trunk/apps/qubit/modules/informationobject/config/security.yml      Thu Oct 
 1 16:35:43 2009        (r3630)
+++ trunk/apps/qubit/modules/informationobject/config/security.yml      Thu Oct 
 1 17:02:37 2009        (r3631)
@@ -1,10 +1,2 @@
-move:
-  is_secure:  on
-  credentials: [[ contributor, editor, administrator ]]
-
-# not secure is default
-#show:
-#  is_secure:  off
-
 all:
   is_secure:   off

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.ca/group/qubit-commits?hl=en
-~----------~----~----~----~------~----~------~--~---

r3631 - in trunk/apps/qubit/modules/informationobject: actions config

Reply via email to