r4091 - trunk/apps/qubit/modules/digitalobject/actions

[correo]

Author: sevein
Date: Fri Dec  4 12:33:38 2009
New Revision: 4091

Log:
Add ACL check to digitalobject delete action, and cosmeti changes.

Modified:
   trunk/apps/qubit/modules/digitalobject/actions/deleteAction.class.php

Modified: trunk/apps/qubit/modules/digitalobject/actions/deleteAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/digitalobject/actions/deleteAction.class.php       
Fri Dec  4 09:32:43 2009        (r4090)
+++ trunk/apps/qubit/modules/digitalobject/actions/deleteAction.class.php       
Fri Dec  4 12:33:38 2009        (r4091)
@@ -30,6 +30,8 @@
   public function execute($request)
   {
     $digitalObject = 
QubitDigitalObject::getById($this->getRequestParameter('id'));
+
+    // Check that object exists
     $this->forward404Unless($digitalObject);
 
     // Get related information object by first grabbing top-level digital 
object
@@ -40,7 +42,13 @@
       $this->forward404Unless($informationObject);
     }
 
-    //delete the digital object record from the database
+    // Check user authorization
+    if (!QubitAcl::check(QubitInformationObject::getRoot(), 
QubitAclAction::DELETE_ID))
+    {
+      QubitAcl::forwardUnauthorized();
+    }
+
+    // Delete the digital object record from the database
     $digitalObject->delete();
 
     // Redirect to edit page for parent Info Object

--

You received this message because you are subscribed to the Google Groups 
"Qubit Toolkit Commits" group.
To post to this group, send email to qubit-comm...@googlegroups.com.
To unsubscribe from this group, send email to 
qubit-commits+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/qubit-commits?hl=en.