Author: david
Date: Thu Oct 21 17:10:30 2010
New Revision: 8354
Log:
Filter by drafts by repository. Fixes issue #1821.
Modified:
trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php
Modified: trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php
==============================================================================
--- trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php Thu Oct 21 17:09:37
2010 (r8353)
+++ trunk/plugins/qbAclPlugin/lib/QubitAcl.class.php Thu Oct 21 17:10:30
2010 (r8354)
@@ -75,7 +75,7 @@
}
/**
- * Test user access to the given access control object (aco).
+ * Test user access to the given resource
*
* Note: Current sf_user is assumed, but can be overridden with
* $options['userId'].
@@ -834,20 +834,50 @@
// Build access control list
$allows = $bans = array();
+ $forceBan = false;
if (0 < count($permissions))
{
foreach ($permissions as $permission)
{
- $id = $permission->objectId;
-
- if ('createTerm' == $action)
+ switch ($action)
{
- if (null === $id = $permission->getConstants(array('name' =>
'taxonomyId')))
- {
- $id = QubitTaxonomy::ROOT_ID;
- }
+ case 'createTerm':
+ if (null === $id = $permission->getConstants(array('name' =>
'taxonomyId')))
+ {
+ $ids[] = QubitTaxonomy::ROOT_ID;
+ }
+
+ break;
+
+ case 'viewDraft':
+ if (null !== $repoId = $permission->getConstants(array('name' =>
'repositoryId')))
+ {
+ $criteria2 = new Criteria;
+ $criteria2->add(QubitInformationObject::REPOSITORY_ID, $repoId);
+
+ if (0 < count($results =
QubitInformationObject::get($criteria2)))
+ {
+ foreach ($results as $item)
+ {
+ $ids[] = $item->id;
+ }
+
+ // Special case because isAllowed() on ROOT will return true if
+ // user has grant permission on ANY taxonomy. We want to force
+ // showing ONLY resources in allowed repositories
+ $forceBan = true;
+ }
+ }
+
+ break;
+
+ default:
+ $ids[] = $permission->objectId;
}
+ }
+ foreach ($ids as $id)
+ {
if (!isset($resourceAccess[$id]))
{
$resource = call_user_func(array($rootClass, 'getById'), $id);
@@ -861,7 +891,6 @@
{
$bans[] = $id;
}
-
}
}
}
@@ -871,7 +900,7 @@
{
return false; // No allows, always false
}
- else if (0 == count($bans) && QubitAcl::isAllowed($user, $root, $action))
+ else if (!$forceBan && 0 == count($bans) && QubitAcl::isAllowed($user,
$root, $action))
{
return true; // No bans, always true
}
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
