Author: david
Date: Fri Oct 22 11:52:48 2010
New Revision: 8383
Log:
Test publish permission against parent when creating new info object. Fixes
issue #1822.
Modified:
trunk/apps/qubit/modules/informationobject/actions/editAction.class.php
trunk/plugins/qbAclPlugin/lib/QubitInformationObjectAcl.class.php
Modified:
trunk/apps/qubit/modules/informationobject/actions/editAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/informationobject/actions/editAction.class.php
Fri Oct 22 10:59:27 2010 (r8382)
+++ trunk/apps/qubit/modules/informationobject/actions/editAction.class.php
Fri Oct 22 11:52:48 2010 (r8383)
@@ -103,17 +103,19 @@
$getParams = $this->request->getGetParameters();
if (isset($getParams['parent']))
{
+ $params =
$this->context->routing->parse(Qubit::pathInfo($getParams['parent']));
+ $this->parent = $params['_sf_route']->resource;
$this->form->setDefault('parent', $getParams['parent']);
}
else
{
// Root is default parent
- $this->form->setDefault('parent',
$this->context->routing->generate(null,
array(QubitInformationObject::getById(QubitInformationObject::ROOT_ID),
'module' => 'informationobject')));
+ $this->parent =
QubitInformationObject::getById(QubitInformationObject::ROOT_ID);
+ $this->form->setDefault('parent',
$this->context->routing->generate(null, array($this->parent, 'module' =>
'informationobject')));
}
// Check authorization
- $params =
$this->context->routing->parse(Qubit::pathInfo($this->form->parent->getValue()));
- if (!QubitAcl::check(QubitInformationObject::getById($params['id']),
'create'))
+ if (!QubitAcl::check($this->parent, 'create'))
{
QubitAcl::forwardUnauthorized();
}
@@ -152,7 +154,7 @@
$this->form->setValidator('publicationStatus', new sfValidatorString);
- if (QubitAcl::check($this->resource, 'publish'))
+ if (isset($this->resource) && QubitAcl::check($this->resource,
'publish') || !isset($this->resurce) && QubitAcl::check($this->parent,
'publish'))
{
$choices = array();
foreach
(QubitTaxonomy::getTermsById(QubitTaxonomy::PUBLICATION_STATUS_ID) as $item)
Modified: trunk/plugins/qbAclPlugin/lib/QubitInformationObjectAcl.class.php
==============================================================================
--- trunk/plugins/qbAclPlugin/lib/QubitInformationObjectAcl.class.php Fri Oct
22 10:59:27 2010 (r8382)
+++ trunk/plugins/qbAclPlugin/lib/QubitInformationObjectAcl.class.php Fri Oct
22 11:52:48 2010 (r8383)
@@ -47,6 +47,8 @@
{
return $resource->parent;
}
+
+ return $resource;
}
}
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
