diff options
Diffstat (limited to 'core/helpers/access.php')
| -rw-r--r-- | core/helpers/access.php | 97 |
1 files changed, 60 insertions, 37 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index 9d4cb105..4bfe89d4 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -71,43 +71,6 @@ class access_Core { const UNKNOWN = 2; /** - * Does this group have this permission on this item? - * - * @param Group_Model $group - * @param string $perm_name - * @param Item_Model $item - * @return boolean - */ - public static function group_can($group, $perm_name, $item) { - $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); - return $resource->__get("{$perm_name}_{$group->id}") === self::ALLOW; - } - - /** - * Can this permission be changed for this item? - * - * @param Group_Model $group - * @param string $perm_name - * @param Item_Model $item - * @return ORM_Model item that locks this one - */ - public static function locking_items($group, $perm_name, $item) { - if ($perm_name != "view") { - return null; - } - - // For view permissions, if any parent is self::DENY, then those parents lock this one. - return ORM::factory("item") - ->where("`left` <= $item->left") - ->where("`right` >= $item->right") - ->where("`id` <> $item->id") - ->where("view_$group->id", 0) - ->find_all() - ->as_array(); - } - - /** * Does the active user have this permission on this item? * * @param string $perm_name @@ -143,6 +106,66 @@ class access_Core { } /** + * Does this group have this permission on this item? + * + * @param Group_Model $group + * @param string $perm_name + * @param Item_Model $item + * @return boolean + */ + public static function group_can($group, $perm_name, $item) { + $resource = $perm_name == "view" ? + $item : model_cache::get("access_cache", $item->id, "item_id"); + return $resource->__get("{$perm_name}_{$group->id}") === self::ALLOW; + } + + /** + * Return this group's intent for this permission on this item. + * + * @param Group_Model $group + * @param string $perm_name + * @param Item_Model $item + * @return integer access::ALLOW, access::DENY or null for no intent + */ + public static function group_intent($group, $perm_name, $item) { + $intent = model_cache::get("access_intent", $item->id, "item_id"); + return $intent->__get("{$perm_name}_{$group->id}"); + } + + /** + * Is the permission on this item locked by a parent? If so return the nearest parent that + * locks it. + * + * @param Group_Model $group + * @param string $perm_name + * @param Item_Model $item + * @return ORM_Model item that locks this one + */ + public static function locked_by($group, $perm_name, $item) { + if ($perm_name != "view") { + return null; + } + + // For view permissions, if any parent is self::DENY, then those parents lock this one. + // Return + $lock = ORM::factory("item") + ->where("`left` <= $item->left") + ->where("`right` >= $item->right") + ->where("`items`.`id` <> $item->id") + ->join("access_intents", "items.id", "access_intents.item_id") + ->where("access_intents.view_$group->id", 0) + ->orderby("level", "desc") + ->limit(1) + ->find(); + + if ($lock->loaded) { + return $lock; + } else { + return null; + } + } + + /** * Terminate immediately with an HTTP 503 Forbidden response. */ public static function forbidden() { |