From e3ad42a276803bc594074d5e3f101e58f8cd9bfe Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 9 Dec 2008 00:02:20 +0000 Subject: Add access::can() which verifies that the user belongs to a group that has the given permission. --- core/helpers/access.php | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'core/helpers') diff --git a/core/helpers/access.php b/core/helpers/access.php index 369e1897..8f2453df 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -84,7 +84,33 @@ class access_Core { throw new Exception("@todo MISSING_ACCESS for $item_id"); } - return $access->__get("{$perm_name}_{$group_id}") == self::ALLOW; + return $access->__get("{$perm_name}_{$group_id}") === self::ALLOW; + } + + /** + * Does the active user have this permission on this item? + * + * @param string $perm_name + * @param integer $item_id + * @return boolean + */ + public static function can($perm_name, $item_id) { + $user = Session::instance()->get("user", null); + if ($user) { + $access = ORM::factory("access_cache")->where("item_id", $item_id)->find(); + if (!$access) { + throw new Exception("@todo MISSING_ACCESS for $item_id"); + } + + foreach ($user->groups as $group) { + if ($access->__get("{$perm_name}_{$group->id}") === self::ALLOW) { + return self::ALLOW; + } + } + return self::DENY; + } else { + return self::group_can(group::EVERYBODY, $perm_name, $item_id); + } } /** -- cgit v1.2.3