| public static hasPermission ( mixed $in, string $filter, string | integer $permission, string $user = null ) : boolean | ||
| $in | mixed | A single resource to check. |
| $filter | string | The kind of resource specified in $in, currently only 'queue'. |
| $permission | string | integer | A permission, either 'assign' or 'update', 'requester', or one of the PERM_* constants. |
| $user | string | A user name. |
| return | boolean | True if the user has the specified permission. |
public static function hasPermission($in, $filter, $permission, $user = null)
{
if (is_null($user)) {
$user = $GLOBALS['registry']->getAuth();
}
if ($permission == 'update' || $permission == 'assign' || $permission == 'requester') {
$admin_perm = Horde_Perms::EDIT;
} else {
$admin_perm = $permission;
}
$admin = $GLOBALS['registry']->isAdmin(array('permission' => 'whups:admin', 'permlevel' => $admin_perm, 'user' => $user));
$perms = $GLOBALS['injector']->getInstance('Horde_Perms');
switch ($filter) {
case 'queue':
if ($admin) {
return true;
}
switch ($permission) {
case Horde_Perms::SHOW:
case Horde_Perms::READ:
case Horde_Perms::EDIT:
case Horde_Perms::DELETE:
if ($perms->hasPermission('whups:queues:' . $in, $user, $permission)) {
return true;
}
break;
default:
if ($perms->exists('whups:queues:' . $in . ':' . $permission)) {
if (($permission == 'update' || $permission == 'assign' || $permission == 'requester') && $perms->getPermissions('whups:queues:' . $in . ':' . $permission, $user)) {
return true;
}
} else {
// If the sub-permission doesn't exist, use the queue
// permission at an EDIT level and lock out guests.
if ($permission != 'requester' && $GLOBALS['registry']->getAuth() && $perms->hasPermission('whups:queues:' . $in, $user, Horde_Perms::EDIT)) {
return true;
}
}
break;
}
break;
}
return false;
} public function validate(&$vars)
{
if (!Whups::hasPermission($this->_queue, 'queue', Horde_Perms::DELETE)) {
$this->setError('yesno', _("Permission Denied."));
}
return parent::validate($vars);
}