contributions/usermanagement/behaviour/accesscontrol/users.access.php
Go to the documentation of this file.00001 <?php 00002 /** 00003 * User Access Control for Users 00004 * 00005 * @author Gerd Riesselmann 00006 * @ingroup Usermanagement 00007 */ 00008 class UsersAccessControl extends AccessControlBase { 00009 /** 00010 * Constructor. Sets type on parent. 00011 */ 00012 public function __construct() { 00013 parent::__construct('users'); 00014 } 00015 00016 /** 00017 * Overloadable. Check if action on object is allowed for given user 00018 * 00019 * User is always valid 00020 * 00021 * @param string $action The action to perform (edit, delete, ....) 00022 * @param mixed $item Item to perform the action on (may be a DataObject, e.g.) 00023 * @param DAOUsers $user A user, role, ACO, depending on user management chosen 00024 * @return int One of Constants ALLOWED, NOT_ALLOWED and NOT_RESPONSIBLE 00025 */ 00026 protected function do_is_allowed_for_user($action, $item, $user, $params = false) { 00027 // we know that item is of type "users" 00028 $ret = self::NOT_ALLOWED; 00029 $is_admin = $user->has_role(array(USER_ROLE_ADMIN, USER_ROLE_SYSTEM)); 00030 switch ($action) { 00031 case 'update': 00032 $ret = $this->to_result(($is_admin) || ($item->id == $user->id)); 00033 break; 00034 case 'create': 00035 case 'status': 00036 case 'edit': 00037 $ret = $this->to_result($is_admin); 00038 break; 00039 } 00040 return $ret; 00041 } 00042 00043 /** 00044 * Overloadable. Check if action on object is allowed for no user 00045 * 00046 * @param string $action The action to perform (edit, delete, ....) 00047 * @param mixed $item Item to perform the action on (may be a DataObject, e.g.) 00048 * @return int One of Constants ALLOWED, NOT_ALLOWED and NOT_RESPONSIBLE 00049 */ 00050 protected function do_is_allowed_for_anonymous($action, $item, $params = false) { 00051 return self::NOT_ALLOWED; 00052 } 00053 }