Hi all
I'm working on some code that needs to identify if a particular user has
edit access to a eZContentObject and have been running some tests using
eZContentObject::checkAccess.
I found some strange code at the end of this method that modifies the
result after the polices have been checked:
if ( $access == 'denied' )
{
if ( $functionName == 'edit' )
{
// Check if we have 'create' access under the main
parent
if ( $this->attribute( 'current_version' ) == 1 &&
!$this->attribute( 'status' ) )
{
$mainNode = eZNodeAssignment::fetchForObject(
$this->attribute( 'id' ), $this->attribute( 'current_version' ) );
$parentObj = $mainNode[0]->attribute(
'parent_contentobject' );
$result = $parentObj->checkAccess( 'create',
$this->attribute( 'contentclass_id' ),
$parentObj->attribute( 'contentclass_id' ), false, $originalLanguage );
if ( $result )
{
$access = 'allowed';
}
return $result;
}
}
}
This is my interpretation:
*If* a user doesn't have edit access to the object *and* the current
version = 1 *and* the object has a status of draft *then *
*If* the user can create an object of the same type under the same
node *then* user can edit that object.
Can anyone let me know why/if this code is required?
Cheers
Bruce
P.S. It would also be great if the method could take a additional
parameter $user that defaulted to false. The method could check if it
was a eZUser type and use it or get the current user if not. This would
make is a lot more flexible :)
--
Sdk-public mailing list
[email protected]
http://lists.ez.no/mailman/listinfo/sdk-public
