Hi Bruce,
I proposed an answer there :
http://share.ez.no/forums/developer/ezcontentobject-checkaccess-strangeness/comment63849
Cheers !
--
Nicolas
On Nov 24, 2010, at 08:30 , Bruce Morrison wrote:
> Hi all
>
> I'm working on some code that needs to identify if a particular user has edit
> access to a eZContentObject and have been running some tests using
> eZContentObject::checkAccess.
>
> I found some strange code at the end of this method that modifies the result
> after the polices have been checked:
>
> if ( $access == 'denied' )
> {
> if ( $functionName == 'edit' )
> {
> // Check if we have 'create' access under the main parent
> if ( $this->attribute( 'current_version' ) == 1 &&
> !$this->attribute( 'status' ) )
> {
> $mainNode = eZNodeAssignment::fetchForObject(
> $this->attribute( 'id' ), $this->attribute( 'current_version' ) );
> $parentObj = $mainNode[0]->attribute(
> 'parent_contentobject' );
> $result = $parentObj->checkAccess( 'create',
> $this->attribute( 'contentclass_id' ),
>
> $parentObj->attribute( 'contentclass_id' ), false, $originalLanguage );
> if ( $result )
> {
> $access = 'allowed';
> }
> return $result;
> }
> }
> }
>
> This is my interpretation:
>
> If a user doesn't have edit access to the object and the current version = 1
> and the object has a status of draft then
> If the user can create an object of the same type under the same node
> then user can edit that object.
>
> Can anyone let me know why/if this code is required?
>
> Cheers
> Bruce
>
> P.S. It would also be great if the method could take a additional parameter
> $user that defaulted to false. The method could check if it was a eZUser
> type and use it or get the current user if not. This would make is a lot
> more flexible :)
>
> --
> Sdk-public mailing list
> [email protected]
> http://lists.ez.no/mailman/listinfo/sdk-public
--
Sdk-public mailing list
[email protected]
http://lists.ez.no/mailman/listinfo/sdk-public
