From adf4a9d7262390c5a5e4a72f5625c8912541afc3 Mon Sep 17 00:00:00 2001 From: weaverryan Date: Mon, 25 Oct 2010 16:18:09 -0500 Subject: [PATCH] Adding the new "can edit" credential checks to the backend module. --- .../BaseioEditableContentActions.class.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/ioEditableContent/lib/BaseioEditableContentActions.class.php b/modules/ioEditableContent/lib/BaseioEditableContentActions.class.php index 49952d8..f6c22b2 100644 --- a/modules/ioEditableContent/lib/BaseioEditableContentActions.class.php +++ b/modules/ioEditableContent/lib/BaseioEditableContentActions.class.php @@ -44,11 +44,11 @@ public function executeForm(sfWebRequest $request) */ try { - $this->_checkCredentials(); if (!$this->_setupVariables($request)) { return sfView::NONE; } + $this->_checkCredentials($this->object); } catch (Exception $e) { @@ -68,11 +68,11 @@ public function executeForm(sfWebRequest $request) */ public function executeUpdate(sfWebRequest $request) { - $this->_checkCredentials(); if (!$this->_setupVariables($request)) { return sfView::NONE; } + $this->_checkCredentials($this->object); $formName = $this->form->getName(); @@ -146,11 +146,11 @@ public function executeUpdate(sfWebRequest $request) */ public function executeShow(sfWebRequest $request) { - $this->_checkCredentials(); if (!$this->_setupVariables($request)) { return sfView::NONE; } + $this->_checkCredentials($this->object); $service = $this->_getEditableContentService(); // render the content of the tag @@ -169,7 +169,6 @@ public function executeShow(sfWebRequest $request) */ public function executeSort(sfWebRequest $request) { - $this->_checkCredentials(); // give me the class of the objects being sorted $model = $request->getParameter('model'); $items = $request->getParameter('items'); @@ -186,6 +185,7 @@ public function executeSort(sfWebRequest $request) ->from($model.' c') ->whereIn('c.id', array_keys($items)) ->execute(); + $this->_checkCredentials($objects); // set the positions and save the objects foreach($objects as $obj) @@ -202,7 +202,6 @@ public function executeSort(sfWebRequest $request) public function executeDelete(sfWebRequest $request) { - $this->_checkCredentials(); $model = $request->getParameter('model'); $pk = $request->getParameter('pk'); @@ -210,6 +209,8 @@ public function executeDelete(sfWebRequest $request) $object = Doctrine_Core::getTable($model)->find($pk); $this->forward404Unless($object, sprintf('No %s with pk %s found', $model, $pk)); + $this->_checkCredentials($object); + $object->delete(); $ret = array('success' => true); @@ -223,13 +224,13 @@ public function executeDelete(sfWebRequest $request) */ public function executeSetColumn(sfWebRequest $request) { - $this->_checkCredentials(); $column = $request->getParameter('column'); $id = $request->getParameter('id'); $model = $request->getParameter('model'); $value = $request->getParameter('value'); $obj = Doctrine_Core::getTable($model)->find($id); + $this->_checkCredentials($obj); if ($obj) { @@ -290,10 +291,12 @@ protected function _setupVariables(sfWebRequest $request) /** * Helper to forward 404 if the user doesn't have edit credentials + * + * @param Object $obj The specific object being modified */ - protected function _checkCredentials() + protected function _checkCredentials($obj = null) { - $this->forward404Unless($this->_getEditableContentService()->shouldShowEditor($this->getUser())); + $this->forward404Unless($this->_getEditableContentService()->shouldShowEditor($obj)); } /**