mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-10-22 18:26:19 +02:00
Code Issues Releases Wiki Activity

AdminUI: access for create/edit/delete expanded to allow userclass options. Fine-grained access control example added to FAQs.

Browse Source
This commit is contained in:
Cameron
2015-06-06 14:25:40 -07:00
parent e75498fa5d
commit 12ec43161b
2 changed files with 55 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
e107_handlers/admin_ui.php
View File

@@ -5720,25 +5720,24 @@ class e_admin_form_ui extends e_form
$fields = $controller->getFields();
// checks dispatcher perms for edit/delete access in list mode.
// checks dispatcher acess/perms for create/edit/delete access in list mode.
$mode = $controller->getMode();
$deleteRoute = $mode."/delete";
$editRoute = $mode."/edit";
$createRoute = $mode."/create";
$perm = $controller->getDispatcher()->getPerm();
if(isset($perm[$createRoute]) && !getperms($perm[$createRoute])) // disable the batchCopy option.
if(!$controller->getDispatcher()->checkRouteAccess($createRoute)) // disable the batchCopy option.
{
$controller->setBatchCopy(false);
}
if(isset($perm[$deleteRoute]) && !getperms($perm[$deleteRoute])) // disable the delete button and batch delete.
if(!$controller->getDispatcher()->checkRouteAccess($deleteRoute)) // disable the delete button and batch delete.
{
$fields['options']['readParms']['deleteClass'] = e_UC_NOBODY;
$controller->setBatchDelete(false);
}
if(isset($perm[$editRoute]) && !getperms($perm[$editRoute]))
if(!$controller->getDispatcher()->checkRouteAccess($editRoute))
{
$fields['options']['readParms']['editClass'] = e_UC_NOBODY; // display the edit button.
foreach($options[$id]['fields'] as $k=>$v) // disable inline editing.