Commit 6bd12851146175be27dc997ceb5d3ffa34cb2cf7
1 parent
0833d3ce
Respect Unit Administrators as equals to Administrators when within
their unit. Check _show() to see whether an action should be available or not. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4850 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
12 additions
and
11 deletions
lib/actions/folderaction.inc.php
| ... | ... | @@ -46,7 +46,17 @@ class KTFolderAction extends KTStandardDispatcher { |
| 46 | 46 | if (PEAR::isError($oPermission)) { |
| 47 | 47 | return true; |
| 48 | 48 | } |
| 49 | - return (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oFolder) || (($this->_bAdminAlwaysAvailable) && (Permission::userIsSystemAdministrator($this->oUser->getId())))); | |
| 49 | + | |
| 50 | + if ($this->_bAdminAlwaysAvailable) { | |
| 51 | + if (Permission::userIsSystemAdministrator($this->oUser->getId())) { | |
| 52 | + return true; | |
| 53 | + } | |
| 54 | + if (Permission::isUnitAdministratorForFolder($this->oUser, $this->oFolder)) { | |
| 55 | + return true; | |
| 56 | + } | |
| 57 | + } | |
| 58 | + | |
| 59 | + return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oFolder); | |
| 50 | 60 | } |
| 51 | 61 | |
| 52 | 62 | function _disable() { |
| ... | ... | @@ -114,17 +124,8 @@ class KTFolderAction extends KTStandardDispatcher { |
| 114 | 124 | function check() { |
| 115 | 125 | $this->oFolder =& $this->oValidator->validateFolder($_REQUEST['fFolderId']); |
| 116 | 126 | |
| 117 | - if ($this->_disable()) { return false; } | |
| 127 | + if (!$this->_show()) { return false; } | |
| 118 | 128 | |
| 119 | - if (!is_null($this->_sShowPermission)) { | |
| 120 | - $oPermission =& KTPermission::getByName($this->_sShowPermission); | |
| 121 | - if (!PEAR::isError($oPermission)) { | |
| 122 | - $res = (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oFolder) || (($this->_bAdminAlwaysAvailable) && (Permission::userIsSystemAdministrator($this->oUser->getId())))); | |
| 123 | - if (!$res) { | |
| 124 | - return false; | |
| 125 | - } | |
| 126 | - } | |
| 127 | - } | |
| 128 | 129 | $aOptions = array( |
| 129 | 130 | "final" => false, |
| 130 | 131 | "documentaction" => "viewDocument", | ... | ... |