antville/code/MemberMgr/securityFunctions.js

/**
 * permission check (called by hopobject.onRequest())
 * @param String name of action
 * @param Obj User object
 * @param Int Membership level
 * @return Obj Exception object or null
 */
function checkAccess(action, usr, level) {
   var deny = null;
   switch (action) {
      case "main" :
         checkIfLoggedIn(this.href(action));
         deny = this.isEditMembersDenied(usr, level);
         break;
      case "subscriptions" :
         checkIfLoggedIn(this.href(action));
         break;
   }
   if (deny != null)
      deny.redirectTo = this._parent.href();
   return deny;
}

/**
 * check if user is allowed to edit the memberlist of this site
 * @param Obj Userobject
 * @param Int Permission-Level
 * @return String Reason for denial (or null if allowed)
 */
function isEditMembersDenied(usr, level) {
   if ((level & MAY_EDIT_MEMBERS) == 0)
      return new Exception("memberEditDenied");
   return null;
}
- added checkAccess() that is called by onRequest() to check if a user is allowed to request a certain action 2003-08-02 12:07:08 +00:00			`/**`
			`* permission check (called by hopobject.onRequest())`
			`* @param String name of action`
			`* @param Obj User object`
			`* @param Int Membership level`
			`* @return Obj Exception object or null`
			`*/`
			`function checkAccess(action, usr, level) {`
			`var deny = null;`
			`switch (action) {`
			`case "main" :`
			`checkIfLoggedIn(this.href(action));`
			`deny = this.isEditMembersDenied(usr, level);`
			`break;`
			`case "subscriptions" :`
			`checkIfLoggedIn(this.href(action));`
			`break;`
			`}`
			`if (deny != null)`
			`deny.redirectTo = this._parent.href();`
			`return deny;`
			`}`

Initial revision 2001-06-18 08:57:33 +00:00			`/**`
replaced hardcoded messages with getMsg() 2002-06-26 17:20:41 +00:00			`* check if user is allowed to edit the memberlist of this site`
- security-functions now demand user-object as argument 2001-12-10 23:22:58 +00:00			`* @param Obj Userobject`
req.data.memberlevel is now passed as second argument to security-functions. with this they can also be used even when there's no request-object present (scheduler, bloggerApi) 2003-01-02 18:55:32 +00:00			`* @param Int Permission-Level`
- security-functions now demand user-object as argument 2001-12-10 23:22:58 +00:00			`* @return String Reason for denial (or null if allowed)`
Initial revision 2001-06-18 08:57:33 +00:00			`*/`
- added checkAccess() that is called by onRequest() to check if a user is allowed to request a certain action 2003-08-02 12:07:08 +00:00			`function isEditMembersDenied(usr, level) {`
req.data.memberlevel is now passed as second argument to security-functions. with this they can also be used even when there's no request-object present (scheduler, bloggerApi) 2003-01-02 18:55:32 +00:00			`if ((level & MAY_EDIT_MEMBERS) == 0)`
- added checkAccess() that is called by onRequest() to check if a user is allowed to request a certain action 2003-08-02 12:07:08 +00:00			`return new Exception("memberEditDenied");`
reworking due to new skin-structure 2001-09-05 21:15:45 +00:00			`return null;`
Initial revision 2001-06-18 08:57:33 +00:00			`}`
- removed check if user is blocked (will be done with onRequest()) - changes necessary due to new role-scheme 2002-01-22 20:21:13 +00:00