29 lines
757 B
JavaScript
29 lines
757 B
JavaScript
/**
|
|
* permission check (called by hopobject.onRequest())
|
|
* @param String name of action
|
|
* @param Obj User object
|
|
* @param Int Membership level
|
|
* @return Obj Exception object or null
|
|
*/
|
|
function checkAccess(action, usr, level) {
|
|
checkIfLoggedIn(this.href(req.action));
|
|
try {
|
|
this.checkEdit(session.user, req.data.memberlevel);
|
|
} catch (deny) {
|
|
res.message = deny.toString();
|
|
res.redirect(this._parent.href());
|
|
}
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* check if user is allowed to edit layouts
|
|
* @param Obj Userobject
|
|
* @param Int Permission-Level
|
|
* @return String Reason for denial (or null if allowed)
|
|
*/
|
|
function checkEdit(usr, level) {
|
|
if ((level & MAY_EDIT_LAYOUTS) == 0)
|
|
throw new DenyException("layoutEdit");
|
|
return;
|
|
}
|