45 lines
1.2 KiB
JavaScript
45 lines
1.2 KiB
JavaScript
/**
|
|
* permission check (called by hopobject.onRequest())
|
|
* @param String name of action
|
|
* @param Obj User object
|
|
* @param Int Membership level
|
|
* @return Obj Exception object or null
|
|
*/
|
|
function checkAccess(action, usr, level) {
|
|
try {
|
|
switch (action) {
|
|
case "edit" :
|
|
if (!usr && req.data.save)
|
|
rescueText(req.data);
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.checkEdit(usr, level);
|
|
break;
|
|
case "delete" :
|
|
checkIfLoggedIn();
|
|
this.checkDelete(usr, level);
|
|
break;
|
|
case "comment" :
|
|
if (!usr && req.data.save)
|
|
rescueText(req.data);
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.story.checkPost(usr, level);
|
|
break;
|
|
}
|
|
} catch (deny) {
|
|
res.message = deny.toString();
|
|
res.redirect(this.story.href());
|
|
}
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* check if user is allowed to edit a comment
|
|
* @param Obj Userobject
|
|
* @param Int Permission-Level
|
|
* @return String Reason for denial (or null if allowed)
|
|
*/
|
|
function checkEdit(usr, level) {
|
|
if (this.creator != usr && (level & MAY_EDIT_ANYCOMMENT) == 0)
|
|
throw new DenyException("commentEdit");
|
|
return;
|
|
}
|