49 lines
1.4 KiB
JavaScript
49 lines
1.4 KiB
JavaScript
/**
|
|
* permission check (called by hopobject.onRequest())
|
|
* @param String name of action
|
|
* @param Obj User object
|
|
* @param Int Membership level
|
|
* @return Obj Exception object or null
|
|
*/
|
|
function checkAccess(action, usr, level) {
|
|
try {
|
|
switch (action) {
|
|
case "main" :
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.checkAdd(usr, level);
|
|
break;
|
|
case "offline" :
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.checkAdd(usr, level);
|
|
break;
|
|
case "mystories" :
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.checkAdd(usr, level);
|
|
break;
|
|
case "create" :
|
|
if (!usr && req.data.save)
|
|
rescueText(req.data);
|
|
checkIfLoggedIn(this.href(req.action));
|
|
this.checkAdd(usr, level);
|
|
break;
|
|
}
|
|
} catch (deny) {
|
|
res.message = deny.toString();
|
|
res.redirect(this._parent.href());
|
|
}
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* function checks if user is allowed to access the storymanager
|
|
* of this site
|
|
* @param Obj Userobject
|
|
* @param Int Permission-Level
|
|
* @return String Reason for denial (or null if allowed)
|
|
*/
|
|
|
|
function checkAdd(usr, level) {
|
|
if (!this._parent.preferences.getProperty("usercontrib") && (level & MAY_ADD_STORY) == 0)
|
|
throw new DenyException("storyAdd");
|
|
return;
|
|
}
|