[dev] Permission check problems (always true)

[Michael Rubinsky]

Quoting Andre Pawlowski <sqall at h4des.org>:

>
>
> Michael Rubinsky wrote:
>>
>>
>> This is incorrect. Check the function signature - it should be ($app,
>> $permission) - and it always checks the permission of the currently
>> logged in user.
> Well, I don't know if you are right. When I take a look to
> lib/Horde/Perms.php this is the called function:
>
> function hasPermission($permission, $user, $perm, $creator = null)

This is Perms::hasPermission() - you were calling  
Registry::hasPermission() - two different beasts.

> I know, I've used:
>
> $registry->hasPermission(Auth::getAuth(), PERMS_EDIT)

This is calling Registry::hasPermission(), not Perms::hasPermission()


> But when I take a look to the contact.php of Turba, there the  
> function is called:
>
> $contact->hasPermission(PERMS_EDIT)
>
> And it works fine there.

...and this is yet another class' hasPermission method, probably  
Turba_Object::hasPermission(). Your comparing apples to oranges to  
bananas.

> Turba was just an example where I was looking for some working
> permission checks. I'm writing an own Horde application. The PERMS_EDIT
> check was an example too. I need to check for read permission and write
> permission. If the user has just read permission, he can only download
> files. If he has only write permission, he can just upload files. If he
> has both, he can do both too. This is what I need.

Well, the way you check permissions depends on what your checking the  
permissions on, and how your application is structured.  Some  
applications use Horde_Share, where each object, like a calendar  
(Kronolith) or a Photo Album (Ansel) is represented by a Share object,  
and all permissions are granted/checked through the Share object.  
Shares allow the share (calendar/photo album/etc...) owner to set  
permissions themselves so they can decide who sees their resources.  
Other applications, like Whups (bug/issue tracking) and Chora (source  
code repository viewer) control all permissions via the administrative  
permissions interface. An administrator must make all changes via this  
interface. These permissions are checked via the various Perms::  
methods. The Registry method that you originally asked about is,  
AFAICT, only used when building the sidebar and the top menu - when  
it's used to determine the visibility of the various applications for  
the current user.


Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin