[Sommaire] [Imprimer]

   1  <?php
   2  /*****************************************************
   3  * This file is part of Agora, web based content management system.
   4  *
   5  * Agora is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; version 2 of the License.
   8  *
   9  * Agora is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details (file "COPYING").
  13  *
  14  * Copyright © Arnaud Martin, Antoine Pitrou et Philippe Rivière.
  15  * List of authors detailed in "copyright_fr.html" file.
  16  * E-mail : agora@sig.premier-ministre.gouv.fr
  17  * Web site : http://www.agora.gouv.fr
  18  *****************************************************/
  19  // Base class for Action "modifierArticle".
  20  //
  21  
  22  if (defined("_AUTHORIZATION_MODIFIER_ARTICLE_COMMON"))
  23      return;
  24  
  25  define("_AUTHORIZATION_MODIFIER_ARTICLE_COMMON", "1");
  26  
  27  require_once dirname(__FILE__). "/../Action.php";
  28  require_once(dirname(__FILE__). "/../../bd/inc_article_factory.php");
  29  require_once(dirname(__FILE__). "/../../bd/inc_profil_factory.php");
  30  
  31  /**
  32   * modifierArticle   is an implementation for Common of "modifierArticle   Action.
  33   * @package    authorization/common
  34   * @author     François Xavier LACROIX <fxlacroix@clever-age.com>
  35   * @access    public
  36   */
  37  
  38  class modifierArticle_common extends Action {
  39  
  40      // {{{ _isAuthorized()
  41  
  42      /**
  43       * Get if a user is authorized to access to a command
  44       * @access private
  45       * @return bool
  46       */
  47  
  48  	function _isAuthorized () {
  49          $articleMetier = &recuperer_instance_article();
  50          $loadOK = $articleMetier->load($this->_parameters['id_article']);
  51  
  52          if (PEAR::isError($loadOK)) {
  53              echo $loadOK->getMessage();
  54              return false;
  55          }
  56  
  57          $profilMetier = &recuperer_instance_profil();
  58          $monProfil = $profilMetier->getProfilForIntitule('item_redacteur');
  59  
  60          if (PEAR::isError($monProfil)) {
  61              die($monProfil->getMessage());
  62          }
  63  
  64          // un redacteur ne peut modifier un article qu'en cours de rédaction et lui appartenant
  65          if ($this->_user->getProfil() == $monProfil->getPoids()) {
  66              if ($articleMetier->getStatut() != 'prepa')
  67                  return false;
  68              if (!in_array($this->_user->getAuteurId(),
  69                            $articleMetier->getAuteurIdsForArticleId($this->_parameters['id_article'])))
  70                  return false;
  71          }
  72  
  73          // le cas du redacteur en chef 
  74          $monProfil = $profilMetier->getProfilForIntitule('item_redacteur_en_chef');
  75  
  76          if ($this->_user->getProfil() == $monProfil->getPoids()AND $articleMetier->getStatut()
  77              != 'prepa' AND $articleMetier->getStatut() != 'prop' AND $articleMetier->getStatut() != 'vali' AND $articleMetier->getStatut() != 'refuse')
  78              return false;
  79  
  80          // on a passe tous les cas faux donc on teste juste l'authorisation sur la rubrique
  81          $authorization = &recuperer_instance_authorization('isManagedRubriqueByAuteurId', $this->_user->getAuteurId(), array('rubriqueId' => intval($articleMetier->getRubriqueId())));
  82          return $authorization->isAuthorizedAction();
  83      }
  84  
  85  // }}} 
  86  
  87  }
  88  ?>