Deletions:
acdell
Additions:
acdell
Rights can be assigned to the execution of actions in the user interface or to the editing of domain classes and individual objects (instances of domain classes). For editing content the framework defines the rights read, modify, delete and create.
The authorization for actions in the user interface is handled by the ActionMapper, for actions concerning the data the PersistenceMapper checks the permissions (and sets objects, for which the right modify is not set, to non-editable (is_editable = false) ). Both classes use the method RightsManager::authorize and generate a fatal error message, if authorization fails (see Error handling). To prevent this the rights can be retrieved directly in order to take appropriate messures:
%%
$rightsManager = &RightsManager::getInstance();
if ($rightsManager->authorize($this->_data['oid'], '', ACTION_READ))
{
$object = &$persistenceFacade->load($this->_data['oid'], BUILDDEPTH_INFINITE);
}
else
{
// do something else if the user cannot read the object
}
%%
In the example the object is only loaded, if it's permitted. For the definition of rights see configuration section authorization.
**Note:**
If anonymous is set to one in the configuration file, the rights management is disabled (see configuration section cms).
Deletions:
Rights can be assigned to the execution of actions in the user interface or to the editing of domain classes and individual objects (instances of domain classes). For editing content the framework defines the rights read, modify, delete and create.
The authorization for actions in the user interface is handled by the ActionMapper, for actions concerning the data the PersistenceMapper checks the permissions (and sets objects, for which the right modify is not set, to non-editable (is_editable = false) ). Both classes use the method RightsManager::authorize and generate a fatal error message, if authorization fails (see Error handling). To prevent this the rights can be retrieved directly in order to take appropriate messures:
%%
$rightsManager = &RightsManager::getInstance();
if ($rightsManager->authorize($this->_data['oid'], '', ACTION_READ))
{
$object = &$persistenceFacade->load($this->_data['oid'], BUILDDEPTH_INFINITE);
}
else
{
// do something else if the user cannot read the object
}
%%
In the example the object is only loaded, if it's permitted. For the definition of rights see configuration section authorization.
**Note:**
If anonymous is set to one in the configuration file, the rights management is disabled (see configuration section cms).