/[SQLSession]/trunk/lib/SQLSession/Model/Query.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /trunk/lib/SQLSession/Model/Query.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 71 by dpavlin, Thu Jan 25 21:16:49 2007 UTC revision 102 by dpavlin, Fri Feb 16 23:40:21 2007 UTC
# Line 52  use SQLSession::Record schema { Line 52  use SQLSession::Record schema {
52                  default is defer { DateTime->now },                  default is defer { DateTime->now },
53                  filters are 'Jifty::DBI::Filter::DateTime',                  filters are 'Jifty::DBI::Filter::DateTime',
54                  since '0.0.6';                  since '0.0.6';
55            
56            column parent =>
57                    refers_to SQLSession::Model::Query by 'id',
58                    label is 'Originator query',
59                    indexed,
60                    since '0.0.7';
61    
62  };  };
63    
64    sub since { '0.0.1' }
65    
66  # Your model-specific methods go here.  # Your model-specific methods go here.
67    
68  sub current_user_can {  sub current_user_can {
# Line 61  sub current_user_can { Line 70  sub current_user_can {
70    
71          my ($action,$item,$name) = @_;          my ($action,$item,$name) = @_;
72    
73    #       warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n";
74    
75          # prevent deep recursion for next rule          # prevent deep recursion for next rule
76          if ( $action && $item && $name &&          if ( $action && $item && $action eq 'read' && $item eq 'column' ) {
77                  $action eq 'read' && $item eq 'column' && ( $name eq 'owner' || $name eq 'visible' )  #               return 1 if !defined($name);    # special case for my group by query -- might be security hole!
78          ) {                  return 1 if ( $name && $name =~ m/^(owner|visible)$/ );
                 return 1;  
79          }          }
80    
81          if ( $self->visible || $self->owner == $self->current_user->id ) {          if ( $self->visible || $self->owner == $self->current_user->id ) {
82                  return 1;                  return 1;
83          };          };
84    
85          return 1 if ( $self->visible && self->current_user->role('edit'));          return 1 if ( $self->visible && $self->current_user->role('edit'));
86            return 1 if ( $action eq 'create' && $self->current_user->role('edit'));
87    
88          return 1 if ( $self->current_user->is_superuser );          return 1 if ( $self->current_user->is_superuser );
89    
Legend:
Removed from v.71  
changed lines
  Added in v.102
  ViewVC Help
Powered by ViewVC 1.1.26