| Server IP : 85.193.89.191 / Your IP : 3.145.202.244 Web Server : Apache System : Linux 956367-cx40159.tmweb.ru 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64 User : bitrix ( 600) PHP Version : 8.1.27 Disable Function : NONE MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/bitrix/www/bitrix/modules/lists/lib/security/ |
Upload File : |
<?php
namespace Bitrix\Lists\Security;
use Bitrix\Main\Error;
use Bitrix\Main\Errorable;
use Bitrix\Main\ErrorCollection;
use Bitrix\Main\ErrorableImplementation;
class ElementRight implements RightEntity, Errorable
{
use ErrorableImplementation;
const ACCESS_DENIED = "ACCESS_DENIED";
const ADD = "canAdd";
const READ = "canRead";
const EDIT = "canEdit";
const DELETE = "canDelete";
const FULL_EDIT = "canFullEdit";
public const EDIT_RIGHTS = 'canEditRights';
private $listsPermission;
private $rightParam;
private $socnetGroupClosed = false;
public function __construct(RightParam $rightParam)
{
$this->rightParam = $rightParam;
$this->socnetGroupClosed = $this->rightParam->getClosedStatusSocnetGroup();
$this->errorCollection = new ErrorCollection;
}
/**
* Sets the access label that is needed to verify the rights of the entity.
*
* @param string $listsPermission Access label.
*/
public function setListsPermission($listsPermission)
{
$this->listsPermission = $listsPermission;
}
/**
* Checks the read access to the element.
*
* @return bool
*/
public function canRead()
{
if (
(
$this->rightParam->getEntityId() &&
$this->listsPermission < \CListPermissions::CAN_READ &&
!\CIBlockElementRights::userHasRightTo(
$this->rightParam->getIblockId(), $this->rightParam->getEntityId(), "element_read")
) ||
(
!$this->rightParam->getEntityId() &&
$this->listsPermission < \CListPermissions::CAN_READ &&
!\CIBlockSectionRights::userHasRightTo(
$this->rightParam->getIblockId(), $this->rightParam->getEntityId(), "element_read")
)
)
{
$this->errorCollection->setError(new Error("Access denied", self::ACCESS_DENIED));
return false;
}
return true;
}
/**
* Checks the edit access to the element.
*
* @return bool
*/
public function canEdit()
{
$sectionId = $this->rightParam->getSectionId() ?? $this->rightParam->getEntityId(); // compatibility
$canEdit = (
!$this->socnetGroupClosed && ((
$this->rightParam->getEntityId() > 0 &&
(
$this->listsPermission >= \CListPermissions::CAN_WRITE ||
\CIBlockElementRights::UserHasRightTo(
$this->rightParam->getIblockId(), $this->rightParam->getEntityId(), 'element_edit')
)
)
|| (
$this->rightParam->getEntityId() == 0
&& (
$this->listsPermission >= \CListPermissions::CAN_WRITE ||
\CIBlockSectionRights::UserHasRightTo(
$this->rightParam->getIblockId(), $sectionId, 'section_element_bind')
)
))
);
if ($canEdit)
{
return true;
}
else
{
$this->errorCollection->setError(new Error("Access denied", self::ACCESS_DENIED));
return false;
}
}
/**
* Checks the add access to the element.
*
* @return bool
*/
public function canAdd()
{
$sectionId = $this->rightParam->getSectionId() ?? $this->rightParam->getEntityId(); // compatibility
$canAdd = (
!$this->socnetGroupClosed &&
(
$this->listsPermission > \CListPermissions::CAN_READ
|| \CIBlockSectionRights::UserHasRightTo(
$this->rightParam->getIblockId(), $sectionId, 'section_element_bind'
)
)
);
if ($canAdd)
{
return true;
}
else
{
$this->errorCollection->setError(new Error('Access denied', self::ACCESS_DENIED));
return false;
}
}
/**
* Checks the delete access to the element.
*
* @return bool
*/
public function canDelete()
{
$canDelete = (
!$this->socnetGroupClosed
&& $this->rightParam->getEntityId()
&& (
$this->listsPermission >= \CListPermissions::CAN_WRITE
|| \CIBlockElementRights::UserHasRightTo(
$this->rightParam->getIblockId(), $this->rightParam->getEntityId(), 'element_delete'
)
)
);
if ($canDelete)
{
return true;
}
else
{
$this->errorCollection->setError(new Error("Access denied", self::ACCESS_DENIED));
return false;
}
}
/**
* Checks the full edit access to the element.
*
* @return bool
*/
public function canFullEdit()
{
$canFullEdit = (
!$this->socnetGroupClosed
&& (
$this->listsPermission >= \CListPermissions::IS_ADMIN
|| \CIBlockRights::UserHasRightTo(
$this->rightParam->getIblockId(), $this->rightParam->getIblockId(), 'iblock_edit'
)
)
);
if ($canFullEdit)
{
return true;
}
else
{
$this->errorCollection->setError(new Error("Access denied", self::ACCESS_DENIED));
return false;
}
}
/**
* Checks the edit rights access to the element
*/
public function canEditRights()
{
$canEditRights = (
!$this->socnetGroupClosed
&& (
(
$this->rightParam->getEntityId() > 0
&& \CIBlockElementRights::UserHasRightTo(
$this->rightParam->getIblockId(),
$this->rightParam->getEntityId(),
'element_rights_edit'
)
)
|| (
$this->rightParam->getEntityId() === 0
&& \CIBlockSectionRights::UserHasRightTo(
$this->rightParam->getIblockId(),
$this->rightParam->getSectionId() ?? 0,
'element_rights_edit'
)
)
)
);
if ($canEditRights)
{
return true;
}
$this->errorCollection->setError(new Error('Access denied', self::ACCESS_DENIED));
return false;
}
}