Introducing a new role "write" and possibility to define capabilities (#13163)

* started working on some ACL concept

* acl implementation

* add category

* small tweaks

* more tweaks

* more api methods and fixes

* cache capabilities

* various enhancements, fixes, tweaks

* more tweaks

* added more tests and fixed some bugs

* fix parameter

* make sure to be BC

* make sure to be BC

* fix some tests

* more apis, translations, changelog entry, ...

* update db

* correct error message

* fix capabilities were not detected in tests

* directly access provider

* fix and add test

* JS api to check capabilities, better structure for capabilities in tests

* add ability to inject permissions

* apply review changes

* fix test

1 files changed, 2 insertions, 2 deletions

diff --git a/plugins/Annotations/AnnotationList.php b/plugins/Annotations/AnnotationList.php
index f51a5e86ce..823c7bf125 100644
--- a/plugins/Annotations/AnnotationList.php
+++ b/plugins/Annotations/AnnotationList.php
@@ -377,7 +377,7 @@ class AnnotationList
     /**
      * Returns true if the current user can modify or delete a specific annotation.
      *
-     * A user can modify/delete a note if the user has admin access for the site OR
+     * A user can modify/delete a note if the user has write access for the site OR
      * the user has view access, is not the anonymous user and is the user that
      * created the note in question.
      *
@@ -388,7 +388,7 @@ class AnnotationList
     public static function canUserModifyOrDelete($idSite, $annotation)
     {
         // user can save if user is admin or if has view access, is not anonymous & is user who wrote note
-        $canEdit = Piwik::isUserHasAdminAccess($idSite)
+        $canEdit = Piwik::isUserHasWriteAccess($idSite)
             || (!Piwik::isUserIsAnonymous()
                 && Piwik::getCurrentUserLogin() == $annotation['user']);
         return $canEdit;