diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2018-07-18 07:47:13 +0300 |
---|---|---|
committer | diosmosis <diosmosis@users.noreply.github.com> | 2018-07-18 07:47:13 +0300 |
commit | 105e007721b5c0ea12ff2596d8d82c721021fb4e (patch) | |
tree | 558162844ba663781fdf0ec691642f0dc453e94e /plugins/Annotations | |
parent | 74334d8d0908910ed3cc4a9a918436d9f9ccc3f6 (diff) |
Introducing a new role "write" and possibility to define capabilities (#13163)
* started working on some ACL concept
* acl implementation
* add category
* small tweaks
* more tweaks
* more api methods and fixes
* cache capabilities
* various enhancements, fixes, tweaks
* more tweaks
* added more tests and fixed some bugs
* fix parameter
* make sure to be BC
* make sure to be BC
* fix some tests
* more apis, translations, changelog entry, ...
* update db
* correct error message
* fix capabilities were not detected in tests
* directly access provider
* fix and add test
* JS api to check capabilities, better structure for capabilities in tests
* add ability to inject permissions
* apply review changes
* fix test
Diffstat (limited to 'plugins/Annotations')
-rw-r--r-- | plugins/Annotations/AnnotationList.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/Annotations/AnnotationList.php b/plugins/Annotations/AnnotationList.php index f51a5e86ce..823c7bf125 100644 --- a/plugins/Annotations/AnnotationList.php +++ b/plugins/Annotations/AnnotationList.php @@ -377,7 +377,7 @@ class AnnotationList /** * Returns true if the current user can modify or delete a specific annotation. * - * A user can modify/delete a note if the user has admin access for the site OR + * A user can modify/delete a note if the user has write access for the site OR * the user has view access, is not the anonymous user and is the user that * created the note in question. * @@ -388,7 +388,7 @@ class AnnotationList public static function canUserModifyOrDelete($idSite, $annotation) { // user can save if user is admin or if has view access, is not anonymous & is user who wrote note - $canEdit = Piwik::isUserHasAdminAccess($idSite) + $canEdit = Piwik::isUserHasWriteAccess($idSite) || (!Piwik::isUserIsAnonymous() && Piwik::getCurrentUserLogin() == $annotation['user']); return $canEdit; |