added ability to check acl list when a client GETs member resource

Kousuke Ebihara · Kousuke Ebihara · commit c651f6ab3c0b · 2009-08-24T22:27:19.000+09:00
diff --git a/lib/api/opAPI.class.php b/lib/api/opAPI.class.php
@@ -351,4 +351,16 @@ public function setMemberId($id)
   {
     $this->member = Doctrine::getTable('Member')->find($id);
   }
+
+  public function getAcl($model)
+  {
+    if (!$this->member)
+    {
+      return null;
+    }
+
+    $builderName = 'op'.get_class($model).'AclBuilder';
+
+    return call_user_func($builderName.'::buildResource', $model, array($this->member));
+  }
 }
diff --git a/lib/api/opAPIMember.class.php b/lib/api/opAPIMember.class.php
@@ -50,7 +50,15 @@ public function feed()
 
   public function entry()
   {
-    return $this->getRouteObject()->fetchOne();
+    $entry = $this->getRouteObject()->fetchOne();
+
+    $acl = $this->getAcl($entry);
+    if ($acl && !$acl->isAllowed($this->member->id, null, 'view'))
+    {
+      return false;
+    }
+
+    return $entry;
   }
 
   public function insert(SimpleXMLElement $xml)

Original file line number	Diff line number	Diff line change
`@@ -351,4 +351,16 @@ public function setMemberId($id)`
`351`	`351`	`{`
`352`	`352`	`$this->member = Doctrine::getTable('Member')->find($id);`
`353`	`353`	`}`
	`354`	`+`
	`355`	`+ public function getAcl($model)`
	`356`	`+ {`
	`357`	`+ if (!$this->member)`
	`358`	`+ {`
	`359`	`+ return null;`
	`360`	`+ }`
	`361`	`+`
	`362`	`+ $builderName = 'op'.get_class($model).'AclBuilder';`
	`363`	`+`
	`364`	`+ return call_user_func($builderName.'::buildResource', $model, array($this->member));`
	`365`	`+ }`
`354`	`366`	`}`