/
Remove "is admin" checks from "kDBEventHandler::checkItemStatus" method [5.2.2-B1]
Remove "is admin" checks from "kDBEventHandler::checkItemStatus" method [5.2.2-B1]
- Alex
Owned by Alex
The permission system in In-Portal ensures, that nobody can access data that he/she can't operate on. For example "kDBEventHandler::checkItemStatus" method is called on Front-End to check if user can see/edit an object (e.g. user profile).
Knowing that I was quite surprised, that there are "is admin?" checks still present in the "kDBEventHandler::checkItemStatus" method.
Solution
Remove redundant "is admin?" checks from "kDBEventHandler::checkItemStatus" method, that usually looks like this:
if ( $this->Application->isAdminUser ) {
return true;
}
Pay attention to the "addr:checkItemStatus" method, because it's called from "OnBeforeItemUpdate" and "OnBeforeItemDelete" events, where such behavior may be desired.