check_acl¶

Takes a PARAMHASH with two properties: "profile" and "privlevel". Their values are assumed to be the ACL profile of a resource and the privlevel of an employee, respectively. The function returns a true or false value indicating whether that employee satisfies the given ACL profile.

In addition to the usual privlevels, the "profile" property can be 'forbidden', in which case the function returns false for all possible values of "privlevel".

check_acl_context¶

Check ACL and compare with eid in request body. This routine is designed for resources that have an ACL profile of 'active'. If the request body contains an 'eid' property, it is checked against the current user's EID. If they are different and the current user's priv is 'active', DOCHAZKA_FORBIDDEN_403 is returned; otherwise, an OK status is returned to signify that the check passed.

If the request body does not contain an 'eid' property, it is added.

acl_check_is_me¶

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine checks the eid/nick/sec_id against "$self->context->{'current_obj'}" (the current employee object) and returns a boolean value answering the question "is this me?"

acl_check_is_my_report¶

Takes a property and a value. The property can be 'eid', 'nick', or 'sec_id'. This routine first gets the employee object corresponding to the eid/nick/sec_id and then checks if the current employee is that employee's supervisor.