Add method in userrights.class.inc.php to know if a user is readonly

2026-06-25 17:26:37 +02:00 · 2026-06-25 12:58:48 +02:00
parent 9708654366
commit d5a830717e
1 changed files with 31 additions and 0 deletions
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -1530,6 +1530,37 @@ class UserRights
 		}
 	}

+	/**
+	 * @param User $oUser
+	 * @param array $aExcludedProfilesId Administrator by default, but can also be other proofiles depending on needs (e.g. power portal user or REST profile)
+	 * @return bool
+	 * @throws ArchivedObjectException
+	 * @throws CoreException
+	 * @throws CoreUnexpectedValue
+	 * @throws MySQLException
+	 */
+	public static function IsUserReadOnly(User $oUser, array $aExcludedProfilesId = [1]): bool
+	{
+		$oUserProfiles = $oUser->Get('profile_list');
+		$oUserRights = UserRights::GetModuleInstance();
+		while ($oUserProfile = $oUserProfiles->Fetch()) {
+			$iProfileId = $oUserProfile->Get('profileid');
+			if (in_array($iProfileId, $aExcludedProfilesId)) {
+				return false;
+			}
+			foreach (MetaModel::GetClasses('bizmodel,grant_by_profile') as $sClass) {
+				foreach (['w', 'bw', 'd', 'bd'] as $sWriteActionCode) {
+					$bIsGranted = $oUserRights->GetProfileActionGrant($iProfileId, $sClass, $sWriteActionCode);
+					if ($bIsGranted === true) {
+						return false;
+					}
+				}
+			}
+		}
+
+		return true;
+	}
+
 	/**
 	 * @param string $sClass
 	 * @param int $iActionCode see UR_ACTION_* constants