BaseUserGroupRight.ktUserRightAccessCheck and provides concrete implementations of CRUD access checks (select, insert, update, delete, history) by delegating to BaseUserGroupRightUtils. Supports owner, full, readonly, and minimal access levels.UserRightAccessCheck<T> └── BaseUserGroupRight<T : BaseUserGroupRightsDO?>
The generic parameter T is constrained to nullable BaseUserGroupRightsDO subtypes (#865).
| Parameter | Type | Description |
|---|---|---|
id | IUserRightId? | Right identifier passed to superclass |
category | UserRightCategory? | Category of this right |
rightValues | vararg UserRightValue? | Access right value flags |
| Method | Behavior |
|---|---|
hasSelectAccess(user: PFUserDO?) | Always returns true (general select allowed) |
hasSelectAccess(user, obj) | Returns true if user is owner, admin, or has full/readonly/minimal access via group/user rights |
| Method | Behavior |
|---|---|
hasInsertAccess(user: PFUserDO) | Always returns true (general insert allowed) |
hasInsertAccess(user, obj) | Returns true if user is owner or admin |
Both hasUpdateAccess(user, obj, oldObj) and hasDeleteAccess(user, obj, oldObj) delegate to hasInsertAccess(user, oldObj)—i.e., the user must be owner or admin of the old object.
hasHistoryAccess(user, obj) returns true if the user has insert access on the object, or if the object is null (default true).
All these methods delegate to BaseUserGroupRightUtils (#867):
| Method | Description |
|---|---|
isOwner(user, obj) | Checks if user is the owner of the object |
isOwner(userId, obj) | Checks by user ID |
hasReadAccess(obj, userId, throwException) | Read access check with optional exception |
hasWriteAccess(obj, userId, throwException) | Write access check with optional exception |
getAccessType(obj, userId) | Returns one of NONE, MINIMAL, READONLY, or FULL |
hasFullAccess(obj, userId) | True if access type has full access |
hasReadonlyAccess(obj, userId) | True if access type is READONLY |
hasMinimalAccess(obj, userId) | True if access type is MINIMAL |
This class bridges the framework-level UserRightAccessCheck abstraction with the domain-level user/group rights stored in BaseUserGroupRightsDO. By keeping the actual logic in the standalone object BaseUserGroupRightUtils, the rights calculation is accessible without constructing a full BaseUserGroupRight instance (e.g., from the TeamCalCache).
General select and insert always return true because object-level filtering is applied downstream by the concrete DAO/service layer—this class only gates object-specific access.
868d6abb7 2025 -> 2026 63081666f Source file headers: 2024-> 2025. 4c04cfd65 MAJOR-CHANGE! Migration of integer id's to Long id's 4efcbd0fb Migration stuff in progress... b6092df09 Copyright 2023 -> 2024 ab45d51fa Copyright 2001-2022 -> 2001-2023. 232a91c5a BaseUserGroupRightUtils implemented. WIP BankingPlugin and jobs-handling. 5f7ef41b8 Copyright 2021 -> 2022 c0f2b9de0 Tenants functionality removed everywhere (untested). ceb63e8a1 Source code header: (C) 2001-2021. 7140fba5d BaseUserGroupRight.hasSelect(PFUserDO?): NPE fix 7b1fd2d51 NPE fix in BaseUserGroupRight.kt. becbdcaf9 SEPATransferGenerator moved. e2a787c6e Fix after migration to Kotlin in BaseUserGroupRight. e26bafa83 BaseUserGroupRight, UserGroupCach, userContext -> Kotlin.