diff --git a/lib/WebGUI/Asset.pm b/lib/WebGUI/Asset.pm
index 5f0c4a935..54df5c4f2 100644
--- a/lib/WebGUI/Asset.pm
+++ b/lib/WebGUI/Asset.pm
@@ -205,10 +205,10 @@ Only developers extending this method should use this parameter. By default WebG
=cut
sub canAdd {
- my $self = shift;
+ my $className = shift;
my $userId = shift || $session{user}{userId};
- my $className = $self->definition->[0]->{className};
- my $groupId = $session{config}{assetAddPrivilege}{$className} || shift || '12';
+ my $subclassGroupId = shift;
+ my $groupId = $session{config}{assetAddPrivilege}{$className} || $subclassGroupId || '12';
return WebGUI::Grouping::isInGroup($groupId,$userId);
}
@@ -730,6 +730,12 @@ sub getAssetAdderLinks {
} else {
next if ($uiLevel > $session{user}{uiLevel});
}
+ my $canAdd = eval{$class->canAdd()};
+ if ($@) {
+ WebGUI::ErrorHandler::error("Couldn't determine if user can add ".$class." because ".$@);
+ } else {
+ next unless ($canAdd);
+ }
my $label = eval{$class->getName()};
if ($@) {
WebGUI::ErrorHandler::error("Couldn't get the name of ".$class." because ".$@);
@@ -753,6 +759,7 @@ sub getAssetAdderLinks {
my $sth = WebGUI::SQL->read("select className,assetId from asset where isPrototype=1 and state='published' and className in ($constraint)");
while (my ($class,$id) = $sth->array) {
my $asset = WebGUI::Asset->newByDynamicClass($id,$class);
+ next unless ($asset->canView && $asset->canAdd && $asset->getUiLevel <= $session{user}{uiLevel});
my $url = $self->getUrl("func=add&class=".$class."&prototype=".$id);
$url = WebGUI::URL::append($url,$addToUrl) if ($addToUrl);
$links{$asset->getTitle}{url} = $url;
diff --git a/lib/WebGUI/Config.pm b/lib/WebGUI/Config.pm
index 7a714031a..1539a928f 100644
--- a/lib/WebGUI/Config.pm
+++ b/lib/WebGUI/Config.pm
@@ -150,11 +150,16 @@ sub readConfig {
foreach my $key ($config->directives) {
$data{$key} = $config->get($key);
}
- foreach my $directive (qw(assetAddPrivilege assets utilityAssets assetContainers authMethods paymentPlugins)) {
+ foreach my $directive (qw(assets utilityAssets assetContainers authMethods paymentPlugins)) {
if (ref $data{$directive} ne "ARRAY") {
$data{$directive} = [$data{$directive}];
}
}
+ foreach my $directive (qw(assetAddPrivilege macros)) {
+ if (ref $data{$directive} ne "HASH") {
+ $data{$directive} = {};
+ }
+ }
if( defined( $data{scripturl} ) ) {
# get rid of leading "/" if present.
$data{scripturl} =~ s/^\///;
diff --git a/lib/WebGUI/ErrorHandler.pm b/lib/WebGUI/ErrorHandler.pm
index edfda66ad..72614b90d 100644
--- a/lib/WebGUI/ErrorHandler.pm
+++ b/lib/WebGUI/ErrorHandler.pm
@@ -280,19 +280,19 @@ Creates an HTML formatted string
sub showDebug {
my $text = $WebGUI::Session::session{debug}{'error'};
$text =~ s/\n/\
\n/g;
- my $output = ''.$text."
\n";
+ my $output = ''.$text."
\n";
$text = $WebGUI::Session::session{debug}{'warn'};
$text =~ s/\n/\
\n/g;
- $output .= ''.$text."
\n";
+ $output .= ''.$text."
\n";
$text = $WebGUI::Session::session{debug}{'info'};
$text =~ s/\n/\
\n/g;
- $output .= ''.$text."
\n";
+ $output .= ''.$text."
\n";
$text = $WebGUI::Session::session{debug}{'debug'};
$text =~ s/\n/\
\n/g;
- $output .= ''.$text."
\n";
+ $output .= ''.$text."
\n";
$text = getSessionVars();
$text =~ s/\n/\
\n/g;
- $output .= ''.$text."
\n";
+ $output .= ''.$text."
\n";
return $output;
}