Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

annotationEditable()

Description

Check if an annotation can be editable (add/ edit + remove) by the user. Please note that Annotorious JS library is
treating edit & remove as the same under the "editable" property.

Parameters

ColumnTypeDefaultDescription
$annotation array
$ctx: array
$annotate_public_view;
$annotate_text_adds_comment
an in
string} array{k?: $ctx Environment context (e.g. external share)

Location

include/annotation_functions.php lines 257 to 298

Definition

 
function annotationEditable(array $annotation, array $ctx): bool
{
    debug(sprintf('[annotations][fct=annotationEditable] $annotation = %s'json_encode($annotation)));
    global $userref$annotate_text_adds_comment$annotate_public_view;

    // Read-only annotations when:
    if (
        // - allowed to view publicly, in an external share context
        ($annotate_public_view && ($ctx['k'] ?? '') !== '')
        // - the resource is inapplicable because its type is excluded (via $annotate_exclude_restypes)
        || !resource_can_be_annotated($annotation['resource'])
    ) {
        return false;
    }

    $add_operation = !isset($annotation['user']);

    // Text (comment) annotations
    if ((int) $annotation['resource_type_field'] === 0) {
        return $annotate_text_adds_comment
            ? (($add_operation || checkperm('o')) && !checkPermission_anonymoususer())
            : false;
    }

    /*
    # Field bound annotations

    Non-admin edit authorisation is valid when:
        - user is just adding a new (field bound) annotation
        - when editing/removing an existing annotation, the annotation was created by the same user
    */
    $non_admin_athz = ($add_operation || $userref == $annotation['user']);
    $field_edit_access metadata_field_edit_access($annotation['resource_type_field']);
    $resource_edit_access get_edit_access($annotation['resource']);

    // Anonymous users cannot edit by default. They can only edit if they are allowed CRUD operations
    if (checkPermission_anonymoususer()) {
        return $non_admin_athz && $field_edit_access && $resource_edit_access;
    }

    return (checkperm('a') || $non_admin_athz) && $field_edit_access && $resource_edit_access;
}

This article was last updated 29th July 2025 21:35 Europe/London time based on the source file dated 4th July 2025 10:35 Europe/London time.