OGo object permissions are checked using the SkyAccessManager, accessible from the LSCommandContext.

TODO: write much more ...

Enterprise Record

Old-Style Access Check

- (BOOL)isEditDisabled {
id myAccount = [[self session] activeAccount];
id accountId = [myAccount valueForKey:@"companyId"];
id obj = [self object]; BOOL isEnabled = NO;
BOOL isPrivate = [[obj valueForKey:@"isPrivate"] boolValue];
BOOL isReadonly = [[obj valueForKey:@"isReadonly"] boolValue];
isEnabled = ((!isPrivate && !isReadonly) || ([accountId isEqual:[[obj owner] valueForKey:@"ownerId"]]) ||
([[self session] activeAccountIsRoot]));
return !isEnabled;
}

New-Style Access Check using SkyAccessManager

- (BOOL)isEditDisabled {
return ![[[self commandContext] accessManager]
operation:@"w" allowedOnObjectID:
[[self object] valueForKey:@"globalID"]];
}