diff options
| author | Max Kremmel <xing@synapse.plus.com> | 2006-02-08 12:31:14 +0000 |
|---|---|---|
| committer | Max Kremmel <xing@synapse.plus.com> | 2006-02-08 12:31:14 +0000 |
| commit | 1163a5dfe4d46961da632ab08d8a78163a6401b6 (patch) | |
| tree | 6f048c0462a9ea10440f4acba283940af6796894 | |
| parent | 3ceec5647ee145b94f97708167748efe10717614 (diff) | |
| download | pigeonholes-1163a5dfe4d46961da632ab08d8a78163a6401b6.tar.gz pigeonholes-1163a5dfe4d46961da632ab08d8a78163a6401b6.tar.bz2 pigeonholes-1163a5dfe4d46961da632ab08d8a78163a6401b6.zip | |
tidy up permission checks, display of dynamically collapsable list seems quite impossible with permissions -> removed for now
| -rw-r--r-- | Pigeonholes.php | 81 | ||||
| -rw-r--r-- | list.php | 6 | ||||
| -rw-r--r-- | servicefunctions_inc.php | 24 | ||||
| -rw-r--r-- | templates/edit_pigeonholes.tpl | 6 | ||||
| -rw-r--r-- | templates/section_inc.tpl | 45 | ||||
| -rw-r--r-- | templates/view_structure.tpl | 1 | ||||
| -rw-r--r-- | view.php | 48 |
7 files changed, 113 insertions, 98 deletions
diff --git a/Pigeonholes.php b/Pigeonholes.php index 628ed2a..02914ab 100644 --- a/Pigeonholes.php +++ b/Pigeonholes.php @@ -1,6 +1,6 @@ <?php /** - * @version $Header: /cvsroot/bitweaver/_bit_pigeonholes/Pigeonholes.php,v 1.39 2006/02/07 13:33:33 squareing Exp $ + * @version $Header: /cvsroot/bitweaver/_bit_pigeonholes/Pigeonholes.php,v 1.40 2006/02/08 12:31:13 squareing Exp $ * * +----------------------------------------------------------------------+ * | Copyright ( c ) 2004, bitweaver.org @@ -17,7 +17,7 @@ * Pigeonholes class * * @author xing <xing@synapse.plus.com> - * @version $Revision: 1.39 $ + * @version $Revision: 1.40 $ * @package pigeonholes */ @@ -272,11 +272,6 @@ class Pigeonholes extends LibertyAttachable { return( !empty( $ret ) ? $ret : FALSE ); } - function getStructure( $pParamHash ) { - $struct = new LibertyStructure(); - return $struct->getStructure( $pParamHash ); - } - /** * get the path of a pigeonhole * @param $pStructureId structure id of pigeonhole, if no id is given, it gets the id from $this->mStructureId @@ -360,25 +355,23 @@ class Pigeonholes extends LibertyAttachable { uue.`login` AS modifier_user, uue.`real_name` AS modifier_real_name, uuc.`login` AS creator_user, uuc.`real_name` AS creator_real_name FROM `".BIT_DB_PREFIX."pigeonholes` pig - INNER JOIN `".BIT_DB_PREFIX."liberty_content` lc ON ( lc.`content_id` = pig.`content_id` ) - LEFT JOIN `".BIT_DB_PREFIX."users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` ) - LEFT JOIN `".BIT_DB_PREFIX."users_users` uuc ON ( uuc.`user_id` = lc.`user_id` ) - INNER JOIN `".BIT_DB_PREFIX."liberty_structures` ls ON ( ls.`structure_id` = pig.`structure_id` ) + INNER JOIN `".BIT_DB_PREFIX."liberty_content` lc ON ( lc.`content_id` = pig.`content_id` ) + LEFT JOIN `".BIT_DB_PREFIX."users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` ) + LEFT JOIN `".BIT_DB_PREFIX."users_users` uuc ON ( uuc.`user_id` = lc.`user_id` ) + INNER JOIN `".BIT_DB_PREFIX."liberty_structures` ls ON ( ls.`structure_id` = pig.`structure_id` ) $where $order"; $result = $this->mDb->query( $query, $bindVars, $pListHash['max_records'], $pListHash['offset'] ); while( $aux = $result->fetchRow() ) { + $content_ids[] = $aux['content_id']; $aux['user'] = $aux['creator_user']; $aux['real_name'] = ( isset( $aux['creator_real_name'] ) ? $aux['creator_real_name'] : $aux['creator_user'] ); $aux['display_name'] = BitUser::getTitle( $aux ); $aux['editor'] = ( isset( $aux['modifier_real_name'] ) ? $aux['modifier_real_name'] : $aux['modifier_user'] ); $aux['display_link'] = Pigeonholes::getDisplayLink( $aux['title'], $aux ); - if( !empty( $pListHash['force_extras'] ) || - ( !empty( $pListHash['load_extras'] ) && $gBitSystem->getPreference( 'pigeonholes_list_style' ) != 'table' ) || - ( !empty( $pListHash['load_extras'] ) && $aux['structure_id'] == @$pListHash['structure_id'] && $gBitSystem->getPreference( 'pigeonholes_list_style' ) == 'table' ) - ) { + if( !empty( $pListHash['force_extras'] ) || ( !empty( $pListHash['load_extras'] ) && $aux['structure_id'] == @$pListHash['structure_id'] ) ) { $aux['path'] = $this->getPigeonholePath( $aux['structure_id'] ); $aux['display_path'] = Pigeonholes::getDisplayPath( $aux['path'] ); $aux['members'] = $this->getMemberList( array( 'content_id' => $aux['content_id'] ) ); @@ -388,15 +381,15 @@ class Pigeonholes extends LibertyAttachable { } } - $ret[] = $aux; + $ret[$aux['structure_id']] = $aux; } $query = "SELECT COUNT( lc.`title` ) FROM `".BIT_DB_PREFIX."pigeonholes` pig - INNER JOIN `".BIT_DB_PREFIX."liberty_content` lc ON ( lc.`content_id` = pig.`content_id` ) - LEFT JOIN `".BIT_DB_PREFIX."users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` ) - LEFT JOIN `".BIT_DB_PREFIX."users_users` uuc ON ( uuc.`user_id` = lc.`user_id` ) - INNER JOIN `".BIT_DB_PREFIX."liberty_structures` ls ON ( ls.`structure_id` = pig.`structure_id` ) + INNER JOIN `".BIT_DB_PREFIX."liberty_content` lc ON ( lc.`content_id` = pig.`content_id` ) + LEFT JOIN `".BIT_DB_PREFIX."users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` ) + LEFT JOIN `".BIT_DB_PREFIX."users_users` uuc ON ( uuc.`user_id` = lc.`user_id` ) + INNER JOIN `".BIT_DB_PREFIX."liberty_structures` ls ON ( ls.`structure_id` = pig.`structure_id` ) $where"; $pListHash['cant'] = $this->mDb->getOne( $query, $bindVars ); @@ -404,14 +397,40 @@ class Pigeonholes extends LibertyAttachable { return $ret; } - function alphabetiseMembers( &$pParamHash ) { + /** + * Check permissions of all nodes that lead to this + * @return a nicely grouped set of pigeonhole members in a set of columns and starting letters. + * @access public + **/ + function checkPathPermissions( &$pPath ) { + global $gBitUser; + foreach( $pPath as $key => $path ) { + // load preferences for this node, if it's not loaded yet + if( empty( $path['preferences'] ) ) { + $pPath[$key]['preferences'] = $this->loadPreferences( $path['content_id'] ); + } + $group_id = !empty( $pPath[$key]['preferences']['group_id'] ) ? $pPath[$key]['preferences']['group_id'] : NULL; + $permission = !empty( $pPath[$key]['preferences']['permission'] ) ? $pPath[$key]['preferences']['permission'] : NULL; + if( ( !empty( $group_id ) && !$gBitUser->isInGroup( $group_id ) ) || ( !empty( $permission ) && !$gBitUser->hasPermission( $permission ) ) ) { + return FALSE; + } + } + return TRUE; + } + + /** + * Alphabetise all member items + * @return a nicely grouped set of pigeonhole members in a set of columns and starting letters. + * @access public + **/ + function alphabetiseMembers( &$pMememberHash ) { global $gBitSystem; - if( !empty( $pParamHash ) ) { - usort( $pParamHash, "pigeonholes_alphabetiser" ); - $per_column = ceil( count( $pParamHash ) / $gBitSystem->getPreference( 'pigeonhole_display_columns', 3 ) ); + if( !empty( $pMememberHash ) ) { + usort( $pMememberHash, "pigeonholes_alphabetiser" ); + $per_column = ceil( count( $pMememberHash ) / $gBitSystem->getPreference( 'pigeonhole_display_columns', 3 ) ); $i = 1; $j = 1; - foreach( $pParamHash as $member ) { + foreach( $pMememberHash as $member ) { $column = ( $i++ % $per_column == 0 ) ? $j++ : $j; $index = strtoupper( substr( $member['title'], 0, 1 ) ); // check if the previous column was using the same letter as we want to use in the new column @@ -420,7 +439,7 @@ class Pigeonholes extends LibertyAttachable { } $ret[$column][$index][] = $member; } - $pParamHash = $ret; + $pMememberHash = $ret; unset( $ret ); } } @@ -633,6 +652,8 @@ class Pigeonholes extends LibertyAttachable { function expungePigeonholeMember( $pParamHash ) { if( @BitBase::verifyId( $pParamHash['parent_id'] ) || @BitBase::verifyId( $pParamHash['member_id'] ) ) { $where = ''; + $bindVars = array(); + if( @BitBase::verifyId( $pParamHash['parent_id'] ) ) { $where .= " WHERE `parent_id`=? "; $bindVars[] = $pParamHash['parent_id']; @@ -645,12 +666,8 @@ class Pigeonholes extends LibertyAttachable { if( !empty( $pParamHash['deletables'] ) && is_array( $pParamHash['deletables'] ) ) { // only delete member data when it's part of the deletable structure - $in = ""; - foreach( $pParamHash['deletables'] as $pid ) { - $bindVars[] = $pid; - $in .= !empty( $in ) ? ", ?" : "?"; - } - $where .= ( empty( $where ) ? " WHERE " : " AND " )." `parent_id` IN( $in ) "; + $where .= ( empty( $where ) ? " WHERE " : " AND " )." `parent_id` IN( ".preg_replace( "/,$/", "", str_repeat( "?,", count( $pParamHash['deletables'] ) ) )." ) "; + $bindVars = array_merge( $bindVars, $pParamHash['deletables'] ); } // now we're ready to remove the actual members @@ -3,7 +3,7 @@ * $Header * * @author xing <xing@synapse.plus.com> - * @version $Revision: 1.8 $ + * @version $Revision: 1.9 $ * @package pigeonholes * @subpackage functions */ @@ -30,6 +30,10 @@ if( !empty( $pigeonList ) ) { $gStructure = new LibertyStructure(); } $pigeonList[$key]['subtree'] = $gStructure->getSubTree( $pigeonhole['root_structure_id'] ); + // add permissions to all so we know if we can display pages within category +// foreach( $pigeonList[$key]['subtree'] as $k => $node ) { +// $pigeonList[$key]['subtree'][$k]['preferences'] = $gContent->loadPreferences( $node['content_id'] ); +// } } $gBitSmarty->assign( 'pigeonList', $pigeonList ); } diff --git a/servicefunctions_inc.php b/servicefunctions_inc.php index 43c2fff..3b45ca3 100644 --- a/servicefunctions_inc.php +++ b/servicefunctions_inc.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_pigeonholes/Attic/servicefunctions_inc.php,v 1.9 2006/02/07 13:33:33 squareing Exp $ + * $Header: /cvsroot/bitweaver/_bit_pigeonholes/Attic/servicefunctions_inc.php,v 1.10 2006/02/08 12:31:14 squareing Exp $ * * Copyright ( c ) 2004 bitweaver.org * All Rights Reserved. See copyright.txt for details and a complete list of authors. @@ -18,7 +18,6 @@ function display_pigeonholes( &$pObject ) { if( $gBitSystem->isFeatureActive( 'display_pigeonhole_members' ) || $gBitSystem->isFeatureActive( 'display_pigeonhole_path' ) ) { require_once( PIGEONHOLES_PKG_PATH.'Pigeonholes.php' ); $pigeonholes = new Pigeonholes(); - if( $gBitUser->hasPermission( 'bit_p_view_pigeonholes' ) ) { if( $pigeons = $pigeonholes->getPigeonholesFromContentId( $pObject->mContentId ) ) { foreach( $pigeons as $pigeon ) { @@ -28,24 +27,11 @@ function display_pigeonholes( &$pObject ) { $pigeonData[] = $pigeonholes->mInfo; // set the theme chosen for this page - virtually random if page is part of multiple themes $pigeonholes->loadPreferences(); - $gPreviewStyle = $pigeonholes->getPreference( 'pigeonholes_style' ); + $gPreviewStyle = $pigeonholes->getPreference( 'style' ); // we need to check all pigeonholes in the path, load the prefs and work out if the user is allowed to view the page - foreach( $pigeonholes->getField( 'path' ) as $p ) { - $tmpPigeon = new Pigeonholes( NULL, $p['content_id'] ); - $tmpPigeon->loadPreferences(); - $group_id = $tmpPigeon->getPreference( 'pigeonholes_group_id' ); - $permission = $tmpPigeon->getPreference( 'pigeonholes_permission' ); - if( ( !empty( $group_id ) && !$gBitUser->isInGroup( $group_id ) ) || - ( !empty( $permission ) && !$gBitUser->hasPermission( $permission ) ) - ) { - $msg = tra( "This content is part of a category to which you have no access to. Please log in or request the appropriate permission for the site administrator." ); - $gBitSystem->fatalPermission( NULL, $msg ); - } - $style = $tmpPigeon->getPreference( 'pigeonholes_style' ); - if( !empty( $style ) ) { - $gPreviewStyle = $style; - } - unset( $tmpPigeon ); + if( !$pigeonholes->checkPathPermissions( $pigeonholes->getField( 'path' ) ) ) { + $msg = tra( "This content is part of a category to which you have no access to. Please log in or request the appropriate permission from the site administrator." ); + $gBitSystem->fatalPermission( NULL, $msg ); } } $gBitSmarty->assign( 'pigeonData', !empty( $pigeonData ) ? $pigeonData : FALSE ); diff --git a/templates/edit_pigeonholes.tpl b/templates/edit_pigeonholes.tpl index 17ae59b..89d8046 100644 --- a/templates/edit_pigeonholes.tpl +++ b/templates/edit_pigeonholes.tpl @@ -45,7 +45,7 @@ <div class="row"> {formlabel label="Theme" for="pigeonhole-style"} {forminput} - {html_options id="pigeonhole-style" name="pigeonhole[prefs][pigeonholes_style]" output=$styles values=$styles selected=$gContent->mPrefs.pigeonholes_style} + {html_options id="pigeonhole-style" name="pigeonhole[prefs][style]" output=$styles values=$styles selected=$gContent->mPrefs.style} {formhelp note="This theme will be applied when viewing any page belonging to this category." warning="Setting is inherited from parent category."} {/forminput} </div> @@ -53,7 +53,7 @@ <div class="row"> {formlabel label="Permission" for="perm"} {forminput} - {html_options name="pigeonhole[prefs][pigeonholes_permission]" id="perm" options=$perms selected=`$gContent->mPrefs.pigeonholes_permission`} + {html_options name="pigeonhole[prefs][permission]" id="perm" options=$perms selected=`$gContent->mPrefs.permission`} {formhelp note="Permission required to view any page in this category." warning="Setting is inherited from parent category."} {/forminput} </div> @@ -61,7 +61,7 @@ <div class="row"> {formlabel label="Group" for="group"} {forminput} - {html_options name="pigeonhole[prefs][pigeonholes_group]" id="group" options=$groups selected=`$gContent->mPrefs.pigeonholes_group_id`} + {html_options name="pigeonhole[prefs][group_id]" id="group" options=$groups selected=`$gContent->mPrefs.group_id`} {formhelp note="Users of only this group can view the content of this category." warning="Setting is inherited from parent category."} {/forminput} </div> diff --git a/templates/section_inc.tpl b/templates/section_inc.tpl index ca11271..e8ca2b8 100644 --- a/templates/section_inc.tpl +++ b/templates/section_inc.tpl @@ -1,47 +1,14 @@ {strip} {if $gBitSystemPrefs.pigeonholes_list_style == "dynamic" && !$no_details} - {* ======= crazy display for only few category memebers - only display method that allows custom sorting ======= *} - {if $gContent->mStructureId eq $subtree[ix].structure_id or $smarty.request.expand_all} - {assign var=iname value=Expanded} - {else} - {assign var=iname value=Collapsed} - {/if} - - <div class="highlight"> - {if $edit} - <div class="floaticon"> - {smartlink ititle="Edit Category" ibiticon="liberty/edit" ifile="edit_pigeonholes.php" structure_id=$subtree[ix].structure_id action=edit} - {smartlink ititle="Remove Category" ibiticon="liberty/delete" ifile="edit_pigeonholes.php" structure_id=$subtree[ix].structure_id action=remove} - </div> - {/if} - - <h3> - <a href="javascript:icntoggle('sid{$subtree[ix].structure_id}');"> - {biticon ipackage=liberty iname=$iname id=sid`$subtree[ix].structure_id`img"} {$subtree[ix].title|escape} - {foreach from=$pigeonList item=pigeonItem} - {if $pigeonItem.structure_id eq $subtree[ix].structure_id} - <small> [ {$pigeonItem.members_count} ]</small> - {/if} - {/foreach} - </a> - </h3> - - <script type="text/javascript"> - setfoldericonstate('sid{$subtree[ix].structure_id}'); - </script> - - <noscript> - <div style="padding-left:18px;" class="small"><a href="{$smarty.const.PIGEONHOLES_PKG_URL}{if $edit}edit_pigeonholes{else}index{/if}.php?structure_id={$subtree[ix].structure_id}">{tr}Expand{/tr}</a></div> - </noscript> - </div> + <h3 class="highlight"><a href="{$smarty.const.PIGEONHOLES_PKG_URL}view.php?structure_id={$subtree[ix].structure_id}">{$subtree[ix].title|escape}</a></h3> {foreach from=$pigeonList item=pigeonItem} {if $pigeonItem.structure_id eq $subtree[ix].structure_id} - {$pigeonItem.data|escape} {if $pigeonItem.members} - <ul id="sid{$subtree[ix].structure_id}" style="display:{if $gContent->mStructureId eq $subtree[ix].structure_id or $smarty.request.expand_all}block{else}none{/if}; padding:2em;" class="data"> + {$pigeonItem.data|escape} + <ul style="display:{if $gContent->mStructureId eq $subtree[ix].structure_id or $smarty.request.expand_all}block{else}none{/if}; padding:2em;" class="data"> {foreach from=$pigeonItem.members item=pigeonMember} {assign var=ctg1 value=$pigeonMember.content_type_guid} @@ -70,12 +37,14 @@ </ul> </li> </ul> - {else} - <div id="sid{$subtree[ix].structure_id}" class="norecords">{tr}No Records Found{/tr}</div> {/if} {/if} {/foreach} + {if $gContent->mInfo.structure_id eq $subtree[ix].structure_id} + {formfeedback hash=$memberFeedback} + {/if} + {else} {* ======= very basic display of the pigoenhole structure ======= *} diff --git a/templates/view_structure.tpl b/templates/view_structure.tpl index e3d074b..17d1f9e 100644 --- a/templates/view_structure.tpl +++ b/templates/view_structure.tpl @@ -7,6 +7,7 @@ <div class="body"> {if $gBitSystemPrefs.pigeonholes_list_style == "table"} {include file="bitpackage:pigeonholes/view_structure_inc.tpl" no_details=true no_edit=true} + {formfeedback hash=$memberFeedback} {include file="bitpackage:pigeonholes/view_table_inc.tpl" no_details=true no_edit=true} {else} {if !$smarty.request.expand_all and !( $smarty.request.action eq 'edit' or $smarty.request.action eq 'create' )} @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_pigeonholes/view.php,v 1.7 2006/01/24 22:41:47 squareing Exp $ + * $Header: /cvsroot/bitweaver/_bit_pigeonholes/view.php,v 1.8 2006/02/08 12:31:14 squareing Exp $ * * Copyright ( c ) 2004 bitweaver.org * Copyright ( c ) 2003 tikwiki.org @@ -8,7 +8,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: view.php,v 1.7 2006/01/24 22:41:47 squareing Exp $ + * $Id: view.php,v 1.8 2006/02/08 12:31:14 squareing Exp $ * @package pigeonholes * @subpackage functions */ @@ -23,6 +23,8 @@ $gBitSystem->verifyPermission( 'bit_p_view_pigeonholes' ); include_once( PIGEONHOLES_PKG_PATH.'lookup_pigeonholes_inc.php' ); +$gBitSmarty->assign_by_ref( 'memberFeedback', $memberFeedback = array() ); + // set up structure related stuff global $gStructure; $gStructure = new LibertyStructure( $gContent->mInfo['root_structure_id'] ); @@ -45,15 +47,51 @@ if( empty( $gStructure ) || !$gStructure->isValid() ) { $gBitSmarty->assign_by_ref( 'gStructure', $gStructure ); $gBitSmarty->assign( 'structureInfo', $gStructure->mInfo ); -$gBitSmarty->assign( 'subtree', $gStructure->getSubTree( $gStructure->mStructureId ) ); +/* +$subtree = $gStructure->getSubTree( $gStructure->mStructureId ); +// get individual node preferences +foreach( $subtree as $k => $node ) { + $subtree[$k]['preferences'] = $gContent->loadPreferences( $node['content_id'] ); + if( !empty( $subtree[$k]['preferences']['permission'] ) ) { + $subtree[$k]['permissions'][] = $subtree[$k]['preferences']['permission']; + } + if( !empty( $subtree[$k]['preferences']['group_id'] ) ) { + $subtree[$k]['groups'][] = $subtree[$k]['preferences']['group_id']; + } +} +// this is a bit of a crazy setup to pass permissions on to child nodes, but i'm not sure how else to do this. +for( $i = 0; $i <= count( $subtree ); $i++ ) { + foreach( $subtree as $key => $node ) { + if( $node['level'] == $i ) { + foreach( $subtree as $k => $n ) { + if( $n['level'] == $i-1 ) { + if( !empty( $n['preferences']['permission'] ) ) { + $subtree[$key]['permissions'][] = $n['preferences']['permission']; + } + if( !empty( $n['preferences']['group_id'] ) ) { + $subtree[$key]['groups'][] = $n['preferences']['group_id']; + } + } + } + } + } +} +$gBitSmarty->assign( 'subtree', $subtree ); +*/ + +$gBitSmarty->assign( 'subtree', $gStructure->getSubTree( $gStructure->mStructureId ) ); $listHash = array( 'root_structure_id' => $gContent->mInfo['root_structure_id'], 'structure_id' => $gContent->mInfo['structure_id'], 'load_extras' => TRUE ); -$pigeonList = $gContent->getList( $listHash ); -$gBitSmarty->assign( 'pigeonList', $pigeonList ); +if( $gContent->checkPathPermissions( $gContent->getField( 'path' ) ) ) { + $pigeonList = $gContent->getList( $listHash ); + $gBitSmarty->assign( 'pigeonList', $pigeonList ); +} else { + $memberFeedback['warning'] = tra( "You do not have the required permissions to view the content of this category" ); +} $gContent->addHit(); // Display the template |
