<?php $userid = $this->request->parameters['userid']; $user = new User($userid); $userinfo = $user->get(); $userinfo['PROPS'] = $user->properties->getValues($userid); $userinfo['LANGUAGE'] = $user->getLanguage(); $userroles = $user->getUsergroups($userid); $languageMgr = new Languages(); $languages = $languageMgr->getList(); $userpicture = sUserMgr()->getUserImage($userid, 48, 48); if (!$userpicture) { $userpicture = $this->imgpath . 'content/temp_userpic.png'; } $koala->queueScript('Koala.windows[\'wid_' . $this->request->parameters['win_no'] . '\'].setUserHeader(\'' . $userpicture . '\',\'' . $userinfo['PROPS']['FIRSTNAME'] . ' ' . $userinfo['PROPS']['LASTNAME'] . '\',\'' . $userinfo['PROPS']['COMPANY'] . '\', \'' . $userinfo['ID'] . '\');'); $smarty->assign('userinfo', $userinfo); $smarty->assign('userroles', $userroles); $smarty->assign('userpicture', $userpicture); $smarty->assign("win_no", $this->request->parameters['win_no']); $smarty->display('file:' . $this->page_template);
$koala->queueScript('Koala.windows[\'wid_' . $this->request->parameters['win_no'] . '\'].setStageButton( \'0\' );'); } else { if (!$lockedFailed) { $koala->queueScript('Koala.windows[\'wid_' . $this->request->parameters['win_no'] . '\'].setStageButton( \'' . $object_permissions['RSTAGE'] . '\' );'); } } $koala->queueScript('Koala.windows[\'wid_' . $this->request->parameters['win_no'] . '\'].setLocked( \'' . $lockedByUser['ID'] . '\' );'); } else { // Get roles assigned to user $rootGroupId = (int) sConfig()->getVar("CONFIG/SYSTEMUSERS/ROOTGROUPID"); $anonGroupId = (int) sConfig()->getVar("CONFIG/SYSTEMUSERS/ANONGROUPID"); $userID = $this->request->parameters['yg_id']; $userID = explode('-', $userID); $userID = (int) $userID[0]; $user = new User($userID); $usergroups = $user->getUsergroups(); foreach ($usergroups as $usergroup_idx => $usergroup) { $usergroups[$usergroup_idx]['RDELETE'] = sUsergroups()->usergroupPermissions->checkInternal(sUserMgr()->getCurrentUserID(), $usergroup['ID'], 'RDELETE'); if ($userID) { if ($userID == sUserMgr()->getAdministratorID() && (int) $usergroups[$usergroup_idx]['ID'] == $rootGroupId) { $usergroups[$usergroup_idx]['RDELETE'] = false; $usergroups[$usergroup_idx]['SHOW_DELETE'] = false; } else { $usergroups[$usergroup_idx]['RDELETE'] = true; $usergroups[$usergroup_idx]['SHOW_DELETE'] = true; } } } // FIXME $realUsergroups = array(); foreach ($usergroups as $usergroup_idx => $usergroup) {
$usergroupList .= ', '; } } // Set status of page to changed $jsQueue->add($mailingId, HISTORYTYPE_MAILING, 'HIGHLIGHT_MAILING', sGuiUS(), 'name'); // Add to history $mailing->history->add(HISTORYTYPE_MAILING, NULL, $roleInfo['NAME'], "TXT_MAILING_H_GROUPADD"); $jsQueue->add($mailingId, HISTORYTYPE_MAILING, 'OBJECT_CHANGE', sGuiUS(), 'mailing', NULL, NULL, $mailingId . '-mailing', 'yg_usergrouplist', $usergroupList); $jsQueue->add($mailingId, HISTORYTYPE_MAILING, 'OBJECT_CHANGE', sGuiUS(), 'mailing', NULL, NULL, $mailingId . '-mailing', 'receipients', $receipients); } } else { if ($mode == 'user') { // For users $userId = $this->params['userId']; $user = new User($userId); $currentRoles = $user->getUsergroups($userId); $addRole = true; foreach ($currentRoles as $currentRoles_item) { if ($currentRoles_item['ID'] == $roleId) { $addRole = false; } } if ($addRole) { $user->addUsergroup($roleId); $koala->queueScript('if ($K.windows[\'' . $openerRefId . '\'] && (typeof $K.windows[\'' . $openerRefId . '\'].addToSortable == \'function\')) $K.windows[\'' . $openerRefId . '\'].addToSortable( \'' . $roleId . '\', \'' . $roleName . '\', \'\', \'\' );'); } } } break; case 'savePermissions': $objectType = strtolower($this->params['objectType']);
/** * Checks if a User owns a specific Permission for a specific Object * * @param int $userId User Id * @param int $objectId Object Id * @param string $permission Permission (RREAD, RWRITE, RDELETE, RSUB, RSTAGE, RMODERATE, RCOMMENT, RSEND) * @return bool TRUE if the User has Permissions, false if not */ public function checkInternal($userId, $objectId, $permission) { $userId = (int) $userId; $objectId = (int) $objectId; $permission = sYDB()->escape_string(sanitize($permission)); if ($userId == 0 && $permission == "RREAD") { return true; } if ($userId == $this->_user->_uid) { // reuse user object $user = $this->_user; } else { $user = new User($userId); } $userroles = $user->getUsergroups($userId); for ($r = 0; $r < count($userroles); $r++) { $permissions = $this->getByUsergroup($userroles[$r]["ID"], $objectId); $privinfo = $privinfo + $permissions[$permission]; if ($privinfo > 0) { // early exit return true; } } if ($privinfo > 0) { return true; } else { return false; } return false; }
/** * Checks if a User owns a specific Permission for a specific Object * * @param int $userId User Id * @param string $permission Privilege name * @return bool TRUE if the User has Permissions, false if not */ public function check($userId, $permission) { $userId = (int) $userId; $permission = sYDB()->escape_string(sanitize($permission)); $user = new User($userId); $userroles = $user->getUsergroups($userId); for ($r = 0; $r < count($userroles); $r++) { $permissions = $this->getByUsergroup($userroles[$r]["ID"]); $privinfo += $permissions[$permission]; if ($privinfo > 0) { return true; } } return false; }
/** * Function to get the queued commands from the history */ public function getQueuedCommands() { $entrymaskMgr = new Entrymasks(); $jsQueue = new JSQueue(NULL); $tagMgr = new Tags(); $queuedCommands = array(); $currentQueueId = sGuiLH(); if (!$currentQueueId || $currentQueueId == 'false') { return; // if running first time (only) //$currentQueueId = $jsQueue->getLastQueueId(); } if ($currentQueueId) { $queuedCommandsRaw = $jsQueue->getQueue($currentQueueId, sGuiUS()); $templateMgr = new Templates(); $viewMgr = new Views(); foreach ($queuedCommandsRaw as $queuedCommandRaw) { // Check permissions $permissionsObj = NULL; $objectID = $queuedCommandRaw['OID']; $siteID = $queuedCommandRaw['SITEID']; $icons = new Icons(); $url = $imgurl = ''; switch ($queuedCommandRaw['TYPE']) { case HISTORYTYPE_MAILING: $mailingMgr = new MailingMgr(); $mailingObj = $mailingMgr->getMailing($objectID); $permissionsObj = $mailingObj->permissions; break; case HISTORYTYPE_PAGE: if ($siteID > 0 && $objectID > 0) { $pageMgr = new PageMgr($siteID); $pageObj = $pageMgr->getPage($objectID); if ($pageObj) { $url = $pageObj->getUrl(); $permissionsObj = $pageObj->permissions; } } break; case HISTORYTYPE_CO: if (!$objectID) { continue; } $cb = sCblockMgr()->getCblock($objectID); $permissionsObj = $cb->permissions; break; case HISTORYTYPE_ENTRYMASK: $permissionsObj = $entrymaskMgr->permissions; break; case HISTORYTYPE_FILE: $permissionsObj = sFileMgr()->permissions; if ($objectID) { $file = sFileMgr()->getFile($objectID); if ($file) { $info = $file->get(); $url = sApp()->webroot . "download/" . $info['PNAME'] . "/"; $hiddenviews = $file->views->getHiddenViews(); foreach ($hiddenviews as $hiddenview) { if ($hiddenview['IDENTIFIER'] == "YGSOURCE") { $tmpviewinfo = $file->views->getGeneratedViewInfo($hiddenview['ID']); if ($tmpviewinfo[0]['TYPE'] == FILE_TYPE_WEBIMAGE) { $imgurl = sApp()->webroot . "image/" . $info['PNAME'] . "/"; } } } } } break; case HISTORYTYPE_TEMPLATE: $permissionsObj = $templateMgr->permissions; break; case HISTORYTYPE_TAG: $permissionsObj = $tagMgr->permissions; break; case HISTORYTYPE_SITE: $pageMgr = new PageMgr($siteID); $sitePages = $pageMgr->tree->get(0, 1); $tmpPageID = $sitePages[0]["ID"]; if ($tmpPageID) { $pageObj = $pageMgr->getPage($tmpPageID); $permissionsObj = $pageObj->permissions; } break; case HISTORYTYPE_USER: $permissionsObj = sUsergroups()->usergroupPermissions; break; case HISTORYTYPE_USERGROUP: case HISTORYTYPE_EXTERNAL: case HISTORYTYPE_IMAGE: case HISTORYTYPE_FILETYPES: case HISTORYTYPE_FILEVIEWS: case HISTORYTYPE_JSQUEUE: case HISTORYTYPE_PERMISSION: default: break; } if ($queuedCommandRaw['TEXT'] == 'NOPERMISSIONCHECK' || strpos($queuedCommandRaw['OLDVALUE'], 'HIGHLIGHT') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'UNHIGHLIGHT') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'PAGE_MOVE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'PAGE_HIDE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'PAGE_UNHIDE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'PAGE_ACTIVATE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'RELOAD_WINDOW') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'CLEAR_USERINFOS') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'SET_USERINFOS') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'CLEAR_FILEINFOS') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'REFRESH_WINDOW') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'ADD_FILE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_DELETE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_ADD_TAG') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_CHANGE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_CHANGECLASS') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_CHANGEPNAME') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_CHANGEBGIMAGE') === 0 || strpos($queuedCommandRaw['OLDVALUE'], 'OBJECT_CHANGE_LOCK_STATE') === 0) { $allowed = true; } else { if ($permissionsObj != NULL) { $allowed = $permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RREAD"); } } if ($permissionsObj != NULL || $allowed) { if ($allowed) { $itext = sItext(); switch ($queuedCommandRaw['OLDVALUE']) { case 'UNHIGHLIGHT': if ($queuedCommandRaw['TEXT']) { //$queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\''.$queuedCommandRaw['TEXT'].'\', \''.$objectID.'-template\', \''.$queuedCommandRaw['TEXT'].'\');'; $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\');'; } break; case 'OBJECT_CHANGE_LOCK_STATE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_changeWindowLockStateForObject(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\');'; } break; case 'OBJECT_CHANGEBGIMAGE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_changeBGImage(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\', \'' . $queuedCommandRaw['VALUE3'] . '\');'; } break; case 'OBJECT_CHANGECLASS': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_changeClass(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\', \'' . $queuedCommandRaw['VALUE3'] . '\');'; } break; case 'OBJECT_CHANGEPNAME': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_changePName(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\', \'' . $queuedCommandRaw['VALUE3'] . '\', \'' . $url . '\', \'' . $imgurl . '\');'; } break; case 'OBJECT_CHANGE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_change(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . addslashes($queuedCommandRaw['VALUE1']) . '\', \'' . addslashes($queuedCommandRaw['VALUE2']) . '\', \'' . addslashes($queuedCommandRaw['VALUE3']) . '\');'; } break; case 'OBJECT_ADD_TAG': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addTag(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\', \'' . $queuedCommandRaw['VALUE3'] . '\', \'' . $queuedCommandRaw['VALUE4'] . '\', ' . stripslashes($queuedCommandRaw['VALUE5']) . ', \'' . $queuedCommandRaw['VALUE6'] . '\', \'' . $queuedCommandRaw['VALUE7'] . '\');'; } break; case 'OBJECT_DELETE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_del(\'' . $queuedCommandRaw['TEXT'] . '\', \'' . $queuedCommandRaw['VALUE1'] . '\', \'' . $queuedCommandRaw['VALUE2'] . '\', \'' . $queuedCommandRaw['VALUE3'] . '\', \'' . $queuedCommandRaw['VALUE4'] . '\');'; } break; case 'ADD_FILE': $file = new File($objectID); $latestVersion = $file->getLatestApprovedVersion(); $file = new File($objectID, $latestVersion); $fileInfo = $file->get(); $reftracker = new Reftracker(); if ($fileInfo['CREATEDBY']) { $user = new User($fileInfo['CREATEDBY']); $userInfo = $user->get(); $userInfo['PROPS'] = $user->properties->getValues($fileInfo['CREATEDBY']); } $fileInfo['CUSTOM_DATE'] = date('d.m.Y', TStoLocalTS($fileInfo['CHANGEDTS'])); $fileInfo['CUSTOM_TIME'] = date('G:i', TStoLocalTS($fileInfo['CHANGEDTS'])); $fileInfo['REFS'] = $reftracker->getIncomingForFile($fileInfo['OBJECTID']); $tags = $file->tags->getAssigned(); for ($t = 0; $t < count($tags); $t++) { $tp = array(); $tp = $file->tags->tree->getParents($tags[$t]['ID']); $tp2 = array(); for ($p = 0; $p < count($tp); $p++) { $tinfo = $file->tags->get($tp[$p]); $tp2[$p]['ID'] = $tinfo['ID']; $tp2[$p]['NAME'] = $tinfo['NAME']; } $tp2[count($tp2) - 1]['NAME'] = $itext['TXT_TAGS'] != '' ? $itext['TXT_TAGS'] : '$TXT_TAGS'; $tags[$t]['PARENTS'] = $tp2; } $fileInfo['TAGS'] = $tags; $fileInfo['THUMB'] = 1; if ($queuedCommandRaw['TEXT'] == 'nothumb') { $fileInfo['THUMB'] = 0; } $views = $file->views->getAssigned(); foreach ($views as $view) { if ($view["IDENTIFIER"] == "YGSOURCE") { $viewinfo = $file->views->getGeneratedViewInfo($view["ID"]); $fileInfo["WIDTH"] = $viewinfo[0]["WIDTH"]; $fileInfo["HEIGHT"] = $viewinfo[0]["HEIGHT"]; } } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addFile(\'file\', \'' . $fileInfo['PARENT'] . '-file\', \'' . $objectID . '\', \'' . $fileInfo['THUMB'] . '\', \'' . $fileInfo['COLOR'] . '\', \'' . $fileInfo['CODE'] . '\', \'' . $fileInfo['NAME'] . '\', \'' . $fileInfo['PNAME'] . '\', \'' . json_encode($fileInfo['TAGS']) . '\', \'' . $fileInfo['FILESIZE'] . '\', \'' . count($fileInfo['REFS']) . '\', \'' . TStoLocalTS($fileInfo['CHANGEDTS']) . '\', \'' . $fileInfo['CUSTOM_DATE'] . '\', \'' . $fileInfo['CUSTOM_TIME'] . '\', \'' . $fileInfo['UID'] . '\', \'' . $userInfo['PROPS']['FIRSTNAME'] . ' ' . $userInfo['PROPS']['LASTNAME'] . '\', \'' . $fileInfo['FILENAME'] . '\', \'' . $fileInfo["WIDTH"] . '\', \'' . $fileInfo['HEIGHT'] . '\');'; break; case 'REFRESH_TAGS': if ($queuedCommandRaw['TEXT']) { switch ($queuedCommandRaw['TYPE']) { case HISTORYTYPE_CO: $objType = 'cblock'; break; case HISTORYTYPE_FILE: $objType = 'file'; break; } } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshTags(\'' . $objType . '\', \'' . $objectID . '-' . $objType . '\', \'tags\', \'' . $queuedCommandRaw['TEXT'] . '\');'; break; case 'REFRESH_WINDOW': if ($queuedCommandRaw['TEXT']) { switch ($queuedCommandRaw['TYPE']) { case HISTORYTYPE_CO: $objType = 'cblock'; break; case HISTORYTYPE_PAGE: $objType = 'page'; break; case HISTORYTYPE_FILE: $objType = 'file'; break; case HISTORYTYPE_TAG: $objType = 'tag'; break; case HISTORYTYPE_TEMPLATE: $objType = 'template'; break; case HISTORYTYPE_ENTRYMASK: $objType = 'entrymask'; break; case HISTORYTYPE_SITE: $objType = 'site'; break; } // Special cases switch ($queuedCommandRaw['TYPE']) { case HISTORYTYPE_PAGE: $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshWin(\'' . $objType . '\',\'' . $objectID . '-' . $siteID . '\',\'' . $queuedCommandRaw['TEXT'] . '\');'; break; case HISTORYTYPE_FILE: $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshWin(\'' . $objType . '\',\'' . $objectID . '-' . $objType . '\',\'' . $queuedCommandRaw['TEXT'] . '\');'; $queuedCommands[$queuedCommandRaw['ID']] .= 'Koala.yg_refreshWin(\'' . $objType . 'folder\',\'' . $objectID . '-' . $objType . '\',\'' . $queuedCommandRaw['TEXT'] . '\');'; break; default: $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshWin(\'' . $objType . '\',\'' . $objectID . '-' . $objType . '\',\'' . $queuedCommandRaw['TEXT'] . '\');'; break; } } break; case 'CLEAR_FILEINFOS': $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_fileInfos[' . $objectID . '] = null;'; break; case 'SET_FILEINFOS': $file = sFileMgr()->getFile($objectID); if ($file) { $latestFinalVersion = $file->getLatestApprovedVersion(); $file = new File($objectID, $latestFinalVersion); $fileInfo = $file->get(); $fileTypes = sFileMgr()->getFiletypes(); $user = new User(sUserMgr()->getCurrentUserID()); $fileInfo['DATE'] = date($itext['DATE_FORMAT'], TStoLocalTS($fileInfo['CHANGEDTS'])); $fileInfo['TIME'] = date($itext['TIME_FORMAT'], TStoLocalTS($fileInfo['CHANGEDTS'])); $fileInfo['FILESIZE'] = formatFileSize($fileInfo['FILESIZE']); $views = $file->views->getAssigned(true); $viewInfo = $file->views->getGeneratedViewInfo($views[0]["ID"]); $fileInfo['WIDTH'] = $viewInfo[0]["WIDTH"]; $fileInfo['HEIGHT'] = $viewInfo[0]["HEIGHT"]; $fileInfo['TAGS'] = $file->tags->getAssigned(); $tags = array(); foreach ($fileInfo['TAGS'] as $tag) { array_push($tags, $tag['NAME']); } $fileTags = implode(', ', $tags); if (strlen($fileTags) > 40) { $fileTags = substr($fileTags, 0, 40); $fileTags .= '...'; } $fileInfo['TAGS'] = $fileTags; if (strlen($fileInfo['NAME']) > 40) { $fileInfo['NAME'] = substr($fileInfo['NAME'], 0, 40); $fileInfo['NAME'] .= '...'; } if (strlen($fileInfo['FILENAME']) > 40) { $fileInfo['FILENAME'] = substr($fileInfo['FILENAME'], 0, 40); $fileInfo['FILENAME'] .= '...'; } if ($fileInfo['CREATEDBY']) { $user = new User($fileInfo['CREATEDBY']); $userInfo = $user->get(); $userInfo['PROPS'] = $user->properties->getValues($fileInfo['CREATEDBY']); $fileInfo['USERNAME'] = $userInfo['PROPS']['FIRSTNAME'] . ' ' . $userInfo['PROPS']['LASTNAME']; } foreach ($fileTypes as $fileTypes_item) { if ($fileTypes_item['ID'] == $fileInfo['FILETYPE']) { $fileInfo['FILETYPE_TXT'] = $fileTypes_item['NAME']; } } $fileInfo['THUMB'] = 0; $hiddenViews = $file->views->getHiddenViews(); foreach ($hiddenViews as $view) { if ($view['IDENTIFIER'] == 'yg-preview') { $tmpviewinfo = $file->views->getGeneratedViewInfo($view["ID"]); if ($tmpviewinfo[0]["TYPE"] == FILE_TYPE_WEBIMAGE) { $fileInfo['THUMB'] = 1; $fileInfo['PREVIEWWIDTH'] = $tmpviewinfo[0]["WIDTH"]; $fileInfo['PREVIEWHEIGHT'] = $tmpviewinfo[0]["HEIGHT"]; } } } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_fileInfos[' . $objectID . '] = ' . json_encode($fileInfo) . ';Koala.yg_showFileHint(\'' . $objectID . '\');'; } break; case 'SET_USERINFOS': $user = new User($objectID); $userInfo = $user->get(); $userInfo['PROPS'] = $user->properties->getValues($objectID); $userInfo['USERGROUPS'] = $user->getUsergroups($objectID); $roles = array(); foreach ($userInfo['USERGROUPS'] as $role) { array_push($roles, $role['NAME']); } $user_roles = implode(', ', $roles); if (strlen($user_roles) > 30) { $user_roles = substr($user_roles, 0, 30); $user_roles .= '...'; } if (file_exists(sApp()->app_root . sApp()->userpicdir . $objectID . '-picture.jpg')) { $internPrefix = (string) sConfig()->getVar('CONFIG/REFTRACKER/INTERNALPREFIX'); $user_picture = $internPrefix . 'userimage/' . $objectID . '/48x48?rnd=' . rand(); } else { $user_picture = sApp()->imgpath . 'content/temp_userpic.png'; } $user_company = $userInfo['PROPS']['COMPANY']; $user_name = $userInfo['PROPS']['FIRSTNAME'] . ' ' . $userInfo['PROPS']['LASTNAME']; $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_userInfos[' . $objectID . '] = {name: \'' . $user_name . '\', groups: \'' . $user_roles . '\', pic: \'' . $user_picture . '\', company: \'' . $user_company . '\'}'; break; case 'CLEAR_USERINFOS': $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_userInfos[' . $objectID . '] = null;'; break; case 'CLEAR_REFRESH': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_clearRefresh(\'' . $objectID . '-' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'RELOAD_WINDOW': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_reloadWin(null, \'' . $objectID . '-' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'PAGE_DEACTIVATE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_deActivate(\'page\', \'' . $objectID . '-' . $siteID . '\', \'name\');'; } break; case 'PAGE_ACTIVATE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_activate(\'page\', \'' . $objectID . '-' . $siteID . '\', \'name\');'; } break; case 'PAGE_UNHIDE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHide(\'page\', \'' . $objectID . '-' . $siteID . '\', \'name\');'; } break; case 'PAGE_HIDE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_hide(\'page\', \'' . $objectID . '-' . $siteID . '\', \'name\');'; } break; case 'FILE_DELVIEW': if ($queuedCommandRaw['TEXT']) { $file = sFileMgr()->getFile($objectID); $fileInfo = $file->get(); if ($fileInfo['FOLDER'] == 1) { $isFolder = 'true'; } else { $isFolder = 'false'; } $queuedCommands[$queuedCommandRaw['ID']] = 'if (Koala.yg_delViewArr[' . $queuedCommandRaw['TEXT'] . ']) Koala.yg_delViewArr[' . $queuedCommandRaw['TEXT'] . '](' . $objectID . ', ' . $isFolder . ');'; } break; case 'FILE_CLEAR_DELVIEW': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'if (Koala.yg_delViewArr[' . $queuedCommandRaw['TEXT'] . ']) Koala.yg_delViewArr[' . $queuedCommandRaw['TEXT'] . ']=undefined;'; } break; case 'FILE_ADDVIEW': if ($queuedCommandRaw['TEXT']) { $file = sFileMgr()->getFile($objectID); $fileInfo = $file->get(); $viewInfo = $viewMgr->get($queuedCommandRaw['TEXT']); if ($fileInfo['FOLDER'] == 1) { $isFolder = 'true'; } else { $isFolder = 'false'; } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addView(\'' . $objectID . '\', \'' . $viewInfo['ID'] . '\', \'' . $viewInfo['IDENTIFIER'] . '\', \'' . $viewInfo['NAME'] . '\', \'' . $viewInfo['WIDTH'] . '\', \'' . $viewInfo['HEIGHT'] . '\', \'' . $isFolder . '\');'; } break; case 'FILE_GENERATEDVIEW': if ($queuedCommandRaw['TEXT']) { $file = sFileMgr()->getFile($objectID); $viewInfo = $viewMgr->get($queuedCommandRaw['TEXT']); $generatedViewInfo = $file->views->getGeneratedViewInfo($viewInfo['ID']); if ($generatedViewInfo[0]['TYPE'] == FILE_TYPE_WEBIMAGE) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addGenerated(\'' . $objectID . '\',\'' . $viewInfo['IDENTIFIER'] . '\', \'' . $viewInfo['WIDTH'] . '\', \'' . $viewInfo['HEIGHT'] . '\');'; } else { if ($generatedViewInfo[0]) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addGenerated(\'' . $objectID . '\',\'NULL\');'; } } } break; case 'UNHIGHLIGHT_TEMPLATE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'template\', \'' . $objectID . '-template\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'HIGHLIGHT_PAGE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_hilite(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'UNHIGHLIGHT_PAGE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'HIGHLIGHT_CBLOCK': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_hilite(\'cblock\', \'' . $objectID . '-cblock\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'UNHIGHLIGHT_CBLOCK': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'cblock\', \'' . $objectID . '-cblock\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'UNHIGHLIGHT_ENTRYMASK': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'entrymask\', \'' . $objectID . '-entrymask\', \'' . $queuedCommandRaw['TEXT'] . '\');' . 'Koala.yg_unHilite(\'page\', \'' . $objectID . '-entrymask\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'UNHIGHLIGHT_SITE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'page\', \'' . $objectID . '-site\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'HIGHLIGHT_SITE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_hilite(\'page\', \'' . $objectID . '-site\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'HIGHLIGHT_MAILING': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_hilite(\'mailing\', \'' . $objectID . '-mailing' . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'UNHIGHLIGHT_MAILING': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_unHilite(\'mailing\', \'' . $objectID . '-mailing' . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'PAGE_MOVE': if ($queuedCommandRaw['TEXT']) { if ($queuedCommandRaw['TARGETID'] == 1) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveTreeNode(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\', 2);'; } else { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveTreeNode(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\', 1);'; } } break; case 'PAGE_MOVEUP': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveUp(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'PAGE_MOVEDOWN': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveDown(\'page\', \'' . $objectID . '-' . $siteID . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } break; case 'CBLOCK_MOVE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveTreeNode(\'cblock\', \'' . $objectID . '-cblock\', \'' . $queuedCommandRaw['TEXT'] . '-cblock\', 1);'; } break; case 'FILE_MOVE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveTreeNode(\'file\', \'' . $objectID . '-file\', \'' . $queuedCommandRaw['TEXT'] . '-file\', 1);'; } break; case 'TAG_MOVE': if ($queuedCommandRaw['TEXT']) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_moveTreeNode(\'tag\', \'' . $objectID . '-tag\', \'' . $queuedCommandRaw['TEXT'] . '-tag\', 1);'; } break; case 'TAG_ADD': $objectInfo = $tagMgr->get($objectID); $icon = $icons->icon['tag_small']; $statusClass = ''; if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RWRITE")) { // Nur Leserecht (hellgrau) $statusClass .= " nowrite"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RDELETE")) { // Nur Leserecht (hellgrau) $statusClass .= " nodelete"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RSUB")) { $statusClass .= " nosub"; } $objectName = $objectInfo['NAME']; $objectParents = $tagMgr->getParents($objectID); $parentNodeId = $objectParents[0][0]["ID"]; if ($queuedCommandRaw['NEWVALUE'] == sGuiUS()) { $andSelect = 'true'; } else { $andSelect = 'false'; } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addChild(\'tag\', \'' . $parentNodeId . '-tag\', \'name\', \'' . $objectName . '\', \'tag\', \'' . $objectID . '-tag\', \'name\', \'' . $icon . '\', \'' . $statusClass . '\', ' . $andSelect . ');'; break; case 'FILE_ADD': case 'FILEFOLDER_ADD': $file = sFileMgr()->getFile($objectID); if ($file) { $objectInfo = $file->get(); $icon = $icons->icon['folder']; $statusClass = ''; if ($objectInfo["VERSIONPUBLISHED"] + 2 != $objectInfo["VERSION"] && $objectInfo["VERSIONPUBLISHED"] != ALWAYS_LATEST_APPROVED_VERSION && $objectInfo["HASCHANGED"] == "1") { // Editiert (grün) $statusClass = "changed"; } elseif ($objectInfo["HASCHANGED"] == "1") { $statusClass = "changed"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RWRITE")) { // Nur Leserecht (hellgrau) $statusClass .= " nowrite"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RDELETE")) { // Nur Leserecht (hellgrau) $statusClass .= " nodelete"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RSUB")) { $statusClass .= " nosub"; } $objectName = $objectInfo['NAME']; $objectParents = sFileMgr()->getParents($objectID); $parentNodeId = $objectParents[0][0]["ID"]; if ($queuedCommandRaw['NEWVALUE'] == sGuiUS()) { $andSelect = 'true'; } else { $andSelect = 'false'; } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addChild(\'file\', \'' . $parentNodeId . '-file\', \'name\', \'' . $objectName . '\', \'file\', \'' . $objectID . '-file\', \'name\', \'' . $icon . '\', \'' . $statusClass . '\', ' . $andSelect . ');'; } break; case 'CBLOCK_ADD': $cb = sCblockMgr()->getCblock($objectID); $objectInfo = $cb->get(); $icon = $icons->icon['cblock_small']; $statusClass = ''; if ($objectInfo['FOLDER'] != 1) { if ($objectInfo["VERSIONPUBLISHED"] + 2 != $objectInfo["VERSION"] && $objectInfo["VERSIONPUBLISHED"] != ALWAYS_LATEST_APPROVED_VERSION && $objectInfo["HASCHANGED"] == "1") { // Editiert (grün) $statusClass .= "changed changed1 nosub"; } elseif ($objectInfo["HASCHANGED"] == "1") { $statusClass .= "changed changed2 nosub"; } } else { if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RSUB")) { $statusClass .= " nosub"; } $icon = $icons->icon['folder']; $statusClass .= " folder"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RWRITE")) { // Nur Leserecht (hellgrau) $statusClass .= " nowrite"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RDELETE")) { // Nur Leserecht (hellgrau) $statusClass .= " nodelete"; } $objectName = $objectInfo['NAME']; $objectParents = sCblockMgr()->getParents($objectID); $parentNodeId = $objectParents[0][0]["ID"]; if ($queuedCommandRaw['NEWVALUE'] == sGuiUS() && $queuedCommandRaw['TEXT'] != 'list') { $andSelect = 'true'; } else { $andSelect = 'false'; } if ($queuedCommandRaw['NEWVALUE'] == sGuiUS()) { $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addListItem(\'' . $parentNodeId . '-cblock\', \'' . addslashes(json_encode($objectInfo)) . '\', \'' . $queuedCommandRaw['TEXT'] . '\');'; } $queuedCommands[$queuedCommandRaw['ID']] .= 'Koala.yg_addChild(\'cblock\', \'' . $parentNodeId . '-cblock\', \'name\', \'' . $objectName . '\', \'cblock\', \'' . $objectID . '-cblock\', \'name\', \'' . $icon . '\', \'' . $statusClass . '\', ' . $andSelect . ');'; break; case 'PAGE_ADD': if ($pageObj) { $objectInfo = $pageObj->get(); $icon = $icons->icon['page_small']; $statusClass = ''; $inactive = false; if ($objectInfo["ACTIVE"] == "0") { $icon = $icons->icon['page_inactive_small']; $inactive = true; } $naviinfo = NULL; $navis = $templateMgr->getNavis($objectInfo["TEMPLATEID"]); for ($i = 0; $i < count($navis); $i++) { if ($navis[$i]["ID"] == $objectInfo["NAVIGATIONID"]) { $naviinfo = $navis[$i]; } } if ($objectInfo["HIDDEN"] == "1" || $objectInfo["TEMPLATEID"] == "0" || !$naviinfo['ID']) { $icon = $icons->icon['page_hidden_small']; if ($inactive == true) { $icon = $icons->icon['page_inactive_hidden_small']; } } if ($objectInfo["VERSIONPUBLISHED"] + 2 != $objectInfo["VERSION"] && $objectInfo["VERSIONPUBLISHED"] != ALWAYS_LATEST_APPROVED_VERSION && $objectInfo["HASCHANGED"] == "1") { // Editiert (grün) $statusClass = "changed"; } elseif ($objectInfo["HASCHANGED"] == "1") { $statusClass = "changed"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RWRITE")) { // Nur Leserecht (hellgrau) $statusClass .= " nowrite"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RDELETE")) { // Nur Leserecht (hellgrau) $statusClass .= " nodelete"; } if (!$permissionsObj->checkInternal(sUserMgr()->getCurrentUserID(), $objectID, "RSUB")) { $statusClass .= " nosub"; } $objectName = $objectInfo['NAME']; $objectParents = $pageMgr->getParents($objectID); $parentNodeId = $objectParents[0][0]["ID"]; if (!$parentNodeId) { $parentNodeId = 1; } $url = $pageObj->getUrl(); if ($queuedCommandRaw['NEWVALUE'] == sGuiUS()) { $andSelect = 'true'; } else { $andSelect = 'false'; } $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_addChild(\'page\', \'' . $parentNodeId . '-' . $siteID . '\', \'name\', \'' . $objectName . '\', \'page\', \'' . $objectID . '-' . $siteID . '\', \'name\', \'' . $icon . '\', \'' . $statusClass . '\', ' . $andSelect . ', \'' . $url . '\');' . "\n"; } break; case 'MAILING_ADD': $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshMailingsWindow();' . "\n"; break; case 'MAILING_DELETE': $queuedCommands[$queuedCommandRaw['ID']] = 'Koala.yg_refreshMailingsWindow(true);' . "\n"; break; default: $queuedCommands[$queuedCommandRaw['ID']] = stripslashes($queuedCommandRaw['OLDVALUE']) . "\n"; break; } } } } if (count($queuedCommandsRaw)) { $currentQueueId = $queuedCommandsRaw[count($queuedCommandsRaw) - 1]['ID']; } } $output = "\n<script>\n"; $output .= "parent.Koala.currentGuiSyncHistoryId = " . $currentQueueId . ";\n"; $output .= "parent.Koala.yg_executeGuiJSQueue( " . json_encode($queuedCommands) . " );\n"; $output .= "</script>\n"; print $output; }
/** * Adds a Usergroup * * @param string $name (optional) Usergroup Name * @return int New Usergroup Id */ function add($name = "new Usergroup") { if ($this->permissions->check($this->_uid, 'RUSERGROUPS')) { $name = sYDB()->escape_string(sanitize($name)); $sql = "INSERT INTO " . $this->_table . " VALUES (0, ?);"; sYDB()->Execute($sql, $name); $newId = sYDB()->Insert_ID(); if ($newId > 0) { $tmpUser = new User(sUserMgr()->getCurrentUserID()); $userRoles = $tmpUser->getUsergroups(); foreach ($userRoles as $userRoles_item) { $usergroupPermissions = $this->permissions->getByUsergroup($userRoles_item['ID']); if ($usergroupPermissions['RUSERGROUPS']) { $pinfo = $this->usergroupPermissions->getByUsergroup($userRoles_item['ID'], $newId); if (count($pinfo) > 0) { // Update $sql = "UPDATE yg_usergroups_permissions SET RREAD = 1, RWRITE = 1, RDELETE = 1 WHERE OID = ? AND USERGROUPID = ?;"; $result = sYDB()->Execute($sql, $newId, $userRoles_item['ID']); if ($result === false) { throw new Exception(sYDB()->ErrorMsg()); } } else { // Insert $sql = "INSERT INTO yg_usergroups_permissions SET USERGROUPID = ?, RREAD = 1, RWRITE = 1, RDELETE = 1, OID = ?;"; $result = sYDB()->Execute($sql, $userRoles_item['ID'], $newId); if ($result === false) { throw new Exception(sYDB()->ErrorMsg()); } } } } // Add permissions for Administrator group $rootgroupId = (int) sConfig()->getVar('CONFIG/SYSTEMUSERS/ROOTGROUPID'); $pinfo = $this->usergroupPermissions->getByUsergroup($rootgroupId, $newId); if (count($pinfo) > 0) { // Update $sql = "UPDATE yg_usergroups_permissions SET RREAD = 1, RWRITE = 1, RDELETE = 1 WHERE OID = ? AND USERGROUPID = ?;"; $result = sYDB()->Execute($sql, $newId, $rootgroupId); if ($result === false) { throw new Exception(sYDB()->ErrorMsg()); } } else { // Insert $sql = "INSERT INTO yg_usergroups_permissions SET USERGROUPID = ?, RREAD = 1, RWRITE = 1, RDELETE = 1, OID = ?;"; $result = sYDB()->Execute($sql, $rootgroupId, $newId); if ($result === false) { throw new Exception(sYDB()->ErrorMsg()); } } $this->setDefaultPermissions($newId); } return $newId; } else { return false; } }
/** * Gets the Users in a specified Usergroup * * @param int $usergroupId Usergroup-Id * @param string $order SQL-order-by-clause * @param string $sort SQL-sort-clause * @param string $limit SQL-limit-clause * @param string $searchText (optional) Searchtext * @return array|bool Array of Users or FALSE in case of an error */ function getByUsergroup($usergroupId, $order = '', $sort = 'ASC', $limit = '', $searchText = NULL) { if (sUsergroups()->permissions->check($this->_uid, 'RUSERS')) { $sqlargs = array(); $usergroupId = (int) $usergroupId; $order = sYDB()->escape_string(sanitize($order)); $sort = (int) sYDB()->escape_string(sanitize($sort)); $limit = sYDB()->escape_string(sanitize($limit)); $limitsql = ""; $currUser = new User(sUserMgr()->getCurrentUserID()); if (strlen($order) < 1) { $ordersql = "LASTNAME"; } if (strlen($order) > 0) { $ordersql = $order; } if ($order == "FIRSTNAME") { $ordersql = "NAME ASC, EMAIL ASC"; } if ($sort == "ASC") { $sortsql = "ASC"; } else { $sortsql = "DESC"; } if ($limit) { $limitarr = explode(",", $limit); $limitsql = "LIMIT " . (int) $limitarr[0] . "," . (int) $limitarr[1]; } $perm_sql_select = ", MAX(perm.RREAD) AS RREAD, MAX(perm.RWRITE) AS RWRITE, MAX(perm.RDELETE) AS RDELETE, MAX(perm.RSUB) AS RSUB, MAX(perm.RSTAGE) AS RSTAGE, MAX(perm.RSEND) AS RSEND"; $perm_sql_from = " LEFT JOIN yg_usergroups_permissions AS perm ON perm.OID = lnk.USERGROUPID"; array_push($sqlargs, $usergroupId); $perm_sql_where = " AND ("; $roles = $currUser->getUsergroups(); for ($r = 0; $r < count($roles); $r++) { array_push($sqlargs, $roles[$r]["ID"]); $perm_sql_where .= "(perm.USERGROUPID = ?) "; if (count($roles) - $r > 1) { $perm_sql_where .= " OR "; } } $perm_sql_where .= ") "; $searchSQL = ''; if (strlen($searchText)) { $searchText = "%" . sYDB()->escape_string(sanitize($searchText)) . "%"; $properties = $currUser->properties->getList(); $searchSQL = "AND ("; for ($i = 0; $i < count($properties); $i++) { if ($i != 0) { $searchSQL .= " OR "; } $searchSQL .= "(yg_user_propsv." . sYDB()->escape_string(sanitize($properties[$i]["IDENTIFIER"])) . " LIKE ?)"; array_push($sqlargs, $searchText); } $searchSQL .= ")"; } $sql = "SELECT\n\t\t\t\t\t\tu.LOGIN AS LOGIN,\n\t\t\t\t\t\tu.PASSWORD AS PASSWORD,\n\t\t\t\t\t\tu.ID AS ID,\n\t\t\t\t\t\tu.ID AS UID,\n\t\t\t\t\t\tyg_user_propsv.LASTNAME AS LASTNAME,\n\t\t\t\t\t\tyg_user_propsv.FIRSTNAME AS FIRSTNAME,\n\t\t\t\t\t\tyg_user_propsv.EMAIL AS EMAIL\n\t\t\t\t\t\t{$perm_sql_select}\n\t\t\t\t\tFROM\n\t\t\t\t\t\tyg_user as u\n\t\t\t\t\tLEFT JOIN\n\t\t\t\t\t\tyg_user_lnk_usergroups as lnk ON u.ID = lnk.UID\n\t\t\t\t\tLEFT JOIN\n\t\t\t\t\t\tyg_user_propsv ON u.ID = yg_user_propsv.OID\n\t\t\t\t\t{$perm_sql_from}\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t(lnk.USERGROUPID = ?)\n\t\t\t\t\t\t{$perm_sql_where}\n\t\t\t\t\t\t{$searchSQL}\n\t\t\t\t\tGROUP BY\n\t\t\t\t\t\tu.ID\n\t\t\t\t\tHAVING\n\t\t\t\t\t\t(RREAD >= 1)\n\t\t\t\t\tORDER BY `{$ordersql}` {$sortsql} {$limitsql};"; array_unshift($sqlargs, $sql); $dbr = call_user_func_array(array(sYDB(), 'Execute'), $sqlargs); if ($dbr === false) { throw new Exception(sYDB()->ErrorMsg()); } $resultarray = $dbr->GetArray(); return $resultarray; } else { return false; } }
if ($userID < 1) { $userID = sUserMgr()->getAnonymousID(); } // Page Properties $pageInfo = $page->get(); $pageProperties = $page->properties->get(); $pageInfo = array_merge($pageProperties, $pageInfo); $pageInfo["URL"] = $page->getUrl(); // 404 if in trash if ($pageInfo['DELETED'] == 1) { // Throw status 404 throwErrorPage('404'); } // Access Control $user = new User($userID); $userroles = $user->getUsergroups(); // Map untitled parameters into app::request object $fullpath = implode('/', sApp()->request->path); if ($colonPos = strpos($fullpath, ':')) { $untitledParams = substr($fullpath, $colonPos + 1); $untitledparams = explode(':', $untitledParams); foreach ($untitledparams as $key => $value) { if (is_null($value) || $value == '') { unset($untitledparams[$key]); } } $untitledparams = array_values($untitledparams); sApp()->request->untitled_parameters = $untitledparams; } // Cache Management if ($_SERVER["CACHE_BROWSER"] == 1) {
/** * Creates all database tables for the specified Site * * @param int $id Site Id * @param string $name Site name * @return bool TRUE on success or FALSE in case of an error */ private function createSiteTables($id, $name) { $id = (int) $id; $name = sYDB()->escape_string($name); $sql = "CREATE TABLE `yg_site_" . $id . "_lnk_cb` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `CBID` int(11) NOT NULL DEFAULT '0',\n\t\t `CBVERSION` int(11) NOT NULL DEFAULT '0',\n\t\t `CBPID` int(11) NOT NULL DEFAULT '0',\n\t\t `PID` int(11) NOT NULL DEFAULT '0',\n\t\t `PVERSION` int(11) NOT NULL DEFAULT '0',\n\t\t `ORDERPROD` int(11) NOT NULL DEFAULT '9999',\n\t\t `TEMPLATECONTENTAREA` varchar(85) NOT NULL DEFAULT '',\n\t\t PRIMARY KEY (`ID`),\n\t\t KEY `CBID` (`CBID`,`CBVERSION`),\n\t\t KEY `CBID_2` (`CBID`,`PID`,`PVERSION`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; sYDB()->Execute($sql); $sql = "CREATE TABLE `yg_comments_lnk_pages_" . $id . "` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `OID` int(11) NOT NULL DEFAULT '0',\n\t\t `COMMENTID` int(11) NOT NULL DEFAULT '0',\n\t\t `ORDERPROD` int(11) NOT NULL DEFAULT '9999',\n\t\t PRIMARY KEY (`ID`),\n\t\t UNIQUE KEY `OID` (`OID`,`COMMENTID`) USING BTREE\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; sYDB()->Execute($sql); $sql = "CREATE TABLE `yg_site_" . $id . "_permissions` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `OID` int(11) NOT NULL DEFAULT '0',\n\t\t `USERGROUPID` int(11) NOT NULL DEFAULT '0',\n\t\t `RREAD` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RWRITE` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RDELETE` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RSUB` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RSTAGE` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RMODERATE` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RCOMMENT` smallint(6) NOT NULL DEFAULT '0',\n\t\t `RSEND` smallint(6) NOT NULL DEFAULT '0',\n\t\t PRIMARY KEY (`ID`),\n\t\t KEY `OID` (`OID`,`USERGROUPID`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; sYDB()->Execute($sql); $user = new User(sUserMgr()->getCurrentUserID()); $anonGroupId = (int) sConfig()->getVar("CONFIG/SYSTEMUSERS/ANONGROUPID"); $rolesList = $user->getUsergroups(); $tmpUser = new User(sUserMgr()->getCurrentUserID()); for ($r = 0; $r < count($rolesList); $r++) { if ($tmpUser->checkPermission('RSITES')) { if ($rolesList[$r]["ID"] != $anonGroupId) { $sql = "INSERT INTO\t`yg_site_" . $id . "_permissions`\n\t\t\t\t\t\t\t\t(`OID`, `USERGROUPID`, `RREAD`, `RWRITE`, `RDELETE`, `RSUB`, `RSTAGE`, `RMODERATE`, `RCOMMENT`, `RSEND`)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t(1, ?, 1, 1, 1, 1, 1, 1, 1, 1);"; sYDB()->Execute($sql, $rolesList[$r]["ID"]); } } } $sql = "INSERT INTO\t`yg_site_" . $id . "_permissions`\n\t\t\t\t\t(`OID`, `USERGROUPID`, `RREAD`, `RWRITE`, `RDELETE`, `RSUB`, `RSTAGE`, `RMODERATE`, `RCOMMENT`, `RSEND`)\n\t\t\t\tVALUES\n\t\t\t\t\t(1, ?, 1, 0, 0, 0, 0, 0, 0, 0);"; sYDB()->Execute($sql, $anonGroupId); $sql = "CREATE TABLE `yg_site_" . $id . "_properties` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `OBJECTID` int(11) NOT NULL DEFAULT '0',\n\t\t `VERSION` int(11) NOT NULL DEFAULT '0',\n\t\t `APPROVED` smallint(6) NOT NULL DEFAULT '0',\n\t\t `CREATEDBY` int(11) NOT NULL DEFAULT '0',\n\t\t `CHANGEDBY` int(11) NOT NULL DEFAULT '0',\n\t\t `HASCHANGED` int(11) NOT NULL DEFAULT '0',\n\t\t `TEMPLATEID` int(11) NOT NULL DEFAULT '0',\n\t\t `COMMENTSTATUS` int(11) NOT NULL DEFAULT '1',\n\t\t `COMMENTSTATUS_AUTO` int(11) NOT NULL DEFAULT '1',\n\t\t `NAVIGATION` int(11) NOT NULL DEFAULT '0',\n\t\t `ACTIVE` int(11) NOT NULL DEFAULT '0',\n\t\t `HIDDEN` int(11) NOT NULL DEFAULT '0',\n\t\t `LOCKED` int(11) NOT NULL DEFAULT '0',\n\t\t `LOCKUID` text NOT NULL,\n\t\t `TOKEN` text NOT NULL,\n\t\t `DELETED` int(11) NOT NULL DEFAULT '0',\n\t\t `CREATEDTS` int(11) NOT NULL DEFAULT '0',\n\t\t `CHANGEDTS` int(11) NOT NULL DEFAULT '0',\n\t\t PRIMARY KEY (`ID`),\n\t\t KEY `OBJECTID` (`OBJECTID`,`VERSION`),\n\t\t KEY `VERSION` (`VERSION`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;\n\t\t"; sYDB()->Execute($sql); $sql = "INSERT INTO `yg_site_" . $id . "_properties` (`OBJECTID`, `VERSION`, `APPROVED`, `CREATEDBY`, `CHANGEDBY`, `HASCHANGED`, `TEMPLATEID`, `NAVIGATION`, `ACTIVE`, `HIDDEN`, `LOCKED`, `DELETED`, `CREATEDTS`, `CHANGEDTS`) VALUES\n\t\t\t\t(1, 0, 1, 1, 0, ?, ?, 0, 1, 0, 0, 0, 0, 0);"; sYDB()->Execute($sql, sUserMgr()->getCurrentUserID(), sUserMgr()->getCurrentUserID()); // hotfix for #2260 (in principle we want custom properties per site) $siteList = $this->getList(); $sourceSiteId = (int) $siteList[0]["ID"]; if (count($siteList) > 0) { $sql = "CREATE TABLE `yg_site_" . $id . "_props` AS (SELECT * FROM `yg_site_" . $sourceSiteId . "_props`);"; sYDB()->Execute($sql); $sql = "CREATE TABLE `yg_site_" . $id . "_propslv` AS (SELECT * FROM `yg_site_" . $sourceSiteId . "_propslv`);"; sYDB()->Execute($sql); $sql = "CREATE TABLE `yg_site_" . $id . "_propsv` AS (SELECT * FROM `yg_site_" . $sourceSiteId . "_propsv` WHERE OID < 0);"; sYDB()->Execute($sql); } else { // first site $sql = "CREATE TABLE `yg_site_" . $id . "_props` (\n\t\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t `NAME` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n\t\t\t `IDENTIFIER` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n\t\t\t `VISIBLE` int(11) NOT NULL DEFAULT '1',\n\t\t\t `READONLY` int(11) NOT NULL DEFAULT '0',\n\t\t\t `TYPE` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n\t\t\t `LISTORDER` int(11) NOT NULL DEFAULT '9999',\n\t\t\t PRIMARY KEY (`ID`)\n\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;\n\t\t\t"; sYDB()->Execute($sql); $sql = "INSERT INTO `yg_site_" . $id . "_props` (`ID`, `NAME`, `IDENTIFIER`, `VISIBLE`, `READONLY`, `TYPE`, `LISTORDER`) VALUES\n\t\t\t\t\t\t(1, 'Name', 'NAME', 1, 1, 'TEXT', 1),\n\t\t\t\t\t\t(2, 'Title', 'TITLE', 1, 1, 'TEXT', 2),\n\t\t\t\t\t\t(3, 'Description', 'DESCRIPTION', 1, 1, 'TEXTAREA', 3);"; sYDB()->Execute($sql); $sql = "CREATE TABLE IF NOT EXISTS `yg_site_" . $id . "_propslv` (\n\t\t\t\t\t\t`ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t\t`PID` int(11) NOT NULL,\n\t `VALUE` varchar(50) NOT NULL,\n\t `LISTORDER` int(11) NOT NULL DEFAULT '9999',\n\t PRIMARY KEY (`ID`),\n\t KEY `LISTORDER` (`LISTORDER`,`PID`)\n\t\t\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; sYDB()->Execute($sql); $sql = "CREATE TABLE IF NOT EXISTS `yg_site_" . $id . "_propsv` (\n\t\t\t\t\t\t`OID` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t\t`NAME` text,\n\t\t\t\t\t\t`TITLE` text,\n\t\t\t\t\t\t`DESCRIPTION` text,\n\t\t\t\t\t\tPRIMARY KEY (`OID`)\n\t\t\t\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; sYDB()->Execute($sql); } $sql = "INSERT INTO `yg_site_" . $id . "_propsv` (`OID`, `NAME`, `TITLE`, `DESCRIPTION`) VALUES\n\t\t\t\t\t(1, ?, NULL, NULL);"; sYDB()->Execute($sql, $name); $sql = "CREATE TABLE IF NOT EXISTS `yg_site_" . $id . "_tree` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `LFT` int(11) NOT NULL DEFAULT '0',\n\t\t `RGT` int(11) NOT NULL DEFAULT '0',\n\t\t `VERSIONPUBLISHED` int(11) NOT NULL DEFAULT '0',\n\t\t `MOVED` int(11) NOT NULL DEFAULT '0',\n\t\t `TITLE` text,\n\t\t `LEVEL` int(11) NOT NULL DEFAULT '0',\n\t\t `PARENT` int(11) NOT NULL DEFAULT '0',\n\t\t `PNAME` text,\n\t\t PRIMARY KEY (`ID`),\n\t\t KEY `LFT_2` (`LFT`,`RGT`),\n\t\t KEY `LFT` (`LFT`,`RGT`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;\n\t\t"; sYDB()->Execute($sql); $sql = "INSERT INTO `yg_site_" . $id . "_tree` (`ID`, `LFT`, `RGT`, `VERSIONPUBLISHED`, `MOVED`, `TITLE`, `LEVEL`, `PARENT`, `PNAME`) VALUES\n\t\t(1, 1, 2, 0, 0, '', 1, 0, ?);"; sYDB()->Execute($sql, $name); $sql = "CREATE TABLE IF NOT EXISTS `yg_site_" . $id . "_tree_history` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `OID` int(11) NOT NULL DEFAULT '0',\n\t\t `DATETIME` int(11) DEFAULT NULL,\n\t\t `TEXT` text NOT NULL,\n\t\t `UID` int(11) NOT NULL DEFAULT '0',\n\t\t `TYPE` int(11) NOT NULL,\n\t\t `TARGETID` int(11) NOT NULL,\n\t\t `OLDVALUE` text NOT NULL,\n\t\t `NEWVALUE` text NOT NULL,\n\t\t PRIMARY KEY (`ID`),\n\t\t KEY `OID` (`OID`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;"; sYDB()->Execute($sql); $sql = "CREATE TABLE IF NOT EXISTS `yg_site_" . $id . "_cron` (\n\t\t `ID` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `OBJECTTYPE` int(11) NOT NULL,\n\t\t `OBJECTID` int(11) NOT NULL,\n\t\t `ACTIONCODE` varchar(15) COLLATE utf8_unicode_ci NOT NULL,\n\t\t `TIMESTAMP` bigint(20) NOT NULL,\n\t\t `EXPIRES` bigint(20) NOT NULL,\n\t\t `PARAMETERS` text COLLATE utf8_unicode_ci NOT NULL,\n\t\t `USERID` int(11) NOT NULL,\n\t\t `STATUS` int(11) NOT NULL,\n\t\t PRIMARY KEY (`ID`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; sYDB()->Execute($sql); return true; }
/** * Gets all Comments * * @param array $filterArray Filter array * @param string $filterLimit Filter limit * @return array Array of Comments */ function getAllComments($filterArray, $filterLimit) { if ($filterArray) { $filterSelect = $filterFrom = $filterWhere = $filterLimit = $filterOrder = $filterHaving = ''; buildBackendFilter('CommentsFilterCB', $filterArray, $filterSelect, $filterFrom, $filterWhere, $filterLimit, $filterOrder, $filterHaving); } if ($filterLimit) { $filterLimit = "LIMIT " . $filterLimit; } if ($filterHaving) { $filterHaving = "AND " . $filterHaving; } $filterOrder = 'DESC'; $siteMgr = new Sites(); $allSites = $siteMgr->getList(); $sitesIfExpressionSQL = ''; $sitesIfExpressionSQL2 = ''; $sitesJoinExpressionSQL = ''; $sitesIDCoalesceSQL = ''; $sitesNAMECoalesceSQL = ''; $sitesRREADCoalesceSQL = ''; $sitesRMODERATECoalesceSQL = ''; $sitesRCOMMENTCoalesceSQL = ''; $sitesUSERGROUPIDCoalesceSQL = ''; $sitesUSERGROUPIDHavingSQL = ''; $currUser = new User($this->_uid); $roles = $currUser->getUsergroups(); foreach ($allSites as $site) { $sitesIfExpressionSQL .= "\n\t\t\t\tIF(yg_site_" . $site['ID'] . "_tree.id IS NOT NULL, 'PAGE', "; $sitesIfExpressionSQL2 .= "\n\t\t\t\tIF(yg_site_" . $site['ID'] . "_tree.id IS NOT NULL, '" . $site['ID'] . "', "; $sitesJoinExpressionSQL .= "\n\t\t\t\tLEFT JOIN yg_comments_lnk_pages_" . $site['ID'] . "\n\t\t\t\tON (c.id = yg_comments_lnk_pages_" . $site['ID'] . ".commentid)\n\t\t\t\tLEFT JOIN yg_site_" . $site['ID'] . "_tree\n\t\t\t\tON (yg_site_" . $site['ID'] . "_tree.id = yg_comments_lnk_pages_" . $site['ID'] . ".OID)\n\t\t\t\tLEFT JOIN yg_site_" . $site['ID'] . "_permissions\n\t\t\t\tON (yg_site_" . $site['ID'] . "_permissions.OID = yg_comments_lnk_pages_" . $site['ID'] . ".OID)\n\t\t\t\t"; $sitesIDCoalesceSQL .= ", yg_site_" . $site['ID'] . "_tree.ID"; $sitesNAMECoalesceSQL .= ", yg_site_" . $site['ID'] . "_tree.ID"; $sitesRREADCoalesceSQL .= ", (yg_site_" . $site['ID'] . "_permissions.RREAD)"; $sitesRMODERATECoalesceSQL .= ", (yg_site_" . $site['ID'] . "_permissions.RMODERATE)"; $sitesRCOMMENTCoalesceSQL .= ", (yg_site_" . $site['ID'] . "_permissions.RCOMMENT)"; $sitesUSERGROUPIDCoalesceSQL .= ", yg_site_" . $site['ID'] . "_permissions.USERGROUPID"; } $sitesUSERGROUPIDHavingSQL .= " AND ("; for ($r = 0; $r < count($roles); $r++) { $sitesUSERGROUPIDHavingSQL .= "(USERGROUPID = " . $roles[$r]["ID"] . ")"; if (count($roles) - $r > 1) { $sitesUSERGROUPIDHavingSQL .= " OR "; } } $sitesUSERGROUPIDHavingSQL .= ")"; $sitesIfExpressionSQL .= "NULL ))" . str_repeat(')', count($allSites)); $sitesIfExpressionSQL2 .= "NULL " . str_repeat(')', count($allSites)); $sql = "SELECT\n\t\t\tc.*,\n\t\t\tCOALESCE(yg_contentblocks_tree.PNAME, yg_files_tree.TITLE {$sitesNAMECoalesceSQL}) AS `NAME`,\n\t\t\tIF(yg_contentblocks_tree.id IS NOT NULL, 'CO',\n\t\t\tIF(yg_files_tree.id IS NOT NULL, 'FILE',\n\t\t\t{$sitesIfExpressionSQL} AS OBJECTTYPE,\n\t\t\tCOALESCE(yg_contentblocks_tree.ID, yg_files_tree.ID {$sitesIDCoalesceSQL}) AS `OBJECTID`,\n\t\t\t{$sitesIfExpressionSQL2} AS SITEID,\n\n\t\t\tCOALESCE((yg_contentblocks_permissions.RREAD), (yg_files_permissions.RREAD) {$sitesRREADCoalesceSQL}) AS `RREAD`,\n\t\t\tCOALESCE((yg_contentblocks_permissions.RMODERATE), (yg_files_permissions.RMODERATE) {$sitesRMODERATECoalesceSQL}) AS `RMODERATE`,\n\t\t\tCOALESCE((yg_contentblocks_permissions.RCOMMENT), (yg_files_permissions.RCOMMENT) {$sitesRCOMMENTCoalesceSQL}) AS `RCOMMENT`,\n\n\t\t\tCOALESCE(yg_contentblocks_permissions.USERGROUPID, yg_files_permissions.USERGROUPID {$sitesUSERGROUPIDCoalesceSQL}) AS `USERGROUPID`\n\t\t\tFROM\n\t\t\tyg_comments AS c\n\n\t\t\tLEFT JOIN yg_comments_lnk_cb\n\t\t\t\tON (c.id = yg_comments_lnk_cb.commentid)\n\t\t\tLEFT JOIN yg_contentblocks_tree\n\t\t\t\tON (yg_contentblocks_tree.id = yg_comments_lnk_cb.oid)\n\n\t\t\tLEFT JOIN yg_comments_lnk_files\n\t\t\t\tON (c.id = yg_comments_lnk_files.commentid)\n\t\t\tLEFT JOIN yg_files_tree\n\t\t\t\tON (yg_files_tree.id = yg_comments_lnk_files.oid)\n\n\t\t\tLEFT JOIN yg_contentblocks_permissions\n\t\t\t\tON (yg_contentblocks_permissions.OID = yg_comments_lnk_cb.OID)\n\t\t\tLEFT JOIN yg_files_permissions\n\t\t\t\tON (yg_files_permissions.OID = yg_comments_lnk_files.OID)\n\n\t\t\t{$sitesJoinExpressionSQL}\n\t\t\tWHERE\n\t\t\t\t(1)\n\t\t\t{$filterWhere}\n\t\t\tGROUP BY\n\t\t\t\tc.ID\n\t\t\tHAVING\n\t\t\t\t(RREAD > 0)\n\t\t\t{$sitesUSERGROUPIDHavingSQL}\n\t\t\t{$filterHaving}\n\t\t\tORDER BY\n\t\t\tc.CREATEDTS {$filterOrder} {$filterLimit};"; $resultarray = $this->cacheExecuteGetArray($sql); if ($resultarray === false) { return ERROR_COMMENTS_UNKNOWN; } return $resultarray; }