/** * A fixture to set up page & collection permissions. Currently it only supports setting a blanket permission of * "public", "loggedin", "friends", or "private", and allowcomments & approvecomments * * Example: * Given the following "permissions" exist: * | title | accesstype | accessname | allowcomments | * | Page 1 | loggedin | loggedin | 1 | * | Collection 1 | public | public | 1 | * | Page 2 | user | userA | 0 | * @param unknown $record * @throws SystemException */ public function create_permission($record) { $sql = "SELECT id, 'view' AS \"type\" FROM {view} WHERE LOWER(TRIM(title))=?\n UNION\n SELECT id, 'collection' AS \"type\" FROM {collection} WHERE LOWER(TRIM(name))=?"; $title = strtolower(trim($record['title'])); $ids = get_records_sql_array($sql, array($title, $title)); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid page/collection name '" . $record['title'] . "'. The page/collection title does not exist, or is duplicated."); } $id = $ids[0]; $viewids = array(); if ($id->type == 'view') { $viewids[] = $id->id; } else { $records = get_records_array('collection_view', 'collection', $id->id, 'displayorder', 'view'); if (!$records) { throw new SystemException("Can't set permissions on empty collection named '" . $record['title'] . "'."); } foreach ($records as $view) { $viewids[] = $view->view; } } if ($record['accesstype'] == 'private') { $accesslist = array(); } else { switch ($record['accesstype']) { case 'user': $ids = get_records_sql_array('SELECT id FROM {usr} WHERE LOWER(TRIM(username)) = ?', array(strtolower(trim($record['accessname'])))); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid access user '" . $record['accessname'] . "'. The username does not exist or duplicated"); } $id = $ids[0]->id; $type = 'user'; break; case 'public': case 'friends': case 'loggedin': $type = $id = $record['accesstype']; break; } // TODO: This only supports one access record at a time per page $accesslist = array(array('startdate' => null, 'stopdate' => null, 'type' => $type, 'id' => $id)); } $viewconfig = array('startdate' => null, 'stopdate' => null, 'template' => 0, 'retainview' => (int) (isset($record['retainview']) ? $record['retainview'] : 0), 'allowcomments' => (int) (isset($record['allowcomments']) ? $record['allowcomments'] : 1), 'approvecomments' => (int) (isset($record['approvecomments']) ? $record['approvecomments'] : 0), 'accesslist' => $accesslist); require_once 'view.php'; View::update_view_access($viewconfig, $viewids); }
function editaccess_submit(Pieform $form, $values) { global $SESSION, $institution, $collections, $views, $view; if ($values['accesslist']) { $dateformat = get_string('strftimedatetimeshort'); foreach ($values['accesslist'] as &$item) { if (!empty($item['startdate'])) { $item['startdate'] = ptimetotime(strptime($item['startdate'], $dateformat)); } if (!empty($item['stopdate'])) { $item['stopdate'] = ptimetotime(strptime($item['stopdate'], $dateformat)); } } } $viewconfig = array('startdate' => $values['startdate'], 'stopdate' => $values['stopdate'], 'template' => (int) $values['template'], 'retainview' => isset($values['retainview']) ? (int) $values['retainview'] : 0, 'allowcomments' => (int) $values['allowcomments'], 'approvecomments' => (int) ($values['allowcomments'] && $values['approvecomments']), 'accesslist' => $values['accesslist']); $toupdate = array(); if ($institution) { if (isset($values['copynewuser'])) { $viewconfig['copynewuser'] = (int) $values['copynewuser']; } if ($institution == 'mahara') { $createfor = array(); foreach (group_get_grouptypes() as $grouptype) { if ($values['copyfornewgroups_' . $grouptype]) { $createfor[] = $grouptype; } } $viewconfig['copynewgroups'] = $createfor; } } if (isset($values['collections'])) { foreach ($values['collections'] as $cid) { if (!isset($collections[$cid])) { throw new UserException(get_string('editaccessinvalidviewset', 'view')); } $toupdate = array_merge($toupdate, array_keys($collections[$cid]['views'])); } } if (isset($values['views'])) { foreach ($values['views'] as $viewid) { if (!isset($views[$viewid])) { throw new UserException(get_string('editaccessinvalidviewset', 'view')); } $toupdate[] = $viewid; } } else { if ($view->get('type') == 'profile') { // Force default Advanced options $felements = $form->get_property('elements'); if (!empty($felements['more']['elements'])) { foreach (array_keys($felements['more']['elements']) as $ename) { if (property_exists($view, $ename)) { $viewconfig[$ename] = $view->get($ename); } } } $toupdate[] = $view->get('id'); } } if (!empty($toupdate)) { View::update_view_access($viewconfig, $toupdate); if ($view->get('type') == 'profile') { // Ensure the user's institutions are still added to the access list $view->add_owner_institution_access(); if (get_config('loggedinprofileviewaccess')) { // Force logged-in user access $viewaccess = new stdClass(); $viewaccess->accesstype = 'loggedin'; $view->add_access($viewaccess); } } } $SESSION->add_ok_msg(get_string('updatedaccessfornumviews', 'view', count($toupdate))); if ($view->get('owner')) { redirect('/view/share.php'); } if ($view->get('group')) { redirect(get_config('wwwroot') . '/group/shareviews.php?group=' . $view->get('group')); } if ($view->get('institution')) { redirect(get_config('wwwroot') . '/view/institutionshare.php?institution=' . $view->get('institution')); } $view->post_edit_redirect(); }
/** * Submits the selected views to the collection * * @param array values selected views * @return integer count so we know what SESSION message to display */ public function add_views($values) { require_once get_config('libroot') . 'view.php'; $count = 0; // how many views we are adding db_begin(); // each view was marked with a key of view_<id> in order to identify the correct items // from the form values foreach ($values as $key => $value) { if (substr($key, 0, 5) === 'view_' and $value == true) { $cv = array(); $cv['view'] = substr($key, 5); $cv['collection'] = $this->get('id'); // set displayorder value $max = get_field('collection_view', 'MAX(displayorder)', 'collection', $this->get('id')); $cv['displayorder'] = is_numeric($max) ? $max + 1 : 0; insert_record('collection_view', (object) $cv); $count++; } } $viewids = get_column('collection_view', 'view', 'collection', $this->id); // Set the most permissive access records on all views View::combine_access($viewids, true); // Copy the whole view config from the first view to all the others if (count($viewids)) { $firstview = new View($viewids[0]); $viewconfig = array('startdate' => $firstview->get('startdate'), 'stopdate' => $firstview->get('stopdate'), 'template' => $firstview->get('template'), 'retainview' => $firstview->get('retainview'), 'allowcomments' => $firstview->get('allowcomments'), 'approvecomments' => (int) ($firstview->get('allowcomments') && $firstview->get('approvecomments')), 'accesslist' => $firstview->get_access()); View::update_view_access($viewconfig, $viewids); } db_commit(); return $count; }