Beispiel #1
0
/**
 *
 * アイテムへのアクセス権限をチェックする
 *
 * @refer itemop_t
 * @param sess_id セッションID
 * @param iid チェック対象となるアイテムのID
 * @param op アクセスの種類
 * @return true 権限あり
 * @return false 権限なし
 *
 */
function xnp_get_item_permission($sess_id, $iid, $op)
{
    $iid = (int) $iid;
    global $xoopsDB;
    $uid = 0;
    if (_xnpal_sessionID2UID($sess_id, $uid) != RES_OK) {
        return false;
    }
    if ($op == OP_READ) {
        $sql = "SELECT DISTINCT tlink.item_id FROM " . $xoopsDB->prefix("xoonips_index_item_link") . " AS tlink";
        $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_index") . " AS tx ON tlink.index_id = tx.index_id";
        $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_item_basic") . " AS ti ON tlink.item_id = ti.item_id";
        $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_groups_users_link") . " as tgulink ON tx.gid=tgulink.gid";
        $sql .= " WHERE ( " . (public_item_target_user_all() ? "1" : "0");
        $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}=" . UID_GUEST;
        $sql .= " AND certify_state=" . CERTIFIED;
        $sql .= " OR " . (!public_item_target_user_all() ? "1" : "0");
        $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}<>" . UID_GUEST;
        $sql .= " AND certify_state=" . CERTIFIED;
        $sql .= " OR tx.open_level=" . OL_GROUP_ONLY;
        $sql .= " AND tgulink.uid={$uid}";
        $sql .= " AND ( certify_state=" . CERTIFIED;
        $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0";
        //モデレータならOR 1,それ以外は OR 0
        $sql .= " OR tgulink.is_admin=1 )";
        //グループ管理者か?
        if ($uid != UID_GUEST) {
            $sql .= " AND tgulink.uid={$uid}";
        }
        $sql .= " OR tx.open_level=" . OL_PRIVATE;
        $sql .= " AND tx.uid={$uid}";
        $sql .= " OR " . (xnp_is_moderator($sess_id, $uid) ? "1" : "0");
        $sql .= " OR tx.uid IS NULL ";
        $sql .= " AND tx.open_level=" . OL_PUBLIC;
        $sql .= " AND ( certify_state=" . CERTIFIED;
        $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1 )" : " OR 0 )";
        //モデレータならOR 1,それ以外は OR 0
        $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0";
        //モデレータならOR 1,それ以外は OR 0
        $sql .= ") AND tlink.item_id={$iid} ";
        if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) {
            return $item_id == $iid;
        }
    } else {
        if ($op == OP_MODIFY || $op == OP_DELETE) {
            // modifying items by moderator is permitted then returns true;
            if ($op == OP_MODIFY && xnp_is_moderator($sess_id, $uid) && xnp_get_config_value('moderator_modify_any_items', $val) == RES_OK && $val == 'on') {
                return true;
            }
            // modifying items by group owner is permitted then returns true;
            $item_compo_handler =& xoonips_getormcompohandler('xoonips', 'item');
            if ($op == OP_MODIFY && $item_compo_handler->getPerm($iid, $uid, 'write')) {
                return true;
            }
            //TODO 条件追加:todo自分のアイテムでも承認待ち状態なら編集・削除できない
            $sql = "SELECT item_id FROM " . $xoopsDB->prefix("xoonips_item_basic");
            $sql .= " WHERE uid={$uid}";
            $sql .= " AND item_id={$iid}";
            if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) {
                return $item_id == $iid;
            }
        }
    }
    return false;
}
Beispiel #2
0
$xoonips_oncheck_private_handler_id = $textutil->html_special_chars($get_vals['on_check_private_handler_id']);
// tree node images
$tree_image_path = XOOPS_THEME_PATH . '/' . $myxoopsConfig['theme_set'] . '/' . XOONIPS_TREE_SWAP_IMAGE_DIR;
if (!is_dir($tree_image_path)) {
    $tree_image_path = XOOPS_ROOT_PATH . '/modules/xoonips/images';
}
$tree_image_url = str_replace(XOOPS_ROOT_PATH, XOOPS_URL, $tree_image_path);
// check compat33 node image
if (file_exists($tree_image_path . '/tree_root_normal.gif')) {
    // new node image found
    $tree_image_compat33 = false;
} else {
    $tree_image_compat33 = true;
}
$uid = is_object($xoopsUser) ? $xoopsUser->getVar('uid', 'n') : UID_GUEST;
if ($uid == UID_GUEST && !public_item_target_user_all()) {
    //
    // for guest access, show message that access to index tree is forbidden.
    //
    xoops_header(false);
    echo '</head><body><div style="font-size: 10pt;">';
    echo _MD_XOONIPS_INDEX_FORBIDDEN;
    echo '</div>';
    xoops_footer();
    exit;
}
// get index tree structure
include_once 'include/gentree.php';
$indexes = genIndexTree0($xnpsid);
$is_moderator = xnp_is_moderator($xnpsid, $uid);
if ($is_moderator && $get_vals['puid'] > 0) {