/**
* Get the search results
*
* @param array $words array of words to search for
* @param string $searchType AND|OR|EXACT
* @param array|null $modVars module form vars passed though
* @return array
*/
function getResults(array $words, $searchType = 'AND', $modVars = null)
{
if (!SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_READ)) {
return array();
}
$qb = $this->entityManager->createQueryBuilder();
$qb->select('p')->from('Zikula\\PagesModule\\Entity\\PageEntity', 'p');
$whereExpr = $this->formatWhere($qb, $words, array('p.title', 'p.content'), $searchType);
$qb->andWhere($whereExpr);
$pages = $qb->getQuery()->getResult();
$sessionId = session_id();
$enableCategorization = ModUtil::getVar($this->name, 'enablecategorization');
$records = array();
foreach ($pages as $page) {
/** @var $page \Zikula\PagesModule\Entity\PageEntity */
$pagePermissionCheck = SecurityUtil::checkPermission($this->name . '::', $page->getTitle() . '::' . $page->getPageid(), ACCESS_OVERVIEW);
if ($enableCategorization) {
$pagePermissionCheck = $pagePermissionCheck && \CategoryUtil::hasCategoryAccess($page->getCategories(), $this->name);
}
if (!$pagePermissionCheck) {
continue;
}
$records[] = array('title' => $page->getTitle(), 'text' => $page->getContent(), 'created' => $page->getCr_date(), 'module' => $this->name, 'sesid' => $sessionId, 'url' => RouteUrl::createFromRoute('zikulapagesmodule_user_display', array('urltitle' => $page->getUrltitle())));
}
return $records;
}
/**
* get a specific item
*
* @param $args['pageid'] id of example item to get
*
* @return mixed item array, or false on failure
*/
public function get($args)
{
// Argument check
if ((!isset($args['pageid']) || !is_numeric($args['pageid'])) &&
!isset($args['title'])) {
return LogUtil::registerArgsError();
}
// define the permission filter to apply
$permFilter = array();
$permFilter[] = array('component_left' => 'Pages',
'instance_left' => 'title',
'instance_right' => 'pageid',
'level' => ACCESS_READ);
if (isset($args['pageid']) && is_numeric($args['pageid'])) {
$item = DBUtil::selectObjectByID('pages', $args['pageid'], 'pageid', '', $permFilter);
} else {
$item = DBUtil::selectObjectByID('pages', $args['title'], 'urltitle', '', $permFilter);
}
// need to do this here as the category expansion code can't know the
// root category which we need to build the relative path component
if ($item && isset($args['catregistry']) && $args['catregistry']) {
ObjectUtil::postProcessExpandedObjectCategories($item, $args['catregistry']);
}
if (ModUtil::getVar('Pages', 'enablecategorization') && !empty($item['__CATEGORIES__'])) {
if (!CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'Pages')) {
return false;
}
}
return $item;
}
function checkResult(&$item)
{
$ok = (SecurityUtil::checkPermission('News::', "$item[cr_uid]::$item[sid]", ACCESS_OVERVIEW));
if ($this->enablecategorization && $this->enablecategorybasedpermissions) {
ObjectUtil::expandObjectWithCategories($item, 'news', 'sid');
$ok = $ok && CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'News');
}
return $ok;
}
function checkResult(&$item)
{
$ok = SecurityUtil::checkPermission('Pages::', "$item[title]::$item[pageid]", ACCESS_OVERVIEW);
if ($this->enablecategorization)
{
ObjectUtil::expandObjectWithCategories($item, 'pages', 'pageid');
$ok = $ok && CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'Pages');
}
return $ok;
}
/**
* Returns true if the current user can view the event $event.
*
* @param array $eventDate TimeIt_Model_EventDate as an array.
* @param int $level ACCESS_* constant.
*
* @return boolean
*/
public static function canViewEvent(array $eventDate, $level = ACCESS_READ)
{
$event = $eventDate['Event'];
$groups = UserUtil::getGroupsForUser(UserUtil::getVar('uid'));
// hack: Admins (group id 2 are in group 1(users) to)
if (in_array(2, $groups)) {
$groups[] = 1;
}
if ($event['group'] == 'all') {
$groupId = null;
// group irrelevant
} else {
$groupId = explode(',', $event['group']);
}
static $calendarCache = array();
if (!isset($calendarCache[(int) $event['id']])) {
// get calendar
$calendarCache[(int) $event['id']] = $eventDate['Calendar'];
}
$calendar = $calendarCache[(int) $event['id']];
// check permissions
// hierarchy level 1: module itself
if (!SecurityUtil::checkPermission('TimeIt::', '::', $level)) {
return false;
}
// hierarchy level 2: calendar
if (!SecurityUtil::checkPermission('TimeIt:Calendar:', $calendar['id'] . '::', $level)) {
return false;
}
// hierarchy level 3: group
if (!empty($groupId)) {
$access = false;
foreach ($groupId as $grpId) {
if (in_array($grpId, $groups)) {
$access = true;
}
}
if (!$access) {
return false;
}
}
// hierarchy level 5: timeit category permission
if (count($event['__CATEGORIES__']) > 0) {
$permissionOk = false;
foreach ($event['__CATEGORIES__'] as $cat) {
$cid = $cat;
if (is_array($cat)) {
$cid = $cat['id'];
}
$permissionOk = SecurityUtil::checkPermission('TimeIt:Category:', $cid . "::", $level);
if ($permissionOk) {
// user has got permission -> stop permission checks
$hasPermission = true;
break;
}
}
if (!$hasPermission) {
return false;
}
}
// hierarchy level 6: zikula category permission
if (ModUtil::getVar('TimeIt', 'filterByPermission', 0) && !CategoryUtil::hasCategoryAccess($event['__CATEGORIES__'], 'TimeIt', $level)) {
return false;
}
// hierarchy level 7: event
if (!SecurityUtil::checkPermission('TimeIt::Event', $event['id'] . '::', $level)) {
return false;
}
// hierarchy level 8: contact list
if (ModUtil::available('ContactList')) {
// cache
static $ignored = null;
if ($ignored == null) {
$ignored = ModUtil::apiFunc('ContactList', 'user', 'getallignorelist', array('uid' => UserUtil::getVar('uid')));
}
if ($calendar['friendCalendar']) {
$buddys = ModUtil::apiFunc('ContactList', 'user', 'getBuddyList', array('uid' => $event['cr_uid']));
}
if ((int) $event['sharing'] == 4 && $event['cr_uid'] != UserUtil::getVar('uid')) {
$buddyFound = false;
foreach ($buddys as $buddy) {
if ($buddy['uid'] == UserUtil::getVar('uid')) {
$buddyFound = true;
break;
}
}
if (!$buddyFound) {
return false;
}
}
$ignoredFound = false;
foreach ($ignored as $ignore) {
if ($ignore['iuid'] == $obj['cr_uid']) {
$ignoredFound = true;
break;
}
}
if ($ignoredFound) {
return false;
}
}
return true;
}
/**
* get a specific item
* @author Mark West
* @param $args['sid'] id of news item to get
* @return mixed item array, or false on failure
*/
public function get($args)
{
// optional arguments
if (isset($args['objectid'])) {
$args['sid'] = $args['objectid'];
}
// Argument check
if ((!isset($args['sid']) || !is_numeric($args['sid'])) &&
!isset($args['title'])) {
return LogUtil::registerArgsError();
}
// Check for caching of the DBUtil calls (needed for AJAX editing)
if (!isset($args['SQLcache'])) {
$args['SQLcache'] = true;
}
// form a date using some ofif present...
// step 1 - convert month name into
if (isset($args['monthname']) && !empty($args['monthname'])) {
$months = explode(' ', $this->__('Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec'));
$keys = array_flip($months);
$args['monthnum'] = $keys[ucfirst($args['monthname'])] + 1;
}
// step 2 - convert to a timestamp and back to a db format
if (isset($args['year']) && !empty($args['year']) && isset($args['monthnum']) &&
!empty($args['monthnum']) && isset($args['day']) && !empty($args['day'])) {
// use PHP strftime directly, since DateUtil translates dateformat strings, which is not ok in this case
$timestring = strftime('%Y-%m-%d', mktime(0, 0, 0, $args['monthnum'], $args['day'], $args['year']));
}
$permFilter = array();
$permFilter[] = array('realm' => 0,
'component_left' => 'News',
'component_middle' => '',
'component_right' => '',
'instance_left' => 'cr_uid',
'instance_middle' => '',
'instance_right' => 'sid',
'level' => ACCESS_READ);
if (isset($args['sid']) && is_numeric($args['sid'])) {
$item = DBUtil::selectObjectByID('news', $args['sid'], 'sid', null, $permFilter, null, $args['SQLcache']);
} elseif (isset($timestring)) {
$tables = DBUtil::getTables();
$col = $tables['news_column'];
$where = "{$col['urltitle']} = '".DataUtil::formatForStore($args['title'])."' AND {$col['from']} LIKE '{$timestring}%'";
$item = DBUtil::selectObject('news', $where, null, $permFilter, null, $args['SQLcache']);
} else {
$item = DBUtil::selectObjectByID('news', $args['title'], 'urltitle', null, $permFilter, null, $args['SQLcache']);
}
if (empty($item))
return false;
// Sanity check for the published status if required
if (isset($args['status'])) {
if ($item['published_status'] != $args['status']) {
return false;
}
}
// process the relative paths of the categories
if ($this->getVar('enablecategorization') && !empty($item['__CATEGORIES__'])) {
static $registeredCats;
if (!isset($registeredCats)) {
$registeredCats = CategoryRegistryUtil::getRegisteredModuleCategories('News', 'news');
}
ObjectUtil::postProcessExpandedObjectCategories($item['__CATEGORIES__'], $registeredCats);
if (!CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'News')) {
return false;
}
}
return $item;
}
function checkResult(&$item)
{
$ok = SecurityUtil::checkPermission('AddressBook::', "::", ACCESS_OVERVIEW);
if ($this->enablecategorization) {
ObjectUtil::expandObjectWithCategories($item, 'AddressBook', 'id');
$ok = $ok && CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'AddressBook');
}
return $ok;
}
