protected function loadConversation($cnvID)
{
$conversation = \Conversation::getByID($cnvID);
if (is_object($conversation) && $conversation->getConversationSubscriptionEnabled()) {
$cp = new \Permissions($conversation);
if ($cp->canViewConversation()) {
$u = new \User();
$this->user = $u;
$this->conversation = $conversation;
$this->set('conversation', $conversation);
$this->set('isSubscribed', $conversation->isUserSubscribed($u));
$this->setViewObject(new \View('/dialogs/conversation/subscribe'));
}
}
if (!$conversation) {
throw new \Exception(t('Access Denied.'));
}
}
public static function getUrlFromNotice(Notice $notice, $anchor = true)
{
$conv = Conversation::getByID($notice->conversation);
return $conv->getUrl($anchor ? $notice->getID() : null);
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Permission\Access\Entity\Entity as PermissionAccessEntity;
use Concrete\Core\Permission\Duration as PermissionDuration;
if ($_REQUEST['cnvID'] > 0) {
$conversation = Conversation::getByID($_REQUEST['cnvID']);
}
$cnp = new Permissions($conversation);
if ($cnp->canEditConversationPermissions()) {
if ($_REQUEST['task'] == 'add_access_entity' && Loader::helper("validation/token")->validate('add_access_entity')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pk->setPermissionObject($conversation);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
$pd = PermissionDuration::getByID($_REQUEST['pdID']);
$pa->addListItem($pe, $pd, $_REQUEST['accessType']);
}
if ($_REQUEST['task'] == 'remove_access_entity' && Loader::helper("validation/token")->validate('remove_access_entity')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pk->setPermissionObject($conversation);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
$pa->removeListItem($pe);
}
if ($_REQUEST['task'] == 'save_permission' && Loader::helper("validation/token")->validate('save_permission')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pk->setPermissionObject($conversation);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pa->save($_POST);
}
defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Conversation\Message\Message as ConversationMessage;
$ax = Loader::helper('ajax');
$vs = Loader::helper('validation/strings');
$ve = Loader::helper('validation/error');
$u = new User();
$pageObj = Page::getByID($_POST['cID']);
$areaObj = Area::get($pageObj, $_POST['blockAreaHandle']);
$blockObj = Block::getByID($_POST['bID'], $pageObj, $areaObj);
$cnvMessageSubject = null;
if (!is_object($blockObj)) {
$ve->add(t('Invalid Block Object.'));
}
if (Loader::helper('validation/numbers')->integer($_POST['cnvID'])) {
$cn = Conversation::getByID($_POST['cnvID']);
}
if (!is_object($cn)) {
$ve->add(t('Invalid conversation.'));
} else {
$pp = new Permissions($cn);
if (!$pp->canAddConversationMessage()) {
$ve->add(t('You do not have access to add a message to this conversation.'));
}
}
if (!is_object($pageObj)) {
$ve->add(t('Invalid Page.'));
}
if (!is_object($blockObj)) {
$ve->add(t('Invalid Page.'));
}
protected function doPreparation()
{
$this->conv = Conversation::getByID($this->int('id'));
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Conversation\Message\MessageList as ConversationMessageList;
use Concrete\Core\Conversation\Message\ThreadedList as ConversationMessageThreadedList;
$cnv = Conversation::getByID(Request::post('cnvID'));
if (is_object($cnv)) {
$displayForm = true;
$enableOrdering = Request::post('enableOrdering') == 1 ? true : false;
$enablePosting = Request::post('enablePosting') == 1 ? Conversation::POSTING_ENABLED : Conversation::POSTING_DISABLED_MANUALLY;
$paginate = Request::post('paginate') == 1 ? true : false;
$enableCommentRating = Request::post('enableCommentRating');
$cp = new Permissions($cnv);
if (!$cp->canAddConversationMessage()) {
$enablePosting = Conversation::POSTING_DISABLED_PERMISSIONS;
}
if (in_array(Request::post('displayMode'), array('flat'))) {
$displayMode = Request::post('displayMode');
} else {
$displayMode = 'threaded';
}
$addMessageLabel = t('Add Message');
if (Request::post('addMessageLabel')) {
$addMessageLabel = Core::make('helper/security')->sanitizeString(Request::post('addMessageLabel'));
}
switch (Request::post('task')) {
case 'get_messages':
$displayForm = false;
break;
}
switch ($displayMode) {
