public function allowSchedulePost() { if (!Current_User::allow('calendar')) { return false; } if ($this->calendar->schedule->public) { return Current_User::authorized('calendar', 'edit_public'); } else { // private schedule if ($this->calendar->schedule->id) { // previously created schedule if ($this->calendar->schedule->user_id == Current_User::getId()) { return true; } else { return Current_User::authorized('calendar', 'edit_private'); } } else { // new schedule if (PHPWS_Settings::get('calendar', 'personal_schedules')) { return true; } else { return false; } } } }
/** * Wiki for phpWebSite * * See docs/CREDITS for copyright information * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @package Wiki * @author Greg Meiste <*****@*****.**> */ function wiki_install(&$content) { PHPWS_Core::initModClass('wiki', 'WikiManager.php'); PHPWS_Core::initModClass('wiki', 'WikiPage.php'); PHPWS_Core::initModClass('version', 'Version.php'); // Adding pages that ship with the module if (file_exists(PHPWS_SOURCE_DIR . 'mod/wiki/boost/frontpage.txt')) { $frontpage = new WikiPage('FrontPage'); $frontpage->setPagetext(implode('', file(PHPWS_SOURCE_DIR . 'mod/wiki/boost/frontpage.txt'))); $frontpage->setOwnerId(Current_User::getId()); $frontpage->setEditorId(Current_User::getId()); $frontpage->setCreated(mktime()); $frontpage->setUpdated(mktime()); $frontpage->setComment('Provided by Wiki install'); $frontpage->save(); $version1 = new Version('wiki_pages'); $version1->setSource($frontpage); $version1->setApproved(1); $version1->save(); } if (file_exists(PHPWS_SOURCE_DIR . 'mod/wiki/boost/samplepage.txt')) { $samplepage = new WikiPage('SamplePage'); $samplepage->setPagetext(implode('', file(PHPWS_SOURCE_DIR . 'mod/wiki/boost/samplepage.txt'))); $samplepage->setOwnerId(Current_User::getId()); $samplepage->setEditorId(Current_User::getId()); $samplepage->setCreated(mktime()); $samplepage->setUpdated(mktime()); $samplepage->setComment('Provided by Wiki install'); $samplepage->allow_edit = 0; $samplepage->save(); $version2 = new Version('wiki_pages'); $version2->setSource($samplepage); $version2->setApproved(1); $version2->save(); } if (file_exists(PHPWS_SOURCE_DIR . 'mod/wiki/boost/sandbox.txt')) { $sandbox = new WikiPage('WikiSandBox'); $sandbox->setPagetext(implode('', file(PHPWS_SOURCE_DIR . 'mod/wiki/boost/sandbox.txt'))); $sandbox->setOwnerId(Current_User::getId()); $sandbox->setEditorId(Current_User::getId()); $sandbox->setCreated(mktime()); $sandbox->setUpdated(mktime()); $sandbox->setComment('Provided by Wiki install'); $sandbox->save(); $version3 = new Version('wiki_pages'); $version3->setSource($sandbox); $version3->setApproved(1); $version3->save(); } // Adding first interwiki link PHPWS_Core::initModClass('wiki', 'InterWiki.php'); $interwiki = new InterWiki(); $interwiki->setLabel('Wikipedia'); $interwiki->setUrl('http://en.wikipedia.org/wiki/%s'); $interwiki->save(FALSE); return TRUE; }
public function stamp() { $now = time(); if (!$this->id) { $this->added_on =& $now; $this->added_by = Current_User::getId(); } $this->updated_on =& $now; $this->updated_by = Current_User::getId(); }
public function post(\Request $request) { $factory = new Factory(); $view = new \View\JsonView(array('success' => true)); $response = new \Response($view); if (!$request->isVar('command')) { throw new \Exception('Bad command'); } switch ($request->getVar('command')) { case 'createNewAccount': $factory->postNewStudent(\Current_User::getId()); \PHPWS_Core::reroute('tailgate/'); break; } return $response; }
public static function getCurrentStudent() { return self::getByUserId(\Current_User::getId()); }
public function view() { \Layout::addStyle('properties', 'view.css'); $tpl = $this->getBaseTpl(); $tpl['BEDROOMS'] = $this->share_bedroom ? 'Yes' : 'No'; $tpl['BATHROOMS'] = $this->share_bathroom ? 'Yes' : 'No'; $tpl['SMOKING'] = $this->getSmoking(); if ($this->pets_allowed) { $tpl['PETS_ALLOWED'] = 'Yes'; } else { $tpl['PETS_ALLOWED'] = 'No'; } $tpl['DESCRIPTION'] = $this->getDescription(); $tpl['TV_TYPE'] = $this->getTvType(); $tpl['GENDER'] = $this->getGender(); javascriptMod('properties', 'contact'); if (\Current_User::isLogged()) { if (\Current_User::getId() == $this->id) { $purge = $this->getTimeout(); $tpl['EMAIL'] = '<a href="index.php?module=properties&rop=edit">Update my request</a> | <a href="index.php?module=properties&rop=timeout">Update my cut-off date (' . $purge . ')</a>'; } else { $tpl['EMAIL'] = sprintf('<a style="cursor : pointer" class="message" id="%s">Contact this renter</a>', $this->id); } } else { $tpl['EMAIL'] = sprintf('<a href="%s">Login to contact this renter</a>', Base::loginLink()); } return \PHPWS_Template::process($tpl, 'properties', 'roommate_view.tpl'); }
function view() { $tags = array(); $tags['MENU'] = $this->menu(); $tags['PAGETEXT'] = $this->getPagetext(); $tags['MESSAGE'] = sprintf(dgettext('wiki', 'Revision as of %s'), $this->getUpdated()); if (PHPWS_Settings::get('wiki', 'show_modified_info')) { $editor = $this->getEditor(); if (Current_User::isLogged() && Current_User::getId() != $this->getEditorId()) { PHPWS_Core::initModClass('notes', 'My_Page.php'); PHPWS_Core::initModClass('notes', 'Note_Item.php'); $editor = str_replace(dgettext('wiki', 'Send note'), $editor, Note_Item::sendLink($this->getEditorId())); } $tags['UPDATED_INFO'] = sprintf(dgettext('wiki', 'Last modified %1$s by %2$s'), $this->getUpdated(), $editor); } if (PHPWS_Settings::get('wiki', 'add_to_title')) { Layout::addPageTitle($this->getTitle()); } return PHPWS_Template::process($tags, 'wiki', 'view.tpl'); }
public function loadCurrentStaff() { PHPWS_Core::initModClass('checkin', 'Staff.php'); if (empty($this->current_staff)) { $db = new PHPWS_DB('checkin_staff'); $db->addWhere('user_id', Current_User::getId()); $db->addColumn('id'); $id = $db->select('one'); $staff = new Checkin_Staff($id); if ($staff->id) { $this->current_staff =& $staff; } } }
function doMove() { if (!Current_User::authorized('wiki', 'edit_page') && !(PHPWS_Settings::get('wiki', 'allow_page_edit') && Current_User::isLogged()) || !$this->allow_edit) { Current_User::disallow(dgettext('wiki', 'User attempted to execute a wiki page move.')); return; } if (strlen($_POST['newpage']) == 0) { WikiManager::sendMessage(dgettext('wiki', 'Please supply a new page title'), array('page_op' => 'move', 'page' => $this->getTitle(FALSE))); } $db = new PHPWS_DB('wiki_pages'); $db->addWhere('title', $_POST['newpage']); $result = $db->select(); if ($result != NULL) { WikiManager::sendMessage(dgettext('wiki', 'Page with that name already exists!'), array('page_op' => 'move', 'page' => $this->getTitle(FALSE))); } $this->setTitle($_POST['newpage']); $db->reset(); $db->saveObject($this); $db2 = new PHPWS_DB('wiki_pages_version'); $db2->addWhere('title', $_POST['page']); $db2->addValue('title', $this->getTitle(FALSE)); $db2->update(); $db3 = new PHPWS_DB('phpws_key'); $db3->addWhere('item_id', $this->getId()); $db3->addWhere('module', 'wiki'); $db3->addValue('title', $this->getTitle()); $db3->addValue('url', (MOD_REWRITE_ENABLED ? 'wiki/' : 'index.php?module=wiki&page=') . $this->getTitle(FALSE)); $db3->update(); // Create redirect page $redirect = new WikiPage($_POST['page']); $redirect->setPagetext(sprintf(dgettext('wiki', 'This page has moved to %s. Please modify links to point to the new location.'), $this->getTitle(FALSE))); $redirect->setOwnerId(Current_User::getId()); $redirect->setEditorId(Current_User::getId()); $redirect->setCreated(mktime()); $redirect->setUpdated(mktime()); $redirect->setComment(sprintf(dgettext('wiki', 'Moved page to %s.'), $this->getTitle(FALSE))); $redirect->save(); PHPWS_Core::initModClass('version', 'Version.php'); $version = new Version('wiki_pages'); $version->setSource($redirect); $version->setApproved(1); $version->save(); WikiManager::sendMessage(dgettext('wiki', 'Wiki Page Moved!'), array('page' => $this->getTitle(FALSE)), FALSE); }
private function options() { $opt[] = \PHPWS_Text::moduleLink('Create/Edit request', 'properties', array('rop' => 'edit')); $opt[] = javascript('confirm', array('question' => 'Are you sure you want to clear your roommate request?', 'address' => \PHPWS_Text::linkAddress('properties', array('rop' => 'clear')), 'link' => 'Clear my request', 'title' => 'Clear my request')); $opt[] = \PHPWS_Text::moduleLink('Extend my deadline', 'properties', array('rop' => 'timeout')); $db = new \PHPWS_DB('prop_messages'); $db->addWhere('to_user_id', \Current_User::getId()); $db->addOrder('date_sent desc'); $db->addWhere('hidden', 0); $db->addColumn('id'); $messages = $db->select('col'); if (\PHPWS_Error::isError($messages)) { \PHPWS_Error::log($messages); } else { $opt[] = \PHPWS_Text::moduleLink('Messages (' . count($messages) . ')', 'properties', array('rop' => 'read_messages')); } return implode(' | ', $opt); }
/** * Sets up the queuer and the timestamp */ public function stamp() { $this->queued_on = time(); $this->queued_by = Current_User::getId(); }
public function getListAction() { $link['action'] = 'admin'; $link['blog_id'] = $this->id; if (Current_User::allow('blog', 'edit_blog') && Current_User::getId() == $this->author_id || Current_User::allow('blog', 'edit_blog', $this->id, 'entry')) { $link['command'] = 'edit'; $icon = Icon::show('edit', dgettext('blog', 'Edit blog entry')); $list[] = PHPWS_Text::secureLink($icon, 'blog', $link); } if (Current_User::allow('blog', 'delete_blog')) { $link['command'] = 'delete'; $confirm_vars['QUESTION'] = dgettext('blog', 'Are you sure you want to permanently delete this blog entry?'); $confirm_vars['ADDRESS'] = PHPWS_Text::linkAddress('blog', $link, true); $confirm_vars['LINK'] = '<i class="fa fa-trash-o" title="' . dgettext('blog', 'Delete blog entry') . '"></i>'; $list[] = Layout::getJavascript('confirm', $confirm_vars); } if (Current_User::isUnrestricted('blog')) { if ($this->sticky) { $link['command'] = 'unsticky'; $icon = Icon::show('flag', dgettext('blog', 'Remove from front page')); $list[] = PHPWS_Text::secureLink($icon, 'blog', $link); } else { $link['command'] = 'sticky'; $icon = Icon::show('flag-alt', dgettext('blog', 'Force to front page')); $list[] = PHPWS_Text::secureLink($icon, 'blog', $link); } } if (isset($list)) { $response = implode(' ', $list); } else { $response = dgettext('blog', 'No action'); } return $response; }
/** * Adds limits to a db select query to only pull items the user * has permissions to view * * Note that BEFORE this is called, the developer should check whether * the user has ANY rights to edit items in the first place. * In other words, if Current_User::allow('module', 'edit_permission') == false * then they shouldn't even use this function. If it is used anyway, a forced negative * will be added (i.e. where 1 = 0); * If you wish to add other qualifications, use the $db->addWhere() group 'key_id' * in your module code. * * @modified Eloi George * @param object db : Database object to modify * @param string module : Calling module * @param string edit_permission : Name of the editing permission * @param string source_table : (optional) Name of the main table being searched * @param string key_id_column : (optional) Usually "key_id". Only use this if you allow edits where "key_id=0" * @param string owner_id_column : (optional) Only use this if you allow edits on content created by the user */ public static function restrictEdit($db, $module, $edit_permission = null, $source_table = null, $key_id_column = null, $owner_id_column = null) { if (Current_User::isDeity()) { return; } // if the user doesn't have rights for the module or subpermissions, // then we just stymie the whole query if (!Current_User::allow($module, $edit_permission)) { $db->setQWhere('1=0'); return; } // If the current user has unrestricted rights to edit the item // linked to this key, no further restrictions are necessary if (Current_User::isUnrestricted($module)) { return; } else { $db->setDistinct(1); if (empty($source_table)) { $source_table = $db->tables[0]; } if (!empty($key_id_column)) { $db->addWhere($source_table . '.' . $key_id_column, 0, null, 'or', 'key_1'); } if (!empty($owner_id_column)) { $db->addWhere($source_table . '.' . $owner_id_column, Current_User::getId(), null, 'or', 'key_1'); } $groups = Current_User::getGroups(); if (!empty($groups)) { $db->addJoin('left', $source_table, 'phpws_key_edit', 'key_id', 'key_id'); $db->addWhere('phpws_key_edit.group_id', $groups, 'in', 'or', 'key_1'); } return; } }
function convertImage($image) { PHPWS_Core::initModClass('wiki', 'WikiImage.php'); $newimage = new WikiImage(); $newimage->setOwnerId(Current_User::getId()); $newimage->setCreated($image['created']); $newimage->setFilename($image['filename']); $newimage->setSize($image['size']); $newimage->setType($image['type']); $newimage->setSummary($image['summary']); $db = new PHPWS_DB('wiki_images'); $result = $db->saveObject($newimage); if (PEAR::isError($result)) { PHPWS_Error::log($result); return FALSE; } if (OLD_WIKI_IMAGES . $image['filename'] != PHPWS_HOME_DIR . 'images/wiki/' . $newimage->getFilename()) { if (!@copy(OLD_WIKI_IMAGES . $image['filename'], PHPWS_HOME_DIR . 'images/wiki/' . $newimage->getFilename())) { return FALSE; } } return TRUE; }
/** * Save * * @author Greg Meiste <*****@*****.**> */ function save($do_post = TRUE) { if ($do_post) { if (empty($_POST['label'])) { return dgettext('wiki', 'Please provide a site name.'); } if (empty($_POST['url'])) { return dgettext('wiki', 'Please provide a URL.'); } $this->setLabel($_POST['label']); $this->setUrl($_POST['url']); } $this->setOwnerId(Current_User::getId()); $this->setEditorId(Current_User::getId()); $this->setCreated(mktime()); $this->setUpdated(mktime()); $db = new PHPWS_DB('wiki_interwiki'); $result = $db->saveObject($this); if (PEAR::isError($result)) { PHPWS_Error::log($result); return dgettext('wiki', 'Error saving link.'); } return dgettext('wiki', 'Link Saved!'); }
public function checkPermissions($authorized = false) { if ($this->public) { if ($authorized) { return Current_User::authorized('calendar', 'edit_public', $this->id, 'schedule'); } else { return Current_User::allow('calendar', 'edit_public', $this->id, 'schedule'); } } else { if ($authorized) { if (Current_User::getAuthKey() == $_REQUEST['authkey'] && $this->user_id == Current_User::getId()) { return true; } else { return Current_User::authorized('calendar', 'edit_private', $this->id, 'schedule'); } } else { if ($this->user_id == Current_User::getId()) { return true; } else { return Current_User::allow('calendar', 'edit_private', $this->id, 'schedule'); } } } }
public function getUserTpl() { // Don't let a deity change their deity status // Don't let non-deities change status if (Current_User::isDeity() && !Current_User::isUser($this->id)) { if ($this->isDeity()) { $dvars['QUESTION'] = dgettext('users', 'Are you sure you want to remove deity status?'); $dvars['ADDRESS'] = PHPWS_Text::linkAddress('users', array('action' => 'admin', 'command' => 'mortalize_user', 'user_id' => $this->id), 1); $dvars['LINK'] = sprintf('<i class="fa fa-cloud" title="%s"></i>', dgettext('users', 'Deity')); $links[] = javascript('confirm', $dvars); } else { $dvars['QUESTION'] = dgettext('users', 'Are you sure you want to deify this user?'); $dvars['ADDRESS'] = PHPWS_Text::linkAddress('users', array('action' => 'admin', 'command' => 'deify_user', 'user_id' => $this->id), 1); $dvars['LINK'] = sprintf('<i class="fa fa-male" title="%s"></i>', dgettext('users', 'Mortal')); $links[] = javascript('confirm', $dvars); } } $linkVar['action'] = 'admin'; $linkVar['user_id'] = $this->id; if ($this->isActive()) { if (!$this->deity) { $linkVar['command'] = 'deactivateUser'; $template['ACTIVE'] = PHPWS_Text::secureLink(dgettext('users', 'Yes'), 'users', $linkVar, null, dgettext('users', 'Deactivate this user')); } else { $template['ACTIVE'] = dgettext('users', 'Yes'); } } else { if (!$this->deity) { $linkVar['command'] = 'activateUser'; $template['ACTIVE'] = PHPWS_Text::secureLink(dgettext('users', 'No'), 'users', $linkVar, null, dgettext('users', 'Activate this user')); } else { $template['ACTIVE'] = dgettext('users', 'No'); } } $logged = $this->getLastLogged('%Y/%m/%d %H:%M'); if (empty($logged)) { $template['LAST_LOGGED'] = dgettext('users', 'Never'); } else { $template['LAST_LOGGED'] = $logged; } $template['EMAIL'] = $this->getEmail(true, true); $jsvar['QUESTION'] = sprintf(dgettext('users', 'Are you certain you want to delete the user "%s" permanently?'), $this->getUsername()); $link = new PHPWS_Link(null, 'users', array('action' => 'admin', 'command' => 'deleteUser', 'user_id' => $this->id), true); $link->setSalted(); $jsvar['ADDRESS'] = $link->getAddress(); $jsvar['LINK'] = '<i class="fa fa-trash-o" title="' . dgettext('users', 'Delete user') . '"></i>'; $linkVar['command'] = 'editUser'; $links[] = PHPWS_Text::secureLink('<i class="fa fa-edit"></i>', 'users', $linkVar); $linkVar['command'] = 'setUserPermissions'; $links[] = PHPWS_Text::secureLink('<i class="fa fa-key" title="' . dgettext('users', 'Permissions') . '"></i>', 'users', $linkVar); if (!$this->isDeity() && $this->id != Current_User::getId()) { $links[] = Layout::getJavascript('confirm', $jsvar); } $template['ACTIONS'] = implode(' ', $links); if ($this->deity && !Current_User::isDeity()) { unset($template['ACTIONS']); } return $template; }
/** * Save * * @author Greg Meiste <*****@*****.**> */ function save() { if (empty($_POST['summary'])) { return dgettext('wiki', 'You need to supply a summary.'); } PHPWS_Core::initModClass('filecabinet', 'Image.php'); $this->setSummary($_POST['summary']); $this->setOwnerId(Current_User::getId()); $this->setCreated(mktime()); $image = new PHPWS_Image(); $image->setDirectory('images/wiki/'); if (!$image->importPost('filename')) { if (isset($image->_errors) && sizeof($image->_errors)) { foreach ($image->_errors as $oError) { $imageErrors[] = $oError->getMessage(); } return implode(' ', $imageErrors); } return dgettext('wiki', 'Please specify a valid file to upload.'); } else { $image->setFilename(str_replace(' ', '_', $image->file_name)); if (is_file(PHPWS_HOME_DIR . 'images/wiki/' . $image->file_name)) { $image->setFilename($this->created . '_' . $image->file_name); } if (PHPWS_Error::logIfError($image->write())) { return dgettext('wiki', 'There was a problem saving your image.'); } $this->setFilename($image->file_name); $this->setSize($image->getSize()); $this->setType($image->file_type); } $db = new PHPWS_DB('wiki_images'); if (PHPWS_Error::logIfError($db->saveObject($this))) { @unlink(PHPWS_HOME_DIR . 'images/wiki/' . $this->getFilename()); return dgettext('wiki', 'There was a problem saving your image.'); } return dgettext('wiki', 'Image Saved!'); }
public static function getSystemDepartments() { $user_id = \Current_User::getId(); $permission_db = \Database::getDB(); $permissions_tbl = $permission_db->addTable('systems_permission'); $permissions_tbl->addField('departments'); $permissions_tbl->addField('user_id'); $permissions_tbl->addFieldConditional('user_id', $user_id); $permission_result = $permission_db->select(); $db = \Database::getDB(); $tbl = $db->addTable('systems_department'); $tbl->addField('id'); $tbl->addField('display_name'); $tbl->addFieldConditional('active', '1'); $tbl->addFieldConditional('id', '1', '!='); $tbl->addOrderBy('display_name'); if (!empty($permission_result)) { $dep = $permission_result[0]['departments']; $deps = explode(':', $dep); $cond = NULL; foreach ($deps as $val) { $tmp_cond = new \Database\Conditional($db, 'id', $val, '='); if (empty($cond)) { $cond = $tmp_cond; } else { $cond = new \Database\Conditional($db, $cond, $tmp_cond, 'OR'); } } $db->addConditional($cond); } $result = $db->select(); if (empty($result)) { return 0; } //should be exception return $result; }
/** * Returns a list of schedules according to the user's permissions */ public function getScheduleList($mode = 'object') { $db = new PHPWS_DB('calendar_schedule'); Key::restrictView($db); $user_id = Current_User::getId(); if ($user_id) { // this should always be true, adding just to create another where group $db->addWhere('id', 0, '>', 'and', 'user_cal0'); $db->addWhere('user_id', $user_id, '=', 'and', 'user_cal1'); $db->addWhere('public', 0, '=', 'and', 'user_cal1'); $db->addWhere('public', 1, '=', 'or', 'user_cal2'); $db->setGroupConj('user_cal1', 'and'); $db->setGroupConj('user_cal2', 'or'); $db->groupIn('user_cal1', 'user_cal0'); $db->groupIn('user_cal2', 'user_cal0'); } else { $db->addWhere('public', 1); } $db->addOrder('title'); switch ($mode) { case 'object': return $db->getObjects('Calendar_Schedule'); break; case 'brief': $db->addColumn('id'); $db->addColumn('title'); $db->setIndexBy('id'); return $db->select('col'); break; } }
public static function giveItemPermission($key) { $result = Users_Permission::giveItemPermission(Current_User::getId(), $key); $_SESSION['User']->loadUserGroups(); $_SESSION['User']->loadPermissions(); }