private function storePermissions()
{
global $objDatabase;
$status = true;
if ($this->protected) {
// set protection
if ($this->access_id || ($this->access_id = \Permission::createNewDynamicAccessId())) {
\Permission::removeAccess($this->access_id, 'dynamic');
if (count($this->access_groups)) {
\Permission::setAccess($this->access_id, 'dynamic', $this->access_groups);
}
} else {
// remove protection due that no new access-ID could have been created
$this->access_id = 0;
$status = false;
}
} elseif ($this->access_id) {
// remove protection
\Permission::removeAccess($this->access_id, 'dynamic');
$this->access_id = 0;
}
if (!$status) {
return false;
}
if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_download`\n SET\n `access_id` = " . intval($this->access_id) . "\n WHERE `id` = " . $this->id) === false) {
return false;
} else {
return true;
}
}
/**
* Validate and save settings from $_POST into the database.
*
* @global ADONewConnection
* @global array $_ARRAYLANG
*/
function _saveSettings()
{
global $objDatabase, $_ARRAYLANG;
$this->_arrSettings = $this->createSettingsArray();
for ($i = 0; $i <= 4; $i++) {
$oldMediaSetting = $this->_arrSettings['media' . $i . '_frontend_changable'];
$newMediaSetting = '';
if (isset($_POST['mediaSettings_Media' . $i . 'FrontendChangable'])) {
$newMediaSetting = $_POST['mediaSettings_Media' . $i . 'FrontendChangable'];
}
if (!is_numeric($newMediaSetting)) {
if (is_numeric($oldMediaSetting)) {
// remove AccessId
\Permission::removeAccess($oldMediaSetting, 'dynamic');
}
// save new setting
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . contrexx_addslashes($newMediaSetting) . '"
WHERE `name` = "media' . $i . '_frontend_changable"
');
} else {
$accessGroups = '';
if (isset($_POST['media' . $i . '_access_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_access_associated_groups'];
}
// get groups
\Permission::removeAccess($oldMediaSetting, 'dynamic');
if (isset($_POST['media' . $i . '_access_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_access_associated_groups'];
}
// add AccessID
$newMediaSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newMediaSetting, 'dynamic', $accessGroups);
}
$query = 'UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . intval($newMediaSetting) . '"
WHERE `name` = "media' . $i . '_frontend_changable"';
$objDatabase->Execute($query);
}
$oldManageSetting = $this->_arrSettings['media' . $i . '_frontend_managable'];
$newManageSetting = '';
if (isset($_POST['mediaSettings_Media' . $i . 'FrontendManagable'])) {
$newManageSetting = $_POST['mediaSettings_Media' . $i . 'FrontendManagable'];
}
if (!is_numeric($newManageSetting)) {
if (is_numeric($oldManageSetting)) {
// remove AccessId
\Permission::removeAccess($oldManageSetting, 'dynamic');
}
// save new setting
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . contrexx_addslashes($newManageSetting) . '"
WHERE `name` = "media' . $i . '_frontend_managable"
');
} else {
$accessGroups = '';
if (isset($_POST['media' . $i . '_manage_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_manage_associated_groups'];
}
// get groups
\Permission::removeAccess($oldManageSetting, 'dynamic');
if (isset($_POST['media' . $i . '_manage_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_manage_associated_groups'];
}
// add AccessID
$newManageSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newManageSetting, 'dynamic', $accessGroups);
}
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . intval($newManageSetting) . '"
WHERE `name` = "media' . $i . '_frontend_managable"
');
}
}
$this->_arrSettings = $this->createSettingsArray();
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_SETTINGS_SAVE_SUCCESSFULL'];
}
/**
* Clones the protection of this page to another page
* @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to get the same protection as $this
* @param boolean $frontend Wheter the front- or backend protection should be cloned
* @return boolean True on success, false otherwise
*/
public function copyProtection($page, $frontend)
{
if ($frontend) {
$accessId = $this->getFrontendAccessId();
} else {
$accessId = $this->getBackendAccessId();
}
$groups = \Permission::getGroupIdsForAccessId($accessId);
if ($frontend) {
$page->setFrontendProtection($this->isFrontendProtected());
$newAccessId = $page->getFrontendAccessId();
} else {
$page->setBackendProtection($this->isBackendProtected());
$newAccessId = $page->getBackendAccessId();
}
foreach ($groups as $groupId) {
if (!\Permission::setAccess($newAccessId, 'dynamic', $groupId)) {
return false;
}
}
return true;
}
public function setAssignedGroupIds($page, $ids, $frontend)
{
$accessId = $this->getAccessId($page, $frontend);
\Permission::setAccess($accessId, 'dynamic', $ids);
}
private function saveSettings()
{
global $objDatabase;
/**
* save mailtemplates
*/
foreach ($_POST["filesharingMail"] as $lang => $inputs) {
$objMailTemplate = $objDatabase->Execute("SELECT `subject`, `content` FROM " . DBPREFIX . "module_filesharing_mail_template WHERE `lang_id` = " . intval($lang));
$content = str_replace(array('{', '}'), array('[[', ']]'), contrexx_input2db($inputs["content"]));
if ($objMailTemplate === false or $objMailTemplate->RecordCount() == 0) {
$objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing_mail_template (`subject`, `content`, `lang_id`) VALUES ('" . contrexx_input2db($inputs["subject"]) . "', '" . contrexx_raw2db($content) . "', '" . contrexx_raw2db($lang) . "')");
} else {
$objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing_mail_template SET `subject` = '" . contrexx_input2db($inputs["subject"]) . "', `content` = '" . contrexx_raw2db($content) . "' WHERE `lang_id` = '" . contrexx_raw2db($lang) . "'");
}
}
/**
* save permissions
*/
\Cx\Core\Setting\Controller\Setting::init('FileSharing', 'config');
$oldFilesharingSetting = \Cx\Core\Setting\Controller\Setting::getValue('permission', 'FileSharing');
$newFilesharingSetting = $_POST['filesharingSettingsPermission'];
if (!is_numeric($newFilesharingSetting)) {
if (is_numeric($oldFilesharingSetting)) {
// remove AccessId
\Permission::removeAccess($oldFilesharingSetting, 'dynamic');
}
} else {
$accessGroups = '';
if (isset($_POST['filesharing_access_associated_groups'])) {
$accessGroups = $_POST['filesharing_access_associated_groups'];
}
// get groups
\Permission::removeAccess($oldFilesharingSetting, 'dynamic');
if (isset($_POST['filesharing_access_associated_groups'])) {
$accessGroups = $_POST['filesharing_access_associated_groups'];
}
// add AccessID
$newFilesharingSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newFilesharingSetting, 'dynamic', $accessGroups);
}
}
// save new setting
\Cx\Core\Setting\Controller\Setting::set('permission', $newFilesharingSetting);
\Cx\Core\Setting\Controller\Setting::updateAll();
}
/**
* Update news
*
* @global ADONewConnection
* @global array
* @global array
* @param integer $newsid
* @return boolean result
*/
function update()
{
global $objDatabase, $_ARRAYLANG, $_CONFIG;
if (!$this->hasCategories()) {
return $this->manageCategories();
}
if (isset($_POST['newsId'])) {
$objFWUser = \FWUser::getFWUserObject();
$id = intval($_POST['newsId']);
$userId = $objFWUser->objUser->getId();
$changelog = mktime();
$date = $this->dateFromInput($_POST['newsDate']);
$redirect = !empty($_POST['newsRedirect']) && $_POST['newsTypeRadio'] == 'redirect' ? contrexx_strip_tags($_POST['newsRedirect']) : '';
$source = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsSource']));
$url1 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl1']));
$url2 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl2']));
$newsPublisherName = !empty($_POST['newsPublisherName']) ? contrexx_input2raw($_POST['newsPublisherName']) : '';
$newsAuthorName = !empty($_POST['newsAuthorName']) ? contrexx_input2raw($_POST['newsAuthorName']) : '';
$newsPublisherId = !empty($_POST['newsPublisherId']) ? contrexx_input2raw($_POST['newsPublisherId']) : '0';
$newsAuthorId = !empty($_POST['newsAuthorId']) ? contrexx_input2raw($_POST['newsAuthorId']) : '0';
$newsCategories = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array();
$typeId = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0;
$newsScheduledActive = !empty($_POST['newsScheduled']) ? intval($_POST['newsScheduled']) : 0;
$status = empty($_POST['status']) ? $status = 0 : intval($_POST['status']);
$newsTeaserOnly = isset($_POST['newsUseOnlyTeaser']) ? intval($_POST['newsUseOnlyTeaser']) : 0;
$newsTeaserShowLink = isset($_POST['newsTeaserShowLink']) ? intval($_POST['newsTeaserShowLink']) : 0;
$newsTeaserImagePath = contrexx_addslashes($_POST['newsTeaserImagePath']);
$newsTeaserImageThumbnailPath = contrexx_addslashes($_POST['newsTeaserImageThumbnailPath']);
$newsTeaserFrames = '';
$newsComments = !empty($_POST['allowComment']) ? intval($_POST['allowComment']) : 0;
if (isset($_POST['newsTeaserFramesAsso']) && count($_POST['newsTeaserFramesAsso']) > 0) {
foreach ($_POST['newsTeaserFramesAsso'] as $frameId) {
intval($frameId) > 0 ? $newsTeaserFrames .= ';' . intval($frameId) : false;
}
}
$startDate = $this->dateFromInput($_POST['startDate']);
$endDate = $this->dateFromInput($_POST['endDate']);
$newsFrontendAccess = !empty($_POST['news_read_access']);
$newsFrontendGroups = $newsFrontendAccess && isset($_POST['news_read_access_associated_groups']) && is_array($_POST['news_read_access_associated_groups']) ? array_map('intval', $_POST['news_read_access_associated_groups']) : array();
$newsBackendAccess = !empty($_POST['news_modify_access']);
$newsBackendGroups = $newsBackendAccess && isset($_POST['news_modify_access_associated_groups']) && is_array($_POST['news_modify_access_associated_groups']) ? array_map('intval', $_POST['news_modify_access_associated_groups']) : array();
$objResult = $objDatabase->SelectLimit('SELECT `frontend_access_id`, `backend_access_id`, `userid` FROM `' . DBPREFIX . 'module_news` WHERE `id` = ' . $id, 1);
if ($objResult && $objResult->RecordCount() == 1) {
$newsFrontendAccessId = $objResult->fields['frontend_access_id'];
$newsBackendAccessId = $objResult->fields['backend_access_id'];
$newsUserId = $objResult->fields['userid'];
} else {
$newsFrontendAccessId = 0;
$newsBackendAccessId = 0;
$newsUserId = 0;
}
if ($this->arrSettings['news_message_protection'] == '1') {
if ($newsBackendAccessId && !\Permission::hasAllAccess() && !\Permission::checkAccess($newsBackendAccessId, 'dynamic', true) && $newsUserId != $objFWUser->objUser->getId()) {
return false;
}
if ($newsFrontendAccess) {
if ($newsFrontendAccessId) {
$objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsFrontendAccessId));
$arrFormerFrontendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array();
$arrNewGroups = array_diff($newsFrontendGroups, $arrFormerFrontendGroupIds);
$arrRemovedGroups = array_diff($arrFormerFrontendGroupIds, $newsFrontendGroups);
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds);
foreach ($arrUnknownNewGroups as $groupId) {
if (!in_array($groupId, $arrFormerFrontendGroupIds)) {
unset($arrNewGroups[array_search($groupId, $arrNewGroups)]);
}
}
$arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds);
foreach ($arrUnknownRemovedGroups as $groupId) {
if (in_array($groupId, $arrFormerFrontendGroupIds)) {
unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]);
}
}
}
if (count($arrRemovedGroups)) {
\Permission::removeAccess($newsFrontendAccessId, 'dynamic', $arrRemovedGroups);
}
if (count($arrNewGroups)) {
\Permission::setAccess($newsFrontendAccessId, 'dynamic', $arrNewGroups);
}
} else {
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$newsFrontendGroups = array_intersect($newsFrontendGroups, $arrUserGroupIds);
}
$newsFrontendAccessId = \Permission::createNewDynamicAccessId();
if (count($newsFrontendGroups)) {
\Permission::setAccess($newsFrontendAccessId, 'dynamic', $newsFrontendGroups);
}
}
} else {
if ($newsFrontendAccessId) {
\Permission::removeAccess($newsFrontendAccessId, 'dynamic');
}
$newsFrontendAccessId = 0;
}
if ($newsBackendAccess) {
if ($newsBackendAccessId) {
$objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsBackendAccessId));
$arrFormerBackendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array();
$arrNewGroups = array_diff($newsBackendGroups, $arrFormerBackendGroupIds);
$arrRemovedGroups = array_diff($arrFormerBackendGroupIds, $newsBackendGroups);
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds);
foreach ($arrUnknownNewGroups as $groupId) {
if (!in_array($groupId, $arrFormerBackendGroupIds)) {
unset($arrNewGroups[array_search($groupId, $arrNewGroups)]);
}
}
$arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds);
foreach ($arrUnknownRemovedGroups as $groupId) {
if (in_array($groupId, $arrFormerBackendGroupIds)) {
unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]);
}
}
}
if (count($arrRemovedGroups)) {
\Permission::removeAccess($newsBackendAccessId, 'dynamic', $arrRemovedGroups);
}
if (count($arrNewGroups)) {
\Permission::setAccess($newsBackendAccessId, 'dynamic', $arrNewGroups);
}
} else {
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$newsBackendGroups = array_intersect($newsBackendGroups, $arrUserGroupIds);
}
$newsBackendAccessId = \Permission::createNewDynamicAccessId();
if (count($newsBackendGroups)) {
\Permission::setAccess($newsBackendAccessId, 'dynamic', $newsBackendGroups);
}
}
} else {
if ($newsBackendAccessId) {
\Permission::removeAccess($newsBackendAccessId, 'dynamic');
}
$newsBackendAccessId = 0;
}
}
$objFWUser->objUser->getDynamicPermissionIds(true);
// find out original user's id
$orig_user_sql = "\n SELECT userid\n FROM " . DBPREFIX . "module_news\n WHERE id = '{$id}'\n ";
$orig_user_rs = $objDatabase->Execute($orig_user_sql);
if ($orig_user_rs == false) {
\DBG::msg("We're in trouble! sql failure: {$orig_user_sql}");
} else {
$orig_userid = $orig_user_rs->fields['userid'];
}
$set_userid = $orig_userid ? $orig_userid : $userId;
// $finishednewstext = $newstext.'<br>'.$_ARRAYLANG['TXT_LAST_EDIT'].': '.$date;
$activeLanguages = isset($_POST['newsManagerLanguages']) ? $_POST['newsManagerLanguages'] : array();
if (count(\FWLanguage::getActiveFrontendLanguages()) == 1) {
$activeLanguages = \FWLanguage::getActiveFrontendLanguages();
}
$locales = array('active' => $activeLanguages, 'title' => $_POST['newsTitle'], 'text' => $_POST['news_text'], 'teaser_text' => isset($_POST['newsTeaserText']) ? $_POST['newsTeaserText'] : array());
if (!$this->validateNews($locales, $newsCategories)) {
return $this->edit();
}
// store locales
$localesSaving = $this->storeLocales($id, $locales);
$categoryManipulation = $this->manipulateCategories($newsCategories, $id);
$relatedNews = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array();
$enableRelatedNews = !empty($_POST['enableRelatedNews']) ? 1 : 0;
$realtedNewsManipulation = $this->manipulateRelatedNews($relatedNews, $id);
$newsTags = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array();
$enableTags = !empty($_POST['enableTags']) ? intval($_POST['enableTags']) : 0;
//Update Tags
$tagManipulation = $this->manipulateTags($newsTags, $id);
// Set start and end dates as NULL if newsScheduled checkbox is not checked
if ($newsScheduledActive == 0) {
$startDate = NULL;
$endDate = NULL;
}
$objResult = $objDatabase->Execute("UPDATE " . DBPREFIX . "module_news\n SET date='" . $date . "',\n redirect='" . $redirect . "',\n source='" . $source . "',\n url1='" . $url1 . "',\n url2='" . $url2 . "',\n publisher='" . contrexx_raw2db($newsPublisherName) . "',\n publisher_id=" . intval($newsPublisherId) . ",\n author='" . contrexx_raw2db($newsAuthorName) . "',\n author_id=" . intval($newsAuthorId) . ",\n typeid='" . $typeId . "',\n userid = '" . $set_userid . "',\n status = '" . $status . "',\n " . (isset($_POST['validate']) ? "validated='1'," : "") . "\n startdate = " . $this->dbFromDate($startDate) . ",\n enddate = " . $this->dbFromDate($endDate) . ",\n frontend_access_id = '" . $newsFrontendAccessId . "',\n backend_access_id = '" . $newsBackendAccessId . "',\n " . ($_CONFIG['newsTeasersStatus'] == '1' ? "teaser_only = '" . $newsTeaserOnly . "',\n teaser_frames = '" . $newsTeaserFrames . "'," : "") . "\n teaser_show_link = " . $newsTeaserShowLink . ",\n teaser_image_path = '" . $newsTeaserImagePath . "',\n teaser_image_thumbnail_path = '" . $newsTeaserImageThumbnailPath . "',\n changelog = '" . $changelog . "',\n allow_comments = '" . $newsComments . "',\n enable_related_news='" . $enableRelatedNews . "',\n enable_tags='" . $enableTags . "'\n WHERE id = '" . $id . "'");
if ($objResult === false || $localesSaving === false || $categoryManipulation === false || $realtedNewsManipulation === false || $tagManipulation === false) {
$this->strErrMessage = empty($this->errMsg) ? $_ARRAYLANG['TXT_DATABASE_QUERY_ERROR'] : implode('<br>', $this->errMsg);
} else {
$this->createRSS();
$this->strOkMessage = $_ARRAYLANG['TXT_DATA_RECORD_UPDATED_SUCCESSFUL'];
}
}
return $this->overview();
}
private function storePermissions()
{
global $objDatabase;
if (!$this->permission_set) {
return true;
}
$status = true;
foreach ($this->arrPermissionTypes as $type) {
if ($this->{$type . '_protected'}) {
// set protection
if ($this->{$type . '_access_id'} || ($this->{$type . '_access_id'} = \Permission::createNewDynamicAccessId())) {
\Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic');
if (count($this->{$type . '_groups'})) {
\Permission::setAccess($this->{$type . '_access_id'}, 'dynamic', $this->{$type . '_groups'});
}
} else {
// remove protection due that no new access-ID could have been created
$this->{$type . '_access_id'} = 0;
$status = false;
}
} elseif ($this->{$type . '_access_id'}) {
// remove protection
\Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic');
$this->{$type . '_access_id'} = 0;
}
}
if (!$status) {
return false;
}
if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_category`\n SET\n `read_access_id` = " . intval($this->read_access_id) . ",\n `add_subcategories_access_id` = " . intval($this->add_subcategories_access_id) . ",\n `manage_subcategories_access_id` = " . intval($this->manage_subcategories_access_id) . ",\n `add_files_access_id` = " . intval($this->add_files_access_id) . ",\n `manage_files_access_id` = " . intval($this->manage_files_access_id) . "\n WHERE `id` = " . $this->id) === false) {
return false;
} else {
if ($this->set_permissions_recursive) {
foreach ($this->arrPermissionTypes as $type) {
$arrPermissions[$type] = array('protected' => $this->{$type . '_protected'}, 'groups' => $this->{$type . '_groups'});
}
$objSubcategory = Category::getCategories(array('parent_id' => $this->getId()));
while (!$objSubcategory->EOF) {
$objSubcategory->setPermissionsRecursive(true);
$objSubcategory->setPermissions($arrPermissions);
$objSubcategory->setVisibility($this->visibility);
$objSubcategory->store();
$objSubcategory->next();
}
}
return true;
}
}
