/** * verifyGalleryPermissions will check for permissive permissions of all galleries owning a given item * * @param array $pPermName * @access public * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure */ function verifyGalleryPermissions($pPermName) { global $gBitSystem, $gBitUser; $ret = FALSE; if ($this->isValid() && !empty($pPermName)) { // get all gallery content ids $galleryContentIds = $this->getParentGalleries(); if (!empty($galleryContentIds) && is_array($galleryContentIds)) { $gallery = new TreasuryGallery(); foreach ($galleryContentIds as $gcid) { // reduce load: we don't need to fully load the gallery to load the permissions $gallery->mContentId = $gcid; if ($gallery->hasUserPermission($pPermName)) { // we only need one gallery that allows us to download the file return TRUE; } } } } $gBitSystem->fatalPermission($pPermName); return $ret; }
/** * Get list of all treasury galleries * * @param $pListHash contains array of items used to limit search results * @param $pListHash[sort_mode] column and orientation by which search results are sorted * @param $pListHash[find] search for a gallery title - case insensitive * @param $pListHash[max_records] maximum number of rows to return * @param $pListHash[offset] number of results data is offset by * @param $pListHash[title] gallery name * @param $pListHash[parent_id] gallery parent_id * @param $pListHash[get_sub_tree] get the subtree to every gallery * @access public * @return List of galleries **/ function getList(&$pListHash) { global $gBitDbType, $gBitSystem, $gBitUser; LibertyContent::prepGetList($pListHash); $ret = $bindVars = array(); $selectSql = $joinSql = $orderSql = $whereSql = ''; if (@BitBase::verifyId($pListHash['root_structure_id'])) { $whereSql .= empty($whereSql) ? ' WHERE ' : ' AND '; $whereSql .= " ls.`root_structure_id`=? "; $bindVars[] = $pListHash['root_structure_id']; } if (!empty($pListHash['get_sub_tree'])) { $whereSql .= empty($whereSql) ? ' WHERE ' : ' AND '; $whereSql .= " ls.`structure_id`=ls.`root_structure_id` "; } if (!empty($pListHash['find'])) { $whereSql .= empty($whereSql) ? ' WHERE ' : ' AND '; $whereSql .= " UPPER( lc.`title` ) LIKE ? "; $bindVars[] = '%' . strtoupper($pListHash['find']) . '%'; } if (isset($pListHash['parent_id'])) { $whereSql .= empty($whereSql) ? ' WHERE ' : ' AND '; $whereSql .= ' ls.`parent_id` = ? '; $bindVars[] = $pListHash['parent_id']; } if (!empty($pListHash['sort_mode'])) { $orderSql .= " ORDER BY " . $this->mDb->convertSortmode($pListHash['sort_mode']) . " "; } else { // default sort mode makes list look nice $orderSql .= " ORDER BY ls.`root_structure_id`, ls.`structure_id` ASC"; } // update query with service sql $this->getServicesSql('content_list_sql_function', $selectSql, $joinSql, $whereSql, $bindVars); // get the number of files in this gallery if ($gBitDbType != 'mysql' && $gBitDbType != 'mysqli') { $subselect = ", (\n\t\t\t\tSELECT COUNT( trm.`item_content_id` )\n\t\t\t\tFROM `" . BIT_DB_PREFIX . "treasury_map` trm\n\t\t\t\tWHERE trm.`gallery_content_id`=trg.`content_id`\n\t\t\t) AS item_count"; } else { $subselect = ""; } // don't fetch trg.`is_private` for list, because it conflicts with gks.is_private // and it's not used on list anyway $query = "\n\t\t\tSELECT trg.`content_id`, trg.`structure_id`,\n\t\t\tls.`root_structure_id`, ls.`parent_id`,\n\t\t\tlc.`title`, lc.`data`, lc.`user_id`, lc.`content_type_guid`, lc.`created`, lc.`format_guid`, lch.`hits`,\n\t\t\tuue.`login` AS modifier_user, uue.`real_name` AS modifier_real_name,\n\t\t\tuuc.`login` AS creator_user, uuc.`real_name` AS creator_real_name {$subselect} {$selectSql}\n\t\t\tFROM `" . BIT_DB_PREFIX . "treasury_gallery` trg\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON ( lc.`content_id` = trg.`content_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "liberty_content_hits` lch ON ( lc.`content_id` = lch.`content_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "users_users` uuc ON ( uuc.`user_id` = lc.`user_id` )\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_structures` ls ON ( ls.`structure_id` = trg.`structure_id` )\n\t\t\t\t{$joinSql}\n\t\t\t{$whereSql}\n\t\t\t{$orderSql}"; $result = $this->mDb->query($query, $bindVars, $pListHash['max_records'], $pListHash['offset']); if (!empty($pListHash['get_sub_tree'])) { $struct = new LibertyStructure(); } while ($aux = $result->fetchRow()) { $hasUserPerm = TRUE; // check to see if we have premissions to do someing specific with this gallery if (!empty($pListHash['content_permission'])) { $gal = new TreasuryGallery(NULL, $aux['content_id']); if (!$gal->hasUserPermission($pListHash['content_permission'])) { $hasUserPerm = FALSE; } } if ($hasUserPerm) { $content_ids[] = $aux['content_id']; $aux['user'] = $aux['creator_user']; $aux['real_name'] = isset($aux['creator_real_name']) ? $aux['creator_real_name'] : $aux['creator_user']; $aux['editor'] = isset($aux['modifier_real_name']) ? $aux['modifier_real_name'] : $aux['modifier_user']; $aux['display_name'] = BitUser::getDisplayNameFromHash(FALSE, $aux); $aux['display_url'] = self::getDisplayUrlFromHash($aux); $aux['display_link'] = $this->getDisplayLink($aux['title'], $aux); $aux['thumbnail_url'] = liberty_fetch_thumbnails(array('storage_path' => $this->getGalleryThumbBaseUrl($aux['content_id']), 'mime_image' => FALSE)); // deal with the parsing $parseHash['format_guid'] = $aux['format_guid']; $parseHash['content_id'] = $aux['content_id']; $parseHash['user_id'] = $aux['user_id']; $parseHash['data'] = $aux['data']; $aux['parsed_data'] = $this->parseData($parseHash); // sucky additional query to fetch item number without subselect if ($gBitDbType == 'mysql' || $gBitDbType == 'mysqli') { $item_count_query = "SELECT COUNT( trm.`item_content_id` ) FROM `" . BIT_DB_PREFIX . "treasury_map` trm WHERE trm.`gallery_content_id`=?"; $aux['item_count'] = $this->mDb->getOne($item_count_query, array($aux['content_id'])); } if (!empty($pListHash['get_sub_tree'])) { $aux['subtree'] = $struct->getSubTree($aux['structure_id']); } $ret[$aux['content_id']] = $aux; } } $query = "SELECT COUNT( lc.`title` )\n\t\t\tFROM `" . BIT_DB_PREFIX . "treasury_gallery` trg\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_content` lc ON ( lc.`content_id` = trg.`content_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "users_users` uue ON ( uue.`user_id` = lc.`modifier_user_id` )\n\t\t\t\tLEFT OUTER JOIN `" . BIT_DB_PREFIX . "users_users` uuc ON ( uuc.`user_id` = lc.`user_id` )\n\t\t\t\tINNER JOIN `" . BIT_DB_PREFIX . "liberty_structures` ls ON ( ls.`structure_id` = trg.`structure_id` )\n\t\t\t{$joinSql} {$whereSql}"; $pListHash['cant'] = $this->mDb->getOne($query, $bindVars); LibertyContent::postGetList($pListHash); return $ret; }