/**
* create shorcut(s)
* @param object $p input params
* @return json responce
*/
public function shortcut($p)
{
if (!$this->validateParams($p)) {
return array('success' => false, 'msg' => L\get('ErroneousInputData'));
}
/* security checks */
foreach ($p['sourceIds'] as $sourceId) {
if (!\CB\Security::canRead($sourceId)) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
}
if (!\CB\Security::canWrite($p['targetId'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
$rez = array('success' => true, 'targetId' => $p['targetId'], 'processedIds' => array());
$shortcutObject = new Objects\Shortcut();
foreach ($p['sourceIds'] as $id) {
$rez['processedIds'][] = $shortcutObject->create(array('id' => null, 'pid' => $p['targetId'], 'target_id' => $id));
}
Solr\Client::runCron();
return $rez;
}
/**
* move an object to $pid or over $targetId
*
* we'll use the same principle as for copy
*
* @param int $pid if not specified then will be set to pid of targetId
* @param int $targetId
* @return int the id of moved object or false
*/
public function moveTo($pid = false, $targetId = false)
{
// check input params
if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) {
return false;
}
/* security check */
if (!\CB\Security::canRead($this->id)) {
return false;
}
/* end of security check */
//load current object from db into a variable to be passed to log and events
$this->oldObject = clone $this;
$this->oldObject->load($this->id);
if (is_numeric($targetId)) {
/* target security check */
if (!\CB\Security::canWrite($targetId)) {
return false;
}
/* end of target security check */
// marking overwriten object with dstatus = 3
DB\dbQuery('UPDATE tree
SET updated = 1
,dstatus = 3
,did = $2
WHERE id = $1', array($targetId, $_SESSION['user']['id'])) or die(DB\dbQueryError());
//get pid from target if not specified
$res = DB\dbQuery('SELECT pid FROM tree WHERE id = $1', $targetId) or die(DB\dbQueryError());
if ($r = $res->fetch_assoc()) {
$pid = $r['pid'];
}
$res->close();
} else {
/* pid security check */
if (!\CB\Security::canWrite($pid)) {
return false;
}
/* end of pid security check */
}
/* check again if we have pid set
It can be unset when not existent $targetId is specified
*/
if (!is_numeric($pid)) {
return false;
}
// moving the object to $pid
DB\dbQuery('UPDATE tree
SET updated = 1
,pid = $2
WHERE id = $1', array($this->id, $pid)) or die(DB\dbQueryError());
$this->moveCustomDataTo($pid);
// move childs from overwriten targetId (which has been marked with dstatus = 3)
// to newly copied object
if (is_numeric($targetId)) {
DB\dbQuery('UPDATE tree
SET updated = 1
,pid = $2
WHERE pid = $1 AND
dstatus = 0', array($targetId, $this->id)) or die(DB\dbQueryError());
}
$this->load();
$this->logAction('move', array('old' => $this->oldObject));
return $this->id;
}
/**
* get objects acl list
* @param $p client side request params with field config
* @param boolean $inherited flag to include inherited rules also
* @return array json responce
*/
public function getObjectAcl($p, $inherited = true)
{
$rez = array('success' => true, 'data' => array(), 'name' => '');
if (!is_numeric($p['id'])) {
return $rez;
}
$id = $p['id'];
if (empty($this->internalAccessing) && !Security::canRead($id)) {
throw new \Exception(L\get('Access_denied'));
}
$obj = Objects::getCachedObject($id);
$od = $obj->getData();
$rez['name'] = $obj->getHtmlSafeName();
$rez['inherit_acl'] = $od['inherit_acl'];
/* set object title, path and inheriting access ids path*/
$objIds = array();
$res = DB\dbQuery('SELECT
ti.`path`
,ts.`set` `obj_ids`
FROM tree_info ti
LEFT JOIN tree_acl_security_sets ts ON ti.security_set_id = ts.id
WHERE ti.id = $1', $id);
if ($r = $res->fetch_assoc()) {
$objIds = explode(',', $r['obj_ids']);
}
$res->close();
/* end of set object title and path*/
/* get the full set of access credentials(users and/or groups) including inherited from parents */
$res = DB\dbQuery('SELECT DISTINCT u.id
,u.`name`
,u.`first_name`
,u.`last_name`
,u.`system`
,u.`enabled`
,u.`type`
,u.`sex`
FROM tree_acl a
JOIN users_groups u ON a.user_group_id = u.id
WHERE a.node_id ' . ($inherited ? ' in (0' . implode(',', $objIds) . ')' : ' = $1 ') . ' ORDER BY u.`type`, 2', $id);
while ($r = $res->fetch_assoc()) {
$r['user_group_id'] = $r['id'];
$r['name'] = User::getDisplayName($r);
$r['iconCls'] = $r['type'] == 1 ? 'icon-users' : 'icon-user-' . $r['sex'];
unset($r['sex']);
$access = $this->getUserGroupAccessForObject($id, $r['id']);
$r['allow'] = implode(',', $access[0]);
$r['deny'] = implode(',', $access[1]);
$rez['data'][] = $r;
}
$res->close();
/* end of get the full set of access credentials(users and/or groups) including inherited from parents */
return $rez;
}
/**
* add comments for an objects
* @param array $p input params (id, msg)
*/
public function addComment($p)
{
$rez = array('success' => false);
if (empty($p['id']) || !is_numeric($p['id']) || empty($p['msg'])) {
$rez['msg'] = L\get('Wrong_input_data');
return $rez;
}
if (!Security::canRead($p['id'])) {
throw new \Exception(L\get('Access_denied'));
}
$commentTemplates = Templates::getIdsByType('comment');
if (empty($commentTemplates)) {
$rez['msg'] = 'No comment templates found';
return $rez;
}
$co = new Objects\Comment();
$data = array('pid' => $p['id'], 'draftId' => @$p['draftId'], 'template_id' => array_shift($commentTemplates), 'system' => 2, 'data' => array('_title' => $p['msg']));
$id = $co->create($data);
Solr\Client::runCron();
return array('success' => true, 'data' => \CB\Objects\Plugins\Comments::loadComment($id));
}
/**
* move an object to $pid or over $targetId
*
* we'll use the same principle as for copy
*
* @param int $pid if not specified then will be set to pid of targetId
* @param int $targetId
* @return int the id of moved object or false
*/
public function moveTo($pid = false, $targetId = false)
{
// check input params
if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) {
return false;
}
/* security check */
if (!\CB\Security::canRead($this->id)) {
return false;
}
/* end of security check */
//load current object from db into a variable to be passed to log and events
$this->oldObject = clone $this;
$this->oldObject->load($this->id);
if (is_numeric($targetId)) {
/* target security check */
if (!\CB\Security::canWrite($targetId)) {
return false;
}
/* end of target security check */
// marking overwriten object with dstatus = 3
DM\Tree::update(array('id' => $targetId, 'updated' => 1, 'dstatus' => 3, 'did' => User::getId()));
$r = DM\Tree::read($targetId);
if (!empty($r)) {
$pid = $r['pid'];
}
} else {
/* pid security check */
if (!\CB\Security::canWrite($pid)) {
return false;
}
/* end of pid security check */
}
/* check again if we have pid set
It can be unset when not existent $targetId is specified
*/
if (!is_numeric($pid)) {
return false;
}
// moving the object to $pid
DM\Tree::update(array('id' => $this->id, 'pid' => $pid, 'updated' => 1));
$this->moveCustomDataTo($pid);
// move childs from overwriten targetId (which has been marked with dstatus = 3)
// to newly copied object
if (is_numeric($targetId)) {
DM\Tree::moveActiveChildren($targetId, $this->id);
}
$this->load();
$this->logAction('move', array('old' => $this->oldObject));
return $this->id;
}
/**
* get objects acl list
* @param $p client side request params with field config
* @param boolean $inherited flag to include inherited rules also
* @return array json responce
*/
public function getObjectAcl($p, $inherited = true)
{
$rez = array('success' => true, 'data' => array(), 'name' => '');
if (!is_numeric($p['id'])) {
return $rez;
}
if (empty($this->internalAccessing) && !Security::canRead($p['id'])) {
throw new \Exception(L\get('Access_denied'));
}
/* set object title, path and inheriting access ids path*/
$obj_ids = array();
$res = DB\dbQuery('SELECT
ti.`path`
,t.name
,t.inherit_acl
,ts.`set` `obj_ids`
FROM tree t
JOIN tree_info ti ON t.id = ti.id
LEFT JOIN tree_acl_security_sets ts ON ti.security_set_id = ts.id
WHERE t.id = $1', $p['id']) or die(DB\dbQueryError());
if ($r = $res->fetch_assoc()) {
$rez['path'] = Path::replaceCustomNames($r['path']);
$rez['name'] = Path::replaceCustomNames($r['name']);
$rez['inherit_acl'] = $r['inherit_acl'];
$obj_ids = explode(',', $r['obj_ids']);
}
$res->close();
/* end of set object title and path*/
/* get the full set of access credentials(users and/or groups) including inherited from parents */
$lid = Config::get('user_language_index', 1);
$res = DB\dbQuery('SELECT DISTINCT u.id
, u.l' . $lid . ' `name`
, u.`system`
, u.`enabled`
, u.`type`
, u.`sex`
FROM tree_acl a
JOIN users_groups u ON a.user_group_id = u.id
WHERE a.node_id ' . ($inherited ? ' in (0' . implode(',', $obj_ids) . ')' : ' = $1 ') . ' ORDER BY u.`type`, 2', $p['id']) or die(DB\dbQueryError());
while ($r = $res->fetch_assoc()) {
$r['user_group_id'] = $r['id'];
$r['iconCls'] = $r['type'] == 1 ? 'icon-users' : 'icon-user-' . $r['sex'];
unset($r['sex']);
$access = $this->getUserGroupAccessForObject($p['id'], $r['id']);
$r['allow'] = implode(',', $access[0]);
$r['deny'] = implode(',', $access[1]);
$rez['data'][] = $r;
}
$res->close();
/* end of get the full set of access credentials(users and/or groups) including inherited from parents */
return $rez;
}
