static function ajax_get_model($folder, $view) { self::_require_access($folder, "read", $view); $sgsml = new sgsml($folder, $view, array(), false); $view = $sgsml->view; $model = array('groupby' => $sgsml->schema["views"][$view]["GROUPBY"], 'start' => 0, 'limit' => $sgsml->schema["views"][$view]["LIMIT"], 'sort' => array("field" => $sgsml->schema["views"][$view]["ORDERBY"], "direction" => $sgsml->schema["views"][$view]["ORDER"]), 'fields' => array(), 'folder' => $folder, 'view' => $view, 'writable' => db_get_right($sgsml->folder, "write")); foreach ($sgsml->current_fields as $name => $field) { $model["fields"][$name] = array("name" => $name, "header" => empty($field["DISPLAYNAME"]) ? ucfirst($name) : $field["DISPLAYNAME"], "type" => "text", "hidden" => isset($field["HIDDENIN"][$view]) or isset($field["HIDDENIN"]["all"])); } return $model; }
function _build_merge_folders($tfolders, $tfolder, $view, $write = false) { $folders = array(); $tfolders[] = $tfolder; $tfolders = array_values(array_unique($tfolders)); if (count($tfolders) > 1 or $tfolders[0] != $tfolder) { $colors = array("#DDDDFF", "#CCFFCC", "#FFDDFF", "#FFDDAA", "#FFCCCC", "#CCFFFF", "#FFFFAA", "#CCCCCC", "#FFFFFF", "#AAAAFF", "#99FF99", "#FF99FF", "#FFAA33", "#FFAAAA", "#6699FF", "#CCCC00", "#999999", "#00CC66", "#CC9933", "#CC6600"); foreach ($tfolders as $key => $folder) { if (empty($folder) or !db_get_right($folder, $write ? "write" : "read", $view)) { continue; } if (!isset($colors[$key])) { $colors[$key] = ""; } $folders[$folder] = array($folder, $colors[$key]); } } else { $folders[$tfolder] = array($tfolder, ""); } return $folders; }
/** * Check required access rights for folder and view * - exit when access is denied * * @param int|string $folder Folder ID or String (/Workspace/.../) * @param string $right Right (read, write, admin) * @param string $view View name (e.g. display, details), optional */ protected static function _require_access(&$folder, $right = "read", $view = "") { // /Workspace/ => 101 $folder = folder_from_path($folder); if (!db_get_right($folder, $right, $view)) { if ($right == "read") { $right = "{t}read access{/t}"; } if ($right == "write") { $right = "{t}write access{/t}"; } if ($right == "admin") { $right = "{t}admin access{/t}"; } exit("{t}Access denied.{/t} " . sprintf("{t}missing right: %s{/t}", $right . " (" . $folder . ")")); } }
private static function _copy($ccp, $folder, $sgsml, $delete) { $tname = $sgsml->tname; $vars = array("handler" => $ccp["handler"], "sqlvarsnoquote" => $ccp["vars_noquote"], "custom_name" => $ccp["custom_name"], "default_sql" => $ccp["default_sql"]); $rows = db_select($ccp["tname"], $ccp["data_fields"], $ccp["where"], "", "", array("item" => $ccp["items"], "folder" => $ccp["folder"], "folders" => $ccp["folders"]), $vars); if (is_array($rows) and count($rows) < count($ccp["items"])) { exit("{t}Item(s) not found or access denied.{/t}"); } foreach (self::_get_mappings("->") as $mapping) { if (!strpos($mapping[1], "=")) { continue; } $mapping[1] = explode(".", $mapping[1]); if ("simple_" . $mapping[0] == $ccp["tname"] and "simple_" . $mapping[1][0] == $tname) { $sgsml->patch_fields(array_slice($mapping[1], 1)); } } $mappings = array(); foreach (self::_get_mappings("|") as $mapping) { if (strpos($mapping[0], "->")) { continue; } $mapping1 = explode(".", $mapping[0]); $mapping2 = explode(".", $mapping[1]); $key = "simple_" . $mapping1[0] . ".simple_" . $mapping2[0]; $mappings[$key][$mapping2[1]] = $mapping1[1]; $key = "simple_" . $mapping2[0] . ".simple_" . $mapping1[0]; $mappings[$key][$mapping1[1]] = $mapping2[1]; } $default_values = folder_get_default_values($folder); $messages = array(); foreach ($rows as $row) { if (empty($row["folder"]) or !db_get_right($row["folder"], "read")) { continue; } if (isset($mappings[$ccp["tname"] . "." . $tname])) { foreach ($mappings[$ccp["tname"] . "." . $tname] as $to => $from) { $row[$to] = $row[$from]; } } $row = array_merge($row, $default_values); foreach (array_keys($row) as $key) { if (!isset($sgsml->fields[$key])) { unset($row[$key]); continue; } $field = $sgsml->fields[$key]; if ((isset($field["KEY"]) or isset($field["IS_UNIQUE"])) and !empty($row[$key]) and !isset($field["READONLYIN"])) { $val = $row[$key]; $step = 1; while ($step < 100 and validate::itemexists($tname, array($key => $val), -1) != "") { $step++; $val = $row[$key] . "_" . $step; } $row[$key] = $val; } if (isset($field["RESTORE"])) { $row[$key] = self::_restore_value($row, $key, $field["RESTORE"]); } } $id = $row["id"]; $row["id"] = -1; $row["folder"] = $folder; if (isset($row["syncid"])) { $row["syncid"] = ""; } $newfiles = array(); if (is_array($ccp["file_fields"]) and count($ccp["file_fields"]) > 0) { foreach ($ccp["file_fields"] as $file_field) { if (!empty($row[$file_field])) { $data_files = explode("|", trim($row[$file_field], "|")); $row[$file_field] = array(); foreach ($data_files as $file) { if (!file_exists($file)) { continue; } $target = self::_paste_item_copyfile($file, $row["id"], $tname); $row[$file_field][] = $target; $newfiles[] = $target; } $row[$file_field] = implode("|", $row[$file_field]); } } } if (!empty($sgsml->att["DISABLE_TRIGGER_CCP"])) { unset($sgsml->att["TRIGGER_NEW"]); } $result = $sgsml->insert($row); if (!is_numeric($result)) { if (is_array($result) and count($result) > 0) { $message = "{t}Error pasting asset{/t}:"; foreach ($result as $field => $errors) { foreach ($errors as $error) { $message .= "\n" . $error[0] . ": " . $error[1]; } } } else { $message = $result; } $messages[] = $message; } else { if ($delete) { asset::delete_items($ccp["folder"], "display", array($id), $ccp["delete_mode"]); } sys_log_stat("copied_records", 1); } foreach ($newfiles as $file) { if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) { @unlink($file); } } } return $messages; }
private function _save(array &$data, $id = -1) { $insert = ($id > 0 or !is_numeric($id)) ? false : true; if (count($data) == 0) { return array(); } if (!empty($this->att["DEFAULT_SQL"]) and $this->att["DEFAULT_SQL"] == "no_select") { return self::_error("{t}Module{/t}", "{t}Access denied.{/t}"); } if (!empty($data["folder"])) { // check permissions if (!db_get_right($data["folder"], "write", $this->view)) { return self::_error("{t}Folder{/t}", "{t}Access denied.{/t}", "folder"); } $this->folder = $data["folder"]; } else { $data["folder"] = $this->folder; } // fill data array list($rdata, $data_row, $error) = $this->_complete_data($data, $id); if ($error) { return $error; } // validate if ($result = $this->_validate($rdata, $id)) { return $result; } if ($insert) { $id = sql_genID($this->tname) * 100; $sql_data = array("id" => $id, "dsize" => 0, "history" => sprintf("{t}Item created by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}"))); } else { $sql_data = array("dsize" => 0, "history" => sprintf("{t}Item edited (%s) by %s at %s{/t}\n", "@fields@", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}"))); } // count sizes, move files to store, delete old files foreach ($this->current_fields as $field_name => $field) { if ($field["SIMPLE_TYPE"] == "id") { continue; } if ($field["SIMPLE_TYPE"] == "files" and !empty($rdata[$field_name])) { foreach ($rdata[$field_name] as $val) { if (file_exists($val)) { $sql_data["dsize"] += filesize($val); } } // TODO 2 store handler? if (!empty($data_row[$field_name])) { $data_old = explode("|", trim($data_row[$field_name], "|")); foreach ($data_old as $filekey => $file) { if (in_array($file, $rdata[$field_name])) { continue; } if (ARCHIVE_DELETED_FILES and file_exists($file)) { $i = 1; $m = ""; $trash_name = SIMPLE_STORE . "/trash/" . $this->folder . "_" . $id . "_"; $trash_file = modify::basename($file); while (file_exists($trash_name . $m . $trash_file)) { $m = $i++ . "_"; } rename($file, $trash_name . $m . $trash_file); touch($trash_name . $m . $trash_file); } else { @unlink($file); } } } foreach ($rdata[$field_name] as $filekey => $file) { if ($file == "") { unset($rdata[$field_name][$filekey]); $data[$field_name] = implode("|", $rdata[$field_name]); continue; } if (file_exists(SIMPLE_CACHE . "/upload/" . basename($file))) { $filebase = modify::basename(basename($file)); list($target, $filename) = sys_build_filename($filebase, $this->tname); dirs_checkdir($target); $target .= sys_get_pathnum($id) . "/"; dirs_checkdir($target); $target .= md5($id) . $filename; rename(SIMPLE_CACHE . "/upload/" . basename($file), $target); $rdata[$field_name][$filekey] = $target; $data[$field_name] = implode("|", $rdata[$field_name]); } } $basenames = array(); foreach (array_reverse($rdata[$field_name]) as $filekey => $file) { $basename = modify::basename($file); if (isset($basenames[$basename])) { $old_filekey = $basenames[$basename]; $basename = preg_replace("|_rev\\d+|", "", $basename); $base = $basename; $i = 1; while (isset($basenames[$basename])) { if ($pos = strrpos($base, ".")) { $basename = substr($base, 0, $pos) . "_rev" . $i++ . substr($base, $pos); } else { $basename = $base . "_rev" . $i++; } } $target = str_replace(modify::basename($file), $basename, $file); if (rename($file, $target)) { // swap $rdata[$field_name][$filekey] = $rdata[$field_name][$old_filekey]; $rdata[$field_name][$old_filekey] = $target; $data[$field_name] = implode("|", $rdata[$field_name]); } } $basenames[$basename] = $filekey; } } if (!empty($field["STORE"]) and is_array($field["STORE"])) { foreach ($field["STORE"] as $store) { list($class, $function, $params) = sys_find_callback("modify", $store["FUNCTION"]); $rdata[$field_name] = call_user_func(array($class, $function), $rdata[$field_name], $rdata, $params); } } if (!isset($sql_data[$field_name]) and !is_null($rdata[$field_name])) { $sql_data[$field_name] = $rdata[$field_name]; } } // transform foreach ($sql_data as $key => $value) { $sql_data[$key] = self::scalarize($value, $this->fields[$key]); } // reduce to new values $sys_fields = array("history" => "", "dsize" => "", "seen" => ""); foreach ($sql_data as $data_key => $data_value) { if (isset($sys_fields[$data_key])) { continue; } $addfield = true; $field = $this->fields[$data_key]; if (!isset($this->current_fields[$data_key])) { $addfield = false; } if (isset($field["NOTINALL"])) { $addfield = false; } if (isset($field["NOTIN"]) and in_array($this->view, $field["NOTIN"])) { $addfield = false; } if (isset($field["READONLYIN"]) and (in_array($this->view, $field["READONLYIN"]) or in_array("all", $field["READONLYIN"]))) { $addfield = false; } if (isset($field["ONLYIN"])) { if (in_array($this->view, $field["ONLYIN"])) { $addfield = true; } else { $addfield = false; } } if (!$addfield) { unset($sql_data[$data_key]); } } // build history $sql_data = $this->build_history($sql_data, $data_row); if (!array_diff(array_keys($sql_data), array("history", "seen"))) { $sql_data = array(); } // save in db if ($insert) { $error_sql = db_insert($this->tname, $sql_data, array("handler" => $this->handler)); if ($error_sql != "") { return self::_error("{t}SQL failed.{/t}", $error_sql); } if ($this->notification) { sys_notification("{t}Item successfully created.{/t} (" . $id . ")"); } } else { if (count($sql_data) == 0) { return $id; } $error_sql = db_update($this->tname, $sql_data, array("id=@id@"), array("id" => $id, "folder" => $this->folder), array("handler" => $this->handler)); if ($error_sql != "") { return self::_error("{t}SQL failed.{/t}", $error_sql); } if ($this->notification) { sys_notification("{t}Item successfully updated.{/t} (" . (is_numeric($id) ? $id : 1) . ")"); } } if (empty($this->handler)) { db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $this->folder)); db_update_treesize($this->tname, $this->folder); if (!$insert and $this->folder != $data_row["folder"]) { db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $data_row["folder"])); db_update_treesize($this->tname, $data_row["folder"]); db_search_delete($this->tname, $id, $data_row["folder"]); } if (empty($this->att["NO_SEARCH_INDEX"])) { db_search_update($this->tname, $id, $this->fields); } sys_log_stat($insert ? "new_records" : "changed_records", 1); } // call triggers $trigger = ""; if ($insert and !empty($this->att["TRIGGER_NEW"])) { $trigger = $this->att["TRIGGER_NEW"]; } if (!$insert and !empty($this->att["TRIGGER_EDIT"])) { $trigger = $this->att["TRIGGER_EDIT"]; } if ($trigger and $result = asset_process_trigger($trigger, $id, $rdata, $this->tname)) { return self::_error("{t}Trigger failed{/t}", $result); } // send notification $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $this->folder)); if ($tree_notification != "") { $rdata["notification"] .= "," . $tree_notification; } if (!$insert and $this->folder != $data_row["folder"]) { $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $data_row["folder"])); if ($tree_notification != "") { $rdata["notification"] .= "," . $tree_notification; } } if (!empty($rdata["notification"])) { $rdata["notification"] = trim($rdata["notification"], ","); $smtp_data = asset::build_notification($this->att["NAME"], $this->current_fields, $rdata, $sql_data, $id, $data_row); if ($result = asset_process_trigger("sendmail", $id, $smtp_data)) { return self::_error("{t}Trigger failed{/t}", $result); } } // update stats if (!empty($this->handler)) { foreach ($sql_data as $data_key => $data_value) { $field = $this->fields[$data_key]; if ($field["SIMPLE_TYPE"] != "files") { continue; } foreach (explode("|", $data_value) as $file) { if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) { @unlink($file); } } } } return $id; }
function _upload_create_file($db_path, $target_lnk, $path, $filename) { list($id, $left, $unused) = _upload_process_folder_string($db_path . "/"); if ($left != 0 or $id == 0) { sys_error("path not found", "409 Conflict"); } $ftype = db_select_value("simple_sys_tree", "ftype", "id=@id@", array("id" => $id)); if (db_get_right($id, "write") and !empty($ftype) and $ftype == "files") { list($target, $a_filename) = sys_build_filename($filename, "simple_files"); dirs_checkdir($target); $target .= sys_get_pathnum($id) . "/"; dirs_checkdir($target); $target .= md5($id) . $a_filename; if ($fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) { while (!feof($fp)) { fwrite($ft, fread($fp, 8192)); } fclose($fp); fclose($ft); $a_id = sql_genID("simple_files") * 100; $data = array("id" => $a_id, "folder" => $id, "dsize" => filesize($target), "filedata" => "|" . $target . "|", "filename" => $filename, "rread_users" => "|anonymous|", "rwrite_users" => "|anonymous|", "history" => t("{t}Item created by %s at %s{/t}", $_SESSION["username"], sys_date(t("{t}m/d/y g:i:s a{/t}"))) . "\n"); $error_sql = db_insert("simple_files", $data); if ($error_sql == "") { db_update_treesize("simple_files", $id); $fields = array("filename" => "text", "filedata" => "files", "folder" => "id", "id" => "id"); db_search_update("simple_files", $a_id, array(), $fields); sys_log_stat("new_records", 1); file_put_contents($target_lnk, $path . "/" . $a_id . "_0__" . $filename . "\n" . $target, LOCK_EX); _upload_success(); } } } sys_error("cant write new", "403 Forbidden"); }