/**
* Works the same as the allow static function but confirms the user's authorization code
*
* @param string module Name of the module checking
* @param string subpermission Name of the module permission to verify
* @param integer item_id Id of the item to verify
* @param string itename Name of the item permission
* @param boolean unrestricted_only If true, user must be have unrestricted
* priviledges for that module regardless of
* module, subpermission, or item id
*/
public static function authorized($module, $subpermission = null, $item_id = 0, $itemname = null, $unrestricted_only = false)
{
if ($unrestricted_only && Current_User::isRestricted($module)) {
return false;
}
if (!isset($_SESSION['User'])) {
return false;
}
return $_SESSION['User']->allow($module, $subpermission, $item_id, $itemname, true);
}
public function get($type)
{
switch ($type) {
case 'new':
if (Current_User::isRestricted('signup')) {
$this->signup->title = dgettext('signup', 'Sorry');
$this->signup->content = dgettext('signup', 'You do not have permission for this action.');
return;
}
case 'edit_sheet':
if (empty($this->signup->sheet)) {
$this->signup->loadSheet();
}
if (!Current_User::allow('signup', 'edit_sheet', $this->signup->sheet->id, 'sheet')) {
Current_User::disallow();
}
$this->editSheet();
break;
case 'list':
$this->signup->panel->setCurrentTab('list');
$this->listSignup();
break;
case 'edit_slots':
$this->editSlots();
break;
case 'edit_peep':
$this->editPeep();
break;
case 'edit_slot_popup':
$this->editSlotPopup();
break;
case 'edit_peep_popup':
$this->editPeepPopup();
break;
case 'user_signup':
$this->userSignup();
break;
case 'report':
$this->report();
break;
case 'email_applicants':
$this->emailApplicants();
break;
}
}
/**
* Handles admin functions outside of file manager.
* Expects an 'aop' command.
*/
public function admin()
{
$javascript = false;
// if true, sends to nakedDisplay
$this->loadPanel();
if (isset($_REQUEST['aop'])) {
$aop = $_REQUEST['aop'];
} else {
$aop = $this->panel->getCurrentTab();
}
if (!Current_User::isLogged()) {
Current_User::disallow();
return;
}
if ($aop != 'edit_image' && $aop != 'get_images' && !Current_User::allow('filecabinet')) {
Current_User::disallow();
return;
}
// Requires an unrestricted user
switch ($aop) {
case 'delete_folder':
case 'unpin':
if (Current_User::isRestricted('filecabinet')) {
Current_User::disallow();
}
}
switch ($aop) {
case 'image':
$this->panel->setCurrentTab('image');
$this->title = dgettext('filecabinet', 'Image folders');
$this->loadForms();
$this->forms->getFolders(IMAGE_FOLDER);
break;
case 'multimedia':
$this->panel->setCurrentTab('multimedia');
$this->title = dgettext('filecabinet', 'Multimedia folders');
$this->loadForms();
$this->forms->getFolders(MULTIMEDIA_FOLDER);
break;
case 'add_folder':
if (!Current_User::allow('filecabinet', 'edit_folders', null, null, true)) {
Current_User::disallow();
}
$javascript = true;
$this->loadFolder();
$this->addFolder();
break;
case 'classify':
if (!Current_User::isDeity()) {
Current_User::errorPage();
}
$this->loadForms();
$this->forms->classifyFileList();
break;
case 'classify_action':
if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) {
Current_User::errorPage();
}
$this->classifyAction();
break;
case 'classify_file':
if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) {
Current_User::disallow();
}
$this->loadForms();
if (!empty($_POST['file_list'])) {
$this->forms->classifyFile($_POST['file_list']);
} elseif (isset($_GET['file'])) {
$this->forms->classifyFile($_GET['file']);
} else {
$this->forms->classifyFileList();
}
break;
case 'post_classifications':
if (!Current_User::isDeity()) {
Current_User::errorPage();
}
$result = $this->classifyFiles();
if (is_array($result)) {
$this->message = implode('<br />', $result);
}
$this->loadForms();
$this->forms->classifyFileList();
break;
case 'unpin':
if (!Current_User::authorized('filecabinet')) {
Current_User::disallow();
}
Cabinet::unpinFolder();
PHPWS_Core::goBack();
break;
case 'pin_form':
$javascript = true;
@($key_id = (int) $_GET['key_id']);
if (!$key_id) {
javascript('close_refresh', array('refresh' => 0));
break;
}
$this->loadForms();
$this->forms->pinFolder($key_id);
break;
case 'delete_folder':
if (!Current_User::authorized('filecabinet', 'delete_folders', null, null, true)) {
Current_User::disallow();
}
$this->loadFolder();
$this->folder->delete();
PHPWS_Core::goBack();
break;
case 'delete_incoming':
if (!Current_User::isDeity()) {
Current_User::errorPage();
}
$this->deleteIncoming();
$this->loadForms();
$this->forms->classifyFileList();
break;
case 'document':
$this->panel->setCurrentTab('document');
$this->title = dgettext('filecabinet', 'Document folders');
$this->loadForms();
$this->forms->getFolders(DOCUMENT_FOLDER);
break;
case 'edit_folder_modal':
$javascript = true;
$this->loadFolder();
// permission check in function below
$this->editFolder(false);
break;
case 'edit_folder':
$javascript = true;
$this->loadFolder();
// permission check in function below
$this->editFolder(true);
break;
case 'change_tn':
$javascript = true;
$this->changeTN();
break;
case 'post_thumbnail':
$javascript = true;
if ($this->postTN()) {
javascript('close_refresh');
} else {
$this->message = dgettext('filecabinet', 'Could not save thumbnail image.');
$this->changeTN();
}
break;
case 'post_folder':
if (!Current_User::authorized('filecabinet', 'edit_folders')) {
Current_User::disallow();
}
$this->loadFolder();
if ($this->folder->post()) {
if (!$this->folder->save()) {
self::setMessage(dgettext('filecabinet', 'Failed to create folder. Please check your logs.'));
}
} else {
self::setMessage(dgettext('filecabinet', 'Failed to create folder. Please check your logs.'));
}
if (filter_input(INPUT_POST, 'js') == 1) {
javascript('close_refresh');
} else {
PHPWS_Core::goBack();
}
break;
case 'post_allowed_files':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
$this->loadForms();
$this->forms->postAllowedFiles();
$this->message = dgettext('filecabinet', 'File types saved.');
$this->title = dgettext('filecabinet', 'Allowed file types');
$this->content = $this->forms->fileTypes();
break;
case 'save_settings':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
$this->loadForms();
$result = $this->forms->saveSettings();
if (is_array($result)) {
$this->message = implode('<br />', $result);
} else {
$this->message = dgettext('filecabinet', 'Settings saved.');
}
case 'settings':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
$this->loadForms();
$this->title = dgettext('filecabinet', 'Settings');
$this->content = $this->forms->settings();
break;
case 'view_folder':
$this->viewFolder();
break;
case 'file_types':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
$this->loadForms();
$this->title = dgettext('filecabinet', 'Allowed file types');
$this->content = $this->forms->fileTypes();
break;
case 'fix_document_dir':
if (!Current_User::isDeity() || !Current_User::verifyAuthKey()) {
Current_User::disallow();
}
if (strtolower($_GET['confirm']) == 'yes') {
$this->fixDocumentDirectories();
}
PHPWS_Core::reroute('index.php?module=filecabinet&tab=settings');
}
$template['TITLE'] =& $this->title;
$template['MESSAGE'] =& $this->message;
$template['CONTENT'] =& $this->content;
if ($javascript) {
$main = PHPWS_Template::process($template, 'filecabinet', 'javascript.tpl');
Layout::nakedDisplay($main);
} else {
$main = PHPWS_Template::process($template, 'filecabinet', 'main.tpl');
$this->panel->setContent($main);
$finalPanel = $this->panel->display();
Layout::add(PHPWS_ControlPanel::display($finalPanel));
}
}
public function disapproveSuggestion($id)
{
if (!Current_User::authorized('calendar', 'edit_public') || Current_User::isRestricted('calendar')) {
PHPWS_Core::errorPage('403');
}
PHPWS_Core::initModClass('calendar', 'Suggestion.php');
$suggestion = new Calendar_Suggestion((int) $id);
if (!$suggestion->id) {
PHPWS_Core::errorPage('404');
}
return $suggestion->delete();
}
public function save()
{
PHPWS_Core::initModClass('search', 'Search.php');
if (!$this->id) {
$new = true;
$this->create_date = time();
} else {
$new = false;
}
$this->last_updated = time();
// If this page has a parent and the order is not set
// then increment
if (!$this->page_order && $this->parent_page) {
$page_order = $this->getLastPage();
if (!PHPWS_Error::logIfError($page_order)) {
$this->page_order = $page_order + 1;
} else {
$this->page_order = 1;
}
}
$db = new PHPWS_DB('ps_page');
if (PHPWS_Error::logIfError($db->saveObject($this))) {
return false;
}
$this->saveKey();
if ($new && Current_User::isRestricted('pagesmith')) {
Current_User::giveItemPermission($this->_key);
}
$search = new Search($this->key_id);
$search->resetKeywords();
$search->addKeywords($this->title);
PHPWS_Error::logIfError($search->save());
foreach ($this->_sections as $section) {
$section->pid = $this->id;
PHPWS_Error::logIfError($section->save($this->key_id));
}
PHPWS_Cache::remove($this->cacheKey());
}
public static function permission()
{
if (!isset($_REQUEST['key_id'])) {
return;
}
$key = new Key((int) $_REQUEST['key_id']);
if (!Key::checkKey($key, false)) {
return;
}
if (Current_User::isRestricted($key->module) || !$key->allowEdit()) {
Current_User::disallow();
}
// View permissions must be first to allow error checking
// Edit will add its list to the view
Users_Permission::postViewPermissions($key);
Users_Permission::postEditPermissions($key);
$result = $key->savePermissions();
if (isset($_POST['popbox'])) {
Layout::nakedDisplay(javascript('close_refresh', array('refresh' => 0)));
} else {
if (PHPWS_Error::logIfError($result)) {
$_SESSION['Permission_Message'] = dgettext('users', 'An error occurred.');
} else {
$_SESSION['Permission_Message'] = dgettext('users', 'Permissions updated.');
}
PHPWS_Core::goBack();
}
}
