/** * Returns the group ids with access to front- or backend of a page * @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to get the group ids of * @param boolean $frontend True for frontend access groups, false for backend * @return mixed Array of group ids or false on error * @throws PageGuardException */ public function getAssignedGroupIds($page, $frontend) { if ($frontend && !$page->isFrontendProtected()) { return array(); } if (!$frontend && !$page->isBackendProtected()) { return array(); } try { $accessId = $this->getAccessId($page, $frontend); } catch (PageGuardException $e) { // the selected page is listed as protected but does not have an access id. // this is probably due to a db inconsistency, which we should be able to handle gracefully: $accessId = \Permission::createNewDynamicAccessId(); if ($frontend && $accessId) { $page->setFrontendAccessId($accessId); } elseif (!$frontend && $accessId) { $page->setBackendAccessId($accessId); } else { // cannot create a new dynamic access id. throw new PageGuardException('This protected page doesn\'t have an access id associated with it. Contrexx encountered an error while generating a new access id.'); } Env::get('em')->persist($page); Env::get('em')->flush(); } return \Permission::getGroupIdsForAccessId($accessId); }
/** * Validate and save settings from $_POST into the database. * * @global ADONewConnection * @global array $_ARRAYLANG */ function _saveSettings() { global $objDatabase, $_ARRAYLANG; $this->_arrSettings = $this->createSettingsArray(); for ($i = 0; $i <= 4; $i++) { $oldMediaSetting = $this->_arrSettings['media' . $i . '_frontend_changable']; $newMediaSetting = ''; if (isset($_POST['mediaSettings_Media' . $i . 'FrontendChangable'])) { $newMediaSetting = $_POST['mediaSettings_Media' . $i . 'FrontendChangable']; } if (!is_numeric($newMediaSetting)) { if (is_numeric($oldMediaSetting)) { // remove AccessId \Permission::removeAccess($oldMediaSetting, 'dynamic'); } // save new setting $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . contrexx_addslashes($newMediaSetting) . '" WHERE `name` = "media' . $i . '_frontend_changable" '); } else { $accessGroups = ''; if (isset($_POST['media' . $i . '_access_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_access_associated_groups']; } // get groups \Permission::removeAccess($oldMediaSetting, 'dynamic'); if (isset($_POST['media' . $i . '_access_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_access_associated_groups']; } // add AccessID $newMediaSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newMediaSetting, 'dynamic', $accessGroups); } $query = 'UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . intval($newMediaSetting) . '" WHERE `name` = "media' . $i . '_frontend_changable"'; $objDatabase->Execute($query); } $oldManageSetting = $this->_arrSettings['media' . $i . '_frontend_managable']; $newManageSetting = ''; if (isset($_POST['mediaSettings_Media' . $i . 'FrontendManagable'])) { $newManageSetting = $_POST['mediaSettings_Media' . $i . 'FrontendManagable']; } if (!is_numeric($newManageSetting)) { if (is_numeric($oldManageSetting)) { // remove AccessId \Permission::removeAccess($oldManageSetting, 'dynamic'); } // save new setting $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . contrexx_addslashes($newManageSetting) . '" WHERE `name` = "media' . $i . '_frontend_managable" '); } else { $accessGroups = ''; if (isset($_POST['media' . $i . '_manage_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_manage_associated_groups']; } // get groups \Permission::removeAccess($oldManageSetting, 'dynamic'); if (isset($_POST['media' . $i . '_manage_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_manage_associated_groups']; } // add AccessID $newManageSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newManageSetting, 'dynamic', $accessGroups); } $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . intval($newManageSetting) . '" WHERE `name` = "media' . $i . '_frontend_managable" '); } } $this->_arrSettings = $this->createSettingsArray(); $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_SETTINGS_SAVE_SUCCESSFULL']; }
private function storePermissions() { global $objDatabase; $status = true; if ($this->protected) { // set protection if ($this->access_id || ($this->access_id = \Permission::createNewDynamicAccessId())) { \Permission::removeAccess($this->access_id, 'dynamic'); if (count($this->access_groups)) { \Permission::setAccess($this->access_id, 'dynamic', $this->access_groups); } } else { // remove protection due that no new access-ID could have been created $this->access_id = 0; $status = false; } } elseif ($this->access_id) { // remove protection \Permission::removeAccess($this->access_id, 'dynamic'); $this->access_id = 0; } if (!$status) { return false; } if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_download`\n SET\n `access_id` = " . intval($this->access_id) . "\n WHERE `id` = " . $this->id) === false) { return false; } else { return true; } }
protected function createAccessId() { $accessId = \Permission::createNewDynamicAccessId(); if ($accessId === false) { throw new PageException('protecting Page failed: Permission system could not create a new dynamic access id'); } return $accessId; }
private function saveSettings() { global $objDatabase; /** * save mailtemplates */ foreach ($_POST["filesharingMail"] as $lang => $inputs) { $objMailTemplate = $objDatabase->Execute("SELECT `subject`, `content` FROM " . DBPREFIX . "module_filesharing_mail_template WHERE `lang_id` = " . intval($lang)); $content = str_replace(array('{', '}'), array('[[', ']]'), contrexx_input2db($inputs["content"])); if ($objMailTemplate === false or $objMailTemplate->RecordCount() == 0) { $objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing_mail_template (`subject`, `content`, `lang_id`) VALUES ('" . contrexx_input2db($inputs["subject"]) . "', '" . contrexx_raw2db($content) . "', '" . contrexx_raw2db($lang) . "')"); } else { $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing_mail_template SET `subject` = '" . contrexx_input2db($inputs["subject"]) . "', `content` = '" . contrexx_raw2db($content) . "' WHERE `lang_id` = '" . contrexx_raw2db($lang) . "'"); } } /** * save permissions */ \Cx\Core\Setting\Controller\Setting::init('FileSharing', 'config'); $oldFilesharingSetting = \Cx\Core\Setting\Controller\Setting::getValue('permission', 'FileSharing'); $newFilesharingSetting = $_POST['filesharingSettingsPermission']; if (!is_numeric($newFilesharingSetting)) { if (is_numeric($oldFilesharingSetting)) { // remove AccessId \Permission::removeAccess($oldFilesharingSetting, 'dynamic'); } } else { $accessGroups = ''; if (isset($_POST['filesharing_access_associated_groups'])) { $accessGroups = $_POST['filesharing_access_associated_groups']; } // get groups \Permission::removeAccess($oldFilesharingSetting, 'dynamic'); if (isset($_POST['filesharing_access_associated_groups'])) { $accessGroups = $_POST['filesharing_access_associated_groups']; } // add AccessID $newFilesharingSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newFilesharingSetting, 'dynamic', $accessGroups); } } // save new setting \Cx\Core\Setting\Controller\Setting::set('permission', $newFilesharingSetting); \Cx\Core\Setting\Controller\Setting::updateAll(); }
/** * Store modification protection * * Create a new access ID if none is set and associates it with the groups * defined in $this->access_group_ids * @global ADONewConnection * @global array * @return boolean True on success, false otherwise */ function storeProtection() { global $objDatabase, $_CONFIG; if ($this->protected) { $arrOldGroups = array(); $status = true; if ($this->access_id) { $objResult = $objDatabase->Execute('SELECT `group_id` FROM `' . DBPREFIX . 'access_group_dynamic_ids` WHERE `access_id` = ' . $this->access_id); if ($objResult) { while (!$objResult->EOF) { $arrOldGroups[] = $objResult->fields['group_id']; $objResult->MoveNext(); } } } else { $accessId = \Permission::createNewDynamicAccessId(); if ($accessId && $objDatabase->Execute("UPDATE `" . DBPREFIX . "access_user_" . ($this->isCoreAttribute($this->id) ? 'core_' : '') . "attribute` SET `access_id` = " . $accessId . " WHERE `id` = '" . $this->id . "'") !== false) { $this->arrAttributes[$this->id]['access_id'] = $this->access_id = $accessId; } else { return false; } } if ($objDatabase->Execute("UPDATE `" . DBPREFIX . "access_user_" . ($this->isCoreAttribute($this->id) ? 'core_' : '') . "attribute` SET `access_special` = '" . $this->access_special . "' WHERE `id` = '" . $this->id . "'") === false) { return false; } $arrNewGroups = array_diff($this->access_group_ids, $arrOldGroups); $arrRemovedGroups = array_diff($arrOldGroups, $this->access_group_ids); foreach ($arrNewGroups as $groupId) { if ($objDatabase->Execute('INSERT INTO `' . DBPREFIX . 'access_group_dynamic_ids` (`access_id`, `group_id`) VALUES (' . $this->access_id . ', ' . $groupId . ')') === false) { $status = false; } } foreach ($arrRemovedGroups as $groupId) { if ($objDatabase->Execute('DELETE FROM `' . DBPREFIX . 'access_group_dynamic_ids` WHERE `access_id` = ' . $this->access_id . ' AND `group_id` = ' . $groupId) === false) { $status = false; } } return $status; } // remove protection if ($objDatabase->Execute("UPDATE `" . DBPREFIX . "access_user_" . ($this->isCoreAttribute($this->id) ? 'core_' : '') . "attribute` SET `access_special` = '', `access_id` = 0 WHERE `id` = '" . $this->id . "'") !== false && !isset($this->arrAttributes[$this->id]['access_id']) || $objDatabase->Execute('DELETE FROM `' . DBPREFIX . 'access_group_dynamic_ids` WHERE `access_id` = ' . $this->arrAttributes[$this->id]['access_id']) !== false) { return true; } return false; }
/** * Update news * * @global ADONewConnection * @global array * @global array * @param integer $newsid * @return boolean result */ function update() { global $objDatabase, $_ARRAYLANG, $_CONFIG; if (!$this->hasCategories()) { return $this->manageCategories(); } if (isset($_POST['newsId'])) { $objFWUser = \FWUser::getFWUserObject(); $id = intval($_POST['newsId']); $userId = $objFWUser->objUser->getId(); $changelog = mktime(); $date = $this->dateFromInput($_POST['newsDate']); $redirect = !empty($_POST['newsRedirect']) && $_POST['newsTypeRadio'] == 'redirect' ? contrexx_strip_tags($_POST['newsRedirect']) : ''; $source = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsSource'])); $url1 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl1'])); $url2 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl2'])); $newsPublisherName = !empty($_POST['newsPublisherName']) ? contrexx_input2raw($_POST['newsPublisherName']) : ''; $newsAuthorName = !empty($_POST['newsAuthorName']) ? contrexx_input2raw($_POST['newsAuthorName']) : ''; $newsPublisherId = !empty($_POST['newsPublisherId']) ? contrexx_input2raw($_POST['newsPublisherId']) : '0'; $newsAuthorId = !empty($_POST['newsAuthorId']) ? contrexx_input2raw($_POST['newsAuthorId']) : '0'; $newsCategories = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array(); $typeId = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0; $newsScheduledActive = !empty($_POST['newsScheduled']) ? intval($_POST['newsScheduled']) : 0; $status = empty($_POST['status']) ? $status = 0 : intval($_POST['status']); $newsTeaserOnly = isset($_POST['newsUseOnlyTeaser']) ? intval($_POST['newsUseOnlyTeaser']) : 0; $newsTeaserShowLink = isset($_POST['newsTeaserShowLink']) ? intval($_POST['newsTeaserShowLink']) : 0; $newsTeaserImagePath = contrexx_addslashes($_POST['newsTeaserImagePath']); $newsTeaserImageThumbnailPath = contrexx_addslashes($_POST['newsTeaserImageThumbnailPath']); $newsTeaserFrames = ''; $newsComments = !empty($_POST['allowComment']) ? intval($_POST['allowComment']) : 0; if (isset($_POST['newsTeaserFramesAsso']) && count($_POST['newsTeaserFramesAsso']) > 0) { foreach ($_POST['newsTeaserFramesAsso'] as $frameId) { intval($frameId) > 0 ? $newsTeaserFrames .= ';' . intval($frameId) : false; } } $startDate = $this->dateFromInput($_POST['startDate']); $endDate = $this->dateFromInput($_POST['endDate']); $newsFrontendAccess = !empty($_POST['news_read_access']); $newsFrontendGroups = $newsFrontendAccess && isset($_POST['news_read_access_associated_groups']) && is_array($_POST['news_read_access_associated_groups']) ? array_map('intval', $_POST['news_read_access_associated_groups']) : array(); $newsBackendAccess = !empty($_POST['news_modify_access']); $newsBackendGroups = $newsBackendAccess && isset($_POST['news_modify_access_associated_groups']) && is_array($_POST['news_modify_access_associated_groups']) ? array_map('intval', $_POST['news_modify_access_associated_groups']) : array(); $objResult = $objDatabase->SelectLimit('SELECT `frontend_access_id`, `backend_access_id`, `userid` FROM `' . DBPREFIX . 'module_news` WHERE `id` = ' . $id, 1); if ($objResult && $objResult->RecordCount() == 1) { $newsFrontendAccessId = $objResult->fields['frontend_access_id']; $newsBackendAccessId = $objResult->fields['backend_access_id']; $newsUserId = $objResult->fields['userid']; } else { $newsFrontendAccessId = 0; $newsBackendAccessId = 0; $newsUserId = 0; } if ($this->arrSettings['news_message_protection'] == '1') { if ($newsBackendAccessId && !\Permission::hasAllAccess() && !\Permission::checkAccess($newsBackendAccessId, 'dynamic', true) && $newsUserId != $objFWUser->objUser->getId()) { return false; } if ($newsFrontendAccess) { if ($newsFrontendAccessId) { $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsFrontendAccessId)); $arrFormerFrontendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array(); $arrNewGroups = array_diff($newsFrontendGroups, $arrFormerFrontendGroupIds); $arrRemovedGroups = array_diff($arrFormerFrontendGroupIds, $newsFrontendGroups); if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds); foreach ($arrUnknownNewGroups as $groupId) { if (!in_array($groupId, $arrFormerFrontendGroupIds)) { unset($arrNewGroups[array_search($groupId, $arrNewGroups)]); } } $arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds); foreach ($arrUnknownRemovedGroups as $groupId) { if (in_array($groupId, $arrFormerFrontendGroupIds)) { unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]); } } } if (count($arrRemovedGroups)) { \Permission::removeAccess($newsFrontendAccessId, 'dynamic', $arrRemovedGroups); } if (count($arrNewGroups)) { \Permission::setAccess($newsFrontendAccessId, 'dynamic', $arrNewGroups); } } else { if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $newsFrontendGroups = array_intersect($newsFrontendGroups, $arrUserGroupIds); } $newsFrontendAccessId = \Permission::createNewDynamicAccessId(); if (count($newsFrontendGroups)) { \Permission::setAccess($newsFrontendAccessId, 'dynamic', $newsFrontendGroups); } } } else { if ($newsFrontendAccessId) { \Permission::removeAccess($newsFrontendAccessId, 'dynamic'); } $newsFrontendAccessId = 0; } if ($newsBackendAccess) { if ($newsBackendAccessId) { $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsBackendAccessId)); $arrFormerBackendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array(); $arrNewGroups = array_diff($newsBackendGroups, $arrFormerBackendGroupIds); $arrRemovedGroups = array_diff($arrFormerBackendGroupIds, $newsBackendGroups); if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds); foreach ($arrUnknownNewGroups as $groupId) { if (!in_array($groupId, $arrFormerBackendGroupIds)) { unset($arrNewGroups[array_search($groupId, $arrNewGroups)]); } } $arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds); foreach ($arrUnknownRemovedGroups as $groupId) { if (in_array($groupId, $arrFormerBackendGroupIds)) { unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]); } } } if (count($arrRemovedGroups)) { \Permission::removeAccess($newsBackendAccessId, 'dynamic', $arrRemovedGroups); } if (count($arrNewGroups)) { \Permission::setAccess($newsBackendAccessId, 'dynamic', $arrNewGroups); } } else { if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $newsBackendGroups = array_intersect($newsBackendGroups, $arrUserGroupIds); } $newsBackendAccessId = \Permission::createNewDynamicAccessId(); if (count($newsBackendGroups)) { \Permission::setAccess($newsBackendAccessId, 'dynamic', $newsBackendGroups); } } } else { if ($newsBackendAccessId) { \Permission::removeAccess($newsBackendAccessId, 'dynamic'); } $newsBackendAccessId = 0; } } $objFWUser->objUser->getDynamicPermissionIds(true); // find out original user's id $orig_user_sql = "\n SELECT userid\n FROM " . DBPREFIX . "module_news\n WHERE id = '{$id}'\n "; $orig_user_rs = $objDatabase->Execute($orig_user_sql); if ($orig_user_rs == false) { \DBG::msg("We're in trouble! sql failure: {$orig_user_sql}"); } else { $orig_userid = $orig_user_rs->fields['userid']; } $set_userid = $orig_userid ? $orig_userid : $userId; // $finishednewstext = $newstext.'<br>'.$_ARRAYLANG['TXT_LAST_EDIT'].': '.$date; $activeLanguages = isset($_POST['newsManagerLanguages']) ? $_POST['newsManagerLanguages'] : array(); if (count(\FWLanguage::getActiveFrontendLanguages()) == 1) { $activeLanguages = \FWLanguage::getActiveFrontendLanguages(); } $locales = array('active' => $activeLanguages, 'title' => $_POST['newsTitle'], 'text' => $_POST['news_text'], 'teaser_text' => isset($_POST['newsTeaserText']) ? $_POST['newsTeaserText'] : array()); if (!$this->validateNews($locales, $newsCategories)) { return $this->edit(); } // store locales $localesSaving = $this->storeLocales($id, $locales); $categoryManipulation = $this->manipulateCategories($newsCategories, $id); $relatedNews = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array(); $enableRelatedNews = !empty($_POST['enableRelatedNews']) ? 1 : 0; $realtedNewsManipulation = $this->manipulateRelatedNews($relatedNews, $id); $newsTags = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array(); $enableTags = !empty($_POST['enableTags']) ? intval($_POST['enableTags']) : 0; //Update Tags $tagManipulation = $this->manipulateTags($newsTags, $id); // Set start and end dates as NULL if newsScheduled checkbox is not checked if ($newsScheduledActive == 0) { $startDate = NULL; $endDate = NULL; } $objResult = $objDatabase->Execute("UPDATE " . DBPREFIX . "module_news\n SET date='" . $date . "',\n redirect='" . $redirect . "',\n source='" . $source . "',\n url1='" . $url1 . "',\n url2='" . $url2 . "',\n publisher='" . contrexx_raw2db($newsPublisherName) . "',\n publisher_id=" . intval($newsPublisherId) . ",\n author='" . contrexx_raw2db($newsAuthorName) . "',\n author_id=" . intval($newsAuthorId) . ",\n typeid='" . $typeId . "',\n userid = '" . $set_userid . "',\n status = '" . $status . "',\n " . (isset($_POST['validate']) ? "validated='1'," : "") . "\n startdate = " . $this->dbFromDate($startDate) . ",\n enddate = " . $this->dbFromDate($endDate) . ",\n frontend_access_id = '" . $newsFrontendAccessId . "',\n backend_access_id = '" . $newsBackendAccessId . "',\n " . ($_CONFIG['newsTeasersStatus'] == '1' ? "teaser_only = '" . $newsTeaserOnly . "',\n teaser_frames = '" . $newsTeaserFrames . "'," : "") . "\n teaser_show_link = " . $newsTeaserShowLink . ",\n teaser_image_path = '" . $newsTeaserImagePath . "',\n teaser_image_thumbnail_path = '" . $newsTeaserImageThumbnailPath . "',\n changelog = '" . $changelog . "',\n allow_comments = '" . $newsComments . "',\n enable_related_news='" . $enableRelatedNews . "',\n enable_tags='" . $enableTags . "'\n WHERE id = '" . $id . "'"); if ($objResult === false || $localesSaving === false || $categoryManipulation === false || $realtedNewsManipulation === false || $tagManipulation === false) { $this->strErrMessage = empty($this->errMsg) ? $_ARRAYLANG['TXT_DATABASE_QUERY_ERROR'] : implode('<br>', $this->errMsg); } else { $this->createRSS(); $this->strOkMessage = $_ARRAYLANG['TXT_DATA_RECORD_UPDATED_SUCCESSFUL']; } } return $this->overview(); }
private function storePermissions() { global $objDatabase; if (!$this->permission_set) { return true; } $status = true; foreach ($this->arrPermissionTypes as $type) { if ($this->{$type . '_protected'}) { // set protection if ($this->{$type . '_access_id'} || ($this->{$type . '_access_id'} = \Permission::createNewDynamicAccessId())) { \Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic'); if (count($this->{$type . '_groups'})) { \Permission::setAccess($this->{$type . '_access_id'}, 'dynamic', $this->{$type . '_groups'}); } } else { // remove protection due that no new access-ID could have been created $this->{$type . '_access_id'} = 0; $status = false; } } elseif ($this->{$type . '_access_id'}) { // remove protection \Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic'); $this->{$type . '_access_id'} = 0; } } if (!$status) { return false; } if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_category`\n SET\n `read_access_id` = " . intval($this->read_access_id) . ",\n `add_subcategories_access_id` = " . intval($this->add_subcategories_access_id) . ",\n `manage_subcategories_access_id` = " . intval($this->manage_subcategories_access_id) . ",\n `add_files_access_id` = " . intval($this->add_files_access_id) . ",\n `manage_files_access_id` = " . intval($this->manage_files_access_id) . "\n WHERE `id` = " . $this->id) === false) { return false; } else { if ($this->set_permissions_recursive) { foreach ($this->arrPermissionTypes as $type) { $arrPermissions[$type] = array('protected' => $this->{$type . '_protected'}, 'groups' => $this->{$type . '_groups'}); } $objSubcategory = Category::getCategories(array('parent_id' => $this->getId())); while (!$objSubcategory->EOF) { $objSubcategory->setPermissionsRecursive(true); $objSubcategory->setPermissions($arrPermissions); $objSubcategory->setVisibility($this->visibility); $objSubcategory->store(); $objSubcategory->next(); } } return true; } }