private function storePermissions()
{
global $objDatabase;
$status = true;
if ($this->protected) {
// set protection
if ($this->access_id || ($this->access_id = \Permission::createNewDynamicAccessId())) {
\Permission::removeAccess($this->access_id, 'dynamic');
if (count($this->access_groups)) {
\Permission::setAccess($this->access_id, 'dynamic', $this->access_groups);
}
} else {
// remove protection due that no new access-ID could have been created
$this->access_id = 0;
$status = false;
}
} elseif ($this->access_id) {
// remove protection
\Permission::removeAccess($this->access_id, 'dynamic');
$this->access_id = 0;
}
if (!$status) {
return false;
}
if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_download`\n SET\n `access_id` = " . intval($this->access_id) . "\n WHERE `id` = " . $this->id) === false) {
return false;
} else {
return true;
}
}
/**
* Validate and save settings from $_POST into the database.
*
* @global ADONewConnection
* @global array $_ARRAYLANG
*/
function _saveSettings()
{
global $objDatabase, $_ARRAYLANG;
$this->_arrSettings = $this->createSettingsArray();
for ($i = 0; $i <= 4; $i++) {
$oldMediaSetting = $this->_arrSettings['media' . $i . '_frontend_changable'];
$newMediaSetting = '';
if (isset($_POST['mediaSettings_Media' . $i . 'FrontendChangable'])) {
$newMediaSetting = $_POST['mediaSettings_Media' . $i . 'FrontendChangable'];
}
if (!is_numeric($newMediaSetting)) {
if (is_numeric($oldMediaSetting)) {
// remove AccessId
\Permission::removeAccess($oldMediaSetting, 'dynamic');
}
// save new setting
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . contrexx_addslashes($newMediaSetting) . '"
WHERE `name` = "media' . $i . '_frontend_changable"
');
} else {
$accessGroups = '';
if (isset($_POST['media' . $i . '_access_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_access_associated_groups'];
}
// get groups
\Permission::removeAccess($oldMediaSetting, 'dynamic');
if (isset($_POST['media' . $i . '_access_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_access_associated_groups'];
}
// add AccessID
$newMediaSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newMediaSetting, 'dynamic', $accessGroups);
}
$query = 'UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . intval($newMediaSetting) . '"
WHERE `name` = "media' . $i . '_frontend_changable"';
$objDatabase->Execute($query);
}
$oldManageSetting = $this->_arrSettings['media' . $i . '_frontend_managable'];
$newManageSetting = '';
if (isset($_POST['mediaSettings_Media' . $i . 'FrontendManagable'])) {
$newManageSetting = $_POST['mediaSettings_Media' . $i . 'FrontendManagable'];
}
if (!is_numeric($newManageSetting)) {
if (is_numeric($oldManageSetting)) {
// remove AccessId
\Permission::removeAccess($oldManageSetting, 'dynamic');
}
// save new setting
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . contrexx_addslashes($newManageSetting) . '"
WHERE `name` = "media' . $i . '_frontend_managable"
');
} else {
$accessGroups = '';
if (isset($_POST['media' . $i . '_manage_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_manage_associated_groups'];
}
// get groups
\Permission::removeAccess($oldManageSetting, 'dynamic');
if (isset($_POST['media' . $i . '_manage_associated_groups'])) {
$accessGroups = $_POST['media' . $i . '_manage_associated_groups'];
}
// add AccessID
$newManageSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newManageSetting, 'dynamic', $accessGroups);
}
$objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings
SET `value` = "' . intval($newManageSetting) . '"
WHERE `name` = "media' . $i . '_frontend_managable"
');
}
}
$this->_arrSettings = $this->createSettingsArray();
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_SETTINGS_SAVE_SUCCESSFULL'];
}
protected function eraseAccessId($id)
{
\Permission::removeAccess($id, 'dynamic');
}
private function saveSettings()
{
global $objDatabase;
/**
* save mailtemplates
*/
foreach ($_POST["filesharingMail"] as $lang => $inputs) {
$objMailTemplate = $objDatabase->Execute("SELECT `subject`, `content` FROM " . DBPREFIX . "module_filesharing_mail_template WHERE `lang_id` = " . intval($lang));
$content = str_replace(array('{', '}'), array('[[', ']]'), contrexx_input2db($inputs["content"]));
if ($objMailTemplate === false or $objMailTemplate->RecordCount() == 0) {
$objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing_mail_template (`subject`, `content`, `lang_id`) VALUES ('" . contrexx_input2db($inputs["subject"]) . "', '" . contrexx_raw2db($content) . "', '" . contrexx_raw2db($lang) . "')");
} else {
$objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing_mail_template SET `subject` = '" . contrexx_input2db($inputs["subject"]) . "', `content` = '" . contrexx_raw2db($content) . "' WHERE `lang_id` = '" . contrexx_raw2db($lang) . "'");
}
}
/**
* save permissions
*/
\Cx\Core\Setting\Controller\Setting::init('FileSharing', 'config');
$oldFilesharingSetting = \Cx\Core\Setting\Controller\Setting::getValue('permission', 'FileSharing');
$newFilesharingSetting = $_POST['filesharingSettingsPermission'];
if (!is_numeric($newFilesharingSetting)) {
if (is_numeric($oldFilesharingSetting)) {
// remove AccessId
\Permission::removeAccess($oldFilesharingSetting, 'dynamic');
}
} else {
$accessGroups = '';
if (isset($_POST['filesharing_access_associated_groups'])) {
$accessGroups = $_POST['filesharing_access_associated_groups'];
}
// get groups
\Permission::removeAccess($oldFilesharingSetting, 'dynamic');
if (isset($_POST['filesharing_access_associated_groups'])) {
$accessGroups = $_POST['filesharing_access_associated_groups'];
}
// add AccessID
$newFilesharingSetting = \Permission::createNewDynamicAccessId();
// save AccessID
if (count($accessGroups)) {
\Permission::setAccess($newFilesharingSetting, 'dynamic', $accessGroups);
}
}
// save new setting
\Cx\Core\Setting\Controller\Setting::set('permission', $newFilesharingSetting);
\Cx\Core\Setting\Controller\Setting::updateAll();
}
/**
* Update news
*
* @global ADONewConnection
* @global array
* @global array
* @param integer $newsid
* @return boolean result
*/
function update()
{
global $objDatabase, $_ARRAYLANG, $_CONFIG;
if (!$this->hasCategories()) {
return $this->manageCategories();
}
if (isset($_POST['newsId'])) {
$objFWUser = \FWUser::getFWUserObject();
$id = intval($_POST['newsId']);
$userId = $objFWUser->objUser->getId();
$changelog = mktime();
$date = $this->dateFromInput($_POST['newsDate']);
$redirect = !empty($_POST['newsRedirect']) && $_POST['newsTypeRadio'] == 'redirect' ? contrexx_strip_tags($_POST['newsRedirect']) : '';
$source = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsSource']));
$url1 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl1']));
$url2 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl2']));
$newsPublisherName = !empty($_POST['newsPublisherName']) ? contrexx_input2raw($_POST['newsPublisherName']) : '';
$newsAuthorName = !empty($_POST['newsAuthorName']) ? contrexx_input2raw($_POST['newsAuthorName']) : '';
$newsPublisherId = !empty($_POST['newsPublisherId']) ? contrexx_input2raw($_POST['newsPublisherId']) : '0';
$newsAuthorId = !empty($_POST['newsAuthorId']) ? contrexx_input2raw($_POST['newsAuthorId']) : '0';
$newsCategories = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array();
$typeId = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0;
$newsScheduledActive = !empty($_POST['newsScheduled']) ? intval($_POST['newsScheduled']) : 0;
$status = empty($_POST['status']) ? $status = 0 : intval($_POST['status']);
$newsTeaserOnly = isset($_POST['newsUseOnlyTeaser']) ? intval($_POST['newsUseOnlyTeaser']) : 0;
$newsTeaserShowLink = isset($_POST['newsTeaserShowLink']) ? intval($_POST['newsTeaserShowLink']) : 0;
$newsTeaserImagePath = contrexx_addslashes($_POST['newsTeaserImagePath']);
$newsTeaserImageThumbnailPath = contrexx_addslashes($_POST['newsTeaserImageThumbnailPath']);
$newsTeaserFrames = '';
$newsComments = !empty($_POST['allowComment']) ? intval($_POST['allowComment']) : 0;
if (isset($_POST['newsTeaserFramesAsso']) && count($_POST['newsTeaserFramesAsso']) > 0) {
foreach ($_POST['newsTeaserFramesAsso'] as $frameId) {
intval($frameId) > 0 ? $newsTeaserFrames .= ';' . intval($frameId) : false;
}
}
$startDate = $this->dateFromInput($_POST['startDate']);
$endDate = $this->dateFromInput($_POST['endDate']);
$newsFrontendAccess = !empty($_POST['news_read_access']);
$newsFrontendGroups = $newsFrontendAccess && isset($_POST['news_read_access_associated_groups']) && is_array($_POST['news_read_access_associated_groups']) ? array_map('intval', $_POST['news_read_access_associated_groups']) : array();
$newsBackendAccess = !empty($_POST['news_modify_access']);
$newsBackendGroups = $newsBackendAccess && isset($_POST['news_modify_access_associated_groups']) && is_array($_POST['news_modify_access_associated_groups']) ? array_map('intval', $_POST['news_modify_access_associated_groups']) : array();
$objResult = $objDatabase->SelectLimit('SELECT `frontend_access_id`, `backend_access_id`, `userid` FROM `' . DBPREFIX . 'module_news` WHERE `id` = ' . $id, 1);
if ($objResult && $objResult->RecordCount() == 1) {
$newsFrontendAccessId = $objResult->fields['frontend_access_id'];
$newsBackendAccessId = $objResult->fields['backend_access_id'];
$newsUserId = $objResult->fields['userid'];
} else {
$newsFrontendAccessId = 0;
$newsBackendAccessId = 0;
$newsUserId = 0;
}
if ($this->arrSettings['news_message_protection'] == '1') {
if ($newsBackendAccessId && !\Permission::hasAllAccess() && !\Permission::checkAccess($newsBackendAccessId, 'dynamic', true) && $newsUserId != $objFWUser->objUser->getId()) {
return false;
}
if ($newsFrontendAccess) {
if ($newsFrontendAccessId) {
$objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsFrontendAccessId));
$arrFormerFrontendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array();
$arrNewGroups = array_diff($newsFrontendGroups, $arrFormerFrontendGroupIds);
$arrRemovedGroups = array_diff($arrFormerFrontendGroupIds, $newsFrontendGroups);
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds);
foreach ($arrUnknownNewGroups as $groupId) {
if (!in_array($groupId, $arrFormerFrontendGroupIds)) {
unset($arrNewGroups[array_search($groupId, $arrNewGroups)]);
}
}
$arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds);
foreach ($arrUnknownRemovedGroups as $groupId) {
if (in_array($groupId, $arrFormerFrontendGroupIds)) {
unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]);
}
}
}
if (count($arrRemovedGroups)) {
\Permission::removeAccess($newsFrontendAccessId, 'dynamic', $arrRemovedGroups);
}
if (count($arrNewGroups)) {
\Permission::setAccess($newsFrontendAccessId, 'dynamic', $arrNewGroups);
}
} else {
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$newsFrontendGroups = array_intersect($newsFrontendGroups, $arrUserGroupIds);
}
$newsFrontendAccessId = \Permission::createNewDynamicAccessId();
if (count($newsFrontendGroups)) {
\Permission::setAccess($newsFrontendAccessId, 'dynamic', $newsFrontendGroups);
}
}
} else {
if ($newsFrontendAccessId) {
\Permission::removeAccess($newsFrontendAccessId, 'dynamic');
}
$newsFrontendAccessId = 0;
}
if ($newsBackendAccess) {
if ($newsBackendAccessId) {
$objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsBackendAccessId));
$arrFormerBackendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array();
$arrNewGroups = array_diff($newsBackendGroups, $arrFormerBackendGroupIds);
$arrRemovedGroups = array_diff($arrFormerBackendGroupIds, $newsBackendGroups);
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds);
foreach ($arrUnknownNewGroups as $groupId) {
if (!in_array($groupId, $arrFormerBackendGroupIds)) {
unset($arrNewGroups[array_search($groupId, $arrNewGroups)]);
}
}
$arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds);
foreach ($arrUnknownRemovedGroups as $groupId) {
if (in_array($groupId, $arrFormerBackendGroupIds)) {
unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]);
}
}
}
if (count($arrRemovedGroups)) {
\Permission::removeAccess($newsBackendAccessId, 'dynamic', $arrRemovedGroups);
}
if (count($arrNewGroups)) {
\Permission::setAccess($newsBackendAccessId, 'dynamic', $arrNewGroups);
}
} else {
if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) {
$arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds();
$newsBackendGroups = array_intersect($newsBackendGroups, $arrUserGroupIds);
}
$newsBackendAccessId = \Permission::createNewDynamicAccessId();
if (count($newsBackendGroups)) {
\Permission::setAccess($newsBackendAccessId, 'dynamic', $newsBackendGroups);
}
}
} else {
if ($newsBackendAccessId) {
\Permission::removeAccess($newsBackendAccessId, 'dynamic');
}
$newsBackendAccessId = 0;
}
}
$objFWUser->objUser->getDynamicPermissionIds(true);
// find out original user's id
$orig_user_sql = "\n SELECT userid\n FROM " . DBPREFIX . "module_news\n WHERE id = '{$id}'\n ";
$orig_user_rs = $objDatabase->Execute($orig_user_sql);
if ($orig_user_rs == false) {
\DBG::msg("We're in trouble! sql failure: {$orig_user_sql}");
} else {
$orig_userid = $orig_user_rs->fields['userid'];
}
$set_userid = $orig_userid ? $orig_userid : $userId;
// $finishednewstext = $newstext.'<br>'.$_ARRAYLANG['TXT_LAST_EDIT'].': '.$date;
$activeLanguages = isset($_POST['newsManagerLanguages']) ? $_POST['newsManagerLanguages'] : array();
if (count(\FWLanguage::getActiveFrontendLanguages()) == 1) {
$activeLanguages = \FWLanguage::getActiveFrontendLanguages();
}
$locales = array('active' => $activeLanguages, 'title' => $_POST['newsTitle'], 'text' => $_POST['news_text'], 'teaser_text' => isset($_POST['newsTeaserText']) ? $_POST['newsTeaserText'] : array());
if (!$this->validateNews($locales, $newsCategories)) {
return $this->edit();
}
// store locales
$localesSaving = $this->storeLocales($id, $locales);
$categoryManipulation = $this->manipulateCategories($newsCategories, $id);
$relatedNews = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array();
$enableRelatedNews = !empty($_POST['enableRelatedNews']) ? 1 : 0;
$realtedNewsManipulation = $this->manipulateRelatedNews($relatedNews, $id);
$newsTags = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array();
$enableTags = !empty($_POST['enableTags']) ? intval($_POST['enableTags']) : 0;
//Update Tags
$tagManipulation = $this->manipulateTags($newsTags, $id);
// Set start and end dates as NULL if newsScheduled checkbox is not checked
if ($newsScheduledActive == 0) {
$startDate = NULL;
$endDate = NULL;
}
$objResult = $objDatabase->Execute("UPDATE " . DBPREFIX . "module_news\n SET date='" . $date . "',\n redirect='" . $redirect . "',\n source='" . $source . "',\n url1='" . $url1 . "',\n url2='" . $url2 . "',\n publisher='" . contrexx_raw2db($newsPublisherName) . "',\n publisher_id=" . intval($newsPublisherId) . ",\n author='" . contrexx_raw2db($newsAuthorName) . "',\n author_id=" . intval($newsAuthorId) . ",\n typeid='" . $typeId . "',\n userid = '" . $set_userid . "',\n status = '" . $status . "',\n " . (isset($_POST['validate']) ? "validated='1'," : "") . "\n startdate = " . $this->dbFromDate($startDate) . ",\n enddate = " . $this->dbFromDate($endDate) . ",\n frontend_access_id = '" . $newsFrontendAccessId . "',\n backend_access_id = '" . $newsBackendAccessId . "',\n " . ($_CONFIG['newsTeasersStatus'] == '1' ? "teaser_only = '" . $newsTeaserOnly . "',\n teaser_frames = '" . $newsTeaserFrames . "'," : "") . "\n teaser_show_link = " . $newsTeaserShowLink . ",\n teaser_image_path = '" . $newsTeaserImagePath . "',\n teaser_image_thumbnail_path = '" . $newsTeaserImageThumbnailPath . "',\n changelog = '" . $changelog . "',\n allow_comments = '" . $newsComments . "',\n enable_related_news='" . $enableRelatedNews . "',\n enable_tags='" . $enableTags . "'\n WHERE id = '" . $id . "'");
if ($objResult === false || $localesSaving === false || $categoryManipulation === false || $realtedNewsManipulation === false || $tagManipulation === false) {
$this->strErrMessage = empty($this->errMsg) ? $_ARRAYLANG['TXT_DATABASE_QUERY_ERROR'] : implode('<br>', $this->errMsg);
} else {
$this->createRSS();
$this->strOkMessage = $_ARRAYLANG['TXT_DATA_RECORD_UPDATED_SUCCESSFUL'];
}
}
return $this->overview();
}
/**
* Handles request from the client
* @todo Clean up usage of $param and $_GET
* @global Array $_CORELANG Core language data
* @param Array $params Client parameters
* @return type
*/
public function set($params)
{
global $_CORELANG;
// Global access check
if (!\Permission::checkAccess(6, 'static', true) || !\Permission::checkAccess(35, 'static', true)) {
throw new \Exception($_CORELANG['TXT_CORE_CM_USAGE_DENIED']);
}
$newPage = false;
$reload = false;
$pg = \Env::get('pageguard');
$dataPost = !empty($params['post']) ? $params['post'] : array();
$pageArray = !empty($dataPost['page']) ? $dataPost['page'] : array();
// Only set in the editing mode.
$pageId = !empty($pageArray['id']) ? intval($pageArray['id']) : (!empty($dataPost['pageId']) ? intval($dataPost['pageId']) : 0);
$nodeId = !empty($pageArray['node']) ? intval($pageArray['node']) : (!empty($dataPost['nodeId']) ? intval($dataPost['nodeId']) : 0);
$lang = !empty($pageArray['lang']) ? contrexx_input2raw($pageArray['lang']) : (!empty($dataPost['lang']) ? contrexx_input2raw($dataPost['lang']) : \FWLanguage::getLanguageCodeById(\FWLanguage::getDefaultLangId()));
$action = !empty($dataPost['action']) ? contrexx_input2raw($dataPost['action']) : '';
$cacheManager = new \Cx\Core_Modules\Cache\Controller\CacheManager();
$cacheManager->deleteSingleFile($pageId);
if (!empty($pageArray)) {
if (!empty($pageArray['target']) && !empty($pageArray['target_protocol'])) {
$pageArray['target'] = $pageArray['target_protocol'] . $pageArray['target'];
} elseif (empty($pageArray['target']) && !empty($pageArray['target_protocol'])) {
$pageArray['target'] = '';
}
$validatedPageArray = $this->validatePageArray($pageArray);
}
// UPDATE
if (!empty($pageId)) {
// If we got a page id, the page already exists and can be updated.
$page = $this->pageRepo->find($pageId, 0, null, false);
$node = $page->getNode();
// TRANSLATE
} else {
if (!empty($nodeId) && !empty($lang)) {
// We are translating the page.
$node = $this->nodeRepo->find($nodeId);
$page = $node->translatePage(true, \FWLanguage::getLanguageIdByCode($lang));
$page->setNodeIdShadowed($node->getId());
$page->setEditingStatus('');
$newPage = true;
$reload = true;
// CREATE
} else {
if (empty($pageId) && !empty($lang)) {
if (!\Permission::checkAccess(5, 'static', true)) {
throw new \Exception($_CORELANG['TXT_CORE_CM_CREATION_DENIED']);
}
// Create a new node/page combination.
$node = new \Cx\Core\ContentManager\Model\Entity\Node();
// CREATE WITHIN
if (isset($dataPost['parent_node'])) {
$parentNode = $this->nodeRepo->find($dataPost['parent_node']);
if (!$parentNode) {
$parentNode = $this->nodeRepo->getRoot();
}
$node->setParent($parentNode);
$parentNode->addChildren($node);
// add parent node to ID, so the node containing the new page is opened
if (!isset($_COOKIE['jstree_open'])) {
$_COOKIE['jstree_open'] = '';
}
$openNodes = explode(',', $_COOKIE['jstree_open']);
if ($openNodes == array(0 => '')) {
$openNodes = array();
}
if (!in_array('#node_' . $parentNode->getId(), $openNodes)) {
$openNodes[] = '#node_' . $parentNode->getId();
}
setcookie('jstree_open', implode(',', $openNodes));
$this->em->persist($node);
$this->em->flush();
// CREATE
} else {
$node->setParent($this->nodeRepo->getRoot());
$this->nodeRepo->getRoot()->addChildren($node);
$this->em->persist($node);
$this->em->flush();
}
$page = new \Cx\Core\ContentManager\Model\Entity\Page();
$page->setNode($node);
$node->addPage($page);
$page->setNodeIdShadowed($node->getId());
$page->setLang(\FWLanguage::getLanguageIdByCode($lang));
$page->setUpdatedBy(\FWUser::getFWUserObject()->objUser->getUsername());
$newPage = true;
$reload = true;
} else {
throw new \Exception('Page cannot be created. There are too little information.');
}
}
}
// Page access check
if ($page->isBackendProtected() && !\Permission::checkAccess($page->getBackendAccessId(), 'dynamic', true)) {
throw new \Cx\Core\ContentManager\Model\Entity\PageException('Not allowed to read page');
}
if (!empty($pageArray)) {
$page->updateFromArray($validatedPageArray);
if ($newPage) {
// Make sure page has an ID
$this->em->persist($page);
$this->em->flush();
}
}
if (!empty($action)) {
switch ($action) {
case 'activate':
case 'publish':
$page->setActive(true);
break;
case 'deactivate':
$page->setActive(false);
break;
case 'show':
$page->setDisplay(true);
break;
case 'hide':
$page->setDisplay(false);
break;
case 'protect':
$page->setFrontendProtection(true);
break;
case 'unprotect':
$page->setFrontendProtection(false);
break;
case 'lock':
$page->setBackendProtection(true);
break;
case 'unlock':
$page->setBackendProtection(false);
break;
}
if ($action != 'publish' && !$page->isDraft()) {
$action = 'publish';
}
}
$page->setUpdatedAtToNow();
$page->validate();
// Permissions are only updated in the editing mode.
if (!empty($pageArray)) {
if ($action == 'publish') {
if (\Permission::checkAccess(36, 'static', true)) {
if ($page->isFrontendProtected()) {
// remove all
\Permission::removeAccess($page->getFrontendAccessId(), 'dynamic');
if (isset($dataPost['frontendGroups'])) {
// set new
$pg->setAssignedGroupIds($page, $dataPost['frontendGroups'], true);
}
}
if ($page->isBackendProtected()) {
// remove all
$groupIds = $pg->getAssignedGroupIds($page, false);
\Permission::removeAccess($page->getBackendAccessId(), 'dynamic');
if (isset($dataPost['backendGroups'])) {
// set new
$pg->setAssignedGroupIds($page, $dataPost['backendGroups'], false);
}
if ($page->isBackendProtected() && !\Permission::checkAccess($page->getBackendAccessId(), 'dynamic', true)) {
if (!count($groupIds)) {
$page->setBackendProtection(false);
} else {
$pg->setAssignedGroupIds($page, $groupIds, false);
}
}
}
}
}
}
// Block associations are only updated in the editing mode.
if (!empty($pageArray) && empty($dataPost['ignoreBlocks'])) {
if (!isset($dataPost['pageBlocks'])) {
$dataPost['pageBlocks'] = array();
}
$page->setRelatedBlocks($dataPost['pageBlocks']);
}
$draftUpdateLog = null;
$liveUpdateLog = null;
$updatingDraft = false;
if ($action == 'publish' && \Permission::checkAccess(78, 'static', true)) {
// User w/permission clicked save&publish. we should either publish the page or submit the draft for approval.
if ($page->getEditingStatus() == 'hasDraftWaiting') {
$reload = true;
}
if ($page->getEditingStatus() != '') {
$logEntries = $this->logRepo->getLogEntries($page, false);
$this->em->remove($logEntries[0]);
}
$page->setEditingStatus('');
$this->messages[] = $_CORELANG['TXT_CORE_SAVED'];
} else {
// User clicked save [as draft], so let's do that.
$updatingDraft = $page->getEditingStatus() != '' ? true : false;
if ($action == 'publish') {
// User w/o publish permission clicked save&publish. submit it as a draft.
$page->setEditingStatus('hasDraftWaiting');
$this->messages[] = $_CORELANG['TXT_CORE_DRAFT_SUBMITTED'];
} else {
if ($page->getEditingStatus() == 'hasDraftWaiting' && \Permission::checkAccess(78, 'static', true)) {
$reload = true;
}
$page->setEditingStatus('hasDraft');
$this->messages[] = $_CORELANG['TXT_CORE_SAVED_AS_DRAFT'];
}
// Gedmo-loggable generates a LogEntry (i.e. revision) on persist, so we'll have to
// store the draft first, then revert the current version to what it previously was.
// In the end, we'll have the current [published] version properly stored as a page
// and the draft version stored as a gedmo LogEntry.
$this->em->persist($page);
// Gedmo hooks in on persist/flush, so we unfortunately need to flush our em in
// order to get a clean set of logEntries.
$this->em->flush();
$logEntries = $this->logRepo->getLogEntries($page, false);
// Revert to the published version.
$cachedEditingStatus = $page->getEditingStatus();
$this->logRepo->revert($page, $logEntries[1]->getVersion());
$page->setEditingStatus($cachedEditingStatus);
switch ($action) {
case 'activate':
case 'publish':
$page->setActive(true);
break;
case 'deactivate':
$page->setActive(false);
break;
case 'show':
$page->setDisplay(true);
break;
case 'hide':
$page->setDisplay(false);
break;
case 'protect':
$page->setFrontendProtection(true);
break;
case 'unprotect':
$page->setFrontendProtection(false);
break;
case 'lock':
$page->setBackendProtection(true);
break;
case 'unlock':
$page->setBackendProtection(false);
break;
}
$this->em->persist($page);
// Gedmo auto-logs slightly too much data. clean up unnecessary revisions:
if ($updatingDraft) {
$this->em->flush();
$logEntries = $this->logRepo->getLogEntries($page);
$currentLog = $logEntries[1];
$currentLogData = $currentLog->getData();
$currentLogData['editingStatus'] = $page->getEditingStatus();
$currentLog->setData($currentLogData);
$this->em->persist($currentLog);
$liveUpdateLog = $logEntries[2];
$this->em->remove($logEntries[2]);
}
}
$this->em->persist($page);
if (isset($dataPost['inheritFrontendAccess']) && $dataPost['inheritFrontendAccess'] == 'on' || isset($dataPost['inheritBackendAccess']) && $dataPost['inheritBackendAccess'] == 'on' || isset($dataPost['inheritSkin']) && $dataPost['inheritSkin'] == 'on' || isset($dataPost['inheritCustomContent']) && $dataPost['inheritCustomContent'] == 'on' || isset($dataPost['inheritCssName']) && $dataPost['inheritCssName'] == 'on' || isset($dataPost['inheritCssNavName']) && $dataPost['inheritCssNavName'] == 'on' || isset($dataPost['inheritCaching']) && $dataPost['inheritCaching'] == 'on') {
$pageStack = $page->getChildren();
while (count($pageStack)) {
$currentPage = array_pop($pageStack);
foreach ($currentPage->getChildren() as $child) {
array_push($pageStack, $child);
}
if (isset($dataPost['inheritFrontendAccess']) && $dataPost['inheritFrontendAccess'] == 'on') {
$reload = true;
$page->copyProtection($currentPage, true);
}
if (isset($dataPost['inheritBackendAccess']) && $dataPost['inheritBackendAccess'] == 'on') {
$reload = true;
$page->copyProtection($currentPage, false);
}
if (isset($dataPost['inheritSkin']) && $dataPost['inheritSkin'] == 'on') {
$currentPage->setSkin($page->getSkin());
}
if (isset($dataPost['inheritCustomContent']) && $dataPost['inheritCustomContent'] == 'on') {
$currentPage->setCustomContent($page->getCustomContent());
}
if (isset($dataPost['inheritCssName']) && $dataPost['inheritCssName'] == 'on') {
$currentPage->setCssName($page->getCssName());
}
if (isset($dataPost['inheritCssNavName']) && $dataPost['inheritCssNavName'] == 'on') {
$currentPage->setCssNavName($page->getCssNavName());
}
if (isset($dataPost['inheritCaching']) && $dataPost['inheritCaching'] == 'on') {
$currentPage->setCaching($page->getCaching());
}
$this->em->persist($currentPage);
}
}
$this->em->flush();
// bug fix #2279
// could not save alias after running $this->em->clear()
// Aliases are only updated in the editing mode.
if (!empty($pageArray)) {
// Only users with publish rights can create aliases.
if (\Permission::checkAccess(115, 'static', true) && \Permission::checkAccess(78, 'static', true)) {
// Aliases are updated after persist.
$data = array();
$data['alias'] = $pageArray['alias'];
$aliases = $page->getAliases();
$page->updateFromArray($data);
if ($aliases != $page->getAliases()) {
$reload = true;
}
} else {
// Users without permission shouldn't see the aliasses anyway
//$this->messages[] = $_CORELANG['TXT_CORE_ALIAS_CREATION_DENIED'];
}
}
// this fixes log version number skipping
$this->em->clear();
$logs = $this->logRepo->getLogEntries($page);
$this->em->persist($logs[0]);
if ($updatingDraft) {
$data = $logs[1]->getData();
if (!empty($action) && $draftUpdateLog) {
$data = $draftUpdateLog->getData();
}
$data['editingStatus'] = 'hasDraft';
if ($action == 'publish' && !\Permission::checkAccess(78, 'static', true)) {
$data['editingStatus'] = 'hasDraftWaiting';
}
switch ($action) {
case 'activate':
$data['active'] = true;
break;
case 'deactivate':
$data['active'] = false;
break;
case 'show':
$data['display'] = true;
break;
case 'hide':
$data['display'] = false;
break;
case 'protect':
$data['protection'] = $data['protection'] | FRONTEND_PROTECTION;
break;
case 'unprotect':
$data['protection'] = $data['protection'] & ~FRONTEND_PROTECTION;
break;
case 'lock':
$data['protection'] = $data['protection'] | BACKEND_PROTECTION;
break;
case 'unlock':
$data['protection'] = $data['protection'] & ~BACKEND_PROTECTION;
break;
}
$logs[1]->setData($data);
if (!empty($action) && $action != 'publish') {
$data = $logs[0]->getData();
if ($liveUpdateLog) {
$data = $liveUpdateLog->getData();
}
switch ($action) {
case 'activate':
$data['active'] = true;
break;
case 'deactivate':
$data['active'] = false;
break;
case 'show':
$data['display'] = true;
break;
case 'hide':
$data['display'] = false;
break;
case 'protect':
$data['protection'] = $data['protection'] | FRONTEND_PROTECTION;
break;
case 'unprotect':
$data['protection'] = $data['protection'] & ~FRONTEND_PROTECTION;
break;
case 'lock':
$data['protection'] = $data['protection'] | BACKEND_PROTECTION;
break;
case 'unlock':
$data['protection'] = $data['protection'] & ~BACKEND_PROTECTION;
break;
}
$logs[0]->setData($data);
}
$this->em->persist($logs[0]);
$this->em->persist($logs[1]);
$this->em->flush();
}
// get version
// if it is a draft, don't take the last one
$version = $page->getVersion()->getVersion();
if ($page->isDraft()) {
$version--;
}
return array('reload' => $reload, 'id' => $page->getId(), 'version' => $version, 'node' => $page->getNode()->getId(), 'lang' => \FWLanguage::getLanguageCodeById($page->getLang()));
}
private function storePermissions()
{
global $objDatabase;
if (!$this->permission_set) {
return true;
}
$status = true;
foreach ($this->arrPermissionTypes as $type) {
if ($this->{$type . '_protected'}) {
// set protection
if ($this->{$type . '_access_id'} || ($this->{$type . '_access_id'} = \Permission::createNewDynamicAccessId())) {
\Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic');
if (count($this->{$type . '_groups'})) {
\Permission::setAccess($this->{$type . '_access_id'}, 'dynamic', $this->{$type . '_groups'});
}
} else {
// remove protection due that no new access-ID could have been created
$this->{$type . '_access_id'} = 0;
$status = false;
}
} elseif ($this->{$type . '_access_id'}) {
// remove protection
\Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic');
$this->{$type . '_access_id'} = 0;
}
}
if (!$status) {
return false;
}
if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_category`\n SET\n `read_access_id` = " . intval($this->read_access_id) . ",\n `add_subcategories_access_id` = " . intval($this->add_subcategories_access_id) . ",\n `manage_subcategories_access_id` = " . intval($this->manage_subcategories_access_id) . ",\n `add_files_access_id` = " . intval($this->add_files_access_id) . ",\n `manage_files_access_id` = " . intval($this->manage_files_access_id) . "\n WHERE `id` = " . $this->id) === false) {
return false;
} else {
if ($this->set_permissions_recursive) {
foreach ($this->arrPermissionTypes as $type) {
$arrPermissions[$type] = array('protected' => $this->{$type . '_protected'}, 'groups' => $this->{$type . '_groups'});
}
$objSubcategory = Category::getCategories(array('parent_id' => $this->getId()));
while (!$objSubcategory->EOF) {
$objSubcategory->setPermissionsRecursive(true);
$objSubcategory->setPermissions($arrPermissions);
$objSubcategory->setVisibility($this->visibility);
$objSubcategory->store();
$objSubcategory->next();
}
}
return true;
}
}
