public function addMemberDetailsToPageParams(array $context = null)
{
if (!$this->isLoggedIn()) {
return;
}
$this->initialiseMemberObject();
$context['params']['member-id'] = $this->getMemberID();
if (!is_null(extension_Members::getFieldHandle('role'))) {
$role_data = $this->getMember()->getData(extension_Members::getField('role')->get('id'));
$role = RoleManager::fetch($role_data['role_id']);
if ($role instanceof Role) {
$context['params']['member-role'] = $role->get('name');
}
}
if (!is_null(extension_Members::getFieldHandle('activation'))) {
if ($this->getMember()->getData(extension_Members::getField('activation')->get('id'), true)->activated != "yes") {
$context['params']['member-activated'] = 'no';
}
}
}
/**
* This function will find a Role by it's handle. Should `$asObject` be
* passed as true, this function will return a Role object, otherwise just
* the `$role_id`.
*
* @param string $handle
* @param boolean $asObject
* @return integer|Role|null
*/
public static function fetchRoleIDByHandle($handle, $asObject = false)
{
$role_id = Symphony::Database()->fetchVar('id', 0, sprintf("\n\t\t\t\tSELECT `id` FROM `tbl_members_roles` WHERE `handle` = '%s' LIMIT 1", Symphony::Database()->cleanValue($handle)));
if (!$role_id) {
return null;
}
if (!$asObject) {
return $role_id;
}
return RoleManager::fetch($role_id);
}
/**
* This function will ensure that the user who has submitted the form (and
* hence is requesting that an event be triggered) is actually allowed to
* do this request.
* There are 2 action types, creation and editing. Creation is a simple yes/no
* affair, whereas editing has three levels of permission, None, Own Entries
* or All Entries:
* - None: This user can't do process this event
* - Own Entries: If the entry the user is trying to update is their own
* determined by if the `entry_id` or, in the case of a SBL or
* similar field, the `entry_id` of the linked entry matches the logged in
* user's id, process the event.
* - All Entries: The user can update any entry in Symphony.
* If there are no Roles in this system, or the event is set to ignore permissions
* (by including a function, `ignoreRolePermissions` that returns `true`, it will
* immediately proceed to processing any of the Filters attached to the event
* before returning.
*
* @uses EventPreSaveFilter
*
* @param array $context
* @return null
*/
public function checkEventPermissions(array &$context)
{
// If this system has no Roles, or the event is set to ignore role permissions
// continue straight to processing the Filters
if (!FieldManager::isFieldUsed(extension_Members::getFieldType('role')) || method_exists($context['event'], 'ignoreRolePermissions') && $context['event']->ignoreRolePermissions() == true) {
$this->__processEventFilters($context);
return null;
}
// Prior to Symphony 2.2.2, the EventPreSaveFilter delegate doesn't
// pass the `$entry_id`. This can cause an issue when an Event has the
// `allow_multiple` filter set as we can't determine the correct `$entry_id`
// This will check to see if the `$entry_id` is set, otherwise fallback
// to the previous logic. This will mean that using `allow_multiple` will
// not be compatible without Symphony 2.2.2 and Members 1.1
// @see https://github.com/symphonycms/members/issues/167
if (isset($context['entry_id']) && is_numeric($context['entry_id'])) {
$entry_id = (int) $context['entry_id'];
$action = 'edit';
} else {
if (isset($_POST['id']) && !empty($_POST['id'])) {
$entry_id = (int) $_POST['id'];
$action = 'edit';
} else {
$action = 'create';
$entry_id = 0;
}
}
$required_level = $action == 'create' ? EventPermissions::CREATE : EventPermissions::ALL_ENTRIES;
$role_id = Role::PUBLIC_ROLE;
$isLoggedIn = $this->getMemberDriver()->isLoggedIn();
if ($isLoggedIn && $this->getMemberDriver()->initialiseMemberObject()) {
if ($this->getMemberDriver()->getMember() instanceof Entry) {
$required_level = EventPermissions::OWN_ENTRIES;
$role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id'));
$role_id = $role_data['role_id'];
if ($action == 'edit' && method_exists($context['event'], 'getSource')) {
$section_id = $context['event']->getSource();
$isOwner = false;
// If the event is the same section as the Members section, then for `$isOwner`
// to be true, the `$entry_id` must match the currently logged in user.
if ($section_id == $this->getMemberDriver()->getMember()->get('section_id')) {
// Check the logged in member is the same as the `entry_id` that is about to
// be updated. If so the user is the Owner and can modify EventPermissions::OWN_ENTRIES
$isOwner = $this->getMemberDriver()->getMemberID() == $entry_id;
} else {
$field_ids = array();
// Get the ID's of the fields that may be used for Linking (Username/Email)
if (!is_null(extension_Members::getFieldHandle('identity'))) {
$field_ids[] = extension_Members::getField('identity')->get('id');
}
if (!is_null(extension_Members::getFieldHandle('email'))) {
$field_ids[] = extension_Members::getField('email')->get('id');
}
// Query for the `field_id` of any linking fields that link to the members
// section AND to one of the linking fields (Username/Email)
$fields = Symphony::Database()->fetchCol('child_section_field_id', sprintf("\n\t\t\t\t\t\t\t\t\tSELECT `child_section_field_id`\n\t\t\t\t\t\t\t\t\tFROM `tbl_sections_association`\n\t\t\t\t\t\t\t\t\tWHERE `parent_section_id` = %d\n\t\t\t\t\t\t\t\t\tAND `child_section_id` = %d\n\t\t\t\t\t\t\t\t\tAND `parent_section_field_id` IN ('%s')\n\t\t\t\t\t\t\t\t", $this->getMemberDriver()->getMember()->get('section_id'), $section_id, implode("','", $field_ids)));
// If there was a link found, get the `relation_id`, which is the `member_id` of
// an entry in the active Members section.
if (!empty($fields)) {
foreach ($fields as $field_id) {
if ($isOwner === true) {
break;
}
$field = FieldManager::fetch($field_id);
if ($field instanceof Field) {
// So we are trying to find all entries that have selected the Member entry
// to determine ownership. This check will use the `fetchAssociatedEntryIDs`
// function, which typically works backwards, by accepting the `entry_id` (in
// this case, our logged in Member ID). This will return an array of all the
// linked entries, so we then just check that the current entry that is going to
// be updated is in that array
$member_id = $field->fetchAssociatedEntryIDs($this->getMemberDriver()->getMemberID());
$isOwner = in_array($entry_id, $member_id);
}
}
}
}
// User is not the owner, so they can edit EventPermissions::ALL_ENTRIES
if ($isOwner === false) {
$required_level = EventPermissions::ALL_ENTRIES;
}
}
}
}
$role = RoleManager::fetch($role_id);
$event_handle = strtolower(preg_replace('/^event/i', NULL, get_class($context['event'])));
$success = false;
if ($role) {
$success = $role->canProcessEvent($event_handle, $action, $required_level) ? true : false;
}
$context['messages'][] = array('permission', $success, $success === false ? __('You are not authorised to perform this action.') : null);
// Process the Filters for this event.
$this->__processEventFilters($context);
}
private function sanitizeFields(&$fields)
{
if (!is_array($fields)) {
return;
}
$actions = SE_PerMan::getControl('field')->getAllowedActions();
$levels = array(SE_Permissions::LEVEL_NONE, SE_Permissions::LEVEL_ALL);
foreach ($fields as $fid => $data) {
try {
if (count($data) != 4) {
throw new Exception('', 115);
}
if (!RoleManager::fetch($data['role_id']) instanceof Role) {
throw new Exception('', 115);
}
foreach ($actions as $action) {
if (!in_array($data[$action], $levels)) {
throw new Exception('', 115);
}
}
} catch (Exception $e) {
if ($e->getCode() == 115) {
unset($fields[$fid]);
}
}
}
}
public function groupRecords($records)
{
if (!is_array($records) || empty($records)) {
return;
}
$groups = array($this->get('element_name') => array());
foreach ($records as $r) {
$data = $r->getData($this->get('id'));
$role_id = $this->getActivationRole($entry_id, $data['role_id']);
if (!($role = RoleManager::fetch($role_id))) {
continue;
}
if (!isset($groups[$this->get('element_name')][$role_id])) {
$groups[$this->get('element_name')][$role_id] = array('attr' => array('id' => $role_id, 'handle' => $role->get('handle'), 'name' => General::sanitize($role->get('name'))), 'records' => array(), 'groups' => array());
}
$groups[$this->get('element_name')][$role_id]['records'][] = $r;
}
return $groups;
}
public function __actionDelete($role_id = null, $redirect = null, $purge_members = false)
{
if (array_key_exists('delete', $_POST['action'])) {
if (!$role_id) {
redirect(extension_Members::baseURL() . 'roles/');
}
if ($role_id == Role::PUBLIC_ROLE) {
return $this->pageAlert(__('The Public role cannot be removed'), Alert::ERROR);
}
if (!($existing = RoleManager::fetch($role_id))) {
throw new SymphonyErrorPage(__('The role you requested to delete does not exist.'), __('Role not found'));
}
// @todo What should happen to any Members that had this Role?
RoleManager::delete($role_id, $purge_members);
if (!is_null($redirect)) {
redirect($redirect);
}
}
}
public function displaySettingsPanel(XMLElement &$wrapper, $errors = NULL)
{
Field::displaySettingsPanel($wrapper, $errors);
$group = new XMLElement('div');
$group->setAttribute('class', 'two columns');
// Add Activiation Code Expiry
$div = new XMLElement('div');
$div->setAttribute('class', 'column');
$label = Widget::Label(__('Activation Code Expiry'));
$label->appendChild(new XMLElement('i', __('How long a member\'s activation code will be valid for before it expires')));
$label->appendChild(Widget::Input("fields[{$this->get('sortorder')}][code_expiry]", $this->get('code_expiry')));
$ul = new XMLElement('ul', NULL, array('class' => 'tags singular'));
$tags = fieldMemberActivation::findCodeExpiry();
foreach ($tags as $name => $time) {
$ul->appendChild(new XMLElement('li', $name, array('class' => $time)));
}
$div->appendChild($label);
$div->appendChild($ul);
if (isset($errors['code_expiry'])) {
$div = Widget::Error($div, $errors['code_expiry']);
}
// Get Roles in system
$roles = RoleManager::fetch();
$options = array();
if (is_array($roles) && !empty($roles)) {
foreach ($roles as $role) {
$options[] = array($role->get('id'), $this->get('activation_role_id') == $role->get('id'), $role->get('name'));
}
}
$label = new XMlElement('label', __('Role for Members who are awaiting activation'));
$label->setAttribute('class', 'column');
$label->appendChild(Widget::Select("fields[{$this->get('sortorder')}][activation_role_id]", $options));
$group->appendChild($label);
// Add Group
$group->appendChild($div);
$wrapper->appendChild($group);
$div = new XMLElement('div', null, array('class' => 'two columns'));
// Add Deny Login
$div->appendChild(Widget::Input("fields[{$this->get('sortorder')}][deny_login]", 'no', 'hidden'));
$label = Widget::Label();
$label->setAttribute('class', 'column');
$input = Widget::Input("fields[{$this->get('sortorder')}][deny_login]", 'yes', 'checkbox');
if ($this->get('deny_login') == 'yes') {
$input->setAttribute('checked', 'checked');
}
$label->setValue(__('%s Prevent unactivated members from logging in', array($input->generate())));
$div->appendChild($label);
// Add Show Column
$this->appendShowColumnCheckbox($div);
$wrapper->appendChild($div);
}
/**
* Determine current member role ID.
*
* @return int
*/
private final function memberDetermineRoleId()
{
$driver = $this->memberGetDriver();
// not logged in?
if (!$driver->isLoggedIn()) {
return $this->memberGetDefaultRoleId();
}
/** @var $member Entry */
$member = $driver->getMember();
$role_data = $member->getData(extension_Members::getField('role')->get('id'));
$role = RoleManager::fetch($role_data['role_id']);
// role doesn't exist?
if (!$role instanceof Role) {
return $this->memberGetDefaultRoleId();
}
return (int) $role_data['role_id'];
}
