function publications_userapi_pageintrees($args)
{
extract($args);
if (!isset($pid) || !is_numeric($pid) || !isset($tree_roots) || !is_array($tree_roots)) {
return false;
}
$xartable = xarDB::getTables();
$dbconn = xarDB::getConn();
// For the page to be somewhere in a tree, identified by the root of that tree,
// it's xar_left column must be between the xar_left and xar_right columns
// of the tree root.
$query = 'SELECT COUNT(*)' . ' FROM ' . $xartable['publications'] . ' AS testpage' . ' INNER JOIN ' . $xartable['publications'] . ' AS testtrees' . ' ON testpage.leftpage_id BETWEEN testtrees.leftpage_id AND testtrees.rightpage_id' . ' AND testtrees.id IN (?' . str_repeat(',?', count($tree_roots) - 1) . ')' . ' WHERE testpage.id = ?';
// Add the pid onto the tree roots to form the full bind variable set.
$tree_roots[] = $pid;
$result = $dbconn->execute($query, $tree_roots);
if (!$result || $result->EOF) {
return false;
}
list($count) = $result->fields;
if ($count > 0) {
return true;
} else {
return false;
}
}
/**
* get next article
* Note : the following parameters are all optional (except id and ptid)
*
* @param $args['id'] the article ID we want to have the next article of
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
* @param $args['sort'] sort order ('date','title','hits','rating',...)
* @param $args['owner'] the ID of the author
* @param $args['state'] array of requested status(es) for the publications
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @return array of article fields, or false on failure
*/
function publications_userapi_getnext($args)
{
// Get arguments from argument array
extract($args);
// Optional argument
if (empty($sort)) {
$sort = 'date';
}
if (!isset($state)) {
// frontpage or approved
$state = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED);
}
// Default fields in publications (for now)
$fields = array('id', 'title');
// Security check
if (!xarSecurityCheck('ViewPublications')) {
return;
}
// Database information
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// Create the query
$query = "SELECT {$publicationsdef['id']}, {$publicationsdef['title']}, {$publicationsdef['pubtype_id']}, {$publicationsdef['owner']}\n FROM {$publicationsdef['table']} WHERE ";
// we rely on leftjoin() to create the necessary publications clauses now
if (!empty($publicationsdef['where'])) {
$query .= " {$publicationsdef['where']} AND ";
}
// Get current article
$current = xarModAPIFunc('publications', 'user', 'get', array('id' => $id));
// Create the ORDER BY part
switch ($sort) {
case 'title':
$query .= $publicationsdef['title'] . ' > ' . $dbconn->qstr($current['title']) . ' ORDER BY ' . $publicationsdef['title'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
break;
case 'id':
$query .= $publicationsdef['id'] . ' > ' . $current['id'] . ' ORDER BY ' . $publicationsdef['id'] . ' ASC';
break;
case 'data':
default:
$query .= $publicationsdef['pubdate'] . ' > ' . $dbconn->qstr($current['pubdate']) . ' ORDER BY ' . $publicationsdef['pubdate'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
}
// Run the query - finally :-)
$result =& $dbconn->SelectLimit($query, 1, 0);
if (!$result) {
return;
}
$item = array();
list($item['id'], $item['title'], $item['pubtype_id'], $item['owner']) = $result->fields;
$result->Close();
// TODO: grab categories & check against them too
// check security - don't generate an exception here
if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
return array();
}
return $item;
}
/**
* @returns int (calendar id on success, false on failure)
*/
function calendar_adminapi_create_calendars($args)
{
extract($args);
// argument check
if (!isset($calname)) {
$msg = xarML('Calendar name not specified', 'admin', 'create', 'calendar');
throw new Exception($msg);
}
// TODO: should I move these two issets to the admin function
// admin/create_calendars.php? --amoro
if (!isset($mod_id)) {
$module = xarController::$request->getInfo();
$mod_id = xarMod::getRegID($module[0]);
}
if (!isset($role_id)) {
$role_id = xarSession::getVar('role_id');
}
// Load up database details.
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$caltable = $xartable['calendars'];
// Insert instance details.
$nextId = $dbconn->GenId($caltable);
$query = 'INSERT INTO ' . $caltable . ' (
xar_id,
xar_role_id,
xar_mod_id,
xar_name
) VALUES (?, ?, ?, ?)';
$result =& $dbconn->Execute($query, array($nextId, $role_id, $mod_id, $calname));
if (!$result) {
return;
}
// Get ID of row inserted.
$calendid = $dbconn->PO_Insert_ID($caltable, 'xar_id');
// If not database type also add file info
// Allow duplicate files here, to make it easier to delete them
// WARNING: if somebody changes this you should also change the
// delete function to avoid major dataloss!!! --amoro
if ($addtype != 'db') {
$filestable = $xartable['calfiles'];
$cal_filestable = $xartable['calendars_files'];
$nextID = $dbconn->GenId($filestable);
$query = 'INSERT INTO ' . $filestable . ' (
xar_id,
xar_path
) VALUES (?, ?)';
$result =& $dbconn->Execute($query, array($nextID, $fileuri));
// Get ID of row inserted.
$fileid = $dbconn->PO_Insert_ID($filestable, 'xar_id');
$query = 'INSERT INTO ' . $cal_filestable . ' (
xar_calendars_id,
xar_files_id
) VALUES (?, ?)';
$result =& $dbconn->Execute($query, array($calendid, $fileid));
}
return $calendid;
}
/**
* Create a new publication type
*
* @param $args['name'] name of the publication type
* @param $args['descr'] description of the publication type
* @param $args['config'] configuration of the publication type
* @return int publication type ID on success, false on failure
*/
function publications_adminapi_createpubtype($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
// Note : since we have several arguments we want to check here, we'll
// report all those that are invalid at the same time...
$invalid = array();
if (!isset($name) || !is_string($name) || empty($name)) {
$invalid[] = 'name';
}
if (!isset($config) || !is_array($config) || count($config) == 0) {
$invalid[] = 'configuration';
}
if (count($invalid) > 0) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'createpubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
if (empty($descr)) {
$descr = $name;
}
// Publication type names *must* be lower-case for now
$name = strtolower($name);
// Security check - we require ADMIN rights here
if (!xarSecurityCheck('AdminPublications')) {
return;
}
if (!xarModAPILoad('publications', 'user')) {
return;
}
// Make sure we have all the configuration fields we need
$pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
foreach ($pubfields as $field => $value) {
if (!isset($config[$field])) {
$config[$field] = '';
}
}
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$pubtypestable = $xartable['publication_types'];
// Get next ID in table
$nextId = $dbconn->GenId($pubtypestable);
// Insert the publication type
$query = "INSERT INTO {$pubtypestable} (pubtype_id, pubtypename,\n pubtypedescr, pubtypeconfig)\n VALUES (?,?,?,?)";
$bindvars = array($nextId, $name, $descr, serialize($config));
$result =& $dbconn->Execute($query, $bindvars);
if (!$result) {
return;
}
// Get ptid to return
$ptid = $dbconn->PO_Insert_ID($pubtypestable, 'pubtype_id');
// Don't call creation hooks here...
//xarModCallHooks('item', 'create', $ptid, 'ptid');
return $ptid;
}
/**
* count the number of items per month
* @param $args['cids'] not supported here (yet ?)
* @param $args['ptid'] publication type ID we're interested in
* @param $args['state'] array of requested status(es) for the publications
* @return array array(month => count), or false on failure
*/
function publications_userapi_getmonthcount($args)
{
// Get database setup
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// Bug 1590 - Create custom query supported by each database.
$dbtype = xarDB::getType();
switch ($dbtype) {
case 'mysql':
$query = "SELECT LEFT(FROM_UNIXTIME(start_date),7) AS mymonth, COUNT(*) FROM " . $publicationsdef['table'];
// echo $query;exit;
break;
case 'postgres':
$query = "SELECT TO_CHAR(ABSTIME(pubdate),'YYYY-MM') AS mymonth, COUNT(*) FROM " . $publicationsdef['table'];
break;
case 'mssql':
$query = "SELECT LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7) as mymonth, COUNT(*) FROM " . $publicationsdef['table'];
break;
// TODO: Add SQL queries for Oracle, etc.
// TODO: Add SQL queries for Oracle, etc.
default:
return;
}
if (!empty($publicationsdef['where'])) {
$query .= ' WHERE ' . $publicationsdef['where'];
}
switch ($dbtype) {
case 'mssql':
$query .= " GROUP BY LEFT(CONVERT(VARCHAR,DATEADD(ss,pubdate,'1/1/1970'),120),7)";
break;
default:
$query .= ' GROUP BY mymonth';
break;
}
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
$months = array();
while (!$result->EOF) {
list($month, $count) = $result->fields;
$months[$month] = $count;
$result->MoveNext();
}
return $months;
}
/**
* Delete a publication type
*
* @param $args['ptid'] ID of the publication type
* @return bool true on success, false on failure
*/
function publications_adminapi_deletepubtype($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Security check - we require ADMIN rights here
if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
return;
}
// Load user API to obtain item information function
if (!xarModAPILoad('publications', 'user')) {
return;
}
// Get current publication types
$pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
if (!isset($pubtypes[$ptid])) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$pubtypestable = $xartable['publication_types'];
// Delete the publication type
$query = "DELETE FROM {$pubtypestable}\n WHERE pubtype_id = ?";
$result =& $dbconn->Execute($query, array($ptid));
if (!$result) {
return;
}
$publicationstable = $xartable['publications'];
// Delete all publications for this publication type
$query = "DELETE FROM {$publicationstable}\n WHERE pubtype_id = ?";
$result =& $dbconn->Execute($query, array($ptid));
if (!$result) {
return;
}
// TODO: call some kind of itemtype delete hooks here, once we have those
//xarModCallHooks('itemtype', 'delete', $ptid,
// array('module' => 'publications',
// 'itemtype' =>'ptid'));
return true;
}
/**
* get the number of publications per publication type
* @param $args['state'] array of requested status(es) for the publications
* @return array array(id => count), or false on failure
*/
function publications_userapi_getpubcount($args)
{
if (!empty($args['state'])) {
$statestring = 'all';
} else {
if (is_array($args['state'])) {
sort($args['state']);
$statestring = join('+', $args['state']);
} else {
$statestring = $args['state'];
}
}
if (xarVarIsCached('Publications.PubCount', $statestring)) {
return xarVarGetCached('Publications.PubCount', $statestring);
}
$pubcount = array();
$dbconn = xarDB::getConn();
$tables = xarDB::getTables();
sys::import('xaraya.structures.query');
$q = new Query('SELECT', $tables['publications']);
$q->addfield('pubtype_id');
$q->addfield('COUNT(state) AS count');
$q->addgroup('pubtype_id');
if (!empty($args['state'])) {
} else {
if (is_array($args['state'])) {
$q->in('state', $args['state']);
} else {
$q->eq('state', $args['state']);
}
}
// $q->qecho();
if (!$q->run()) {
return;
}
$pubcount = array();
foreach ($q->output() as $key => $value) {
$pubcount[$value['pubtype_id']] = $value['count'];
}
xarVarSetCached('Publications.PubCount', $statestring, $pubcount);
return $pubcount;
}
function publications_treeapi_getleftright($args)
{
// Expand the arguments.
extract($args);
// Database.
$dbconn = xarDB::getConn();
if ($id != 0) {
// Insert point is a real item.
$query = 'SELECT xar_parent, xar_left, xar_right' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?';
$result = $dbconn->execute($query, array((int) $id));
if (!$result->EOF) {
list($parent, $left, $right) = $result->fields;
$return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right);
} else {
// Item not found.
// TODO: raise error.
return;
}
} else {
// Insert point is the virtual root.
// This query should return EOF when the table is empty,
// but it doesn't (on MySQL, at least - I'm sure a MAX() of
// no rows returns no rows in Oracle).
$query = 'SELECT 0, MIN(xar_left)-1 as xar_left, MAX(xar_right)+1 as xar_right' . ' FROM ' . $tablename;
$result = $dbconn->execute($query);
$parent = 0;
if (!$result->EOF) {
list($parent, $left, $right) = $result->fields;
$return = array('parent' => (int) $parent, 'left' => (int) $left, 'right' => (int) $right);
// Hack for MySQL where EOF does not work on MIN/MAX group functions.
if (!isset($left)) {
$return = array('parent' => 0, 'left' => 1, 'right' => 2);
}
} else {
$return = array('parent' => 0, 'left' => 1, 'right' => 2);
}
}
return $return;
}
/**
* return the field names and correct values for querying (or joining on)
* the publications table
* example 1 : SELECT ..., $title, $body1,...
* FROM $table
* WHERE $title LIKE 'Hello world%'
* AND $where
*
* example 2 : SELECT ..., $title, $body1,...
* FROM ...
* LEFT JOIN $table
* ON $field = <name of articleid field in your module>
* WHERE ...
* AND $title LIKE 'Hello world%'
* AND $where
*
* Note : the following arguments are all optional :
*
* @param $args['ids'] optional array of ids that we are selecting on
* @param $args['owner'] the ID of the author
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...) or array of pubtype IDs
* @param $args['state'] array of requested status(es) for the publications
* @param $args['search'] search text parameter(s)
* @param $args['searchfields'] array of fields to search in
* @param $args['searchtype'] start, end, like, eq, gt, ... (TODO)
* @param $args['pubdate'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD)
* @param $args['startdate'] publications published at startdate or later
* (unix timestamp format)
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @param $args['where'] additional where clauses (myfield gt 1234)
* @param $args['locale'] language/locale (if not using multi-sites, categories etc.)
* @return array('table' => 'nuke_publications',
* 'field' => 'nuke_publications.id',
* 'where' => 'nuke_publications.id IN (...)',
* 'title' => 'nuke_publications.title',
* ...
* 'body1' => 'nuke_publications.body1')
*/
function publications_userapi_leftjoin($args)
{
// Get arguments from argument array
extract($args);
// Optional argument
if (empty($ids) || !is_array($ids)) {
$ids = array();
}
// Note : no security checks here
// Table definition
$xartable = xarDB::getTables();
$dbconn = xarDB::getConn();
$publicationstable = $xartable['publications'];
$leftjoin = array();
// Add available columns in the publications table (for now)
$columns = array('id', 'name', 'title', 'description', 'summary', 'owner', 'pubtype_id', 'notes', 'state', 'body1', 'locale', 'create_date', 'start_date');
foreach ($columns as $column) {
$leftjoin[$column] = $publicationstable . '.' . $column;
}
// Specify LEFT JOIN ... ON ... [WHERE ...] parts
$leftjoin['table'] = $publicationstable;
$leftjoin['field'] = $leftjoin['id'];
// Specify the WHERE part
// FIXME: <mrb> someone better informed about this should replace
// the xar-varprepforstore with qstr() method where appropriate
$whereclauses = array();
if (!empty($owner) && is_numeric($owner)) {
$whereclauses[] = $leftjoin['owner'] . ' = ' . $owner;
}
if (!empty($ptid)) {
if (is_numeric($ptid)) {
$whereclauses[] = $leftjoin['pubtype_id'] . ' = ' . $ptid;
} elseif (is_array($ptid) && count($ptid) > 0) {
$seenptid = array();
foreach ($ptid as $id) {
if (empty($id) || !is_numeric($id)) {
continue;
}
$seenptid[$id] = 1;
}
if (count($seenptid) == 1) {
$ptids = array_keys($seenptid);
$whereclauses[] = $leftjoin['pubtypeid'] . ' = ' . $ptids[0];
} elseif (count($seenptid) > 1) {
$ptids = join(', ', array_keys($seenptid));
$whereclauses[] = $leftjoin['pubtypeid'] . ' IN (' . $ptids . ')';
}
}
}
if (!empty($state) && is_array($state)) {
if (count($state) == 1 && is_numeric($state[0])) {
$whereclauses[] = $leftjoin['state'] . ' = ' . $state[0];
} elseif (count($state) > 1) {
$allstate = join(', ', $state);
$whereclauses[] = $leftjoin['state'] . ' IN (' . $allstate . ')';
}
}
if (!empty($pubdate)) {
// published in a certain year
if (preg_match('/^(\\d{4})$/', $pubdate, $matches)) {
$startdate = gmmktime(0, 0, 0, 1, 1, $matches[1]);
$enddate = gmmktime(0, 0, 0, 1, 1, $matches[1] + 1);
if ($enddate > time()) {
$enddate = time();
}
// published in a certain month
} elseif (preg_match('/^(\\d{4})-(\\d+)$/', $pubdate, $matches)) {
$startdate = gmmktime(0, 0, 0, $matches[2], 1, $matches[1]);
// PHP allows month > 12 :-)
$enddate = gmmktime(0, 0, 0, $matches[2] + 1, 1, $matches[1]);
if ($enddate > time()) {
$enddate = time();
}
// published in a certain day
} elseif (preg_match('/^(\\d{4})-(\\d+)-(\\d+)$/', $pubdate, $matches)) {
$startdate = gmmktime(0, 0, 0, $matches[2], $matches[3], $matches[1]);
// PHP allows day > 3x :-)
$enddate = gmmktime(0, 0, 0, $matches[2], $matches[3] + 1, $matches[1]);
if ($enddate > time()) {
$enddate = time();
}
// published at a certain timestamp
} elseif (preg_match('/^(\\d+)$/', $pubdate, $matches)) {
if ($pubdate <= time()) {
$whereclauses[] = $leftjoin['create_date'] . ' = ' . $pubdate;
}
}
}
if (!empty($startdate) && is_numeric($startdate)) {
$whereclauses[] = $leftjoin['create_date'] . ' >= ' . $startdate;
}
/*
if (!empty($enddate) && is_numeric($enddate)) {
$whereclauses[] = $leftjoin['create_date'] . ' < ' . $enddate;
}
*/
/* Example: automatically filter by the current locale - cfr. bug 3454
if (empty($locale)) {
$locale = xarMLSGetCurrentLocale();
}
*/
if (!empty($locale) && is_string($locale)) {
$whereclauses[] = $leftjoin['locale'] . " = " . $dbconn->qstr($locale);
}
if (count($ids) > 0) {
$allids = join(', ', $ids);
$whereclauses[] = $publicationstable . '.id IN (' . $allids . ')';
}
if (!empty($where)) {
// find all single-quoted pieces of text and replace them first, to allow where clauses
// like : title eq 'this and that' and body1 eq 'here or there'
$idx = 0;
$found = array();
if (preg_match_all("/'(.*?)'/", $where, $matches)) {
foreach ($matches[1] as $match) {
$found[$idx] = $match;
$match = preg_quote($match);
$match = str_replace("#", "\\#", $match);
$where = trim(preg_replace("#'{$match}'#", "'~{$idx}~'", $where));
$idx++;
}
}
// cfr. BL compiler - adapt as needed (I don't think == and === are accepted in SQL)
$findLogic = array(' eq ', ' ne ', ' lt ', ' gt ', ' id ', ' nd ', ' le ', ' ge ');
$replaceLogic = array(' = ', ' != ', ' < ', ' > ', ' = ', ' != ', ' <= ', ' >= ');
$where = str_replace($findLogic, $replaceLogic, $where);
$parts = preg_split('/\\s+(and|or)\\s+/', $where, -1, PREG_SPLIT_DELIM_CAPTURE);
$join = '';
$mywhere = '';
foreach ($parts as $part) {
if ($part == 'and' || $part == 'or') {
$join = $part;
continue;
}
$pieces = preg_split('/\\s+/', $part);
$name = array_shift($pieces);
// sanity check on SQL
if (count($pieces) < 2) {
continue;
}
if (isset($leftjoin[$name])) {
// Note: this is a potential security hole, so don't allow end-users to
// fill in the where clause without filtering quotes etc. !
if (empty($idx)) {
$mywhere .= $join . ' ' . $leftjoin[$name] . ' ' . join(' ', $pieces) . ' ';
} else {
$mywhere .= $join . ' ' . $leftjoin[$name] . ' ';
foreach ($pieces as $piece) {
// replace the pieces again if necessary
if (preg_match("#'~(\\d+)~'#", $piece, $matches) && isset($found[$matches[1]])) {
$original = $found[$matches[1]];
$piece = preg_replace("#'~(\\d+)~'#", "'{$original}'", $piece);
}
$mywhere .= $piece . ' ';
}
}
}
}
if (!empty($mywhere)) {
$whereclauses[] = '(' . $mywhere . ')';
}
}
if (empty($searchfields)) {
$searchfields = array('title', 'description', 'summary', 'body1');
}
if (!empty($search)) {
// TODO : improve + make use of full-text indexing for recent MySQL versions ?
$normal = array();
$find = array();
// 0. Check for "'equal whole string' searchType"
if (!empty($searchtype) && $searchtype == 'equal whole string') {
$normal[] = $search;
$search = "";
$searchtype = 'eq';
}
// 0. Check for fulltext or fulltext boolean searchtypes (MySQL only)
// CHECKME: switch to other search type if $search is less than min. length ?
if (!empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
$fulltext = xarModVars::get('publications', 'fulltextsearch');
if (!empty($fulltext)) {
$fulltextfields = explode(',', $fulltext);
} else {
$fulltextfields = array();
}
$matchfields = array();
foreach ($fulltextfields as $field) {
if (empty($leftjoin[$field])) {
continue;
}
$matchfields[] = $leftjoin[$field];
}
// TODO: switch mode automatically if + - etc. are detected ?
$matchmode = '';
if ($searchtype == 'fulltext boolean') {
$matchmode = ' IN BOOLEAN MODE';
}
$find[] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ')';
// Add this to field list too when sorting by relevance in boolean mode (cfr. getall() sort)
$leftjoin['relevance'] = 'MATCH (' . join(', ', $matchfields) . ') AGAINST (' . $dbconn->qstr($search) . $matchmode . ') AS relevance';
// check if we have any other fields to search in
$morefields = array_diff($searchfields, $fulltextfields);
if (!empty($morefields)) {
// FIXME: sort order may not be by relevance if we mix fulltext with other searches
$searchfields = $morefields;
$searchtype = '';
} else {
// we're done here
$searchfields = array();
$search = '';
}
}
// 1. find quoted text
if (preg_match_all('#"(.*?)"#', $search, $matches)) {
foreach ($matches[1] as $match) {
$normal[] = $match;
$match = preg_quote($match);
$search = trim(preg_replace("#\"{$match}\"#", '', $search));
}
}
if (preg_match_all("/'(.*?)'/", $search, $matches)) {
foreach ($matches[1] as $match) {
$normal[] = $match;
$match = preg_quote($match);
$search = trim(preg_replace("#'{$match}'#", '', $search));
}
}
// 2. find mandatory +text to include
// 3. find mandatory -text to exclude
// 4. find normal text
$more = preg_split('/\\s+/', $search, -1, PREG_SPLIT_NO_EMPTY);
$normal = array_merge($normal, $more);
foreach ($normal as $text) {
// TODO: use XARADODB to escape wildcards (and use portable ones) ??
$text = str_replace('%', '\\%', $text);
$text = str_replace('_', '\\_', $text);
foreach ($searchfields as $field) {
if (empty($leftjoin[$field])) {
continue;
}
if (empty($searchtype) || $searchtype == 'like') {
$find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%');
} elseif ($searchtype == 'start') {
$find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr($text . '%');
} elseif ($searchtype == 'end') {
$find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text);
} elseif ($searchtype == 'eq') {
$find[] = $leftjoin[$field] . " = " . $dbconn->qstr($text);
} else {
// TODO: other search types ?
$find[] = $leftjoin[$field] . " LIKE " . $dbconn->qstr('%' . $text . '%');
}
}
}
$whereclauses[] = '(' . join(' OR ', $find) . ')';
}
if (count($whereclauses) > 0) {
$leftjoin['where'] = join(' AND ', $whereclauses);
} else {
$leftjoin['where'] = '';
}
return $leftjoin;
}
function publications_treeapi_insertprep($args)
{
// An insertion point (an ID in the table) is required.
// Special insertion point ID is 0, which refers to the
// virtual root of all trees. An item can not be
// inserted on the same level as the virtual root.
extract($args);
// TODO: validate params: insertpoint, offset, tablename, idname
// Default operation is 'before' - i.e. put the new item in the place
// of the insertpoint and move everything to the right one place.
if (!xarVarValidate('enum:before:after:firstchild:lastchild', $offset, true)) {
$offset = 'firstchild';
}
if (!isset($insertpoint)) {
$insertpoint = 0;
}
if (!isset($idname)) {
$idname = 'xar_id';
}
// Cannot insert on the same level as the virtual root.
if ($insertpoint == 0) {
if ($offset == 'before') {
$offset = 'firstchild';
}
if ($offset == 'after') {
$offset = 'lastchild';
}
}
$dbconn = xarDB::getConn();
$result = xarMod::apiFunc('publications', 'tree', 'getleftright', array('tablename' => $tablename, 'idname' => $idname, 'id' => $insertpoint));
if (!$result) {
return;
}
extract($result);
// Locate the new insert point.
if ($offset == 'before') {
$shift = $left;
}
if ($offset == 'after') {
$shift = $right + 1;
}
if ($offset == 'firstchild') {
$shift = $left + 1;
$parent = $insertpoint;
}
if ($offset == 'lastchild') {
$shift = $right;
$parent = $insertpoint;
}
// Create a space of two traversal points.
// The new item will not have children, so the traversal
// points will be sequential.
$query = 'UPDATE ' . $tablename . ' SET xar_left = xar_left + 2 ' . ' WHERE xar_left >= ?';
$result = $dbconn->execute($query, array($shift));
if (!$result) {
return;
}
$query = 'UPDATE ' . $tablename . ' SET xar_right = xar_right + 2 ' . ' WHERE xar_right >= ?';
$result = $dbconn->execute($query, array($shift));
if (!$result) {
return;
}
// Return the new parent/left/right values
return array('parent' => $parent, 'left' => $shift, 'right' => $shift + 1);
}
/**
* count number of items depending on additional module criteria
*
* @param $args['catid'] string of category id(s) that we're counting in, or
* @param $args['cids'] array of cids that we are counting in (OR/AND)
* @param $args['andcids'] true means AND-ing categories listed in cids
*
* @param $args['owner'] the ID of the author
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
* @param $args['state'] array of requested status(es) for the publications
* @param $args['startdate'] publications published at startdate or later
* (unix timestamp format)
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @return int number of items
*/
function publications_userapi_countitems($args)
{
// Database information
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// TODO: make sure this is SQL standard
// Start building the query
if ($dbconn->databaseType == 'sqlite') {
$query = 'SELECT COUNT(*)
FROM ( SELECT DISTINCT ' . $publicationsdef['field'] . '
FROM ' . $publicationsdef['table'];
// WATCH OUT, UNBALANCED
} else {
$query = 'SELECT COUNT(DISTINCT ' . $publicationsdef['field'] . ')';
$query .= ' FROM ' . $publicationsdef['table'];
}
if (!isset($args['cids'])) {
$args['cids'] = array();
}
if (!isset($args['andcids'])) {
$args['andcids'] = false;
}
if (count($args['cids']) > 0 || !empty($args['catid'])) {
// Load API
if (!xarModAPILoad('categories', 'user')) {
return;
}
// Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories
$args['modid'] = xarModGetIDFromName('publications');
if (isset($args['ptid']) && !isset($args['itemtype'])) {
$args['itemtype'] = $args['ptid'];
}
$categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
$query .= ' LEFT JOIN ' . $categoriesdef['table'];
$query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
$query .= $categoriesdef['more'];
$docid = 1;
}
// Create the WHERE part
$where = array();
// we rely on leftjoin() to create the necessary publications clauses now
if (!empty($publicationsdef['where'])) {
$where[] = $publicationsdef['where'];
}
if (!empty($docid)) {
// we rely on leftjoin() to create the necessary categories clauses
$where[] = $categoriesdef['where'];
}
if (count($where) > 0) {
$query .= ' WHERE ' . join(' AND ', $where);
}
// Balance parentheses
if ($dbconn->databaseType == 'sqlite') {
$query .= ')';
}
// Run the query - finally :-)
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
if ($result->EOF) {
return;
}
$num = $result->fields[0];
$result->Close();
return $num;
}
/**
* get the number of publications per publication type and category
*
* @param $args['state'] array of requested status(es) for the publications
* @param $args['ptid'] publication type ID
* @param $args['cids'] array of category IDs (OR/AND)
* @param $args['andcids'] true means AND-ing categories listed in cids
* @param $args['groupcids'] the number of categories you want items grouped by
* @param $args['reverse'] default is ptid => cid, reverse (1) is cid => ptid
* @return array array( $ptid => array( $cid => $count) ),
* or false on failure
*/
function publications_userapi_getpubcatcount($args)
{
/*
static $pubcatcount = array();
if (count($pubcatcount) > 0) {
return $pubcatcount;
}
*/
$pubcatcount = array();
// Get database setup
$dbconn = xarDB::getConn();
// Get the LEFT JOIN ... ON ... and WHERE parts from publications
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// Load API
if (!xarModAPILoad('categories', 'user')) {
return;
}
$args['modid'] = xarMod::getRegID('publications');
if (isset($args['ptid']) && !isset($args['itemtype'])) {
$args['itemtype'] = $args['ptid'];
}
// Get the LEFT JOIN ... ON ... and WHERE parts from categories
$categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
// Get count
$query = 'SELECT ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id'] . ', COUNT(*)
FROM ' . $publicationsdef['table'] . '
LEFT JOIN ' . $categoriesdef['table'] . '
ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['field'] . $categoriesdef['more'] . '
WHERE ' . $categoriesdef['where'] . ' AND ' . $publicationsdef['where'] . '
GROUP BY ' . $publicationsdef['pubtype_id'] . ', ' . $categoriesdef['category_id'];
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
if ($result->EOF) {
if (!empty($args['ptid']) && empty($args['reverse'])) {
$pubcatcount[$args['ptid']] = array();
}
return $pubcatcount;
}
while (!$result->EOF) {
// we may have 1 or more cid fields here, depending on what we're
// counting (cfr. AND in categories)
$fields = $result->fields;
$ptid = array_shift($fields);
$count = array_pop($fields);
// TODO: use multi-level array for multi-category grouping ?
$cid = join('+', $fields);
if (empty($args['reverse'])) {
$pubcatcount[$ptid][$cid] = $count;
} else {
$pubcatcount[$cid][$ptid] = $count;
}
$result->MoveNext();
}
foreach ($pubcatcount as $id1 => $val) {
$total = 0;
foreach ($val as $id2 => $count) {
$total += $count;
}
$pubcatcount[$id1]['total'] = $total;
}
return $pubcatcount;
}
/**
* count number of items depending on additional module criteria
*
* @param array group
* @return array number of items with descriptors
*/
function publications_adminapi_getstats($args)
{
extract($args);
$allowedfields = array('pubtype_id', 'state', 'owner', 'locale', 'pubdate_year', 'pubdate_month', 'pubdate_day');
if (empty($group)) {
$group = array();
}
$newfields = array();
$newgroups = array();
foreach ($group as $field) {
if (empty($field) || !in_array($field, $allowedfields)) {
continue;
}
if ($field == 'pubdate_year') {
$dbtype = xarDB::getType();
switch ($dbtype) {
case 'mysql':
$newfields[] = "LEFT(FROM_UNIXTIME(start_date),4) AS myyear";
$newgroups[] = "myyear";
break;
case 'postgres':
$newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY') AS myyear";
// CHECKME: do we need to use TO_CHAR(...) for the group field too ?
$newgroups[] = "myyear";
break;
case 'mssql':
$newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4) as myyear";
$newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),4)";
break;
// TODO: Add SQL queries for Oracle, etc.
// TODO: Add SQL queries for Oracle, etc.
default:
continue;
}
} elseif ($field == 'pubdate_month') {
$dbtype = xarDB::getType();
switch ($dbtype) {
case 'mysql':
$newfields[] = "LEFT(FROM_UNIXTIME(start_date),7) AS mymonth";
$newgroups[] = "mymonth";
break;
case 'postgres':
$newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM') AS mymonth";
// CHECKME: do we need to use TO_CHAR(...) for the group field too ?
$newgroups[] = "mymonth";
break;
case 'mssql':
$newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7) as mymonth";
$newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),7)";
break;
// TODO: Add SQL queries for Oracle, etc.
// TODO: Add SQL queries for Oracle, etc.
default:
continue;
}
} elseif ($field == 'pubdate_day') {
$dbtype = xarDB::getType();
switch ($dbtype) {
case 'mysql':
$newfields[] = "LEFT(FROM_UNIXTIME(start_date),10) AS myday";
$newgroups[] = "myday";
break;
case 'postgres':
$newfields[] = "TO_CHAR(ABSTIME(start_date),'YYYY-MM-DD') AS myday";
// CHECKME: do we need to use TO_CHAR(...) for the group field too ?
$newgroups[] = "myday";
break;
case 'mssql':
$newfields[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10) as myday";
$newgroups[] = "LEFT(CONVERT(VARCHAR,DATEADD(ss,start_date,'1/1/1970'),120),10)";
break;
// TODO: Add SQL queries for Oracle, etc.
// TODO: Add SQL queries for Oracle, etc.
default:
continue;
}
} else {
$newfields[] = $field;
$newgroups[] = $field;
}
}
if (empty($newfields) || count($newfields) < 1) {
$newfields = array('pubtype_id', 'state', 'owner');
$newgroups = array('pubtype_id', 'state', 'owner');
}
// Database information
$dbconn = xarDB::getConn();
$xartables = xarDB::getTables();
$query = 'SELECT ' . join(', ', $newfields) . ', COUNT(*)
FROM ' . $xartables['publications'] . '
GROUP BY ' . join(', ', $newgroups) . '
ORDER BY ' . join(', ', $newgroups);
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
$stats = array();
while (!$result->EOF) {
if (count($newfields) > 3) {
list($field1, $field2, $field3, $field4, $count) = $result->fields;
$stats[$field1][$field2][$field3][$field4] = $count;
} elseif (count($newfields) == 3) {
list($field1, $field2, $field3, $count) = $result->fields;
$stats[$field1][$field2][$field3] = $count;
} elseif (count($newfields) == 2) {
list($field1, $field2, $count) = $result->fields;
$stats[$field1][$field2] = $count;
} elseif (count($newfields) == 1) {
list($field1, $count) = $result->fields;
$stats[$field1] = $count;
}
$result->MoveNext();
}
$result->Close();
return $stats;
}
function publications_admin_updateconfig()
{
// Confirm authorisation code
if (!xarSecConfirmAuthKey()) {
return;
}
// Get parameters
//A lot of these probably are bools, still might there be a need to change the template to return
//'true' and 'false' to use those...
if (!xarVarFetch('settings', 'array', $settings, array(), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('usetitleforurl', 'int', $usetitleforurl, xarModVars::get('publications', 'usetitleforurl'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('defaultstate', 'isset', $defaultstate, 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('defaultsort', 'isset', $defaultsort, 'date', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('usealias', 'int', $usealias, 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('ptid', 'isset', $ptid, xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('multilanguage', 'int', $multilanguage, 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('tab', 'str:1:10', $data['tab'], 'global', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
return;
}
if ($data['tab'] == 'global') {
if (!xarVarFetch('defaultpubtype', 'isset', $defaultpubtype, 1, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('sortpubtypes', 'isset', $sortpubtypes, 'id', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('defaultlanguage', 'str:1:100', $defaultlanguage, xarModVars::get('publications', 'defaultlanguage'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('debugmode', 'checkbox', $debugmode, xarModVars::get('publications', 'debugmode'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('defaultfrontpage', 'str', $defaultfrontpage, xarModVars::get('publications', 'defaultfrontpage'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('defaultbackpage', 'str', $defaultbackpage, xarModVars::get('publications', 'defaultbackpage'), XARVAR_NOT_REQUIRED)) {
return;
}
xarModVars::set('publications', 'defaultpubtype', $defaultpubtype);
xarModVars::set('publications', 'sortpubtypes', $sortpubtypes);
xarModVars::set('publications', 'defaultlanguage', $defaultlanguage);
xarModVars::set('publications', 'debugmode', $debugmode);
xarModVars::set('publications', 'usealias', $usealias);
xarModVars::set('publications', 'usetitleforurl', $usetitleforurl);
xarModVars::set('publications', 'defaultfrontpage', $defaultfrontpage);
xarModVars::set('publications', 'defaultbackpage', $defaultbackpage);
// Allow multilanguage only if the languages property is present
sys::import('modules.dynamicdata.class.properties.registration');
$types = PropertyRegistration::Retrieve();
if (isset($types[30039])) {
xarModVars::set('publications', 'multilanguage', $multilanguage);
} else {
xarModVars::set('publications', 'multilanguage', 0);
}
// Get the special pages.
foreach (array('defaultpage', 'errorpage', 'notfoundpage', 'noprivspage') as $special_name) {
unset($special_id);
if (!xarVarFetch($special_name, 'id', $special_id, 0, XARVAR_NOT_REQUIRED)) {
return;
}
xarModVars::set('publications', $special_name, $special_id);
}
if (xarDB::getType() == 'mysql') {
if (!xarVarFetch('fulltext', 'isset', $fulltext, '', XARVAR_NOT_REQUIRED)) {
return;
}
$oldval = xarModVars::get('publications', 'fulltextsearch');
$index = 'i_' . xarDB::getPrefix() . '_publications_fulltext';
if (empty($fulltext) && !empty($oldval)) {
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$publicationstable = $xartable['publications'];
// Drop fulltext index on publications table
$query = "ALTER TABLE {$publicationstable} DROP INDEX {$index}";
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
xarModVars::set('publications', 'fulltextsearch', '');
} elseif (!empty($fulltext) && empty($oldval)) {
$searchfields = array('title', 'description', 'summary', 'body1', 'notes');
// $searchfields = explode(',',$fulltext);
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$publicationstable = $xartable['publications'];
// Add fulltext index on publications table
$query = "ALTER TABLE {$publicationstable} ADD FULLTEXT {$index} (" . join(', ', $searchfields) . ")";
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
xarModVars::set('publications', 'fulltextsearch', join(',', $searchfields));
}
}
// Module settings
$data['module_settings'] = xarMod::apiFunc('base', 'admin', 'getmodulesettings', array('module' => 'publications'));
$data['module_settings']->setFieldList('items_per_page, use_module_alias, module_alias_name, enable_short_urls, user_menu_link', 'use_module_icons');
$isvalid = $data['module_settings']->checkInput();
if (!$isvalid) {
return xarTplModule('base', 'admin', 'modifyconfig', $data);
} else {
$itemid = $data['module_settings']->updateItem();
}
// Pull the base category ids from the template and save them
$picker = DataPropertyMaster::getProperty(array('name' => 'categorypicker'));
$picker->checkInput('basecid');
} elseif ($data['tab'] == 'pubtypes') {
// Get the publication type for this display and save the settings to it
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $ptid));
$configsettings = $pubtypeobject->properties['configuration']->getValue();
$checkbox = DataPropertyMaster::getProperty(array('name' => 'checkbox'));
$boxes = array('show_hitount', 'show_ratings', 'show_keywords', 'show_comments', 'show_prevnext', 'show_archives', 'show_publinks', 'show_pubcount', 'show_map', 'prevnextart', 'dot_transform', 'title_transform', 'show_categories', 'show_catcount', 'show_prevnext', 'allow_translations');
foreach ($boxes as $box) {
$isvalid = $checkbox->checkInput($box);
if ($isvalid) {
$settings[$box] = $checkbox->value;
}
}
// foreach ($configsettings as $key => $value)
// if (!isset($settings[$key])) $settings[$key] = 0;
$isvalid = true;
// Get the default access rules
$access = DataPropertyMaster::getProperty(array('name' => 'access'));
$validprop = $access->checkInput("access_add");
$addaccess = $access->value;
$isvalid = $isvalid && $validprop;
$validprop = $access->checkInput("access_display");
$displayaccess = $access->value;
$isvalid = $isvalid && $validprop;
$validprop = $access->checkInput("access_modify");
$modifyaccess = $access->value;
$isvalid = $isvalid && $validprop;
$validprop = $access->checkInput("access_delete");
$deleteaccess = $access->value;
$isvalid = $isvalid && $validprop;
$allaccess = array('add' => $addaccess, 'display' => $displayaccess, 'modify' => $modifyaccess, 'delete' => $deleteaccess);
$pubtypeobject->properties['access']->setValue(serialize($allaccess));
$pubtypeobject->properties['configuration']->setValue(serialize($settings));
$pubtypeobject->updateItem(array('itemid' => $ptid));
$pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
if ($usealias) {
xarModSetAlias($pubtypes[$ptid]['name'], 'publications');
} else {
xarModDelAlias($pubtypes[$ptid]['name'], 'publications');
}
} elseif ($data['tab'] == 'redirects') {
$redirects = DataPropertyMaster::getProperty(array('name' => 'array'));
$redirects->display_column_definition['value'] = array(array("From", "To"), array(2, 2), array("", ""), array("", ""));
$isvalid = $redirects->checkInput("redirects");
xarModVars::set('publications', 'redirects', $redirects->value);
}
xarController::redirect(xarModURL('publications', 'admin', 'modifyconfig', array('ptid' => $ptid, 'tab' => $data['tab'])));
return true;
}
function publications_treeapi_moveitem($args)
{
extract($args);
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
// Obtain current information on the reference item
$refitem = xarMod::apiFunc('publications', 'user', 'getpage', array('pid' => $refid));
$query = 'SELECT xar_left, xar_right, xar_parent' . ' FROM ' . $tablename . ' WHERE ' . $idname . ' = ?';
// Run the query (reference item).
$result = $dbconn->execute($query, array($refid));
if (!$result) {
return;
}
if ($result->EOF) {
$msg = xarML('Reference item "#(1)" does not exist', $refid);
throw new BadParameterException(null, $msg);
}
list($ref_left, $ref_right, $ref_parent) = $result->fields;
// Run the query (item to be moved).
$result = $dbconn->execute($query, array((int) $itemid));
if (!$result) {
return;
}
if ($result->EOF) {
$msg = xarML('Moving item "#(1)" does not exist', $itemid);
throw new BadParameterException(null, $msg);
}
list($item_left, $item_right, $item_parent) = $result->fields;
// Checking if the reference ID is of a child or itself
if ($ref_left >= $item_left && $ref_left <= $item_right) {
$msg = xarML('Group references siblings');
throw new BadParameterException(null, $msg);
}
// Find the point of insertion.
switch (strtolower($offset)) {
case 'lastchild':
// last child of reference item
$insertion_point = $ref_right;
break;
case 'after':
// after reference item, same level
$insertion_point = $ref_right + 1;
break;
case 'firstchild':
// first child reference item
$insertion_point = $ref_left + 1;
break;
case 'before':
// before reference item, same level
$insertion_point = $ref_left;
break;
default:
$msg = xarML('Offset not "#(1)" valid', $offset);
throw new BadParameterException(null, $msg);
}
$size = $item_right - $item_left + 1;
$distance = $insertion_point - $item_left;
// If necessary to move then evaluate
if ($distance != 0) {
if ($distance > 0) {
// moving forward
$distance = $insertion_point - $item_right - 1;
$deslocation_outside = -$size;
$between_string = $item_right + 1 . ' AND ' . ($insertion_point - 1);
} else {
// $distance < 0 (moving backward)
$deslocation_outside = $size;
$between_string = $insertion_point . ' AND ' . ($item_left - 1);
}
// This seems SQL-92 standard... Its a good test to see if
// the databases we are supporting are complying with it. This can be
// broken down in 3 simple UPDATES which shouldnt be a problem with any database.
$query = 'UPDATE ' . $tablename . ' SET xar_left = CASE' . ' WHEN xar_left BETWEEN ' . $item_left . ' AND ' . $item_right . ' THEN xar_left + (' . $distance . ')' . ' WHEN xar_left BETWEEN ' . $between_string . ' THEN xar_left + (' . $deslocation_outside . ')' . ' ELSE xar_left' . ' END,' . ' xar_right = CASE' . ' WHEN xar_right BETWEEN ' . $item_left . ' AND ' . $item_right . ' THEN xar_right + (' . $distance . ')' . ' WHEN xar_right BETWEEN ' . $between_string . ' THEN xar_right + (' . $deslocation_outside . ')' . ' ELSE xar_right' . ' END';
$result = $dbconn->execute($query);
if (!$result) {
return;
}
// Find the right parent for this item.
if (strtolower($offset) == 'lastchild' || strtolower($offset) == 'firstchild') {
$parent_id = $refid;
} else {
$parent_id = $ref_parent;
}
// Update parent id
$query = 'UPDATE ' . $tablename . ' SET xar_parent = ?' . ' WHERE ' . $idname . ' = ?';
$result = $dbconn->execute($query, array((int) $parent_id, (int) $itemid));
if (!$result) {
return;
}
}
return true;
}
/**
* Delete a calendar from database
* Usage : if (xarMod::apiFunc('calendar', 'admin', 'delete', $calendar)) {...}
*
* @param $args['calid'] ID of the calendar
* @returns bool
* @return true on success, false on failure
*/
function calendar_adminapi_delete_calendar($args)
{
// Get arguments from argument array
extract($args);
// Argument check
if (!isset($calid)) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'calendar ID', 'admin', 'delete', 'Calendar');
throw new Exception($msg);
}
// TODO: Security check
/*
if (!xarMod::apiLoad('calendar', 'user')) return;
$args['mask'] = 'DeleteCalendars';
if (!xarMod::apiFunc('calendar','user','checksecurity',$args)) {
$msg = xarML('Not authorized to delete #(1) items',
'Calendar');
throw new Exception($msg);
}
*/
// Call delete hooks for categories, hitcount etc.
$args['module'] = 'calendar';
$args['itemid'] = $calid;
xarModCallHooks('item', 'delete', $calid, $args);
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$calendarstable = $xartable['calendars'];
$cal_filestable = $xartable['calendars_files'];
$calfiles = $xartable['calfiles'];
// Get files associated with that calendar
$query = "SELECT xar_files_id FROM {$cal_filestable}\n WHERE xar_calendars_id = ? LIMIT 1 ";
$result =& $dbconn->Execute($query, array($calid));
if (!$result) {
return;
}
for (; !$result->EOF; $result->MoveNext()) {
// there should be only one result
list($file_id) = $result->fields;
}
if (isset($file_id) || !empty($file_id)) {
$query = "DELETE FROM {$calfiles}\n WHERE xar_id = ?";
$result =& $dbconn->Execute($query, array($file_id));
if (!$result) {
return;
}
}
// Delete item
$query = "DELETE FROM {$calendarstable}\n WHERE xar_id = ?";
$result =& $dbconn->Execute($query, array($calid));
if (!$result) {
return;
}
$query = "DELETE FROM {$cal_filestable}\n WHERE xar_calendars_id = ?";
$result =& $dbconn->Execute($query, array($calid));
if (!$result) {
return;
}
$result->Close();
return true;
}
/**
* get a list of article authors depending on additional module criteria
*
* @param $args['cids'] array of cids that we are counting for (OR/AND)
* @param $args['andcids'] true means AND-ing categories listed in cids
*
* @param $args['owner'] the ID of the author
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
* @param $args['state'] array of requested status(es) for the publications
* @param $args['startdate'] publications published at startdate or later
* (unix timestamp format)
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @return array of author id => author name
*/
function publications_userapi_getauthors($args)
{
// Database information
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// Load API
if (!xarModAPILoad('roles', 'user')) {
return;
}
// Get the field names and LEFT JOIN ... ON ... parts from users
$usersdef = xarModAPIFunc('roles', 'user', 'leftjoin');
// TODO: make sure this is SQL standard
// Start building the query
$query = 'SELECT DISTINCT ' . $publicationsdef['owner'] . ', ' . $usersdef['name'];
$query .= ' FROM ' . $publicationsdef['table'];
// Add the LEFT JOIN ... ON ... parts from users
$query .= ' LEFT JOIN ' . $usersdef['table'];
$query .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner'];
if (!isset($args['cids'])) {
$args['cids'] = array();
}
if (!isset($args['andcids'])) {
$args['andcids'] = false;
}
if (count($args['cids']) > 0) {
// Load API
if (!xarModAPILoad('categories', 'user')) {
return;
}
// Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories
$args['modid'] = xarModGetIDFromName('publications');
if (isset($args['ptid']) && !isset($args['itemtype'])) {
$args['itemtype'] = $args['ptid'];
}
$categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', $args);
$query .= ' LEFT JOIN ' . $categoriesdef['table'];
$query .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
$query .= $categoriesdef['more'];
$docid = 1;
}
// Create the WHERE part
$where = array();
// we rely on leftjoin() to create the necessary publications clauses now
if (!empty($publicationsdef['where'])) {
$where[] = $publicationsdef['where'];
}
if (!empty($docid)) {
// we rely on leftjoin() to create the necessary categories clauses
$where[] = $categoriesdef['where'];
}
if (count($where) > 0) {
$query .= ' WHERE ' . join(' AND ', $where);
}
// Order by author name
$query .= ' ORDER BY ' . $usersdef['name'] . ' ASC';
// Run the query - finally :-)
$result =& $dbconn->Execute($query);
if (!$result) {
return;
}
$authors = array();
while (!$result->EOF) {
list($uid, $name) = $result->fields;
$authors[$uid] = array('id' => $uid, 'name' => $name);
$result->MoveNext();
}
$result->Close();
return $authors;
}
/**
* Update a publication type
*
* @param id $args['ptid'] ID of the publication type
* @param string $args['name'] name of the publication type (not allowed here)
* @param string $args['description'] description of the publication type
* @param array $args['config'] configuration of the publication type
* @return bool true on success, false on failure
*/
function publications_adminapi_updatepubtype($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
// Note : since we have several arguments we want to check here, we'll
// report all those that are invalid at the same time...
$invalid = array();
if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
$invalid[] = 'publication type ID';
}
/*
if (!isset($name) || !is_string($name) || empty($name)) {
$invalid[] = 'name';
}
*/
if (!isset($descr) || !is_string($descr) || empty($descr)) {
$invalid[] = 'description';
}
if (!isset($config) || !is_array($config) || count($config) == 0) {
$invalid[] = 'configuration';
}
if (count($invalid) > 0) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'updatepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Security check - we require ADMIN rights here
if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
return;
}
// Load user API to obtain item information function
if (!xarModAPILoad('publications', 'user')) {
return;
}
// Get current publication types
$pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
if (!isset($pubtypes[$ptid])) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'updatepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Make sure we have all the configuration fields we need
$pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
foreach ($pubfields as $field => $value) {
if (!isset($config[$field])) {
$config[$field] = '';
}
}
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$pubtypestable = $xartable['publication_types'];
// Update the publication type (don't allow updates on name)
$query = "UPDATE {$pubtypestable}\n SET pubtypedescr = ?,\n pubtypeconfig = ?\n WHERE pubtype_id = ?";
$bindvars = array($descr, serialize($config), $ptid);
$result =& $dbconn->Execute($query, $bindvars);
if (!$result) {
return;
}
return true;
}
/**
* get overview of all publications
* Note : the following parameters are all optional
*
* @param $args['numitems'] number of publications to get
* @param $args['sort'] sort order ('create_date','title','hits','rating','author','id','summary','notes',...)
* @param $args['startnum'] starting article number
* @param $args['ids'] array of article ids to get
* @param $args['owner'] the ID of the author
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
* @param $args['state'] array of requested status(es) for the publications
* @param $args['search'] search parameter(s)
* @param $args['searchfields'] array of fields to search in
* @param $args['searchtype'] start, end, like, eq, gt, ... (TODO)
* @param $args['cids'] array of category IDs for which to get publications (OR/AND)
* (for all categories don?t set it)
* @param $args['andcids'] true means AND-ing categories listed in cids
* @param $args['create_date'] publications published in a certain year (YYYY), month (YYYY-MM) or day (YYYY-MM-DD)
* @param $args['startdate'] publications published at startdate or later
* (unix timestamp format)
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @param $args['fields'] array with all the fields to return per publication
* Default list is : 'id','title','summary','owner',
* 'create_date','pubtype_id','notes','state','body1'
* Optional fields : 'cids','author','counter','rating','dynamicdata'
* @param $args['extra'] array with extra fields to return per article (in addition
* to the default list). So you can EITHER specify *all* the
* fields you want with 'fields', OR take all the default
* ones and add some optional fields with 'extra'
* @param $args['where'] additional where clauses (e.g. myfield gt 1234)
* @param $args['locale'] language/locale (if not using multi-sites, categories etc.)
* @return array Array of publications, or false on failure
*/
function publications_userapi_getall($args)
{
// Get arguments from argument array
extract($args);
// Optional argument
if (!isset($startnum)) {
$startnum = 1;
}
if (empty($cids)) {
$cids = array();
}
if (!isset($andcids)) {
$andcids = false;
}
if (empty($ptid)) {
$ptid = null;
}
// Default fields in publications (for now)
$columns = array('id', 'name', 'title', 'description', 'summary', 'body1', 'owner', 'pubtype_id', 'notes', 'state', 'start_date');
// Optional fields in publications (for now)
// + 'cids' = list of categories an article belongs to
// + 'author' = user name of owner
// + 'counter' = number of times this article was displayed (hitcount)
// + 'rating' = rating for this article (ratings)
// + 'dynamicdata' = dynamic data fields for this article (dynamicdata)
// + 'relevance' = relevance for this article (MySQL full-text search only)
// $optional = array('cids','author','counter','rating','dynamicdata','relevance');
if (!isset($fields)) {
$fields = $columns;
}
if (isset($extra) && is_array($extra) && count($extra) > 0) {
$fields = array_merge($fields, $extra);
}
if (empty($sort)) {
if (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
if ($searchtype == 'fulltext boolean' && !in_array('relevance', $fields)) {
// add the relevance to the field list for sorting
$fields[] = 'relevance';
}
// let the database sort by relevance (= default for fulltext)
$sortlist = array();
} else {
// default sort by create_date
$sortlist = array('create_date');
}
} elseif (is_array($sort)) {
$sortlist = $sort;
} else {
$sortlist = explode(',', $sort);
}
$publications = array();
// Security check
if (!xarSecurityCheck('ViewPublications')) {
return;
}
// Fields requested by the calling function
$required = array();
foreach ($fields as $field) {
$required[$field] = 1;
}
// mandatory fields for security
$required['id'] = 1;
$required['title'] = 1;
$required['pubtype_id'] = 1;
$required['create_date'] = 1;
$required['owner'] = 1;
// not to be confused with author (name) :-)
// force cids as required when categories are given
if (count($cids) > 0) {
$required['cids'] = 1;
}
// TODO: put all this in dynamic data and retrieve everything via there (including hooked stuff)
// Database information
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// TODO : how to handle the case where name is empty, but uname isn't
if (!empty($required['owner'])) {
// Load API
if (!xarModAPILoad('roles', 'user')) {
return;
}
// Get the field names and LEFT JOIN ... ON ... parts from users
$usersdef = xarModAPIFunc('roles', 'user', 'leftjoin');
if (empty($usersdef)) {
return;
}
}
$regid = xarMod::getRegID('publications');
if (!empty($required['cids'])) {
// Load API
if (!xarModAPILoad('categories', 'user')) {
return;
}
// Get the LEFT JOIN ... ON ... and WHERE (!) parts from categories
$categoriesdef = xarModAPIFunc('categories', 'user', 'leftjoin', array('cids' => $cids, 'andcids' => $andcids, 'itemtype' => isset($ptid) ? $ptid : null, 'modid' => $regid));
if (empty($categoriesdef)) {
return;
}
}
if (!empty($required['counter']) && xarModIsHooked('hitcount', 'publications', $ptid)) {
// Load API
if (!xarModAPILoad('hitcount', 'user')) {
return;
}
// Get the LEFT JOIN ... ON ... and WHERE (!) parts from hitcount
$hitcountdef = xarModAPIFunc('hitcount', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null));
}
if (!empty($required['rating']) && xarModIsHooked('ratings', 'publications', $ptid)) {
// Load API
if (!xarModAPILoad('ratings', 'user')) {
return;
}
// Get the LEFT JOIN ... ON ... and WHERE (!) parts from ratings
$ratingsdef = xarModAPIFunc('ratings', 'user', 'leftjoin', array('modid' => $regid, 'itemtype' => isset($ptid) ? $ptid : null));
}
// Create the SELECT part
$select = array();
foreach ($required as $field => $val) {
// we'll handle this later
if ($field == 'cids') {
continue;
} elseif ($field == 'dynamicdata') {
continue;
} elseif ($field == 'owner') {
$select[] = $usersdef['name'];
} elseif ($field == 'counter') {
if (!empty($hitcountdef['hits'])) {
$select[] = $hitcountdef['hits'];
}
} elseif ($field == 'rating') {
if (!empty($ratingsdef['rating'])) {
$select[] = $ratingsdef['rating'];
}
} else {
$select[] = $publicationsdef[$field];
}
}
// FIXME: <rabbitt> PostgreSQL requires that all fields in an 'Order By' be in the SELECT
// this has been added to remove the error that not having it creates
// FIXME: <mikespub> Oracle doesn't allow having the same field in a query twice if you
// don't specify an alias (at least in sub-queries, which is what SelectLimit uses)
// if (!in_array($publicationsdef['create_date'], $select)) {
// $select[] = $publicationsdef['create_date'];
// }
// we need distinct for multi-category OR selects where publications fit in more than 1 category
if (count($cids) > 0) {
$query = 'SELECT DISTINCT ' . join(', ', $select);
} else {
$query = 'SELECT ' . join(', ', $select);
}
// Create the FROM ... [LEFT JOIN ... ON ...] part
$from = $publicationsdef['table'];
$addme = 0;
if (!empty($required['owner'])) {
// Add the LEFT JOIN ... ON ... parts from users
$from .= ' LEFT JOIN ' . $usersdef['table'];
$from .= ' ON ' . $usersdef['field'] . ' = ' . $publicationsdef['owner'];
$addme = 1;
}
if (!empty($required['counter']) && isset($hitcountdef)) {
// add this for SQL compliance when there are multiple JOINs
// bug 4429: sqlite doesnt like the parentheses
if ($addme && $dbconn->databaseType != 'sqlite') {
$from = '(' . $from . ')';
}
// Add the LEFT JOIN ... ON ... parts from hitcount
$from .= ' LEFT JOIN ' . $hitcountdef['table'];
$from .= ' ON ' . $hitcountdef['field'] . ' = ' . $publicationsdef['id'];
$addme = 1;
}
if (!empty($required['rating']) && isset($ratingsdef)) {
// add this for SQL compliance when there are multiple JOINs
// bug 4429: sqlite doesnt like the parentheses
if ($addme && $dbconn->databaseType != 'sqlite') {
$from = '(' . $from . ')';
}
// Add the LEFT JOIN ... ON ... parts from ratings
$from .= ' LEFT JOIN ' . $ratingsdef['table'];
$from .= ' ON ' . $ratingsdef['field'] . ' = ' . $publicationsdef['id'];
$addme = 1;
}
if (count($cids) > 0) {
// add this for SQL compliance when there are multiple JOINs
// bug 4429: sqlite doesnt like the parentheses
if ($addme && $dbconn->databaseType != 'sqlite') {
$from = '(' . $from . ')';
}
// Add the LEFT JOIN ... ON ... parts from categories
$from .= ' LEFT JOIN ' . $categoriesdef['table'];
$from .= ' ON ' . $categoriesdef['field'] . ' = ' . $publicationsdef['id'];
if (!empty($categoriesdef['more']) && $dbconn->databaseType != 'sqlite') {
$from = '(' . $from . ')';
$from .= $categoriesdef['more'];
}
}
$query .= ' FROM ' . $from;
// TODO: check the order of the conditions for brain-dead databases ?
// Create the WHERE part
$where = array();
// we rely on leftjoin() to create the necessary publications clauses now
if (!empty($publicationsdef['where'])) {
$where[] = $publicationsdef['where'];
}
if (!empty($required['counter']) && !empty($hitcountdef['where'])) {
$where[] = $hitcountdef['where'];
}
if (!empty($required['rating']) && !empty($ratingsdef['where'])) {
$where[] = $ratingsdef['where'];
}
if (count($cids) > 0) {
// we rely on leftjoin() to create the necessary categories clauses
$where[] = $categoriesdef['where'];
}
if (count($where) > 0) {
$query .= ' WHERE ' . join(' AND ', $where);
}
// TODO: support other non-publications fields too someday ?
// Create the ORDER BY part
if (count($sortlist) > 0) {
$sortparts = array();
$seenid = 0;
foreach ($sortlist as $criteria) {
// ignore empty sort criteria
if (empty($criteria)) {
continue;
}
// split off trailing ASC or DESC
if (preg_match('/^(.+)\\s+(ASC|DESC)\\s*$/i', $criteria, $matches)) {
$criteria = trim($matches[1]);
$sortorder = strtoupper($matches[2]);
} else {
$sortorder = '';
}
if ($criteria == 'title') {
$sortparts[] = $publicationsdef['title'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
// } elseif ($criteria == 'create_date' || $criteria == 'date') {
// $sortparts[] = $publicationsdef['create_date'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
} elseif ($criteria == 'hits' && !empty($hitcountdef['hits'])) {
$sortparts[] = $hitcountdef['hits'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
} elseif ($criteria == 'rating' && !empty($ratingsdef['rating'])) {
$sortparts[] = $ratingsdef['rating'] . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
} elseif ($criteria == 'owner' && !empty($usersdef['name'])) {
$sortparts[] = $usersdef['name'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
} elseif ($criteria == 'relevance' && !empty($publicationsdef['relevance'])) {
$sortparts[] = 'relevance' . ' ' . (!empty($sortorder) ? $sortorder : 'DESC');
} elseif ($criteria == 'id') {
$sortparts[] = $publicationsdef['id'] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
$seenid = 1;
// other publications fields, e.g. summary, notes, ...
} elseif (!empty($publicationsdef[$criteria])) {
$sortparts[] = $publicationsdef[$criteria] . ' ' . (!empty($sortorder) ? $sortorder : 'ASC');
} else {
// ignore unknown sort fields
}
}
// add sorting by id for unique sort order
if (count($sortparts) < 2 && empty($seenid)) {
$sortparts[] = $publicationsdef['id'] . ' DESC';
}
$query .= ' ORDER BY ' . join(', ', $sortparts);
} elseif (!empty($search) && !empty($searchtype) && substr($searchtype, 0, 8) == 'fulltext') {
// For fulltext, let the database return the publications by relevance here (= default)
// For fulltext in boolean mode, add MATCH () ... AS relevance ... ORDER BY relevance DESC (cfr. leftjoin)
if (!empty($required['relevance']) && $searchtype == 'fulltext boolean') {
$query .= ' ORDER BY relevance DESC, ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC';
}
} else {
// default is 'create_date'
$query .= ' ORDER BY ' . $publicationsdef['create_date'] . ' DESC, ' . $publicationsdef['id'] . ' DESC';
}
//echo $query;
// Run the query - finally :-)
if (isset($numitems) && is_numeric($numitems)) {
$result =& $dbconn->SelectLimit($query, $numitems, $startnum - 1);
} else {
$result =& $dbconn->Execute($query);
}
if (!$result) {
return;
}
$itemids_per_type = array();
// Put publications into result array
for (; !$result->EOF; $result->MoveNext()) {
$data = $result->fields;
$item = array();
// loop over all required fields again
foreach ($required as $field => $val) {
if ($field == 'cids' || $field == 'dynamicdata' || $val != 1) {
continue;
}
$value = array_shift($data);
if ($field == 'rating') {
$value = intval($value);
}
$item[$field] = $value;
}
// check security - don't generate an exception here
if (empty($required['cids']) && !xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
continue;
}
$publications[] = $item;
if (!empty($required['dynamicdata'])) {
$pubtype = $item['pubtype_id'];
if (!isset($itemids_per_type[$pubtype])) {
$itemids_per_type[$pubtype] = array();
}
$itemids_per_type[$pubtype][] = $item['id'];
}
}
$result->Close();
if (!empty($required['cids']) && count($publications) > 0) {
// Get all the categories at once
$ids = array();
foreach ($publications as $article) {
$ids[] = $article['id'];
}
// Load API
if (!xarModAPILoad('categories', 'user')) {
return;
}
// Get the links for the Array of iids we have
$cids = xarModAPIFunc('categories', 'user', 'getlinks', array('iids' => $ids, 'reverse' => 1, 'modid' => $regid));
// Inserting the corresponding Category ID in the Publication Description
$delete = array();
$cachesec = array();
foreach ($publications as $key => $article) {
if (isset($cids[$article['id']]) && count($cids[$article['id']]) > 0) {
$publications[$key]['cids'] = $cids[$article['id']];
foreach ($cids[$article['id']] as $cid) {
if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:{$cid}:{$article['owner']}:{$article['id']}")) {
$delete[$key] = 1;
break;
}
if (!isset($cachesec[$cid])) {
// TODO: combine with ViewCategoryLink check when we can combine module-specific
// security checks with "parent" security checks transparently ?
$cachesec[$cid] = xarSecurityCheck('ReadCategories', 0, 'Category', "All:{$cid}");
}
if (!$cachesec[$cid]) {
$delete[$key] = 1;
break;
}
}
} else {
if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$article['pubtype_id']}:All:{$article['owner']}:{$article['id']}")) {
$delete[$key] = 1;
continue;
}
}
}
if (count($delete) > 0) {
foreach ($delete as $key => $val) {
unset($publications[$key]);
}
}
}
if (!empty($required['dynamicdata']) && count($publications) > 0) {
foreach ($itemids_per_type as $pubtype => $itemids) {
if (!xarModIsHooked('dynamicdata', 'publications', $pubtype)) {
continue;
}
list($properties, $items) = xarModAPIFunc('dynamicdata', 'user', 'getitemsforview', array('module' => 'publications', 'itemtype' => $pubtype, 'itemids' => $itemids, 'state' => 1));
if (empty($properties) || count($properties) == 0) {
continue;
}
foreach ($publications as $key => $article) {
// otherwise publications (of different pub types) with dd properties having the same
// names reset previously set values to empty string for each iteration based on the pubtype
if ($article['pubtype_id'] != $pubtype) {
continue;
}
foreach (array_keys($properties) as $name) {
if (isset($items[$article['id']]) && isset($items[$article['id']][$name])) {
$value = $items[$article['id']][$name];
} else {
$value = $properties[$name]->default;
}
$publications[$key][$name] = $value;
// TODO: clean up this temporary fix
if (!empty($value)) {
$publications[$key][$name . '_output'] = $properties[$name]->showOutput(array('value' => $value));
}
}
}
}
}
return $publications;
}
