Example #1
0
/**
 * Merges sources specified with any specified "restrict_to_sources"/"restrictToSources" option, user access settings and sources configured in app.conf
 * into a single list of source_ids suitable for enforcing source restrictions.
 *
 * @param BaseModel $t_instance A model instance for the table to which the sources apply
 * @param array $pa_options An array of options containing, if specified, a list of sources for either the "restrict_to_sources" or "restrictToSources" keys
 * 
 * @return array List of numeric source_ids for which the user has access
 */
function caMergeSourceRestrictionLists($t_instance, $pa_options)
{
    $va_restrict_to_source_ids = null;
    if (is_array($pa_options['restrict_to_sources']) && sizeof($pa_options['restrict_to_sources'])) {
        $pa_options['restrictToSources'] = $pa_options['restrict_to_sources'];
    }
    if (is_array($pa_options['restrictToSources']) && sizeof($pa_options['restrictToSources'])) {
        $va_restrict_to_source_ids = caMakeSourceIDList($t_instance->tableName(), $pa_options['restrictToSources'], array('noChildren' => true));
    }
    $va_sources = null;
    $o_config = Configuration::load();
    if ((bool) $o_config->get('perform_source_access_checking') && method_exists($t_instance, 'getSourceFieldName') && ($vs_source_field_name = $t_instance->getSourceFieldName())) {
        $va_sources = caGetSourceRestrictionsForUser($t_instance->tableName());
    }
    if (is_array($va_sources) && sizeof($va_sources) && is_array($va_restrict_to_source_ids) && sizeof($va_restrict_to_source_ids)) {
        if (sizeof($va_tmp = array_intersect($va_restrict_to_source_ids, $va_sources))) {
            $va_sources = $va_tmp;
        }
    } else {
        if (!is_array($va_sources) || !sizeof($va_sources)) {
            $va_sources = $va_restrict_to_source_ids;
        }
    }
    return $va_sources;
}
Example #2
0
 /**
  * Returns list of source_id values to restrict search to. Return values are always numeric sources, 
  * never codes, and will include all source_ids to filter on, including children of hierarchical sources.
  *
  * @return array List of source_id values to restrict search to.
  */
 public function getSourceRestrictionList()
 {
     if (function_exists("caGetSourceRestrictionsForUser")) {
         $va_pervasive_sources = caGetSourceRestrictionsForUser($this->ops_tablename);
         // restrictions set in app.conf or by associated user role
         if (!is_array($va_pervasive_sources)) {
             return $this->opa_search_source_ids;
         }
         if (is_array($this->opa_search_source_ids) && sizeof($this->opa_search_source_ids)) {
             $va_filtered_sources = array();
             foreach ($this->opa_search_source_ids as $vn_id) {
                 if (in_array($vn_id, $va_pervasive_sources)) {
                     $va_filtered_sources[] = $vn_id;
                 }
             }
             return $va_filtered_sources;
         } else {
             return $va_pervasive_sources;
         }
     }
     return $this->opa_search_source_ids;
 }
 /**
  * Called just after record is deleted. Individual editor controllers can override this to implement their
  * own post-deletion cleanup logic.
  *
  * @param BaseModel $pt_subject Model instance of row that was deleted
  * @return bool True if post-deletion cleanup was successful, false if not
  */
 protected function _checkAccess($pt_subject, $pa_options = null)
 {
     //
     // Is record deleted?
     //
     if ($pt_subject->hasField('deleted') && $pt_subject->get('deleted')) {
         if (!caGetOption('dontRedirectOnDelete', $pa_options, false)) {
             $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2550?r=' . urlencode($this->request->getFullUrlPath()));
         }
         return false;
     }
     //
     // Is record of correct type?
     //
     $va_restrict_to_types = null;
     if ($pt_subject->getAppConfig()->get('perform_type_access_checking')) {
         $va_restrict_to_types = caGetTypeRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_READONLY__));
     }
     if (is_array($va_restrict_to_types) && ($pt_subject->get('type_id') && ($pt_subject->getPrimaryKey() && !in_array($pt_subject->get('type_id'), $va_restrict_to_types)))) {
         $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2560?r=' . urlencode($this->request->getFullUrlPath()));
         return false;
     }
     //
     // Is record from correct source?
     //
     $va_restrict_to_sources = null;
     if ($pt_subject->getAppConfig()->get('perform_source_access_checking') && $pt_subject->hasField('source_id')) {
         if (is_array($va_restrict_to_sources = caGetSourceRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_READONLY__)))) {
             if (!$pt_subject->get('source_id') || $pt_subject->get('source_id') && !in_array($pt_subject->get('source_id'), $va_restrict_to_sources) || strlen($vn_source_id = $this->request->getParameter('source_id', pInteger)) && !in_array($vn_source_id, $va_restrict_to_sources)) {
                 $pt_subject->set('source_id', $pt_subject->getDefaultSourceID(array('request' => $this->request)));
             }
             if (is_array($va_restrict_to_sources) && !in_array($pt_subject->get('source_id'), $va_restrict_to_sources)) {
                 $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2562?r=' . urlencode($this->request->getFullUrlPath()));
                 return;
             }
         }
     }
     //
     // Does user have access to row?
     //
     if ($pt_subject->getAppConfig()->get('perform_item_level_access_checking') && $vn_subject_id) {
         if ($pt_subject->checkACLAccessForUser($this->request->user) < __CA_BUNDLE_ACCESS_READONLY__) {
             $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2580?r=' . urlencode($this->request->getFullUrlPath()));
             return false;
         }
     }
     return true;
 }
 /** 
  *
  */
 public function htmlFormElement($ps_field, $ps_format = null, $pa_options = null)
 {
     if ($vs_source_id_fld_name = $this->getSourceFieldName()) {
         switch ($ps_field) {
             case $vs_source_id_fld_name:
                 if ((bool) $this->getAppConfig()->get('perform_source_access_checking')) {
                     $pa_options['value'] = $this->get($ps_field);
                     $pa_options['disableItemsWithID'] = caGetSourceRestrictionsForUser($this->tableName(), array('access' => __CA_BUNDLE_ACCESS_READONLY__, 'exactAccess' => true));
                     return $this->getSourceListAsHTMLFormElement($ps_field, array(), $pa_options);
                 }
                 break;
         }
     }
     return parent::htmlFormElement($ps_field, $ps_format, $pa_options);
 }
 /**
  * Saves the content of a form editing new or existing records. It returns the same form + status messages rendered into the current view, inherited from ActionController
  *
  * @param array $pa_options Array of options passed through to _initView and saveBundlesForScreen()
  */
 public function Save($pa_options = null)
 {
     list($t_subject, $t_ui, $vn_parent_id, $vn_above_id) = $this->_initView($pa_options);
     if (!is_array($pa_options)) {
         $pa_options = array();
     }
     // Is user allowed to quickadd?
     if (!(is_array($pa_options) && isset($pa_options['dontCheckQuickAddAction']) && (bool) $pa_options['dontCheckQuickAddAction']) && !$this->request->user->canDoAction('can_quickadd_' . $t_subject->tableName())) {
         $va_response = array('status' => 30, 'id' => null, 'table' => $t_subject->tableName(), 'type_id' => null, 'display' => null, 'errors' => array(_t("You are not allowed to quickadd %1", $t_subject->getProperty('NAME_PLURAL')) => _t("You are not allowed to quickadd %1", $t_subject->getProperty('NAME_PLURAL'))));
         $this->view->setVar('response', $va_response);
         $this->render('quickadd_result_json.php');
         return;
     }
     //
     // Is record of correct type?
     //
     $va_restrict_to_types = null;
     if ($t_subject->getAppConfig()->get('perform_type_access_checking')) {
         $va_restrict_to_types = caGetTypeRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_EDIT__));
     }
     if (is_array($va_restrict_to_types) && !in_array($t_subject->get('type_id'), $va_restrict_to_types)) {
         $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2560?r=' . urlencode($this->request->getFullUrlPath()));
         return;
     }
     //
     // Is record from correct source?
     //
     $va_restrict_to_sources = null;
     if ($t_subject->getAppConfig()->get('perform_source_access_checking')) {
         if (is_array($va_restrict_to_sources = caGetSourceRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_EDIT__)))) {
             if (!$t_subject->get('source_id') || $t_subject->get('source_id') && !in_array($t_subject->get('source_id'), $va_restrict_to_sources) || strlen($vn_source_id = $this->request->getParameter('source_id', pInteger)) && !in_array($vn_source_id, $va_restrict_to_sources)) {
                 $t_subject->set('source_id', $t_subject->getDefaultSourceID(array('request' => $this->request)));
             }
             if (is_array($va_restrict_to_sources) && !in_array($t_subject->get('source_id'), $va_restrict_to_sources)) {
                 $this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2562?r=' . urlencode($this->request->getFullUrlPath()));
                 return;
             }
         }
     }
     // Make sure request isn't empty
     if (!sizeof($_POST)) {
         $va_response = array('status' => 20, 'id' => null, 'table' => $t_subject->tableName(), 'type_id' => null, 'display' => null, 'errors' => array(_t("Cannot save using empty request. Are you using a bookmark?") => _t("Cannot save using empty request. Are you using a bookmark?")));
         $this->view->setVar('response', $va_response);
         $this->render('quickadd_result_json.php');
         return;
     }
     // Set "context" id from those editors that need to restrict idno lookups to within the context of another field value (eg. idno's for ca_list_items are only unique within a given list_id)
     $vn_context_id = null;
     if ($vs_idno_context_field = $t_subject->getProperty('ID_NUMBERING_CONTEXT_FIELD')) {
         if ($t_subject->getPrimaryKey() > 0) {
             $this->view->setVar('_context_id', $vn_context_id = $t_subject->get($vs_idno_context_field));
         } else {
             if ($vn_parent_id > 0) {
                 $t_parent = $this->opo_datamodel->getInstanceByTableName($this->ops_table_name);
                 if ($t_parent->load($vn_parent_id)) {
                     $this->view->setVar('_context_id', $vn_context_id = $t_parent->get($vs_idno_context_field));
                 }
             }
         }
         if ($vn_context_id) {
             $t_subject->set($vs_idno_context_field, $vn_context_id);
         }
     }
     // Set type name for display
     if (!($vs_type_name = $t_subject->getTypeName())) {
         $vs_type_name = $t_subject->getProperty('NAME_SINGULAR');
     }
     # trigger "BeforeSaveItem" hook
     $this->opo_app_plugin_manager->hookBeforeSaveItem(array('id' => null, 'table_num' => $t_subject->tableNum(), 'table_name' => $t_subject->tableName(), 'instance' => $t_subject, 'is_insert' => true));
     $vn_parent_id = $this->request->getParameter('parent_id', pInteger);
     $t_subject->set('parent_id', $vn_parent_id);
     $this->opo_result_context->setParameter($t_subject->tableName() . '_last_parent_id', $vn_parent_id);
     $va_opts = array_merge($pa_options, array('ui_instance' => $t_ui));
     $vb_save_rc = $t_subject->saveBundlesForScreen($this->request->getParameter('screen', pString), $this->request, $va_opts);
     $this->view->setVar('t_ui', $t_ui);
     if (!$t_subject->getPrimaryKey()) {
         $vn_subject_id = $t_subject->getPrimaryKey();
         if (!$vb_save_rc) {
             $vs_message = _t("Could not save %1", $vs_type_name);
         } else {
             $vs_message = _t("Added %1", $vs_type_name);
             $this->request->setParameter($t_subject->primaryKey(), $vn_subject_id, 'GET');
             $this->view->setVar($t_subject->primaryKey(), $vn_subject_id);
             $this->view->setVar('subject_id', $vn_subject_id);
             $this->request->session->setVar($this->ops_table_name . '_browse_last_id', $vn_subject_id);
             // set last edited
             // Set ACL for newly created record
             if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
                 $t_subject->setACLUsers(array($this->request->getUserID() => __CA_ACL_EDIT_DELETE_ACCESS__));
                 $t_subject->setACLWorldAccess($t_subject->getAppConfig()->get('default_item_access_level'));
             }
         }
     } else {
         $vs_message = _t("Saved changes to %1", $vs_type_name);
     }
     $va_errors = $this->request->getActionErrors();
     // all errors from all sources
     $va_general_errors = $this->request->getActionErrors('general');
     // just "general" errors - ones that are not attached to a specific part of the form
     if (sizeof($va_errors) - sizeof($va_general_errors) > 0) {
         $va_error_list = array();
         $vb_no_save_error = false;
         foreach ($va_errors as $o_e) {
             $va_error_list[$o_e->getErrorDescription()] = $o_e->getErrorDescription() . "\n";
             switch ($o_e->getErrorNumber()) {
                 case 1100:
                     // duplicate/invalid idno
                     if (!$vn_subject_id) {
                         // can't save new record if idno is not valid (when updating everything but idno is saved if it is invalid)
                         $vb_no_save_error = true;
                     }
                     break;
             }
         }
     } else {
         $this->opo_result_context->invalidateCache();
     }
     $this->opo_result_context->saveContext();
     # trigger "SaveItem" hook
     $this->opo_app_plugin_manager->hookSaveItem(array('id' => $vn_subject_id, 'table_num' => $t_subject->tableNum(), 'table_name' => $t_subject->tableName(), 'instance' => $t_subject, 'is_insert' => true));
     $vn_id = $t_subject->getPrimaryKey();
     $vn_relation_id = null;
     if ($vn_id) {
         $va_tmp = caProcessRelationshipLookupLabel($t_subject->makeSearchResult($t_subject->tableName(), array($vn_id)), $t_subject);
         $va_name = array_pop($va_tmp);
         // Add relationship to added item here?
         $pn_related_id = $this->request->getParameter('relatedID', pInteger);
         $ps_related_table = $this->request->getParameter('relatedTable', pString);
         $ps_relationship_type = $this->request->getParameter('relationshipType', pString);
         if ($pn_related_id && $ps_related_table && $ps_relationship_type) {
             if ($t_rel = $t_subject->addRelationship($ps_related_table, $pn_related_id, $ps_relationship_type)) {
                 $vn_relation_id = $t_rel->getPrimaryKey();
             }
         }
     } else {
         $va_name = array();
     }
     $va_response = array('status' => sizeof($va_error_list) ? 10 : 0, 'id' => $vn_id, 'table' => $t_subject->tableName(), 'type_id' => method_exists($t_subject, "getTypeID") ? $t_subject->getTypeID() : null, 'relation_id' => $vn_relation_id, 'display' => $va_name['label'], 'errors' => $va_error_list);
     $this->view->setVar('response', $va_response);
     $this->render('quickadd_result_json.php');
 }