function create_resource($R) { extract($R); if ($resource_info['iid'] == '') { $resource_info['iid'] = '1'; } $R['resource_info']['resource_id'] = find_latest_UID('resource', $db) + 1; $resource_id_created = insert_resource($R); if ($resource_id_created) { $resource_id = find_latest_UID('resource', $db); $resource_info['resource_id'] = $resource_id; if ($resource_info['iid'] == '0') { #INSERT LINE ON RULES TABLE $rule_info = array('project_id' => $resource_info['project_id'], 'owner' => $user_id, 'subject' => $resource_info['entity'], 'subject_id' => $resource_info['resource_id'], 'verb' => 'has UID', 'object' => 'UID', 'notes' => nl2br($resource_info['notes'])); $db->query($sql, __LINE__, __FILE__); $R['rule_info'] = $rule_info; $rule_inserted = insert_rule($R); if ($rule_inserted) { $rule_info['rule_id'] = find_latest_UID('rule', $db); $inputs = array('newsubject' => $resource_info['entity'], 'newverb' => 'has UID', 'newobject' => 'UID', 'newnotes' => nl2br($resource_info['notes'])); $action = 'create'; $log = compact('action', 'rule_info', 'user_id', 'project_id', 'db', 'inputs'); insert_rule_log($log); } #now check if there is any rule in the same project that already has this class as object. $s3ql = compact('user_id', 'db'); $s3ql['from'] = 'rules'; $s3ql['where']['object'] = $resource_info['entity']; $s3ql['where']['project_id'] = $resource_info['project_id']; $object_rules = S3QLaction($s3ql); if (is_array($object_rules)) { foreach ($object_rules as $key => $rule_to_change) { $s3ql = compact('user_id', 'db'); $s3ql['edit'] = 'rule'; $s3ql['where']['rule_id'] = $rule_to_change['rule_id']; $s3ql['set']['object_id'] = $resource_id; $done = S3QLaction($s3ql); } } } else { $statement_info = array('project_id' => $resource_info['project_id'], 'resource_id' => $resource_id, 'rule_id' => get_rule_id_by_entity_id($resource_info['resource_class_id'], $resource_info['project_id'], $db), 'value' => $resource_id, 'notes' => $resource_info['notes'], 'created_by' => $resource_info['owner'], 'db' => $db); $R['statement_info'] = $statement_info; insert_statement($R); } return $resource_id; } }
function update_resource_instance($R) { extract($R); #echo '<pre>';print_r($R);exit; if (is_array($editing_resource)) { extract($editing_resource); } $modified_by = $user_id; #$sql ="update s3db_resource set notes='".$notes."', entity='".$entity."', modified_by='".$modified_by."', modified_on=now(), resource_class_id='".$resource_class_id."' where resource_id='".$resource_id."'"; $sql = "update s3db_resource set notes='" . addslashes($inputs['notes']) . "', modified_by='" . $modified_by . "', modified_on=now() where resource_id='" . $info['resource_id'] . "'"; #$echo $sql;exit; $db->query($sql, __LINE__, __FILE__); $dbdata = get_object_vars($db); $old_rule_id = get_rule_id_by_entity_id($info['class_id'], $project_id, $db); $instance_info = $info; $Z = compact('instance_info', 'user_id', 'db'); #$L = array('statement_id'=>fastStatementId($Z), 'old_rule_id'=>$old_rule_id, 'old_resource_id'=>$info['resource_id'], 'old_project_id'=>$info['project_id'], 'old_value'=>$info['entity'], 'old_notes'=>$oldvalues['notes'], 'action'=>'modify', 'modified_by'=>$modified_by, 'created_on'=>$info['created_on'], 'created_by'=>$info['created_by'], 'db'=>$db); #echo '<pre>';print_r($L);exit; if ($dbdata['Errno'] == 0) { #echo '<pre>';print_r($olvalues);exit; $statement_info = $info; $statement_info['statement_id'] = fastStatementId($Z); $statement_info['rule_id'] = get_rule_id_by_entity_id($info['class_id'], $project_id, $db); $statement_info['value'] = $info['resource_id']; if ($input['notes'] != '') { $statement_info['notes'] = $info['notes']; } $action = 'edit'; if ($inputs['notes'] != $oldvalues['notes']) { $logged = insert_statement_log(compact('oldvalues', 'inputs', 'action', 'statement_info', 'user_id', 'db')); } #nor for the rules. Which rule use this item as verb_id $sql = "select * from s3db_rule where verb_id = '" . $info['resource_id'] . "'"; #echo $sql; $db->query($sql, __LINE__, __FILE__); while ($db->next_record()) { $rules[] = array('rule_id' => $db->f('rule_id'), 'project_id' => $db->f('project_id'), 'subject' => $db->f('subject'), 'verb' => $db->f('verb'), 'object' => $db->f('object'), 'subject_id' => $db->f('subject_id'), 'verb_id' => $db->f('verb_id'), 'object_id' => $db->f('object_id'), 'notes' => $db->f('notes'), 'created_on' => substr($db->f('created_on'), 0, 19), 'created_by' => $db->f('created_by'), 'modified_on' => $db->f('modified_on'), 'modified_by' => $db->f('modified_by'), 'permission' => $db->f('permission')); } $inputs = array('verb' => $inputs['notes']); if (is_array($rules)) { foreach ($rules as $rule_info) { $oldvalues['verb'] = $rule_info['verb']; $sql = "update s3db_rule set verb = '" . $inputs['verb'] . "' where rule_id = '" . $rule_info['rule_id'] . "'"; #echo $sql.'<BR>'; $db->query($sql, __LINE__, __FILE__); $action = 'edit'; insert_rule_log(compact('oldvalues', 'inputs', 'rule_info', 'user_id', 'db', 'action')); } } #echo $sql.'<BR>'; ##This piece of code is meant to enable the regeneration of the list of resource instances in query result $queryresult = $_SESSION['query_result']; if (is_array($queryresult)) { foreach ($queryresult as $i => $value) { if ($queryresult[$i]['resource_id'] == $editing_resource['resource_id']) { $queryresult[$i]['notes'] = $editing_resource['notes']; } } } $_SESSION['query_result'] = $queryresult; return True; } else { return False; } }
function create_nodes($O) { $action = $GLOBALS['action']; extract($O); $project_info = s3info('project', $project_id, $db); $project_node .= sprintf("\t\t%s\n", '<NODE nodeID="P' . $project_info['project_id'] . '">'); $project_node .= sprintf("\t\t\t%s\n", '<NODE_LOCATION x="0" y="0" visible="true"/>'); $project_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="' . str_replace("\"", "", htmlentities($project_info['project_description'])) . '" width="300" height="-1" isHTML="false"/>'); $project_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $project_info['project_name'] . '" shape="3" backColor="0000FF" textColor="FFFF00" fontSize="12"/>'); $project_node .= sprintf("\t\t\t%s\n", '<NODE_URL url="' . htmlentities($action['project']) . '" urlIsLocal="true" urlIsXML="false"/>'); #$project_node.= sprintf("\t\t\t%s\n",'<NODE_URL url="../project/project.php?project_id='.$_REQUEST['project_id'].'" urlIsLocal="true" urlIsXML="false"/>'); $project_node .= sprintf("\t\t%s\n", '</NODE>'); $s3ql['db'] = $db; $s3ql['user_id'] = $user_id; $s3ql['select'] = '*'; $s3ql['from'] = 'rules'; $s3ql['where']['project_id'] = $_REQUEST['project_id']; $s3ql['where']['object'] = "!=UID"; #$rules = s3list($s3ql); $rules = S3QLaction($s3ql); $GLOBALS['rules'] = $rules; #Create the node for the regular resources #List all classes in project $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'classes'; $s3ql['where']['project_id'] = $_REQUEST['project_id']; #$resources = s3list($s3ql); $resources = S3QLaction($s3ql); $GLOBALS['collections'] = $resources; if (is_array($resources)) { $C = grab_id('collection', $resources); #=>these are the ids of all allowed nodes foreach ($resources as $resource_info) { //Lena -created this session because map doesn't allow more than 1 get, but for queryresource to run properly we need at least 2 get's $rule_id = get_rule_id_by_entity_id($resource_info['resource_id'], $resource_info['project_id'], $db); $subject = str_replace($toReplace, $replace, htmlentities($resource_info['entity'])); $notes = str_replace($toReplace, $replace, htmlentities($resource_info['notes'])); if ($resource_info['project_id'] == $_REQUEST['project_id']) { $color = 'FF0000'; } else { $color = 'FF6600'; } $resource_id = $resource_info['resource_id']; $subject_node .= sprintf("\t\t%s\n", '<NODE nodeID="C' . $resource_id . '">'); $subject_node .= sprintf("\t\t\t%s\n", '<NODE_LOCATION x="0" y="0" visible="false"/>'); $subject_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="' . $notes . '" width="300" height="-1" isHTML="true"/>'); $subject_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $subject . '" shape="2" backColor="' . $color . '" textColor="FFFFFF" fontSize="14"/>'); $subject_node .= sprintf("\t\t\t%s\n", '<NODE_URL url="' . htmlentities($action['resource']) . '&class_id=' . $resource_info['resource_id'] . '" urlIsLocal="true" urlIsXML="false"/>'); $subject_node .= sprintf("\t\t%s\n", '</NODE>'); } #and finally... the nodes for the objects... if (is_array($rules)) { #foreach($objects as $object) foreach ($rules as $rule_info) { $subject = str_replace($toReplace, $replace, htmlentities($rule_info['subject'])); $verb = str_replace($toReplace, $replace, htmlentities($rule_info['verb'])); $object = str_replace($toReplace, $replace, htmlentities($rule_info['object'])); $notes = str_replace($toReplace, $replace, htmlentities($rule_info['notes'])); #is the rule from this project? if not, print a different color if ($rule_info['project_id'] == $_REQUEST['project_id']) { $objcolor = '336600'; $classColor = 'FF0000'; } else { $objcolor = '009900'; $classColor = 'FF6600'; } if ($rule_info['object'] != 'UID' || $rule_info['verb'] != 'has UID') { $object_node .= sprintf("\t\t%s\n", '<NODE nodeID="R' . $rule_info['rule_id'] . '">'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_LOCATION x="0" y="0" visible="false"/>'); if ($rule_info['object_id'] == '') { $object_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $object . '" shape="1" backColor="' . $objcolor . '" textColor="FFFF00" fontSize="12"/>'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_URL url="' . htmlentities($action['rule']) . '&class_id=' . $rule_info['subject_id'] . '&rule_id=' . $rule_info['rule_id'] . '" urlIsLocal="true" urlIsXML="false"/>'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="' . $notes . '" width="300" height="-1" isHTML="false"/>'); } elseif (in_array($rule_info['object_id'], $C)) { ##Collection must either exist already as a visible node or the map will crash $object_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $object . '" shape="1" backColor="' . $classColor . '" textColor="FFFFFF" fontSize="12"/>'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_URL url="' . htmlentities($action['resource']) . '&class_id=' . $rule_info['object_id'] . '" urlIsLocal="true" urlIsXML="false"/>'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="' . $notes . '" width="300" height="-1" isHTML="false"/>'); } else { $object_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $object . '" shape="1" backColor="#EFEFEF" textColor="FFFF00" fontSize="12"/>'); $object_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="User is not allowed in this Collection" width="300" height="-1" isHTML="false"/>'); } $object_node .= sprintf("\t\t%s\n", '</NODE>'); } } } #find all projects involved in the rules of this project #find out how many project_ids there are if (is_array($rules)) { $extraproject_ids = array_map('grab_project_id', $rules); $extraproject_ids = array_diff(array_unique($extraproject_ids), array($_REQUEST['project_id'])); #echo '<pre>';print_r($extraproject_ids); #Create extra projects nodes if (is_array($extraproject_ids)) { foreach ($extraproject_ids as $extra_project_id) { $project_info = get_info('project', $extra_project_id, $db); $extra_project_node .= sprintf("\t\t%s\n", '<NODE nodeID="P' . $extra_project_id . '">'); $extra_project_node .= sprintf("\t\t\t%s\n", '<NODE_LOCATION x="1" y="1" visible="true"/>'); $extra_project_node .= sprintf("\t\t\t%s\n", '<NODE_HINT hint="' . str_replace("\"", "", $project_info['project_description']) . '" width="300" height="-1" isHTML="false"/>'); $extra_project_node .= sprintf("\t\t\t%s\n", '<NODE_LABEL label="' . $project_info['project_name'] . '" shape="3" backColor="406AFD" textColor="FFFF00" fontSize="12"/>'); #$extra_project_node .= sprintf("\t\t\t%s\n", '<NODE_URL url="'.$action['project'].'" urlIsLocal="true" urlIsXML="false"/>'); #$project_node.= sprintf("\t\t\t%s\n",'<NODE_URL url="../project/project.php?project_id='.$_REQUEST['project_id'].'" urlIsLocal="true" urlIsXML="false"/>'); $extra_project_node .= sprintf("\t\t%s\n", '</NODE>'); } } } return $project_node . $extra_project_node . $subject_node . $object_node; } }
function delete_resource_instance($R) { extract($R); $resource_id = $R['resource_id']; $modified_by = $R['user_id']; $db = $R['db']; $resource_info = s3info('instance', $resource_id, $db); $resource_class_id = $resource_info['resource_class_id']; $project_id = $resource_info['project_id']; $old_rule_id = get_rule_id_by_entity_id($resource_class_id, $project_id, $db); #Find all statements on this resource_id if (!is_array($statements)) { $statements = CORElist(array('child' => 'statement', 'parent_ids' => array('instance_id' => $resource_id), 'user_id' => $user_id, 'db' => $db)); } #Find all statements where this resource_id is object. First we have to figure out which rules point to the object where this instance might have been inserted. #$class_id = $resource_info['resource_class_id']; $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'statements'; $s3ql['where']['value'] = $resource_id; $s3ql['where']['object_id'] = $resource_class_id; #$borrowedStats = S3QLaction($s3ql); #COMING SOON if (is_array($statements)) { foreach ($statements as $i => $statement_info) { $s3ql = compact('user_id', 'db'); $s3ql['delete'] = 'statement'; $s3ql['where']['statement_id'] = $statement_info['statement_id']; $s3ql['where']['confirm'] = 'yes'; $done = S3QLaction($s3ql); #$sql = "delete from s3db_statement where statement_id = '".$statement_info['statement_id']."'"; #$db->query($sql, __LINE__, __FILE__); $S = array('statement_id' => $statement_info['statement_id'], 'old_rule_id' => $statement_info['rule_id'], 'old_resource_id' => $statement_info['resource_id'], 'old_project_id' => $statement_info['project_id'], 'old_value' => $statement_info['value'], 'old_notes' => $statement_info['notes'], 'created_by' => $statement_info['created_by'], 'created_on' => $statement_info['created_on'], 'modified_by' => $user_id, 'action' => 'delete', 'db' => $db); $logged = insert_statement_log($S); } } #Change the resources table #$sql = "delete from s3db_resource where resource_id = '".$resource_id."' and iid='1'"; $sql = "update s3db_resource set status = 'I', modified_on = now() where resource_id = '" . $resource_id . "' and iid='1'"; #echo '<pre>';print_r($statements); #echo $sql;exit; $db->query($sql, __LINE__, __FILE__); $dbdata = get_object_vars($db); if ($dbdata['Errno'] == 0) { $S = array('statement_id' => '0', 'old_rule_id' => $old_rule_id, 'old_resource_id' => $resource_id, 'old_project_id' => $resource_info['project_id'], 'old_value' => $resource_info['entity'], 'old_notes' => $resource_info['notes'], 'created_by' => $resource_info['created_by'], 'created_on' => $resource_info['created_on'], 'modified_by' => $modified_by, 'action' => 'delete', 'db' => $db); $logged = insert_statement_log($S); #Change in the statements table #$sql = "delete from s3db_statement where resource_id = '".$resource_id."'"; #$db->query($sql, __LINE__, __FILE__); $dbdata = get_object_vars($db); ##This piece of code is meant to enable the regeneration of the list of resource instances in query result $queryresult = $_SESSION['query_result']; #echo '<pre>'; print_r($queryresult); if (is_array($queryresult)) { function resource_id_compare($a, $b) { if ($a == $b) { return 0; } } foreach ($queryresult as $i => $value) { if ($queryresult[$i]['resource_id'] == $resource_id) { unset($queryresult[$i]); } } #if (is_array($deleteme)) #Remove the small array from the big array # $queryresult = array_diff_uassoc($queryresult,$deleteme, "resource_id_compare"); #echo '<pre>'; print_r($queryresult); } $_SESSION['query_result'] = $queryresult; return True; } else { return False; } }
include_once '../core.header.php'; $rule_id = $_REQUEST['rule_id']; $rule_info = URIinfo('R' . $rule_id, $user_id, $key, $db); $ruleAcl = find_final_acl($user_id, $rule_info['project_id'], $db); $class_id = $_REQUEST['class_id']; $class_info = get_info('class', $class_id, $db); $classAcl = find_final_acl($user_id, $class_info['project_id'], $db); #echo '<pre>';print_r($class_info); $project_id = $_REQUEST['project_id']; $project_info = get_info('project', $project_id, $db); $acl = find_final_acl($user_id, $project_id, $db); if ($ruleAcl == '' && $classAcl == '') { #check acl of the provided project #find permission of this project on this resource if ($class_id != '') { $rule_id = get_rule_id_by_entity_id($class_id, $project_id, $db); $rule_info = get_info('rule', $rule_id, $db); } if ($acl == '1' || $acl == '2' || $acl == '3') { #this is a class, permission can only be found on rules #echo $rule_info['permission']; $ruleOnProject = ereg('(^|_)' . $project_id . '_', $rule_info['permission']); if (!$ruleOnProject) { echo "User does not have access to this resource"; exit; } } else { echo "User does not have access to this project"; exit; } }