$site->fdat['group_id'] = $site->fdat['id'];
}
$site->fdat['group_id'] = (int) $site->fdat['group_id'];
$site->fdat['id'] = (int) $site->fdat['id'];
#################
# GET GROUP INFO
$group = new Group(array(group_id => $site->fdat['group_id']));
#echo printr($site->fdat);
####################################
# PERMISSIONS CHECK
# get group permissions for current user
# load permissions
if ($site->user->user_id) {
$site->user->aclpermissions = $site->user->load_aclpermissions();
}
$permission = get_user_permission(array(type => 'ACL', group_id => $site->fdat['group_id']));
#echo printr($permission);
$site->debug->msg("Grupi " . $site->fdat['group_id'] . " �igused k�es");
###########################
# ACCESS allowed/denied
# decide if accessing this page is allowed or not
$access = 0;
#echo printr($site->fdat);
# NEW GROUP: if parent group has CREATE permission => allow
if ($op == 'new' || $op == 'copy' || $op == 'group') {
if ($permission['C']) {
$access = 1;
}
} elseif ($op == 'edit') {
if ($permission['R'] && $permission['U']) {
$access = 1;
function admin_menu_list()
{
global $site;
$alamlipikud = array();
$peaosad = array("id" => array(), "nimi" => array());
$admin_menu = array();
############### otsime lubatud alamlipikud
# 1. k�si k�ik admin-lehed
$sql = $site->db->prepare("SELECT admin_osa.id\r\n\tFROM admin_osa\r\n\tWHERE admin_osa.parent_id!=1 ");
$sql .= " ORDER BY sorteering DESC";
$sth = new SQL($sql);
while ($adminpage = $sth->fetch()) {
# 3. vaata kas admin-leht on userile lubatud
$perm = get_user_permission(array(type => 'ADMIN', adminpage_id => $adminpage['id'], site => $site));
# kas useril on selle admin-lehe kohta Read �igus?
if (!$perm['R']) {
# if forbidden, go to next adminpage
continue;
}
# 4. kui k�ik lubatud, siis pane l�pp-massiivi
array_push($alamlipikud, $adminpage['id']);
}
#printr($alamlipikud);
# see on n��d k�igi vaatamiseks lubatud adminlehtede massiiv:
$alamlipikud_joined = join("','", $alamlipikud);
############## Alamlipiku id jargi otsime pealipikud
$sql = $site->db->prepare("SELECT A.id AS peaid, A.nimetus AS peanimetus, A.eng_nimetus AS eng_peanimetus, A.sorteering FROM admin_osa\r\n\t\tLEFT JOIN admin_osa as A ON A.id = admin_osa.parent_id\r\n\t\tWHERE " . (!$site->in_admin ? "A.show_in_editor=1 AND " : "") . " admin_osa.id IN ('{$alamlipikud_joined}')\r\n\t\tGROUP BY A.id, A.nimetus, A.eng_nimetus, A.sorteering ORDER BY A.sorteering DESC");
$sth = new SQL($sql);
$pea_total = $sth->rows;
$site->debug->msg($sth->debug->get_msgs());
while ($lipik = $sth->fetch()) {
$admin_menu[]['id'] = $lipik['peaid'];
$admin_menu[sizeof($admin_menu) - 1]['name'] = $lipik['eng_peanimetus'];
$admin_menu[sizeof($admin_menu) - 1]['translated_name'] = $site->sys_sona(array(sona => $lipik['eng_peanimetus'], tyyp => 'admin', lang_id => $_SESSION['keel_admin']['glossary_id']));
$admin_menu[sizeof($admin_menu) - 1]['submenus'] = admin_menu_sublist($lipik['peaid'], $alamlipikud_joined);
}
/*
We now need to find out if there are duplicate menus (because different modules might share the same menus and they are both in use, which means there are double menus in the array. Easiest example is the E-Commerce module that requires the existance of E-Payment module. Both of them use the same menus, but E-Payment can also be as a standalone module, not requireing E-Commerce.
We try to find out if the duplicate menus are basically the same thing just linked to a different module. If so, we just remove one of them. But if they are different things (say the name is the same, but the file it links to is different) we just add them under one main menu.
Peeter 26.08.2008
*/
$list = array();
// Count the times main menu names are listed in the array.
foreach ($admin_menu as $am) {
$list[$am['name']]++;
}
//remove all the unique (occurs 1 time) names.
foreach ($list as $k => $v) {
if ($v < 2) {
unset($list[$k]);
}
}
//if any menus are represented several times we need to check their submenus and merge them.
if (sizeof($list) > 0) {
//we sort through each of the main menus and get their submenus into one array.
foreach ($list as $k => $v) {
$sm = "";
$first_occurance = "";
//first occurance of the menu, duplicates are unset after submenu values are extracted. Reasoning behind this is that the main menu names are and will be in the future, unique.
foreach ($admin_menu as $ka => $av) {
if ($av['name'] == $k) {
if ($first_occurance == "") {
$first_occurance = $ka;
}
foreach ($av['submenus'] as $menu) {
$sm[] = $menu;
}
if ($first_occurance != $ka) {
unset($admin_menu[$ka]);
}
}
}
//we remove duplicate submenus, in this case that have a matching "fail" value.
$admin_menu[$first_occurance]['submenus'] = remove_duplicates($sm, array("fail", "eng_nimetus"));
}
}
//Now that we have removed the duplicate main menus and sub-menus there is still a chance that there are duplicate submenus (For instance Extension menu may have several fields by the same name and path, so we basically run through the menu/submenu tree and remove duplicates.
foreach ($admin_menu as $k => $v) {
$admin_menu[$k]['submenus'] = remove_duplicates($admin_menu[$k]['submenus'], array("fail", "eng_nimetus"));
}
return $admin_menu;
}
function get_edit_buttons()
{
# EDITOR-AREA CHECK: print buttons only for editor-area and admin-area, else return nothing
if (!$this->site->in_editor && !$this->site->in_admin) {
return "";
}
$args = func_get_arg(0);
$ttyyp_id = $args[ttyyp_id] ? $args[ttyyp_id] : 0;
if ($this->on_404) {
return "";
}
if (!is_array($this->permission)) {
# load permissions if not loaded yet
$this->permission = $this->get_permission();
}
$perm = $this->permission;
# get parent permissions for new button
$parent_perm = get_user_permission(array(type => 'OBJ', objekt_id => $this->parent_id, site => $this->site));
$perm['C'] = $parent_perm['C'];
######### if user has C or U or P or D permission (see also Bug #1985)
# then show buttons, otherwise show nothing
if (!($perm['C'] || $perm['U'] || $perm['P'] || $perm['D'])) {
return "";
}
$self = $this->site->safeURI;
$parent_id = $this->parent_id;
$kesk = $this->all[kesk];
$keel = isset($args[keel]) ? $args[keel] : $this->site->keel;
$nupud = is_array($args[nupud]) ? $args[nupud] : array("new", "edit", "move", "hide", "delete");
// reorder buttons and put CMS buttons first in list, this is because every init_ has different order and it is easier to keep the correct order here
$temp_nupud = $nupud;
$reordered_nupud = array();
foreach ($temp_nupud as $i => $nupp) {
switch ($nupp) {
case 'new':
$reordered_nupud[0] = 'new';
unset($temp_nupud[$i]);
break;
case 'edit':
$reordered_nupud[1] = 'edit';
unset($temp_nupud[$i]);
break;
case 'move':
$reordered_nupud[2] = 'move';
unset($temp_nupud[$i]);
break;
case 'hide':
$reordered_nupud[3] = 'hide';
unset($temp_nupud[$i]);
break;
case 'delete':
$reordered_nupud[4] = 'delete';
unset($temp_nupud[$i]);
break;
default:
break;
}
}
ksort($reordered_nupud);
$nupud = array_merge($reordered_nupud, $temp_nupud);
$buttons = array();
foreach ($nupud as $nupp) {
switch ($nupp) {
case 'new':
if ($perm['C']) {
switch ($args['tyyp_idlist']) {
case '1':
$buttons[] = 'scms_new_section_object';
break;
case '2':
$buttons[] = 'scms_new_article_object';
break;
case '3':
$buttons[] = 'scms_new_link_object';
break;
case '6':
$buttons[] = 'scms_new_poll_object';
break;
case '7':
$buttons[] = 'scms_new_document_object';
break;
case '12':
$buttons[] = 'scms_new_image_object';
break;
case '14':
$buttons[] = 'scms_new_comment_object';
break;
case '15':
$buttons[] = 'scms_new_topic_object';
break;
case '16':
$buttons[] = 'scms_new_album_object';
break;
case '21':
$buttons[] = 'scms_new_file_object';
break;
default:
$buttons[] = 'scms_new_object';
break;
}
}
break;
case 'edit':
if ($perm['U']) {
$buttons[] = 'scms_edit_object';
}
break;
case 'move':
if ($perm['U']) {
$buttons[] = 'scms_move_up_object';
$buttons[] = 'scms_move_down_object';
}
break;
case 'hide':
if ($perm['P']) {
$this->on_avaldatud ? $buttons[] = 'scms_unpublish_object' : ($buttons[] = 'scms_publish_object');
}
break;
case 'delete':
if ($perm['D']) {
$buttons[] = 'scms_delete_object';
}
break;
default:
$buttons[] = $nupp;
break;
}
}
# visible: black
# hidden: red
# hiddenvisible: yellow (hided in menu)
$class = 'scms_arrow_' . ($this->on_avaldatud ? $this->all['is_hided_in_menu'] ? 'hiddenvisible' : "visible" : "hidden");
$baseurl = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->site->CONF['hostname'] . $this->site->CONF['wwwroot'];
$result = '<img class="scms_context_button_anchor ' . $class . '" src="' . $baseurl . '/styles/default/gfx/px.gif" width="13" height="13" border="0" buttons="' . implode(',', $buttons) . '" scms_url="' . $baseurl . '/" scms_self="' . $self . '" scms_object_id="' . $this->objekt_id . '" scms_object_parent_id="' . $parent_id . '" scms_object_position="' . $kesk . '" scms_object_template_id="' . $ttyyp_id . '" scms_object_type_list="' . $args['tyyp_idlist'] . '" scms_object_lang_id="' . $keel . '" scms_object_is_published="' . ($this->on_avaldatud ? 1 : 0) . '" scms_object_is_hidden_in_menu="' . ($this->all['is_hided_in_menu'] ? 1 : 0) . '" scms_object_profile_id="' . $args['profile_id'] . '" scms_object_publish="' . $args['publish'] . '"' . ($args['tyyp_idlist'] == 2 ? ' scms_object_allow_comments="' . $args['allow_comments'] . '"' : '') . ' scms_object_sorting="' . $this->all['sorteering'] . '">';
return $result;
}
/**
* Copy one permission row to the subtree
*
*
* @package CMS
*
* @param string type - permission type (OBJ/ACL)
* @param integer source_id - source ID (obejct ID or group ID)
* @param string crud - CRUPD mask to be copied eg "01000"
* @param integer user_id - User ID
* @param integer group_id - Group ID
* @param integer role_id - Role ID
*
* Call:
* copy_permissions(array(
* "type" => 'OBJ',
* "source_id" => $site->fdat['id'],
* "crud" => $site->fdat['crud']
* "user_id" => $site->fdat['perm_user_id'],
* "group_id" => $site->fdat['perm_group_id'],
* "role_id" => $site->fdat['perm_role_id'],
* ));
*/
function copy_permissions ($args) {
global $site, $class_path;
$source_id = $args['source_id'];
$crud = $args['crud'];
$user_id = $args['user_id'];
$group_id = $args['group_id'];
$role_id = $args['role_id'];
## how many objects/groups were actually updated
$updated_count = 0;
# make string "01000" to array
$crud_arr['C'] = substr($crud,0,1);
$crud_arr['R'] = substr($crud,1,1);
$crud_arr['U'] = substr($crud,2,1);
$crud_arr['P'] = substr($crud,3,1);
$crud_arr['D'] = substr($crud,4,1);
?>
<tr>
<td valign="top" class="scms_confirm_alert_cell" height="100%">
<?
#echo "ID:". $source_id.' / CRUD: '.$crud;
if($args['type']) {
############ 1) GET SUBTREE HERE (query 1 time)
# get object subtree: children sections (ignore objects languages, to get folders also. there is no risk because we get always one certain branch)
if($args['type']=='OBJ'){
include_once($class_path."rubloetelu.class.php"); # used in subtree proc
$rubs = new RubLoetelu(array(
"keel" => $keel,
"required_perm" => "U",
"object_type_ids" => "1,22", # get sections, folders (Bug #1996)
"ignore_lang" => 1 # ignore objects languages
));
#printr($rubs->get_loetelu());
#$rubs->debug->print_msg();
# get branch: is array of all section children with update permission:
$branch = $rubs->get_branch_byID(array(id => $site->fdat['id']));
#printr($branch);
}
# get group subtree: children subgroups
elseif($args['type']=='ACL'){
$sql = "SELECT group_id AS id, parent_group_id AS parent, name FROM groups ORDER BY name";
$sth = new SQL($sql);
while ($data = $sth->fetch()){
$temp_tree[] = $data;
}
############# generate tree
require_once($class_path.'menu.class.php');
$menu = new Menu(array(
width=> "100%",
tree => $temp_tree,
datatype => "group"
));
$menu->get_full_subtree(array("parent_id" => $site->fdat['id']));
# $menu->full_subtree is variable from group tree and is all ID-s of group children
#echo printr($menu->full_subtree);
foreach($menu->full_subtree as $subgroup_id) {
$branch[$subgroup_id] = ""; # name is not important
};
}
###################
# 2. INSERT PERMISSIONS
# loop over subtree
# branch is array of all children
foreach($branch as $child_id=>$child_name) {
# omit source object itself
if($child_id == $source_id) {
continue;
}
########### CREATE CHILD (to get permissions and title)
if($args['type'] == 'OBJ') {
## create child object
$child = new Objekt(array(
objekt_id => $child_id
));
$child->title = $child->all['pealkiri'];
}
elseif($args['type'] == 'ACL') {
## create child group
$child = new Group(array(
group_id => $child_id,
));
$child->permission = get_user_permission(array(
type => 'ACL',
group_id => $child_id
));
$child->title = $child->name;
}
#printr($child->permission);
########### CHECK UPDATE PERMISSION - does user has U permission for this object? (Bug #2203)
if(!$child->permission['U']) {
continue; # user doesn't have U permission => don't change child
}
# insert permission also to child:
#print "<br>insert permission also to child: ". $child_id. " => ".$child_name;
##### 1) DELETE OLD permission
$sql = $site->db->prepare("DELETE FROM permissions WHERE type=? AND source_id=? AND ",$args['type'], $child_id);
if($role_id){
$sql .= $site->db->prepare(" role_id=? ", $role_id);
} elseif($group_id){
$sql .= $site->db->prepare(" group_id=? ", $group_id);
} elseif($user_id){
$sql .= $site->db->prepare(" user_id=? ", $user_id);
}
$sth = new SQL($sql);
$site->debug->msg($sth->debug->get_msgs());
#print "<br>".$sql;
##### 2) INSERT permission
$sql = $site->db->prepare("INSERT INTO permissions (type,source_id,role_id,group_id,user_id,C,R,U,P,D) VALUES (?,?,?,?,?,?,?,?,?,?)",
$args['type'],
$child_id,
($role_id?$role_id:0),
($group_id?$group_id:0),
($user_id?$user_id:0),
$crud_arr['C'],
$crud_arr['R'],
$crud_arr['U'],
$crud_arr['P'],
$crud_arr['D']
);
$sth = new SQL($sql);
$site->debug->msg($sth->debug->get_msgs());
#print "<br>".$sql;
if($sth->rows) {
$updated_count++;
}
############
# 3. WRITE LOG
# type= OBJ
if($args['type'] == 'OBJ') {
new Log(array(
'action' => 'update',
'component' => 'ACL',
'objekt_id' => $child_id,
'message' => "Object '".$child->title."' (ID=".$child_id.") permissions updated inside subtree",
));
}
# type= ACL
elseif($args['type'] == 'ACL') {
new Log(array(
'action' => 'update',
'component' => 'ACL',
'objekt_id' => $child_id,
'message' => "Object '".$child->title."' (ID=".$child_id.") permissions updated inside subtree",
));
}
# / write log
############
}
# / loop over subtree
###################
} # if permission type provided
##################
######### MESSAGE
echo $site->sys_sona(array(sona => "Permissions copied to subtree", tyyp=>"editor"));
echo ': '.$updated_count.'';
?>
</td>
</tr>
<?#################### BUTTONS ###########?>
<tr>
<td align="right" valign="top" class="scms_dialog_area_bottom">
<input type="button" value="<?=$site->sys_sona(array(sona => "Close", tyyp=>"editor")) ?>" onclick="javascript:window.close();">
</td>
</tr>
<?
}
/**
* save_all_permissions
*
* saves all permission checkboxes values on the page (all types).
*
*
* usage:
* save_all_permissions();
*/
function save_all_permissions()
{
global $site;
global $read_allowed_groups;
# $args = func_get_arg(0);
# checkbox names are in format:
# ACL_source_user_group_role_char" eg "ACL_72_5_0_0_C"
$updates1 = array();
$updates2 = array();
########## loop over fdat values
foreach ($site->fdat as $fdat_field => $fdat_value) {
list($perm_type, $source_id, $user_id, $group_id, $role_id, $char) = split("_", $fdat_field);
# check data sanity:
if ($perm_type && $source_id && ($user_id || $group_id || $role_id) && $char) {
##### gather data to array
if ($user_id) {
$updates[$perm_type][$source_id]['u' . $user_id][$char] = $fdat_value;
$updates[$perm_type][$source_id]['u' . $user_id]['user_id'] = $user_id;
$updates[$perm_type][$source_id]['u' . $user_id]['source_id'] = $source_id;
$updates[$perm_type][$source_id]['u' . $user_id]['type'] = $perm_type;
} elseif ($role_id) {
$updates[$perm_type][$source_id]['r' . $role_id][$char] = $fdat_value;
$updates[$perm_type][$source_id]['r' . $role_id]['role_id'] = $role_id;
$updates[$perm_type][$source_id]['r' . $role_id]['source_id'] = $source_id;
$updates[$perm_type][$source_id]['r' . $role_id]['type'] = $perm_type;
} elseif ($group_id) {
$updates[$perm_type][$source_id]['g' . $group_id][$char] = $fdat_value;
$updates[$perm_type][$source_id]['g' . $group_id]['group_id'] = $group_id;
$updates[$perm_type][$source_id]['g' . $group_id]['source_id'] = $source_id;
$updates[$perm_type][$source_id]['g' . $group_id]['type'] = $perm_type;
}
# if($perm_type=='ADMIN') {
# echo "<br>".$fdat_field." = ".$fdat_value;
# echo " OK: ".$char;
# }
}
# if sane data
}
#printr($updates['ADMIN']['20']);
######## loop over types
foreach ($updates as $type => $source_arr) {
foreach ($source_arr as $source_id => $data_arr) {
foreach ($data_arr as $tmp => $data) {
# print "<br>".$type. " ".$data['source_id'];
#printr($data);
# if sane data
if ($data['user_id'] || $data['group_id'] || $data['role_id']) {
########### 1) OBJ & ACL & ADMIN & EXT: can modify with Update permissions
if ($data['type'] == 'OBJ' || $data['type'] == 'ACL' || $data['type'] == 'ADMIN' || $data['type'] == 'EXT') {
# does user has U permission?
$permission = get_user_permission(array(type => $data['type'], objekt_id => $data['type'] == 'OBJ' ? $data['source_id'] : '', adminpage_id => $data['type'] == 'ADMIN' ? $data['source_id'] : '', group_id => $data['type'] == 'ACL' ? $data['source_id'] : '', extension_id => $data['type'] == 'EXT' ? $data['source_id'] : ''));
#printr($permission);
if ($permission[U]) {
#printr($data);
# echo " YES";
############ 1. DELETE OLD PERMISSION for source object
$sql = $site->db->prepare("DELETE FROM permissions WHERE type=? AND source_id=? ", $data['type'], $data['source_id']);
if ($data['user_id']) {
$sql .= $site->db->prepare(" AND user_id=?", $data['user_id']);
} elseif ($data['group_id']) {
$sql .= $site->db->prepare(" AND group_id=?", $data['group_id']);
} else {
$sql .= $site->db->prepare(" AND role_id=?", $data['role_id']);
}
$sth = new SQL($sql);
$site->debug->msg($sth->debug->get_msgs());
#print "<br>".$sql;
############ 2. INSERT NEW PERMISSIONS for object
# insert only if control bit is 1 (otherwise entire permssion row is deleted)
if ($data['control']) {
$sql = $site->db->prepare("INSERT INTO permissions (type,source_id,role_id,group_id,user_id,C,R,U,P,D) VALUES (?,?,?,?,?,?,?,?,?,?)", $data['type'], $data['source_id'], $data['role_id'], !$data['user_id'] && !$data['role_id'] ? $data['group_id'] : 0, $data['user_id'] ? $data['user_id'] : 0, $data[C] == 1 ? 1 : 0, $data[R] == 1 ? 1 : 0, $data[U] == 1 ? 1 : 0, $data[P] == 1 ? 1 : 0, $data[D] == 1 ? 1 : 0);
$sth = new SQL($sql);
$site->debug->msg($sth->debug->get_msgs());
# print "<br>".$sql;
}
# if control=1
} else {
# echo " NO";
}
} else {
if ($site->user->is_superuser) {
}
# if superuser
}
# perm type
}
# if sane data
}
# loop
}
# loop over data
}
######## / loop over types
########## / loop over fdat values
}
/**
* allowed_adminpage
*
* Returns 1/0; check if current script (adminpage) is allowed for reading;
* Checks if adminpage is allowed by module setting AND allowed for current user
* (uses previously loaded adminpages permissions array for this decision)
* NB! This function should be in the beginning of each admin-page which is protected by permissions.
* Protected should be all admin-pages existing in table "admin_osa".
* Note: some pages may reside in the admin-area (admin/) but are not protected at all.
*
* You can use parameter adminpage_id to check different adminpages, by default current scriptname is used.
*
* @package CMS
*
* @param string adminpage_id
*
* Usage example (usually called directly after creating $site):
* if (!$site->user->allowed_adminpage()) {
* exit;
* }
*/
function allowed_adminpage($args = array())
{
global $class_path;
# if adminpage_id is given as parameter, use this
$adminpage_id = $args['adminpage_id'];
if ($args['script_name']) {
$file = $args['script_name'];
} else {
# 1. if usual CMS admin-page
if ($this->site->in_admin) {
$file = $this->site->script_name;
# eg admin/cahnge_config.php
} else {
$file = $this->site->self;
# eg /extensions/my_extension/admin/my_adminpage.php
}
}
# kontrollime, kas see fail on s�ltub moodulist
$sql = $this->site->db->prepare("\r\n\t\tSELECT admin_osa.fail FROM admin_osa");
if ($adminpage_id) {
$sql .= $this->site->db->prepare(" WHERE admin_osa.id = ?", $adminpage_id);
} else {
# default
$sql .= $this->site->db->prepare(" WHERE admin_osa.fail LIKE ?", $file);
}
$sth = new SQL($sql);
$file = $sth->fetch();
########## go on with non-superuser admin:
if (!$file) {
$file = "index.php";
}
$sql = $this->site->db->prepare("\r\n\t\tSELECT admin_osa.id FROM admin_osa\r\n\t\tWHERE admin_osa.fail LIKE ?", $file);
$sth = new SQL($sql);
$osa_id = $sth->fetchsingle();
$on_osad = $sth->rows;
# n??????d kontrolli sisselogitud useri privileege selle admin-lehe kohta
############ permissions check
# kas useril on selle admin-lehe kohta Read ???igus?
$perm = get_user_permission(array(type => 'ADMIN', adminpage_id => $osa_id, site => $this->site));
# DENIED: if not superuser AND (no admin-pages found OR found admin-page and it was denied for read)
if (!$this->is_superuser && (!$on_osad || !$perm['R'])) {
######## error: "access denied"
echo "<html><head>";
echo "<link rel=\"stylesheet\" href=\"" . $this->site->CONF[wwwroot] . $this->site->CONF[styles_path] . "/scms_general.css\"></head><body>";
print ' <table width="100%" border="0" cellspacing="3" cellpadding="0" class="scms_borderbox"><tr>';
print '<td valign="top" width="100%" height="100%">';
print "<font color=red>" . $this->site->sys_sona(array(sona => "access denied", tyyp => "editor")) . "</font>";
print "</td></tr></table>";
echo "</body></html>";
return 0;
} else {
return 1;
}
}
