// }
print "</tr>";
print "<tr>";
print "<th>Section</th>";
// foreach($editors as $editor) {
print "<td align='center' style='border-left: 2px solid #fff; background-color: #bbb; '>Add</td>";
print "<td align='center' style='background-color: #bbb;'>Edit</td>";
print "<td align='center' style='background-color: #bbb;'>Del</td>";
// }
print "</tr>";
$color = 0;
print "<tr>";
print "<td class='td{$color}' style='font-variant: small-caps'><a href='#' onClick{$nl}='opener.window.location=\"index.php?{$sid}&action=viewsite&site={$site}\"'>{$sa['title']}</a></td>";
$permissions = decode_array($sa[permissions]);
// foreach($editors as $user) {
$classes = getuserclasses($user);
if (isclass($site)) {
// print "is class"; //debug
foreach ($permissions as $e => $p) {
if (isclass($e)) {
$l = array();
if ($r = isgroup($e)) {
$l = $r;
} else {
$l[] = $e;
}
foreach ($l as $c) {
if ($classes[$c]) {
$user = $e;
}
}
/**
* Checks to see if the user has the specified permissions.
*
* @param string $perms The permissions to check.
* $perms paramater can be a complex string consisting
* of ()'s, 'and', 'or', and permission types:
* 'add','edit','delete','view','discuss'
* @param optional string $user The user to check.
* @param option boolean $useronly If true, the user's permissions will be
* checked explicitly and the user will not be included in any
* groups.
* @return boolean True if the user has the permissions asked for.
* @access public
* @date 8/31/04
*/
function hasPermission($perms, $user = "", $useronly = FALSE)
{
//****************************************
// ----- Setup -----
//****************************************
global $allclasses, $_loggedin, $cfg;
// Build the permissions array to check against.
$this->buildPermissionsArray();
// Get our current user if we weren't passed one to check:
if ($user == "") {
$user = $_SESSION[auser];
}
// If we haven't built the classes array and we need it,
// build the classes array.
if (!is_array($allclasses[$_SESSION['auser']]) && !$useronly) {
$allclasses[$_SESSION['auser']] = getuserclasses($user, "all");
}
//****************************************
// ----- Return Cached Permissions ------
// If we have checked this permission string before and cached it,
// just return the cached result.
//
// There are separate entries for useronly and those with groups as well.
// This is to prevent the caching of perms for a user with groups, then
// getting that cached result when asking only for user permissions.
//****************************************
if ($useronly && isset($this->cachedPermissions["onlyuser" . $user . $perms])) {
return $this->cachedPermissions["onlyuser" . $user . $perms];
}
if (!$useronly && isset($this->cachedPermissions[$user . $perms])) {
return $this->cachedPermissions[$user . $perms];
}
//****************************************
// ----- New checking of Permissions -----
// Below is where we will check to see if the user has the permissions
// asked for.
//****************************************
// Make sure that we are fetched.
$this->fetchUp();
// The site owner will always have permission, so return
// TRUE if the user is the owner.
$owner = $this->owningSiteObj->owner;
if (strtolower($user) == strtolower($owner)) {
return TRUE;
}
// ------ Verify the permissions String ------
// Verify that the permissions string is well formed. And return
// FALSE if it is not.
$validGrants = array('add', 'edit', 'delete', 'view', 'discuss');
$validOperators = array('and', 'or', '&&', '||');
$permissionParts = explode(' ', ereg_replace("([()]){1}", "", $perms));
$i = 0;
$stringValid = 1;
foreach ($permissionParts as $permissionPart) {
if (!strlen($permissionPart)) {
continue;
}
// Begining with our first part, every other permission part
// should be a grant.
if (!($i % 2) && !in_array($permissionPart, $validGrants)) {
$stringValid = FALSE;
}
// Beginning with our second part, every other permissions
// part should be an operator
if (!(($i + 1) % 2) && !in_array($permissionPart, $validOperators)) {
$stringValid = FALSE;
}
// If we don't have a valid permissions string, return FALSE.
if (!$stringValid) {
print "ERROR! loop: {$i}: Malformed permissions string: {$perms}<br /><br />";
return FALSE;
}
$i++;
}
// convert word operators to symbol operators
$perms = str_replace('and', '&&', $perms);
$perms = str_replace('or', '||', $perms);
// ---- pull from the database/cache ---
// Get the permissions from the database
$permissions = $this->getPermissions();
// Make sure that we have a lowercase version of each entity
foreach ($permissions as $entity => $permission) {
$permissions[strtolower($entity)] = $permission;
}
// --- Build a list of all entities to check for the permissions ---
$entitiesToCheck = array();
// Add the user to the array if we have a user.
if (strlen($user)) {
$entitiesToCheck[] = strtolower($user);
}
// Determine what additional entities to check.
if (!$useronly) {
// ----- everyone ------
// Everyone, even not-logged-in users are a part of everyone.
$entitiesToCheck[] = "everyone";
// ----- institute ------
// If we are logged-in, but not of type 'visitor', the user
// is a member of institute.
// Also, if we are previewing the permissions of another user,
// and that other user is 'everyone', we don't want to include
// institute checks.
if ($_loggedin && $_SESSION['atype'] != 'visitor' && $_SESSION['auser'] != 'everyone') {
$entitiesToCheck[] = "institute";
}
// If the user has a valid campus ip-address, then they are a
// member of 'institute'.
$ipIsInInstitute = FALSE;
$ip = $_SERVER[REMOTE_ADDR];
// check if our IP is in inst_ips
if (is_array($cfg[inst_ips])) {
foreach ($cfg[inst_ips] as $i) {
if (ereg("^{$i}", $ip)) {
$ipIsInInstitute = TRUE;
}
}
}
// One other case to check is if we are trying to preview a site as it would
// be seen by another user. In this case, we don't want to check the IPs
// as that would give a false indication of what they could see.
if ($ipIsInInstitute && !$_SESSION['__no_inst_ips']) {
$entitiesToCheck[] = "institute";
}
// ----- classes ------
$classesUserIsIn = $this->returnEditorOverlap($allclasses[$_SESSION['auser']]);
$entitiesToCheck = array_merge($classesUserIsIn, $entitiesToCheck, getusergroups($_SESSION['auser']));
}
$entitiesToCheck = array_unique($entitiesToCheck);
// ------ Evaluation Strings--------
// Create an array of permission checking strings to be evaluated, one per entity.
$evalStrings = array();
foreach ($entitiesToCheck as $entity) {
$evalString = $perms;
foreach ($validGrants as $grant) {
$replacement = ' $permissions[\'' . addslashes($entity) . '\'][permissions::' . strtoupper($grant) . '()] ';
// check for just the grant in a string
$evalString = preg_replace('/^' . $grant . '$/', $replacement, $evalString);
// check for the grant at the begining of a string
$evalString = preg_replace('/^' . $grant . '\\s/', $replacement, $evalString);
// check for the grant in the middle of the string
$evalString = preg_replace('/\\s' . $grant . '\\s/', $replacement, $evalString);
// check for the grant at the end of the string
$evalString = preg_replace('/\\s' . $grant . '$/', $replacement, $evalString);
}
$evalStrings[] = "(" . $evalString . ")";
}
// Debugging line
// print "\n<br />Checking hasPermission '$perms' for '$user' ".get_class($this)." ".$this->name." / ".$this->id." - ".$this->getField("title");
// print "\n<br />Permissions = ".printpre($permissions,TRUE);
// print "\n<br />entitiesToCheck = ".printpre($entitiesToCheck,TRUE);
// ------- Check the permissions ----------
$hasPermission = FALSE;
// 'OR' the permissions of each entity together so that if one is valid,
// the user has permission.
$condition = '$hasPermission = (' . implode(" || ", $evalStrings) . ')?TRUE:FALSE;';
// printOb0("\n<hr/>");
// printOb0(printpre($condition, true));
eval($condition);
// printOb0("<br/><br/>HasPermission=".var_dumpPre($hasPermission, true));
// Cache the permissions
if ($useronly) {
$this->cachedPermissions["onlyuser" . $user . $perms] = $hasPermission;
} else {
$this->cachedPermissions[$user . $perms] = $hasPermission;
}
// ------- return our result -----------
return $hasPermission;
}
//echo "<pre>";
// if we are logged in, get a list of classes the user has
// but only if login method was LDAP.. otherwise don't waste the time
$classes = array();
$oldclasses = array();
$futureclasses = array();
/* --------------- eventually, this command will be gone... unneeded and handled by ADOdb */
// connect to the database
db_connect($dbhost, $dbuser, $dbpass, $dbdb);
// ------ Build arrays of all classes and sites ----------
if ($_loggedin) {
if (!isset($_SESSION["__classMembership"])) {
$_SESSION["__classMembership"] = array();
}
if (!isset($_SESSION["__classMembership"][$_SESSION['auser']])) {
$_SESSION["__classMembership"][$_SESSION['auser']] = array('currentclasses' => getuserclasses($_SESSION['auser'], "now"), 'oldclasses' => getuserclasses($_SESSION['auser'], "past"), 'futureclasses' => getuserclasses($_SESSION['auser'], "future"));
}
$classes = $_SESSION["__classMembership"][$_SESSION['auser']]['currentclasses'];
$oldclasses = $_SESSION["__classMembership"][$_SESSION['auser']]['oldclasses'];
$futureclasses = $_SESSION["__classMembership"][$_SESSION['auser']]['futureclasses'];
// one array containing all user's classes
$allclasses[$_SESSION['auser']] = array_merge($classes, $oldclasses, $futureclasses);
//printpre ($allclasses[$_SESSION['auser']]);
if ($debug && $printTimedQueries) {
print "\n<br/>Queries in index.php, setting up classes lists: " . $_totalQueries;
}
} else {
// Be sure to unset the class membership so that it is re-populated on re-login
unset($_SESSION["__classMembership"]);
}
// if we have info stored in settings session var, get some of it
$_SESSION[obj]->addEditor($_REQUEST[edname]);
}
}
if ($isOwner && $_REQUEST[edaction] == 'del') {
$_SESSION[obj]->delEditor($_REQUEST[edname]);
}
/******************************************************************************
* switch between forms 1 and 2
******************************************************************************/
$step = $_REQUEST['step'];
if (!$isOwner && $isEditor) {
if (!count($_SESSION[editors])) {
if (in_array($_SESSION[auser], $_SESSION[obj]->getEditors())) {
$_SESSION[editors][] = $_SESSION[auser];
}
$groupsAndClasses = array_unique(array_merge($_SESSION[obj]->returnEditorOverlap(getuserclasses($_SESSION[auser], "all")), getusergroups($_SESSION[auser])));
foreach ($groupsAndClasses as $groupOrClass) {
if (in_array($groupOrClass, $_SESSION[obj]->getEditors())) {
$_SESSION[editors][] = $groupOrClass;
}
}
// done... now send them to step 2
$step = 2;
}
}
if ($isOwner && $_REQUEST[editpermissions]) {
if (!count($_REQUEST[editors])) {
error("You must choose some editors.");
} else {
$_SESSION[editors] = $_REQUEST[editors];
$step = 2;
