function updatePermissionsDB($force = 0) { if ($this->changedpermissions || $force) { $scope = get_class($this); $id = $this->id; $site = $this->owning_site; $n = array_unique(array_merge($this->editors, $this->editorsToDelete, array_keys($this->permissions))); // printpre($n); foreach ($n as $editor) { $p2 = $this->permissions[$editor]; if (!is_array($p2)) { // echo "p2: ************************** BE CAREFUL!!!! ********************************<br />"; $p2 = array(); $p2[ADD] = 0; $p2[EDIT] = 0; $p2[DELETE] = 0; $p2[VIEW] = 0; $p2[DISCUSS] = 0; } // print_r($p); // now get the permissions for the parent object. We need to do this so that we can determine whether // the child permissions have simply inherited the parent permissions, or they have added something new. // if a section object, get permissions for the site if ($scope == "section") { $p1 = $this->owningSiteObj->permissions[$editor]; } else { if ($scope == "page") { $p1 = $this->owningSectionObj->permissions[$editor]; } else { if ($scope == "story") { $p1 = $this->owningPageObj->permissions[$editor]; } } } if (!is_array($p1) && $scope != 'site') { // echo "p1: ************************** BE CAREFUL!!!! ********************************<br />"; $p1 = array(); $p1[ADD] = 0; $p1[EDIT] = 0; $p1[DELETE] = 0; $p1[VIEW] = 0; $p1[DISCUSS] = 0; } // Make sure that everyone and institute aren't given // add, edit, or delete permission if ($editor == 'everyone' || $editor == 'institute') { if ($p1[ADD] || $p1[EDIT] || $p1[DELETE] || $p2[ADD] || $p2[EDIT] || $p2[DELETE]) { printError("Ahh, trying to give {$editor} invalid permissions!"); } $p1[ADD] = 0; $p1[EDIT] = 0; $p1[DELETE] = 0; $p2[ADD] = 0; $p2[EDIT] = 0; $p2[DELETE] = 0; } // note that if a certain permission is set in $p1, it is impossible that the same permission is not set in $p2 (because $p2 inherits $p1's permissions) // thus, there are 3 possibilities: // 1) $p1 - SET, $p2 - SET // 2) $p1 - UNSET, $p2 - SET // 3) $p1 - UNSET, $p2 - UNSET // now, put the inherited permissions in $p_inherit and the new permissions in $p_new $p_inherit = array(); $p_new = array(); if ($scope != "site") { foreach ($p1 as $key => $value) { // in case 1) and 3) $p2 inherits $p1's permission if ($p1[$key] || !$p1[$key] && !$p2[$key]) { $p_inherit[$key] = 1; $p_new[$key] = 0; } else { $p_inherit[$key] = 0; $p_new[$key] = 1; } } } else { $p_new = $p2; // everything is new foreach ($p2 as $key => $value) { $p_inherit[$key] = 0; } // nothing is inherited } // convert $p_new to a "'a','v',..." format. $p_new_str = ""; if ($p_new[ADD]) { $p_new_str .= "a,"; } if ($p_new[EDIT]) { $p_new_str .= "e,"; } if ($p_new[DELETE]) { $p_new_str .= "d,"; } if ($p_new[VIEW]) { $p_new_str .= "v,"; } if ($p_new[DISCUSS]) { $p_new_str .= "di,"; } if ($p_new_str) { $p_new_str = substr($p_new_str, 0, strlen($p_new_str) - 1); } // strip last comma from the end of a string // find the id and type of this editor if ($editor == 'everyone' || $editor == 'institute') { $ed_type = $editor; $ed_id = 'NULL'; } else { if ($ugroup_id = ugroup::getGroupID($editor)) { $ed_type = 'ugroup'; $ed_id = "'" . addslashes($ugroup_id) . "'"; } else { $ed_type = 'user'; // Make sure the person is in the DB and synched. synchronizeLocalUserAndClassDB($editor); // need to fetch the id from the user table $query = "SELECT user_id FROM user WHERE user_uname = '" . addslashes($editor) . "'"; $r = db_query($query); if (!db_num_rows($r)) { echo $query . "<br />"; die("updatePermissionsDB() :: could not find an ID to associate with editor: '{$editor}'!!!"); } $arr = db_fetch_assoc($r); $ed_id = "'" . addslashes($arr['user_id']) . "'"; } } // echo "<br /><br /><b>***** New permissions in $scope #$id with editor $editor: '".$p_new_str."'</b><br />"; // echo "EID: $ed_id; ETYPE: $ed_type <br />"; // see if the editor is in the site_editors table if ($scope == "site") { $site_id = $id; } else { $site_id = $this->owningSiteObj->id; } $query = "\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tFK_editor\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tsite_editors\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tFK_editor <=> " . $ed_id . " AND\n\t\t\t\t\t\t\tsite_editors_type = '" . addslashes($ed_type) . "' AND\n\t\t\t\t\t\t\tFK_site = '" . addslashes($site_id) . "'\n\t\t\t\t\t"; // echo $query."<br />"; $r_editor = db_query($query); // this query checks to see if the editor is in the site_editors table // if the editor is not in the site_editors then insert him if (!db_num_rows($r_editor)) { $query = "\n\t\t\t\t\t\t\tINSERT\n\t\t\t\t\t\t\tINTO site_editors\n\t\t\t\t\t\t\t\t(FK_site, FK_editor, site_editors_type)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('" . addslashes($site_id) . "', " . $ed_id . ", '" . addslashes($ed_type) . "')\n\t\t\t\t\t\t"; // echo $query."<br />"; db_query($query); } // now that we have all the information pertaining to this user, check if the permission entry is already present // if yes, update it // if not, insert it $query = "\n\t\t\t\t\tSELECT \n\t\t\t\t\t\tpermission_id \n\t\t\t\t\tFROM \n\t\t\t\t\t\tpermission \n\t\t\t\t\tWHERE \n\t\t\t\t\t\tpermission_scope_type='" . addslashes($scope) . "' AND \n\t\t\t\t\t\tFK_scope_id='" . addslashes($id) . "' AND \n\t\t\t\t\t\tFK_editor <=> " . $ed_id . " AND \n\t\t\t\t\t\tpermission_editor_type = '" . addslashes($ed_type) . "'\n\t\t\t\t"; // echo $query."<br />"; $r_perm = db_query($query); // this query checks to see if the entry exists in the permission table // if permission entry exists if (db_num_rows($r_perm)) { $a = db_fetch_assoc($r_perm); // if we are changing the permissions, update the db if ($p_new_str) { $query = "\n\t\t\t\t\t\t\tUPDATE \n\t\t\t\t\t\t\t\tpermission \n\t\t\t\t\t\t\tSET \n\t\t\t\t\t\t\t\tpermission_value='" . addslashes($p_new_str) . "' \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tpermission_id = '" . addslashes($a[permission_id]) . "'\n\t\t\t\t\t\t"; // echo $query."<br />"; db_query($query); } else { $query = "\n\t\t\t\t\t\t\tDELETE FROM \n\t\t\t\t\t\t\t\tpermission \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tpermission_id = '" . addslashes($a[permission_id]) . "'\n\t\t\t\t\t\t"; db_query($query); } } else { if ($p_new_str) { // need to insert permissions $query = "\n\t\t\t\t\t\tINSERT\n\t\t\t\t\t\tINTO permission\n\t\t\t\t\t\t\t(FK_editor, permission_editor_type, FK_scope_id, permission_scope_type, permission_value)\n\t\t\t\t\t\tVALUES (" . $ed_id . ", '" . addslashes($ed_type) . "', '" . addslashes($id) . "', '" . addslashes($scope) . "', '" . addslashes($p_new_str) . "')\n\t\t\t\t\t"; // echo $query."<br />"; db_query($query); } } } } }
//printpre($_REQUEST); /****************************************************************************** * Save changes to the DB ******************************************************************************/ if ($_REQUEST[savechanges]) { if ($isOwner) { /* print "<pre>"; print_r($_SESSION[obj]); print "</pre>"; */ /* begin bug-fix X-294273alpha. thank you, Adam. */ // go through each editor and make sure that they are in the local DB. print_r($_SESSION[obj]->getEditors()); foreach ($_SESSION[obj]->getEditors() as $_editor) { if (!$_editor) { continue; } print "synchronizing {$_editor}...<br />"; synchronizeLocalUserAndClassDB($_editor); } /* end bug-fix. Again, thank you, Adam. */ $_SESSION[obj]->updateDB(1); // print_r($_SESSION[obj]->editorsToDelete); $_SESSION[obj]->deletePendingEditors(); // echo "<pre>"; // print_r($_SESSION[obj]); unset($_SESSION[obj], $_SESSION[editors]); Header("Location: close.php"); exit; } } /****************************************************************************** * Editor Actions: ******************************************************************************/