/**
* Attempts to log an Author in given a username and password.
* If the password is not hashed, it will be hashed using the sha1
* algorithm. The username and password will be sanitized before
* being used to query the Database. If an Author is found, they
* will be logged in and the sanitized username and password (also hashed)
* will be saved as values in the `$Cookie`.
*
* @see toolkit.Cryptography#hash()
* @throws DatabaseException
* @param string $username
* The Author's username. This will be sanitized before use.
* @param string $password
* The Author's password. This will be sanitized and then hashed before use
* @param boolean $isHash
* If the password provided is already hashed, setting this parameter to
* true will stop it becoming rehashed. By default it is false.
* @return boolean
* True if the Author was logged in, false otherwise
*/
public static function login($username, $password, $isHash = false)
{
$username = trim(self::Database()->cleanValue($username));
$password = trim(self::Database()->cleanValue($password));
if (strlen($username) > 0 && strlen($password) > 0) {
$author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("`username` = '%s'", $username));
if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) {
self::$Author = current($author);
// Only migrate hashes if there is no update available as the update might change the tbl_authors table.
if (self::isUpgradeAvailable() === false && Cryptography::requiresMigration(self::$Author->get('password'))) {
self::$Author->set('password', Cryptography::hash($password));
self::Database()->update(array('password' => self::$Author->get('password')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
}
self::$Cookie->set('username', $username);
self::$Cookie->set('pass', self::$Author->get('password'));
self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
// Only set custom author language in the backend
if (class_exists('Administration', false)) {
Lang::set(self::$Author->get('language'));
}
return true;
}
}
return false;
}
/**
* This function determines whether an there is a currently logged in
* Author for Symphony by using the `$Cookie`'s username
* and password. If an Author is found, they will be logged in, otherwise
* the `$Cookie` will be destroyed.
*
* @see core.Cookie#expire()
*/
public function isLoggedIn()
{
// Ensures that we're in the real world.. Also reduces three queries from database
// We must return true otherwise exceptions are not shown
if (is_null(self::$_instance)) {
return true;
}
if ($this->Author) {
return true;
} else {
$username = self::Database()->cleanValue($this->Cookie->get('username'));
$password = self::Database()->cleanValue($this->Cookie->get('pass'));
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t\t", $username));
if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), true)) {
$this->Author = current($author);
self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id')));
// Only set custom author language in the backend
if (class_exists('Administration')) {
Lang::set($this->Author->get('language'));
}
return true;
}
}
$this->Cookie->expire();
return false;
}
}
/**
* This function determines whether an there is a currently logged in
* Author for Symphony by using the `$Cookie`'s username
* and password. If an Author is found, they will be logged in, otherwise
* the `$Cookie` will be destroyed.
*
* @see core.Cookie#expire()
*/
public function isLoggedIn()
{
// Ensures that we're in the real world.. Also reduces three queries from database
// We must return true otherwise exceptions are not shown
if (is_null(self::$_instance)) {
return true;
}
if ($this->Author) {
return true;
} else {
$username = self::$Database->cleanValue($this->Cookie->get('username'));
$password = self::$Database->cleanValue($this->Cookie->get('pass'));
if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
$id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1");
if ($id) {
self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'");
$this->Author = AuthorManager::fetchByID($id);
Lang::set($this->Author->get('language'));
return true;
}
}
$this->Cookie->expire();
return false;
}
}
public function show(SS_HTTPRequest $request)
{
$author = Author::get()->byID($request->param('ID'));
if (!$author) {
return $this->httpError(404, 'That author could not be found');
}
return array('Author' => $author);
}
if (!isset($authorId)) {
$app->abort(404, 'Author has to be selected. Go back and select author');
}
$title = $request->request->get('title');
$message = $request->request->get('message');
$postModel->set($title, $message, $authorId);
return $app->redirect($app["url_generator"]->generate("post_index"));
})->bind('post_add');
$app->get('/authors', function () use($app) {
$authorModel = new Author($app['db']);
$authorsToDisplay = $authorModel->getAll();
return $app['twig']->render('author_index.html.twig', array('authors' => $authorsToDisplay));
})->bind('author_index');
$app->get('/author/{author_id}', function ($author_id) use($app) {
$authorModel = new Author($app['db']);
$authorToDisplay = $authorModel->get($author_id);
if (!$authorToDisplay) {
$app->abort(404, 'The article could not be found');
}
return $app['twig']->render('author_single.html.twig', array('author' => $authorToDisplay));
})->assert('author_id', '\\d+')->bind('author_single');
$app->get('/author/new', function () use($app) {
return $app['twig']->render('author_new.html.twig');
})->bind('author_new');
$app->post('/author/add', function (Request $request) use($app) {
$authorModel = new Author($app['db']);
$name = $request->request->get('name');
$authorModel->setName($name);
return $app->redirect($app["url_generator"]->generate("author_index"));
})->bind('author_add');
// This should be the last line
public function __form()
{
require_once TOOLKIT . '/class.field.php';
// Handle unknown context
if (!in_array($this->_context[0], array('new', 'edit'))) {
Administration::instance()->errorPageNotFound();
}
if ($this->_context[0] == 'new' && !Administration::instance()->Author->isDeveloper()) {
Administration::instance()->customError(__('Access Denied'), __('You are not authorised to access this page.'));
}
if (isset($this->_context[2])) {
switch ($this->_context[2]) {
case 'saved':
$this->pageAlert(__('Author updated at %s.', array(DateTimeObj::getTimeAgo())) . ' <a href="' . SYMPHONY_URL . '/system/authors/new/" accesskey="c">' . __('Create another?') . '</a> <a href="' . SYMPHONY_URL . '/system/authors/" accesskey="a">' . __('View all Authors') . '</a>', Alert::SUCCESS);
break;
case 'created':
$this->pageAlert(__('Author created at %s.', array(DateTimeObj::getTimeAgo())) . ' <a href="' . SYMPHONY_URL . '/system/authors/new/" accesskey="c">' . __('Create another?') . '</a> <a href="' . SYMPHONY_URL . '/system/authors/" accesskey="a">' . __('View all Authors') . '</a>', Alert::SUCCESS);
break;
}
}
$this->setPageType('form');
$isOwner = false;
if (isset($_POST['fields'])) {
$author = $this->_Author;
} else {
if ($this->_context[0] == 'edit') {
if (!($author_id = $this->_context[1])) {
redirect(SYMPHONY_URL . '/system/authors/');
}
if (!($author = AuthorManager::fetchByID($author_id))) {
Administration::instance()->customError(__('Author not found'), __('The author profile you requested does not exist.'));
}
} else {
$author = new Author();
}
}
if ($this->_context[0] == 'edit' && $author->get('id') == Administration::instance()->Author->get('id')) {
$isOwner = true;
}
if ($this->_context[0] == 'edit' && !$isOwner && !Administration::instance()->Author->isDeveloper()) {
Administration::instance()->customError(__('Access Denied'), __('You are not authorised to edit other authors.'));
}
$this->setTitle(__($this->_context[0] == 'new' ? '%2$s – %3$s' : '%1$s – %2$s – %3$s', array($author->getFullName(), __('Authors'), __('Symphony'))));
$this->appendSubheading($this->_context[0] == 'new' ? __('Untitled') : $author->getFullName());
$this->insertBreadcrumbs(array(Widget::Anchor(__('Authors'), SYMPHONY_URL . '/system/authors/')));
// Essentials
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Essentials')));
$div = new XMLElement('div');
$div->setAttribute('class', 'two columns');
$label = Widget::Label(__('First Name'), NULL, 'column');
$label->appendChild(Widget::Input('fields[first_name]', $author->get('first_name')));
$div->appendChild(isset($this->_errors['first_name']) ? Widget::Error($label, $this->_errors['first_name']) : $label);
$label = Widget::Label(__('Last Name'), NULL, 'column');
$label->appendChild(Widget::Input('fields[last_name]', $author->get('last_name')));
$div->appendChild(isset($this->_errors['last_name']) ? Widget::Error($label, $this->_errors['last_name']) : $label);
$group->appendChild($div);
$label = Widget::Label(__('Email Address'));
$label->appendChild(Widget::Input('fields[email]', $author->get('email')));
$group->appendChild(isset($this->_errors['email']) ? Widget::Error($label, $this->_errors['email']) : $label);
$this->Form->appendChild($group);
// Login Details
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Login Details')));
$div = new XMLElement('div');
$label = Widget::Label(__('Username'));
$label->appendChild(Widget::Input('fields[username]', $author->get('username')));
$div->appendChild(isset($this->_errors['username']) ? Widget::Error($label, $this->_errors['username']) : $label);
// Only developers can change the user type. Primary account should NOT be able to change this
if (Administration::instance()->Author->isDeveloper() && !$author->isPrimaryAccount()) {
// Create columns
$div->setAttribute('class', 'two columns');
$label->setAttribute('class', 'column');
// User type
$label = Widget::Label(__('User Type'), NULL, 'column');
$options = array(array('author', false, __('Author')), array('developer', $author->isDeveloper(), __('Developer')));
$label->appendChild(Widget::Select('fields[user_type]', $options));
$div->appendChild($label);
}
$group->appendChild($div);
// Password
$fieldset = new XMLElement('fieldset', NULL, array('class' => 'two columns', 'id' => 'password'));
$legend = new XMLElement('legend', __('Password'));
$help = new XMLElement('i', __('Leave password fields blank to keep the current password'));
$fieldset->appendChild($legend);
$fieldset->appendChild($help);
// Password reset
if ($this->_context[0] == 'edit' && (!Administration::instance()->Author->isDeveloper() || $isOwner === true)) {
$fieldset->setAttribute('class', 'three columns');
$label = Widget::Label(NULL, NULL, 'column');
$label->appendChild(Widget::Input('fields[old-password]', NULL, 'password', array('placeholder' => __('Old Password'))));
$fieldset->appendChild(isset($this->_errors['old-password']) ? Widget::Error($label, $this->_errors['password']) : $label);
}
// New password
$callback = Administration::instance()->getPageCallback();
$placeholder = $callback['context'][0] == 'edit' ? __('New Password') : __('Password');
$label = Widget::Label(NULL, NULL, 'column');
$label->appendChild(Widget::Input('fields[password]', NULL, 'password', array('placeholder' => $placeholder)));
$fieldset->appendChild(isset($this->_errors['password']) ? Widget::Error($label, $this->_errors['password']) : $label);
// Confirm password
$label = Widget::Label(NULL, NULL, 'column');
$label->appendChild(Widget::Input('fields[password-confirmation]', NULL, 'password', array('placeholder' => __('Confirm Password'))));
$fieldset->appendChild(isset($this->_errors['password-confirmation']) ? Widget::Error($label, $this->_errors['password']) : $label);
$group->appendChild($fieldset);
// Auth token
if (Administration::instance()->Author->isDeveloper()) {
$label = Widget::Label();
$input = Widget::Input('fields[auth_token_active]', 'yes', 'checkbox');
if ($author->isTokenActive()) {
$input->setAttribute('checked', 'checked');
}
$temp = SYMPHONY_URL . '/login/' . $author->createAuthToken() . '/';
$label->setValue(__('%s Allow remote login via', array($input->generate())) . ' <a href="' . $temp . '">' . $temp . '</a>');
$group->appendChild($label);
}
$label = Widget::Label(__('Default Area'));
$sections = SectionManager::fetch(NULL, 'ASC', 'sortorder');
$options = array();
// If the Author is the Developer, allow them to set the Default Area to
// be the Sections Index.
if ($author->isDeveloper()) {
$options[] = array('/blueprints/sections/', $author->get('default_area') == '/blueprints/sections/', __('Sections Index'));
}
if (is_array($sections) && !empty($sections)) {
foreach ($sections as $s) {
$options[] = array($s->get('id'), $author->get('default_area') == $s->get('id'), $s->get('name'));
}
}
/**
* Allows injection or manipulation of the Default Area dropdown for an Author.
* Take care with adding in options that are only valid for Developers, as if a
* normal Author is set to that option, they will be redirected to their own
* Author record.
*
*
* @delegate AddDefaultAuthorAreas
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param array $options
* An associative array of options, suitable for use for the Widget::Select
* function. By default this will be an array of the Sections in the current
* installation. New options should be the path to the page after the `SYMPHONY_URL`
* constant.
* @param string $default_area
* The current `default_area` for this Author.
*/
Symphony::ExtensionManager()->notifyMembers('AddDefaultAuthorAreas', '/system/authors/', array('options' => &$options, 'default_area' => $author->get('default_area')));
$label->appendChild(Widget::Select('fields[default_area]', $options));
$group->appendChild($label);
$this->Form->appendChild($group);
// Custom Language Selection
$languages = Lang::getAvailableLanguages();
if (count($languages) > 1) {
// Get language names
asort($languages);
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Custom Preferences')));
$label = Widget::Label(__('Language'));
$options = array(array(NULL, is_null($author->get('language')), __('System Default')));
foreach ($languages as $code => $name) {
$options[] = array($code, $code == $author->get('language'), $name);
}
$select = Widget::Select('fields[language]', $options);
$label->appendChild($select);
$group->appendChild($label);
$this->Form->appendChild($group);
}
$div = new XMLElement('div');
$div->setAttribute('class', 'actions');
$div->appendChild(Widget::Input('action[save]', $this->_context[0] == 'edit' ? __('Save Changes') : __('Create Author'), 'submit', array('accesskey' => 's')));
if ($this->_context[0] == 'edit' && !$isOwner && !$author->isPrimaryAccount()) {
$button = new XMLElement('button', __('Delete'));
$button->setAttributeArray(array('name' => 'action[delete]', 'class' => 'button confirm delete', 'title' => __('Delete this author'), 'type' => 'submit', 'accesskey' => 'd', 'data-message' => __('Are you sure you want to delete this author?')));
$div->appendChild($button);
}
$this->Form->appendChild($div);
/**
* Allows the injection of custom form fields given the current `$this->Form`
* object. Please note that this custom data should be saved in own extension
* tables and that modifying `tbl_authors` to house your data is highly discouraged.
*
* @delegate AddElementstoAuthorForm
* @since Symphony 2.2
* @param string $context
* '/system/authors/'
* @param XMLElement $form
* The contents of `$this->Form` after all the default form elements have been appended.
* @param Author $author
* The current Author object that is being edited
*/
Symphony::ExtensionManager()->notifyMembers('AddElementstoAuthorForm', '/system/authors/', array('form' => &$this->Form, 'author' => $author));
}
public function appendFormattedElement(&$wrapper, $data, $encode = false)
{
if (!is_array($data['author_id'])) {
$data['author_id'] = array($data['author_id']);
}
$list = new XMLElement($this->get('element_name'));
foreach ($data['author_id'] as $author_id) {
$author = new Author($author_id);
$list->appendChild(new XMLElement('item', $author->getFullName(), array('id' => (string) $author->get('id'), 'username' => General::sanitize($author->get('username')))));
}
$wrapper->appendChild($list);
}
function authors_get()
{
if (!$this->get('search')) {
$this->response(NULL, 400);
}
$authors = new Author();
$authors->like('name', $this->get('search'));
$authors->order_by('name', 'asc');
$authors->limit(5);
$authors->get();
if ($authors->exists()) {
foreach ($authors as $author) {
$authors_array[] = $author->name;
}
$this->response($authors_array, 200);
// 200 being the HTTP response code
} else {
$this->response(array('error' => 'Authors could not be found'), 404);
}
}
function __form()
{
require_once TOOLKIT . '/class.field.php';
## Handle unknow context
if (!in_array($this->_context[0], array('new', 'edit'))) {
$this->_Parent->errorPageNotFound();
}
if ($this->_context[0] == 'new' && !Administration::instance()->Author->isDeveloper()) {
$this->_Parent->customError(E_USER_ERROR, 'Access Denied', 'You are not authorised to access this page.');
}
if (isset($this->_context[2])) {
switch ($this->_context[2]) {
case 'saved':
$this->pageAlert(__('Author updated at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Authors</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), URL . '/symphony/system/authors/new/', URL . '/symphony/system/authors/')), Alert::SUCCESS);
break;
case 'created':
$this->pageAlert(__('Author created at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Authors</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), URL . '/symphony/system/authors/new/', URL . '/symphony/system/authors/')), Alert::SUCCESS);
break;
}
}
$this->setPageType('form');
$isOwner = false;
if (isset($_POST['fields'])) {
$author = $this->_Author;
} elseif ($this->_context[0] == 'edit') {
if (!($author_id = $this->_context[1])) {
redirect(URL . '/symphony/system/authors/');
}
if (!($author = AuthorManager::fetchByID($author_id))) {
$this->_Parent->customError(E_USER_ERROR, 'Author not found', 'The author profile you requested does not exist.');
}
} else {
$author = new Author();
}
if ($this->_context[0] == 'edit' && $author->get('id') == Administration::instance()->Author->get('id')) {
$isOwner = true;
}
if ($this->_context[0] == 'edit' && !$isOwner && !Administration::instance()->Author->isDeveloper()) {
$this->_Parent->customError(E_USER_ERROR, 'Access Denied', 'You are not authorised to edit other authors.');
}
$this->setTitle(__($this->_context[0] == 'new' ? '%1$s – %2$s – %3$s' : '%1$s – %2$s', array(__('Symphony'), __('Authors'), $author->getFullName())));
$this->appendSubheading($this->_context[0] == 'new' ? __('Untitled') : $author->getFullName());
### Essentials ###
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Essentials')));
$div = new XMLElement('div');
$div->setAttribute('class', 'group');
$label = Widget::Label(__('First Name'));
$label->appendChild(Widget::Input('fields[first_name]', $author->get('first_name')));
$div->appendChild(isset($this->_errors['first_name']) ? $this->wrapFormElementWithError($label, $this->_errors['first_name']) : $label);
$label = Widget::Label(__('Last Name'));
$label->appendChild(Widget::Input('fields[last_name]', $author->get('last_name')));
$div->appendChild(isset($this->_errors['last_name']) ? $this->wrapFormElementWithError($label, $this->_errors['last_name']) : $label);
$group->appendChild($div);
$label = Widget::Label(__('Email Address'));
$label->appendChild(Widget::Input('fields[email]', $author->get('email')));
$group->appendChild(isset($this->_errors['email']) ? $this->wrapFormElementWithError($label, $this->_errors['email']) : $label);
$this->Form->appendChild($group);
###
### Login Details ###
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Login Details')));
$div = new XMLElement('div');
$div->setAttribute('class', 'group');
$label = Widget::Label(__('Username'));
$label->appendChild(Widget::Input('fields[username]', $author->get('username'), NULL));
$div->appendChild(isset($this->_errors['username']) ? $this->wrapFormElementWithError($label, $this->_errors['username']) : $label);
// Only developers can change the user type. Primary account should NOT be able to change this
if (Administration::instance()->Author->isDeveloper() && !$author->isPrimaryAccount()) {
$label = Widget::Label(__('User Type'));
$options = array(array('author', false, __('Author')), array('developer', $author->isDeveloper(), __('Developer')));
$label->appendChild(Widget::Select('fields[user_type]', $options));
$div->appendChild($label);
}
$group->appendChild($div);
$div = new XMLElement('div', NULL, array('class' => 'group'));
if ($this->_context[0] == 'edit') {
$div->setAttribute('id', 'change-password');
if (!Administration::instance()->Author->isDeveloper() || $isOwner === true) {
$div->setAttribute('class', 'triple group');
$label = Widget::Label(__('Old Password'));
if (isset($this->_errors['old-password'])) {
$label->setAttributeArray(array('class' => 'contains-error', 'title' => $this->_errors['old-password']));
}
$label->appendChild(Widget::Input('fields[old-password]', NULL, 'password'));
$div->appendChild(isset($this->_errors['old-password']) ? $this->wrapFormElementWithError($label, $this->_errors['old-password']) : $label);
}
}
$label = Widget::Label($this->_context[0] == 'edit' ? __('New Password') : __('Password'));
$label->appendChild(Widget::Input('fields[password]', NULL, 'password'));
$div->appendChild(isset($this->_errors['password']) ? $this->wrapFormElementWithError($label, $this->_errors['password']) : $label);
$label = Widget::Label($this->_context[0] == 'edit' ? __('Confirm New Password') : __('Confirm Password'));
if (isset($this->_errors['password-confirmation'])) {
$label->setAttributeArray(array('class' => 'contains-error', 'title' => $this->_errors['password-confirmation']));
}
$label->appendChild(Widget::Input('fields[password-confirmation]', NULL, 'password'));
$div->appendChild($label);
$group->appendChild($div);
if ($this->_context[0] == 'edit') {
$group->appendChild(new XMLElement('p', __('Leave password fields blank to keep the current password'), array('class' => 'help')));
}
if (Administration::instance()->Author->isDeveloper()) {
$label = Widget::Label();
$input = Widget::Input('fields[auth_token_active]', 'yes', 'checkbox');
if ($author->get('auth_token_active') == 'yes') {
$input->setAttribute('checked', 'checked');
}
$temp = URL . '/symphony/login/' . $author->createAuthToken() . '/';
$label->setValue(__('%1$s Allow remote login via <a href="%2$s">%2$s</a>', array($input->generate(), $temp)));
$group->appendChild($label);
}
$label = Widget::Label(__('Default Section'));
$sectionManager = new SectionManager($this->_Parent);
$sections = $sectionManager->fetch(NULL, 'ASC', 'sortorder');
$options = array();
if (is_array($sections) && !empty($sections)) {
foreach ($sections as $s) {
$options[] = array($s->get('id'), $author->get('default_section') == $s->get('id'), $s->get('name'));
}
}
$label->appendChild(Widget::Select('fields[default_section]', $options));
$group->appendChild($label);
$this->Form->appendChild($group);
###
### Custom Language Selection ###
$languages = Lang::getAvailableLanguages(Administration::instance()->ExtensionManager);
if (count($languages) > 1) {
// Get language names
asort($languages);
$group = new XMLElement('fieldset');
$group->setAttribute('class', 'settings');
$group->appendChild(new XMLElement('legend', __('Custom Preferences')));
$div = new XMLElement('div');
$div->setAttribute('class', 'group');
$label = Widget::Label(__('Language'));
$options = array(array(NULL, is_null($author->get('language')), __('System Default')));
foreach ($languages as $code => $name) {
$options[] = array($code, $code == $author->get('language'), $name);
}
$select = Widget::Select('fields[language]', $options);
$label->appendChild($select);
$group->appendChild($label);
$this->Form->appendChild($group);
}
###
$div = new XMLElement('div');
$div->setAttribute('class', 'actions');
$div->appendChild(Widget::Input('action[save]', $this->_context[0] == 'edit' ? __('Save Changes') : __('Create Author'), 'submit', array('accesskey' => 's')));
if ($this->_context[0] == 'edit' && !$isOwner && !$author->isPrimaryAccount()) {
$button = new XMLElement('button', __('Delete'));
$button->setAttributeArray(array('name' => 'action[delete]', 'class' => 'confirm delete', 'title' => __('Delete this author'), 'type' => 'submit'));
$div->appendChild($button);
}
$this->Form->appendChild($div);
}
/**
* Returns Author's that match the provided ID's with the option to sort or limit the
* output. This function will search the `AuthorManager::$_pool` for Authors first before
* querying `tbl_authors`
*
* @param integer|array $id
* A single ID or an array of ID's
* @param string $sortby
* The field to sort the authors by, defaults to 'id'
* @param string $sortdirection
* Available values of ASC (Ascending) or DESC (Descending), which refer to the
* sort order for the query. Defaults to ASC (Ascending)
* @param integer $limit
* The number of rows to return
* @param integer $start
* The offset start point for limiting, maps to the LIMIT {x}, {y} MySQL functionality
* @return mixed
* If `$id` was an integer, the result will be an Author object, otherwise an array of
* Author objects will be returned. If no Authors are found, or no `$id` is given null is returned.
*/
public static function fetchByID($id, $sortby = 'id', $sortdirection = 'ASC', $limit = null, $start = null)
{
$return_single = false;
if (!is_array($id)) {
$return_single = true;
$id = array($id);
}
if (empty($id)) {
return null;
}
$authors = array();
$pooled_authors = array();
// Get all the Author ID's that are already in `self::$_pool`
$pooled_authors = array_intersect($id, array_keys(self::$_pool));
foreach ($pooled_authors as $pool_author) {
$authors[] = self::$_pool[$pool_author];
}
// Get all the Author ID's that are not already stored in `self::$_pool`
$id = array_diff($id, array_keys(self::$_pool));
if (empty($id)) {
return $return_single ? $authors[0] : $authors;
}
$records = Symphony::Database()->fetch(sprintf("\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\tWHERE `id` IN (%d)\n\t\t\t\t\tORDER BY %s %s\n\t\t\t\t\t%s %s\n\t\t\t\t", implode(",", $id), $sortby, $sortdirection, $limit ? "LIMIT " . $limit : '', $start && $limit ? ', ' . $start : ''));
if (!is_array($records) || empty($records)) {
return $return_single ? $authors[0] : $authors;
}
foreach ($records as $row) {
$author = new Author();
foreach ($row as $field => $val) {
$author->set($field, $val);
}
self::$_pool[$author->get('id')] = $author;
$authors[] = $author;
}
return $return_single ? $authors[0] : $authors;
}
/**
* Returns Author's that match the provided ID's with the option to
* sort or limit the output. This function will search the
* `AuthorManager::$_pool` for Authors first before querying `tbl_authors`
*
* @param integer|array $id
* A single ID or an array of ID's
* @throws DatabaseException
* @return mixed
* If `$id` is an integer, the result will be an Author object,
* otherwise an array of Author objects will be returned. If no
* Authors are found, or no `$id` is given, `null` is returned.
*/
public static function fetchByID($id)
{
$return_single = false;
if (is_null($id)) {
return null;
}
if (!is_array($id)) {
$return_single = true;
$id = array((int) $id);
}
if (empty($id)) {
return null;
}
// Get all the Author ID's that are already in `self::$_pool`
$authors = array();
$pooled_authors = array_intersect($id, array_keys(self::$_pool));
foreach ($pooled_authors as $pool_author) {
$authors[] = self::$_pool[$pool_author];
}
// Get all the Author ID's that are not already stored in `self::$_pool`
$id = array_diff($id, array_keys(self::$_pool));
$id = array_filter($id);
if (empty($id)) {
return $return_single ? $authors[0] : $authors;
}
$records = Symphony::Database()->fetch(sprintf("SELECT *\n FROM `tbl_authors`\n WHERE `id` IN (%s)", implode(",", $id)));
if (!is_array($records) || empty($records)) {
return $return_single ? $authors[0] : $authors;
}
foreach ($records as $row) {
$author = new Author();
foreach ($row as $field => $val) {
$author->set($field, $val);
}
self::$_pool[$author->get('id')] = $author;
$authors[] = $author;
}
return $return_single ? $authors[0] : $authors;
}
function detalhe($id)
{
global $twig;
$author = new Author();
echo $twig->render('author_detail.html', array('author' => $author->get("id = {$id}")));
}
public function userCanDoAction($user, $entry, $action)
{
//DEFAULT RETURN VALUE IS TRUE
$ret = true;
//GRANT ALL PERMISSIONS TO THE AUTHOR
$author = new Author();
$author->clause('author_id', $entry->get('author_id'));
$author->noForeign();
$author_user_id = $author->get('user_id');
if ($author_user_id != $user->id()) {
//FIRST CHECK IF WE ARE EXCLUDED BASED ON ACCESS LEVEL
$min_level = Application::user()->minAccessLevel();
$check_entry = $entry->restrict();
//IF THE ENTRY ACCESS ID IS GREATER THAN THE MIN LEVEL
//OF THE CURRENT APP USER (0 IS ROOT LEVEL ACCESS)
if ($access = $check_entry->fetchSingle('Access')) {
$level = $access->get('access_level');
} else {
$level = 0;
}
if ($level >= $min_level) {
if ($user->id()) {
$access = new EntryGroupAccess();
//NOW CHECK IF THERE IS GROUP ACCESS CONTROL FOR
//ANY GROUPS THIS USER IS A MEMBER OF
$user = $user->restrict();
$user->also('Group');
$access->clause('author_id', $entry->get('author_id'));
$access->clause('entry_id', $entry->get('entry_id'));
//IF THE USER IS IN ANY GROUPS
if ($groups = $user->fetch('Group')) {
$access->clause('group_id', $groups, Clause::IN);
} else {
$access->clause('group_id', 0);
}
//IF THERE WERE ACCESS ENTRIES FOR GROUPS THAT THIS USER IS IN
if ($entries = $access->fetch()) {
//LOOP THROUGH UNTIL WE FIND A GROUP THAT DIASALLOWS
//THEN STOP
foreach ($entries as $access_entry) {
if ($ret) {
$ret = $access_entry->get($action);
} else {
end($entries);
}
}
} else {
if ($action != LogbookAccess::VIEW) {
$ret = false;
}
}
} else {
if ($action != LogbookAccess::VIEW) {
$ret = false;
}
}
} else {
$ret = false;
}
}
return $ret;
}
