/**
  * add a search condition to a given CMS_object_search object
  *
  * @param CMS_object_search $search : the reference search object which need the condition
  * @param array &tagAttributes : represent atm-search-param attributes
  * @return boolean true on success, false on failure
  * @access private
  * @static
  */
 static function addSearchCondition(&$search, $tagAttributes)
 {
     global $cms_language;
     if (!isset($tagAttributes['type'])) {
         CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'type' attribute");
         return false;
     }
     if (!isset($tagAttributes['value'])) {
         CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'value' attribute");
         return false;
     }
     if (!isset($tagAttributes['mandatory'])) {
         CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'mandatory' attribute");
         return false;
     }
     if (isset($tagAttributes['value'])) {
         $searchConditionValue = $tagAttributes['value'];
     } else {
         CMS_grandFather::raiseError("Unknown value type : " . $tagAttributes['value']);
         return false;
     }
     //if no value for condition and condition is mandatory : return false
     if (!$searchConditionValue && (!isset($tagAttributes['operator']) || !$tagAttributes['operator'])) {
         return $tagAttributes['mandatory'] == 'true' ? false : true;
     }
     if (is_scalar($tagAttributes['type']) && in_array($tagAttributes['type'], CMS_object_search::getStaticSearchConditionTypes()) || $tagAttributes['type'] == 'category') {
         if ($tagAttributes['type'] == 'publication date after' || $tagAttributes['type'] == 'publication date before') {
             //replace search condition value by corresponding cms_date object
             $date = new CMS_date();
             $date->setFormat($cms_language->getDateFormat());
             $date->setLocalizedDate($searchConditionValue);
             $searchConditionValue = $date;
         }
         $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
     } else {
         if (!sensitiveIO::isPositiveInteger($tagAttributes['type'])) {
             CMS_grandFather::raiseError("Malformed atm-search-param tag : attribute 'type' does not represent a valid object " . $tagAttributes['type']);
             return false;
         } else {
             $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
         }
     }
     return true;
 }
Example #2
0
//create search object for current object
$search = new CMS_object_search($object);
//if object is a primary resource
if ($object->isPrimaryResource()) {
    //Order
    $search->setAttribute('orderBy', 'publicationDateStart_rs desc,publicationDateEnd_rs desc, id_moo desc');
    // Param : Around publication date
    $dt_today = new CMS_date();
    $dt_today->setDebug(false);
    $dt_today->setNow();
    $dt_today->setFormat($dateFormat);
    $dt_from = new CMS_date();
    $dt_from->setDebug(false);
    $dt_from->setFormat($dateFormat);
    if ($dt_from->setLocalizedDate(CMS_session::getSessionVar("items_dtfrm"), true)) {
        $search->addWhereCondition("publication date after", $dt_from);
    }
    $dt_end = new CMS_date();
    $dt_end->setDebug(false);
    $dt_end->setFormat($dateFormat);
    if ($dt_end->setLocalizedDate(CMS_session::getSessionVar("items_dtnd"), true)) {
        // Check this date isn't greater than start date given
        if (!CMS_date::compare($dt_from, $dt_end, ">=")) {
            $search->addWhereCondition("publication date before", $dt_end);
        }
    }
    if ($status) {
        $search->addWhereCondition("status", $status);
    }
}
// Do not apply sessions filters if limitToOrderedItems or limitToItems otherwise it could hide objects that should be displayed
 /**
  * load all subobjects values from DB
  *
  * @return boolean true on success, false on failure
  * @access private
  */
 protected function _loadSubObjectsValues()
 {
     //get all subobjects ids
     $subObjectsIds = array();
     foreach (array_keys($this->_subfieldValues) as $subFieldID) {
         if (is_object($this->_subfieldValues[$subFieldID])) {
             //load poly object
             $subObjectsIds[] = $this->_subfieldValues[$subFieldID]->getValue();
         }
     }
     if (is_array($subObjectsIds) && $subObjectsIds) {
         //get object definition
         $objectDef = $this->getObjectDefinition();
         //create new search to get all DB values for this object and all subobjects
         $search = new CMS_object_search($objectDef, $this->_public);
         //limit to this object
         $search->addWhereCondition('items', $subObjectsIds);
         //launch search
         $datas = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_DATAS);
         unset($search);
         //then populate object(s) values
         $this->populateSubObjectsValues($datas);
     }
     return true;
 }
Example #4
0
 /**
  * Does given user have the requested clearance for this object ?
  * This method is pretty heavy, so if it must be used on a lots of objects, prefer usage of a search on those objects, it is much faster.
  *
  * @param cms_profile_user $user : the user to check clearance
  * @param constant $clearance : the requested clearance to check (default : CLEARANCE_MODULE_VIEW)
  * @param boolean $checkParent : if no categories fields found, check the parent object (if any) to see if it as some (beware this is heavy). Default : false
  * @return boolean
  * @access public
  */
 function userHasClearance($user, $clearance = CLEARANCE_MODULE_VIEW, $checkParent = false)
 {
     if (!$this->_public || APPLICATION_ENFORCES_ACCESS_CONTROL === true) {
         //user is an administrator?
         if ($user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
             return true;
         }
         //get Object definition
         $objectDef = $this->getObjectDefinition();
         //get module codename
         $polyModuleCodename = $objectDef->getValue('module');
         //check user right on module (check only minimum needed : VIEW, proper right is checked after on category)
         if (!$user->hasModuleClearance($polyModuleCodename, CLEARANCE_MODULE_VIEW)) {
             return false;
         }
         //object has categories fields ?
         $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->getObjectID());
         $allCategories = array();
         if (!$categoriesFields && !$checkParent) {
             //no categories on object so user has rights
             return true;
         } elseif (!$categoriesFields && $checkParent) {
             //check for module Categories usage
             if (!CMS_poly_object_catalog::moduleHasCategories($polyModuleCodename)) {
                 //no categories used on module : item is viewvable
                 return true;
             }
             //check for a parent for the given object
             if ($objectParentsIDs = CMS_poly_object_catalog::getParentsObject($this->getObjectID())) {
                 $found = false;
                 //check object for each parent objects found
                 foreach ($objectParentsIDs as $objectParentID => $objectParentFields) {
                     $categoriesFields = CMS_poly_object_catalog::objectHasCategories($objectParentID);
                     if (is_array($categoriesFields) && $categoriesFields) {
                         //load current object definition
                         $object = CMS_poly_object_catalog::getObjectDefinition($objectParentID);
                         foreach ($objectParentFields as $fieldID) {
                             $search = new CMS_object_search($object, $this->_public);
                             $search->addWhereCondition($fieldID, $this->getID());
                             $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS);
                             $found = $ids ? true : $found;
                         }
                     }
                 }
                 //if one parent was found then object is visible
                 return $found;
             } else {
                 //no parent object for this object, item is viewvable
                 return true;
             }
         } elseif (is_array($categoriesFields) && $categoriesFields) {
             $search = new CMS_object_search($objectDef, $clearance == CLEARANCE_MODULE_VIEW);
             $search->addWhereCondition('item', $this->getID());
             $search->addWhereCondition("profile", $user);
             $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS);
             return $ids ? true : false;
         }
     }
     //user has clearance
     return true;
 }
Example #5
0
 /**
  * Get search results objects for module by Id
  *
  * @param array : the results score ids
  * @return array : results elements (cms_page)
  * @access public
  */
 function getSearchResults($resultsIds, &$user)
 {
     if (!$resultsIds || !is_array($resultsIds)) {
         return array();
     }
     $cms_language = $user->getLanguage();
     //get results object types
     $sql = "\n\t\t\tselect\n\t\t\t\tobject_type_id_moo as type, id_moo as id\n\t\t\tfrom\n\t\t\t\tmod_object_polyobjects\n\t\t\twhere\n\t\t\t\tid_moo in (" . sensitiveIO::sanitizeSQLString(implode(',', $resultsIds)) . ")\n\t\t";
     $q = new CMS_query($sql);
     $resultsType = array();
     while ($r = $q->getArray()) {
         $resultsType[$r['type']][] = $r['id'];
     }
     $results = array();
     foreach ($resultsType as $type => $ids) {
         //load current object definition
         $object = CMS_poly_object_catalog::getObjectDefinition($type);
         //create search object for current object
         $search = new CMS_object_search($object);
         $search->addWhereCondition("items", $ids);
         $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
         //launch search
         $objectLabel = $object->getLabel($cms_language);
         // Check if need to use a specific display for search results
         $resultsDefinition = $object->getValue('resultsDefinition');
         if ($resultsDefinition) {
             $definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE);
             $itemsResourcesFiles = '';
             // Add specific css and js files we use the resultsDefinition
             if (file_exists(PATH_CSS_FS . '/modules/' . $this->getCodename() . '.css')) {
                 $itemsResourcesFiles .= '<link rel="stylesheet" type="text/css" href="' . PATH_CSS_WR . '/modules/' . $this->getCodename() . '.css" />';
             }
             $jsFiles = $this->getJSFiles();
             if ($jsFiles) {
                 foreach ($jsFiles as $jsfile) {
                     $itemsResourcesFiles .= '<script type="text/javascript" src="' . $jsfile . '"></script>' . "\n";
                 }
             }
         } else {
             //load fields objects for object
             $objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID());
         }
         //loop on results items
         while ($item = $search->getNextResult()) {
             //Resource related informations
             $htmlStatus = $pubRange = '';
             $lock = $deleted = $primaryResource = false;
             if ($object->isPrimaryResource()) {
                 $status = $item->getStatus();
                 if (is_object($status)) {
                     $htmlStatus = $status->getHTML(false, $user, $this->getCodename(), $item->getID());
                     $pubRange = $status->getPublicationRange($cms_language);
                     $lock = $item->getLock();
                     $deleted = $item->getProposedLocation() == RESOURCE_LOCATION_DELETED;
                 }
                 $primaryResource = true;
             }
             //Edit
             $edit = false;
             if (!$deleted && (!$lock || $lock == $user->getUserId())) {
                 $edit = array('url' => PATH_ADMIN_MODULES_WR . '/' . MOD_POLYMOD_CODENAME . '/item.php', 'type' => 'window', 'params' => array('module' => $this->getCodename(), 'type' => $type, 'item' => $item->getID()));
             }
             //Previz
             $view = false;
             if ($object->getValue("previewURL")) {
                 $view = array('url' => $item->getPrevizPageURL(), 'type' => 'frame');
             }
             //HTML description
             $description = POLYMOD_DEBUG ? '<span class="atm-text-alert"> (ID : ' . $item->getID() . ')</span>' : '';
             if ($resultsDefinition) {
                 //set execution parameters
                 $parameters = array();
                 $parameters['module'] = $this->getCodename();
                 $parameters['objectID'] = $object->getID();
                 $parameters['public'] = false;
                 $parameters['item'] = $item;
                 $description .= $definitionParsing->getContent(CMS_polymod_definition_parsing::OUTPUT_RESULT, $parameters);
                 if ($itemsResourcesFiles) {
                     $description = $itemsResourcesFiles . $description;
                 }
             } else {
                 $itemFieldsObjects = $item->getFieldsObjects();
                 //Add all needed fields to description
                 foreach ($itemFieldsObjects as $fieldID => $itemField) {
                     //if field is a poly object
                     if ($objectFields[$fieldID]->getValue('searchlist')) {
                         $description .= $objectFields[$fieldID]->getLabel($cms_language) . ' : <strong>' . $itemField->getHTMLDescription() . '</strong><br />';
                     }
                 }
             }
             $results[$item->getID()] = array('id' => $item->getID(), 'type' => $objectLabel, 'status' => $htmlStatus, 'pubrange' => $pubRange, 'label' => $item->getLabel(), 'description' => $description, 'resource' => $primaryResource ? array('module' => $this->getCodename(), 'resource' => $item->getID(), 'action' => 'unlock') : false, 'edit' => $edit, 'view' => $view);
         }
     }
     return $results;
 }
 /**
  * Return a list of all objects names of given type
  *
  * @param mixed $objectID the object ID to get names (integer or 'multi|objectID')
  * @param boolean $public are the needed datas public ? (default false)
  * @param array $searchConditions, search conditions to add. Format : array(conditionType => conditionValue)
  * @return array(integer objectID => string objectName)
  * @access public
  * @static
  */
 static function getListOfNamesForObject($objectID, $public = false, $searchConditions = array(), $loadSubObjects = false)
 {
     static $listNames;
     $paramsHash = md5(serialize(func_get_args()));
     if (isset($listNames[$paramsHash])) {
         return $listNames[$paramsHash];
     }
     $listNames[$paramsHash] = array();
     //load current object definition
     $object = CMS_poly_object_catalog::getObjectDefinition($objectID);
     //create search
     $search = new CMS_object_search($object, $public);
     //add conditions
     if (is_array($searchConditions) && $searchConditions) {
         foreach ($searchConditions as $conditionType => $conditionValue) {
             $search->addWhereCondition($conditionType, $conditionValue);
         }
     }
     //launch search
     $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
     //set result mode
     $mode = $loadSubObjects ? CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTS : CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTSLIGHT_EDITED;
     //fetch results
     while ($item = $search->getNextResult($mode)) {
         $listNames[$paramsHash][$item->getID()] = $item->getLabel();
     }
     //natsort objects by name case insensitive
     uasort($listNames[$paramsHash], array('CMS_poly_object_catalog', '_natecasecomp'));
     return $listNames[$paramsHash];
 }
 /**
  * This function is called to catch and launch all FE forms actions
  *
  * @param array $formIDs : the forms ids to check for actions
  * @param integer $pageID : the current page id
  * @param boolean $public : the data status
  * @param string $languageCode : the language code used
  * @param reference array $polymodFormsError : the forms error status to return
  * @param reference array $polymodFormsItem : reference to the forms item
  * @return boolean : true on success, false on failure
  * @access public
  * @static
  */
 static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems)
 {
     global $cms_language, $cms_user;
     if (!is_array($formIDs)) {
         return false;
     }
     foreach ($formIDs as $formID) {
         if (io::request('formID') && io::request('formID') == $formID) {
             if (!isset($cms_language) || $cms_language->getCode() != $languageCode) {
                 $cms_language = new CMS_language($languageCode);
             }
             //instanciate item
             $item = '';
             if (io::request('object', 'io::isPositiveInteger', '')) {
                 //check user rights on module
                 $module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object'));
                 //Check user rights
                 //here assume than user should only need the view right on module, because admin right allow Automne administration access
                 if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) {
                     CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module);
                     return false;
                 }
                 //instanciate object
                 $object = CMS_poly_object_catalog::getObjectDefinition(io::request('object'));
                 if ($object && io::request('item', 'io::isPositiveInteger', '')) {
                     $search = new CMS_object_search($object, false);
                     $search->addWhereCondition('item', io::request('item'));
                     $items = $search->search();
                     if (isset($items[io::request('item')])) {
                         $item = $items[io::request('item')];
                     } else {
                         $item = new CMS_poly_object($object->getID());
                     }
                 } else {
                     $item = new CMS_poly_object($object->getID());
                 }
             }
             if (is_object($item) && !$item->hasError()) {
                 //get item fieldsObjects
                 $fieldsObjects =& $item->getFieldsObjects();
                 //checks and assignments
                 $item->setDebug(false);
                 //first, check mandatory values
                 foreach ($fieldsObjects as $fieldID => $aFieldObject) {
                     //if field is part of formular
                     if (isset($_REQUEST['polymodFields'][$fieldID])) {
                         if (!$item->checkMandatory($fieldID, $_REQUEST, '')) {
                             $polymodFormsError[$formID]['required'][$fieldID] = $fieldID;
                         }
                     }
                 }
                 //second, set values for all fields
                 foreach ($fieldsObjects as $fieldID => $aFieldObject) {
                     //if field is part of formular
                     if (isset($_REQUEST['polymodFields'][$fieldID])) {
                         //if form use a callback, call it
                         //do not use call_user_function here
                         $funcName = 'form_' . $formID . '_' . $fieldID;
                         if (!$item->setValues($fieldID, $_REQUEST, '')) {
                             $polymodFormsError[$formID]['malformed'][] = $fieldID;
                         } elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) {
                             $polymodFormsError[$formID]['malformed'][] = $fieldID;
                         }
                     }
                 }
                 //set publication dates if needed
                 if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) {
                     if ($object->isPrimaryResource()) {
                         // Dates management
                         $dt_beg = new CMS_date();
                         $dt_beg->setDebug(false);
                         $dt_beg->setFormat($cms_language->getDateFormat());
                         $dt_end = new CMS_date();
                         $dt_end->setDebug(false);
                         $dt_end->setFormat($cms_language->getDateFormat());
                         if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) {
                             $polymodFormsError[$formID]['malformed'][] = 'pub_start';
                         }
                         if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) {
                             $polymodFormsError[$formID]['malformed'][] = 'pub_end';
                         }
                         //if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end
                         if (!$dt_beg->isNull() && !$dt_end->isNull()) {
                             if (CMS_date::compare($dt_beg, $dt_end, '>')) {
                                 $polymodFormsError[$formID]['malformed'][] = 'pub_start';
                                 $polymodFormsError[$formID]['malformed'][] = 'pub_end';
                                 $dt_set_1 = $dt_set_2 = false;
                             }
                         }
                         if ($dt_set_1 && $dt_set_2) {
                             $item->setPublicationDates($dt_beg, $dt_end);
                         }
                     }
                 }
                 //Check form token
                 if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) {
                     $polymodFormsError[$formID]['error'][] = 'form-token';
                     return false;
                 } else {
                     //Token is used so expire it
                     CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID);
                 }
                 if (!$polymodFormsError[$formID]) {
                     //save the data
                     if (!$item->writeToPersistence()) {
                         $polymodFormsError[$formID]['error'][] = 'write';
                         $polymodFormsError[$formID]['filled'] = 0;
                     } else {
                         $polymodFormsError[$formID]['filled'] = 1;
                         //if form use a callback, call it
                         //do not use call_user_function here
                         $funcName = 'form_' . $formID;
                         if (function_exists('form_' . $formID) && !$funcName($formID, $item)) {
                             $polymodFormsError[$formID]['filled'] = 0;
                             $polymodFormsError[$formID]['error'][] = 'callback';
                         }
                     }
                     //if item is a primary resource, unlock it
                     if ($object->isPrimaryResource()) {
                         $item->unlock();
                     }
                 } else {
                     $polymodFormsError[$formID]['filled'] = 0;
                 }
                 //save item for later use
                 $polymodFormsItems[$formID] = $item;
             } else {
                 $polymodFormsError[$formID]['filled'] = 0;
                 $polymodFormsError[$formID]['error'][] = 'right';
                 CMS_grandFather::raiseError('No item found or user has no administration rights on item... ');
                 return false;
             }
         }
     }
     return true;
 }