public function on_start()
{
$c = Page::getByPath('/dashboard/blocks/stacks');
$cp = new Permissions($c);
if ($cp->canViewPage()) {
$c = Page::getCurrentPage();
$pcp = new Permissions($c);
if (!$pcp->canViewPageVersions() || $_GET['vtask'] != 'view_versions' && $_GET['vtask'] != 'compare') {
$cID = $c->getCollectionID();
$this->redirect('/dashboard/blocks/stacks', 'view_details', $cID);
} else {
$this->theme = 'dashboard';
}
} else {
global $c;
// ugh
$v = View::getInstance();
$c = new Page();
$c->loadError(COLLECTION_NOT_FOUND);
$v->setCollectionObject($c);
$this->c = $c;
$cont = Loader::controller("/page_not_found");
$v->setController($cont);
$v->render('/page_not_found');
}
}
public function on_page_view()
{
$stack = Stack::getByID($this->stID);
if (!is_object($stack)) {
return false;
}
$p = new Permissions($stack);
if ($p->canViewPage()) {
$blocks = $stack->getBlocks();
foreach ($blocks as $b) {
$bp = new Permissions($b);
if ($bp->canViewBlock()) {
$btc = $b->getInstance();
if ('Controller' != get_class($btc)) {
$btc->outputAutoHeaderItems();
}
$csr = $b->getBlockCustomStyleRule();
if (is_object($csr)) {
$styleHeader = '#' . $csr->getCustomStyleRuleCSSID(1) . ' {' . $csr->getCustomStyleRuleText() . "} \r\n";
$btc->addHeaderItem("<style type=\"text/css\"> \r\n" . $styleHeader . '</style>', 'VIEW');
}
$btc->runTask('on_page_view', array($view));
}
}
}
}
/**
* @todo Make this dependent on conversation-specific permissions.
*/
public function canViewConversation()
{
$conversation = $this->getPermissionObject();
if (is_object($conversation)) {
$c = $conversation->getConversationPageObject();
if (is_object($c) && !$c->isError()) {
$cp = new \Permissions($c);
return $cp->canViewPage();
}
}
}
public function getJSON()
{
$c = \Page::getByPath('/dashboard/express/entities');
$cp = new \Permissions($c);
if (!$cp->canViewPage()) {
throw new \Exception(t('Access Denied.'));
}
$entries = $this->getRequestEntries();
$data = array();
$data['entries'] = $entries;
return new JsonResponse($data);
}
public function shouldAddToCache(View $v)
{
$c = $v->getCollectionObject();
if (!is_object($c)) {
return false;
}
$cp = new Permissions($c);
if (!$cp->canViewPage()) {
return false;
}
$u = new User();
$allowedControllerActions = array('view');
if (is_object($v->controller)) {
if (!in_array($v->controller->getTask(), $allowedControllerActions)) {
return false;
}
}
if (!$c->getCollectionFullPageCaching()) {
return false;
}
if ($u->isRegistered() || $_SERVER['REQUEST_METHOD'] == 'POST') {
return false;
}
if ($c->isGeneratedCollection()) {
if (is_object($v->controller) && !$v->controller->supportsPageCache() || !is_object($v->controller)) {
return false;
}
}
if ($c->getCollectionFullPageCaching() == 1 || FULL_PAGE_CACHE_GLOBAL === 'all') {
// this cache page at the page level
// this overrides any global settings
return true;
}
if (FULL_PAGE_CACHE_GLOBAL !== 'blocks') {
// we are NOT specifically caching this page, and we don't
return false;
}
$blocks = $c->getBlocks();
array_merge($c->getGlobalBlocks(), $blocks);
foreach ($blocks as $b) {
$controller = $b->getInstance();
if (!$controller->cacheBlockOutput()) {
return false;
}
}
return true;
}
public function view($fID = 0, $rcID = NULL)
{
// get the block
if ($fID > 0 && Loader::helper('validation/numbers')->integer($fID)) {
$file = File::getByID($fID);
if ($file instanceof File && $file->getFileID() > 0) {
$rcID = Loader::helper('security')->sanitizeInt($rcID);
if ($rcID > 0) {
$rc = Page::getByID($rcID, 'ACTIVE');
if (is_object($rc) && !$rc->isError()) {
$rcp = new Permissions($rc);
if ($rcp->canViewPage()) {
$this->set('rc', $rc);
}
}
}
$fp = new Permissions($file);
if (!$fp->canViewFile()) {
return false;
}
// if block password is blank download
if (!$file->getPassword()) {
if ($this->force) {
return $this->force_download($file, $rcID);
} else {
return $this->download($file, $rcID);
}
}
// otherwise show the form
$this->set('force', $this->force);
$this->set('rcID', $rcID);
$this->set('fID', $fID);
$this->set('filename', $file->getFilename());
$this->set('filesize', filesize($file->getPath()));
}
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Attribute\Set as AttributeSet;
$canRead = false;
$ch = Page::getByID($_REQUEST['cID']);
$path = $ch->getCollectionPath();
if (strpos($path, '/dashboard') === 0) {
$cp = new Permissions($ch);
if ($cp->canViewPage()) {
$canRead = true;
}
}
if (!$canRead) {
die(t("Access Denied."));
}
// this should be cleaned up.... yeah
$db = Loader::db();
// update order of collections
$uats = $_REQUEST['akID_' . $_REQUEST['asID']];
if (is_array($uats)) {
$as = AttributeSet::getByID($_REQUEST['asID']);
$as->updateAttributesDisplayOrder($uats);
}
public function checkPermissions($mixed)
{
if (isset($this->permissionsChecker)) {
if ($this->permissionsChecker === -1) {
return true;
} else {
return call_user_func_array($this->permissionsChecker, array($mixed));
}
}
$cp = new \Permissions($mixed);
return $cp->canViewPage();
}
$p = Pile::getDefault();
}
$a = Area::get($c, $_REQUEST['arHandle']);
$ap = new Permissions($a);
$aBlocks = $a->getAreaBlocksArray($c, $ap);
foreach ($aBlocks as $ab) {
$abp = new Permissions($ab);
if ($abp->canRead()) {
$p->add($ab);
}
}
break;
case 'add_prepare':
$c = Page::getByID($_REQUEST['cID']);
$cp = new Permissions($c);
if (!$cp->canViewPage()) {
exit;
}
$a = Area::get($c, $_REQUEST['arHandle']);
$ap = new Permissions($a);
if (!$ap->canViewArea() || !$ap->canAddBlocks()) {
exit;
}
break;
case 'delete_content':
if (is_array($_POST['pcID'])) {
foreach ($_POST['pcID'] as $pcID) {
$pc = PileContent::get($pcID);
$p = $pc->getPile();
if ($p->isMyPile()) {
$pc->delete();
public function quickSelect($key, $cID = false, $args = array())
{
$selectedCID = 0;
if (isset($_REQUEST[$key])) {
$selectedCID = $_REQUEST[$key];
} else {
if ($cID > 0) {
$selectedCID = $cID;
}
}
$cName = '';
if ($selectedCID > 0) {
$oc = Page::getByID($selectedCID);
$cp = new Permissions($oc);
if ($cp->canViewPage()) {
$cName = $oc->getCollectionName();
}
}
$form = Loader::helper('form');
$valt = Loader::helper('validation/token');
$token = $valt->generate('quick_page_select_' . $key);
$html .= "\n\t\t<script type=\"text/javascript\">\n\t\t\$(function () {\n\t\t\t\$('#ccm-quick-page-selector-label-" . $key . "').autocomplete({\n\t\t\t\tselect: function(e, ui) {\n\t\t\t\t\t\$('#ccm-quick-page-selector-label-" . $key . "').val(ui.item.label);\n\t\t\t\t\t\$('#ccm-quick-page-selector-value-" . $key . "').val(ui.item.value);\n\t\t\t\t\treturn false;\n\t\t\t\t},\n\t\t\t\topen: function(e, ui) {\n\t\t\t\t\t//\$('#ccm-quick-page-selector-label-" . $key . "').val('');\n\t\t\t\t\t\$('#ccm-quick-page-selector-value-" . $key . "').val('');\n\t\t\t\t},\n\t\t\t\tfocus: function(e, ui) {\n\t\t\t\t\t\$('#ccm-quick-page-selector-label-" . $key . "').val(ui.item.label);\n\t\t\t\t\treturn false;\n\t\t\t\t},\n\t\t\t\tsource: '" . REL_DIR_FILES_TOOLS_REQUIRED . "/pages/autocomplete?key=" . $key . "&token=" . $token . "'\n\t\t\t});\n\t\t\t\$('#ccm-quick-page-selector-label-" . $key . "').keydown(function(e) {\n\t\t\t\tif (e.keyCode == 13) {\n\t\t\t\t\te.preventDefault();\n\t\t\t\t}\n\t\t\t}).change(function(e) {\n\t\t\t\tif (\$('#ccm-quick-page-selector-label-" . $key . "').val() == '') {\n\t\t\t\t\t\$('#ccm-quick-page-selector-value-" . $key . "').val('');\n\t\t\t\t}\n\t\t\t});\n\t\t\t\$('#ccm-quick-page-selector-label-" . $key . "').autocomplete('widget').addClass('ccm-page-selector-autocomplete');\n\t\t} );\n\t\t</script>";
$html .= '<input type="hidden" id="ccm-quick-page-selector-value-' . $key . '" name="' . $key . '" value="' . $selectedCID . '" /><span class="ccm-quick-page-selector">
<input type="text" class="ccm-input-text" name="ccm-quick-page-selector-label-' . $key . '" id="ccm-quick-page-selector-label-' . $key . '" value="' . $cName . '" /></span>';
return $html;
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$ch = Page::getByPath('/dashboard/pages/types', 'RECENT');
$chp = new Permissions($ch);
if ($_REQUEST['ptID'] > 0) {
$pt = PageType::getByID($_REQUEST['ptID']);
$fsp = new Permissions($fs);
if ($chp->canViewPage()) {
Loader::element('permission/details/page_type', array("pagetype" => $pt));
}
}
public function getDashboardAndSearchMenus()
{
if (isset($_SESSION['dashboardMenus'][Localization::activeLocale()])) {
return $_SESSION['dashboardMenus'][Localization::activeLocale()];
}
$d = ConcreteDashboardMenu::getMine();
$items = $d->getItems();
ob_start();
?>
<div id="ccm-intelligent-search-results">
<?php
$page = Page::getByPath('/dashboard');
$children = $page->getCollectionChildrenArray(true);
$packagepages = array();
$corepages = array();
foreach ($children as $ch) {
$page = Page::getByID($ch);
$pageP = new Permissions($page);
if ($pageP->canRead()) {
if (!$page->getAttribute("exclude_nav")) {
if ($page->getPackageID() > 0) {
$packagepages[] = $page;
} else {
$corepages[] = $page;
}
}
} else {
continue;
}
if ($page->getAttribute('exclude_search_index')) {
continue;
}
if ($page->getCollectionPath() == '/dashboard/system') {
$ch2 = $page->getCollectionChildrenArray();
} else {
$ch2 = $page->getCollectionChildrenArray(true);
}
?>
<div class="ccm-intelligent-search-results-module ccm-intelligent-search-results-module-onsite">
<h1><?php
echo t($page->getCollectionName());
?>
</h1>
<ul class="ccm-intelligent-search-results-list">
<?php
if (count($ch2) == 0) {
?>
<li><a href="<?php
echo Loader::helper('navigation')->getLinkTocollection($page, false, true);
?>
"><?php
echo t($page->getCollectionName());
?>
</a><span><?php
echo t($page->getCollectionName());
?>
<?php
echo t($page->getAttribute('meta_keywords'));
?>
</span></li>
<?php
}
?>
<?php
if ($page->getCollectionPath() == '/dashboard/system') {
?>
<li><a href="<?php
echo Loader::helper('navigation')->getLinkTocollection($page, false, true);
?>
"><?php
echo t('View All');
?>
</a><span><?php
echo t($page->getCollectionName());
?>
<?php
echo t($page->getAttribute('meta_keywords'));
?>
</span></li>
<?php
}
foreach ($ch2 as $chi) {
$subpage = Page::getByID($chi);
$subpageP = new Permissions($subpage);
if (!$subpageP->canRead()) {
continue;
}
if ($subpage->getAttribute('exclude_search_index')) {
continue;
}
?>
<li><a href="<?php
echo Loader::helper('navigation')->getLinkTocollection($subpage, false, true);
?>
"><?php
echo t($subpage->getCollectionName());
?>
</a><span><?php
if ($page->getCollectionPath() != '/dashboard/system') {
echo t($page->getCollectionName());
?>
<?php
echo t($page->getAttribute('meta_keywords'));
?>
<?php
}
echo t($subpage->getCollectionName());
?>
<?php
echo t($subpage->getAttribute('meta_keywords'));
?>
</span></li>
<?php
}
?>
</ul>
</div>
<?php
}
$custHome = Page::getByPath('/dashboard/home');
$custHomeP = new Permissions($custHome);
if ($custHomeP->canRead()) {
?>
<div class="ccm-intelligent-search-results-module ccm-intelligent-search-results-module-onsite">
<h1><?php
echo t('Dashboard Home');
?>
</h1>
<ul class="ccm-intelligent-search-results-list">
<li><a href="<?php
echo View::url('/dashboard/home');
?>
"><?php
echo t('Customize');
?>
<span><?php
echo t('Customize Dashboard Home');
?>
</span></a></li>
</ul>
</div>
<?php
}
?>
<div class="ccm-intelligent-search-results-module ccm-intelligent-search-results-module-loading">
<h1><?php
echo t('Your Site');
?>
</h1>
<ul class="ccm-intelligent-search-results-list" id="ccm-intelligent-search-results-list-your-site">
</ul>
</div>
<?php
if (ENABLE_INTELLIGENT_SEARCH_HELP) {
?>
<div class="ccm-intelligent-search-results-module ccm-intelligent-search-results-module-offsite ccm-intelligent-search-results-module-loading">
<h1><?php
echo t('Help');
?>
</h1>
<ul class="ccm-intelligent-search-results-list" id="ccm-intelligent-search-results-list-help">
</ul>
</div>
<?php
}
?>
<?php
if (ENABLE_INTELLIGENT_SEARCH_MARKETPLACE) {
?>
<div class="ccm-intelligent-search-results-module ccm-intelligent-search-results-module-offsite ccm-intelligent-search-results-module-loading">
<h1><?php
echo t('Add-Ons');
?>
</h1>
<ul class="ccm-intelligent-search-results-list" id="ccm-intelligent-search-results-list-marketplace">
</ul>
</div>
<?php
}
?>
</div>
<div id="ccm-dashboard-overlay">
<div id="ccm-dashboard-overlay-core">
<div class="ccm-dashboard-overlay-inner" id="ccm-dashboard-overlay-main">
<!--recent-->
<?php
$currentHeader = false;
$x = 0;
$itemsChanged = false;
foreach ($items as $path) {
$p = Page::getByPath($path, 'ACTIVE');
// If page is not found etc, remove it from items
if ($p->isError()) {
$d->remove($p);
$itemsChanged = true;
continue;
}
$pc = new Permissions($p);
if ($pc->canViewPage()) {
$name = t($p->getCollectionName());
$parent = Page::getByID($p->getCollectionParentID(), 'ACTIVE');
if ($parent->getCollectionPath() == '/dashboard') {
$parent = $p;
$name = t('Home');
}
if ($currentHeader != $parent->getCollectionID()) {
?>
<?php
if ($currentHeader != false) {
?>
</ul>
</div>
<?php
$x++;
?>
<?php
if ($x % 4 == 0) {
?>
<div class="clearfix" style="padding-bottom: 0px"></div>
<?php
}
?>
<?php
}
?>
<div class="ccm-dashboard-overlay-module">
<h1><?php
echo t($parent->getCollectionName());
?>
</h1>
<ul>
<?php
$currentHeader = $parent->getCollectionID();
?>
<?php
}
?>
<li><a href="<?php
echo Loader::helper('navigation')->getLinkToCollection($p, false, true);
?>
"><?php
echo $name;
?>
</a></li>
<?php
}
?>
<?php
}
?>
<?php
if ($itemsChanged) {
$u = new User();
$u->saveConfig('QUICK_NAV_BOOKMARKS', serialize($d));
}
?>
<?php
if ($currentHeader != false) {
?>
</ul>
</div>
<?php
}
?>
</div>
</div>
<div id="ccm-dashboard-overlay-misc" class="ccm-dashboard-overlay-misc-rounded">
<div class="ccm-dashboard-overlay-inner">
<?php
// Before we throw in a UL, we check permissions, etc. to see if any of the LI items need to be shown.
$systemNews = Page::getByPath('/dashboard/news');
$systemNewsP = new Permissions($systemNews);
$canAccessNews = $systemNewsP->canRead();
$systemSettings = Page::getByPath('/dashboard/system');
$systemSettingsP = new Permissions($systemSettings);
$canAccessSystem = $systemSettingsP->canRead();
$tpa = new TaskPermission();
$canAccessExtend = $tpa->canInstallPackages();
$systemExtend = Page::getByPath('/dashboard/extend');
$systemExtendP = new Permissions($systemExtend);
$canViewExtend = $systemExtendP->canRead();
// If any need to be shown then we proceed...
if ($canAccessNews || $canAccessSystem || $canAccessExtend && $canViewExtend) {
?>
<ul>
<?php
if ($canAccessNews) {
?>
<li><a href="<?php
echo View::url('/dashboard/news');
?>
"><strong><?php
echo t('News');
?>
</strong></a> – <?php
echo t('Learn about your site and concrete5.');
?>
</li>
<?php
}
?>
<?php
if ($canAccessSystem) {
?>
<li><a href="<?php
echo View::url('/dashboard/system');
?>
"><strong><?php
echo t('System & Settings');
?>
</strong></a> – <?php
echo t('Secure and setup your site.');
?>
</li>
<?php
}
?>
<?php
if ($canAccessExtend && $canViewExtend) {
?>
<li><a href="<?php
echo View::url('/dashboard/extend');
?>
"><strong><?php
echo t("Extend concrete5");
?>
</strong></a> –
<?php
if (ENABLE_MARKETPLACE_SUPPORT) {
?>
<?php
echo sprintf(t('<a href="%s">Install</a>, <a href="%s">update</a> or download more <a href="%s">themes</a> and <a href="%s">add-ons</a>.'), View::url('/dashboard/extend/install'), View::url('/dashboard/extend/update'), View::url('/dashboard/extend/themes'), View::url('/dashboard/extend/add-ons'));
?>
<?php
} else {
?>
<?php
echo sprintf(t('<a href="%s">Install</a> or <a href="%s">update</a> packages.'), View::url('/dashboard/extend/install'), View::url('/dashboard/extend/update'));
?>
<?php
}
?>
</li>
<?php
}
?>
</ul>
<?php
}
?>
</div>
</div>
<div id="ccm-dashboard-overlay-footer">
<div class="ccm-dashboard-overlay-inner">
<a href="<?php
echo View::url('/dashboard');
?>
"><?php
echo t('View Full Dashboard');
?>
<i class="icon-arrow-right"></i></a>
</div>
</div>
</div>
<?php
$html = ob_get_contents();
ob_end_clean();
return str_replace(array("\n", "\r", "\t"), "", $html);
}
public function canViewGatheringItem()
{
$cp = new Permissions($this->page);
return $cp->canViewPage();
}
protected function canAccess()
{
$c = \Page::getByPath('/dashboard/express/entities');
$cp = new \Permissions($c);
return $cp->canViewPage();
}