/** * Validate if everything is correct */ function validate() { // first of all, check if we have a valid blog id $this->_blogId = $this->_request->getValue("blogId"); if ($this->_blogId == "" || $this->_blogId < 0) { // check if the user really belongs to one or more blogs and if not, quit $users = new Users(); $userBlogs = $users->getUsersBlogs($this->_userInfo->getId(), BLOG_STATUS_ACTIVE); if (count($userBlogs) == 0) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_dont_belong_to_any_blog")); return false; } // if everything went fine, then we can continue... $this->_view = new AdminDashboardView($this->_userInfo, $userBlogs); return false; } // load the blog $blogs = new Blogs(); $this->_blogInfo = $blogs->getBlogInfo($this->_blogId); // check if the blog really exists if (!$this->_blogInfo) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id")); return false; } // if so, check that it is active if ($this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id")); return false; } // if the blog identifier is valid, now we should now check if the user belongs // to that blog so that we know for sure that nobody has tried to forge the // parameter in the meantime $userPermissions = new UserPermissions(); $blogUserPermissions = $userPermissions->getUserPermissions($this->_userInfo->getId(), $this->_blogInfo->getId()); if (!$blogUserPermissions) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_no_permissions")); return false; } // if all correct, we can now set the blogInfo object in the session for later // use $this->_session->setValue("blogInfo", $this->_blogInfo); $session = HttpVars::getSession(); $session["SessionInfo"] = $this->_session; HttpVars::setSession($session); return true; }
function perform() { // fetch the validated data $this->_userName = Textfilter::filterAllHTML($this->_request->getValue("userName")); $this->_userPassword = $this->_request->getValue("newUserPassword"); $this->_userEmail = Textfilter::filterAllHTML($this->_request->getValue("userEmail")); $this->_userFullName = Textfilter::filterAllHTML($this->_request->getValue("userFullName")); $this->_userStatus = $this->_request->getValue("userStatus"); $this->_userBlog = $this->_request->getValue("userBlog"); // now that we have validated the data, we can proceed to create the user, making // sure that it doesn't already exists $users = new Users(); $userInfo = $users->userExists($this->_userName); if ($userInfo) { $this->_form->setFieldValidationStatus("userName", false); $this->_view = new AdminAddUserView($this->_blogInfo); $this->setCommonData(true); return false; } // otherwise, we can create a new one $user = new UserInfo($this->_userName, $this->_userPassword, $this->_userEmail, "", $this->_userFullName, 0, $this->_properties); $user->setStatus($this->_userStatus); $this->notifyEvent(EVENT_PRE_USER_ADD, array("user" => &$user)); $newUserId = $users->addUser($user); if (!$newUserId) { $this->_view = new AdminAddUserView($this->_blogInfo); $this->_form->setFieldValidationStatus("userName", false); $this->setCommonData(true); return false; } // if the userBlog parameter is different than 0, we have to add a relationship // between that user and the blog if ($this->_userBlog > 0) { $permissions = new UserPermissions(); $result = $permissions->grantPermission($newUserId, $this->_userBlog, PERMISSION_BLOG_USER); } $this->notifyEvent(EVENT_POST_USER_ADD, array("user" => &$user)); $this->_view = new AdminSiteUsersListView($this->_blogInfo); $this->_view->setSuccessMessage($this->_locale->pr("user_added_ok", $user->getUsername())); $this->setCommonData(); return true; }
/** * Default action for TinyMCE Responsive File Manager. Config file available * via <code>\ResponsiveFileManager::$aConfig</code> variable. For * non-commercial usage only. * * @access public * @since 1.0.0-dev * @version 1.0.1 */ public function actionDefault() { $sFileManagerAction = Router::getParam('fmaction'); if (!in_array($sFileManagerAction, ['dialog', 'ajax_calls', 'execute', 'force_download', 'upload'])) { throw new Code404Exception(); } if (!\UserPermissions::hasPerm('wysiwyg_filemanager')) { throw new Code401Exception(); } $sLang = Router::getLang(); \ResponsiveFileManager::$aConfig['default_language'] = $sLang; }
function _revokePermissions() { // now that we have the list of users we'd like to remove // let's go through it and remove those that have been selected $users = new Users(); $userPermissions = new UserPermissions(); $successMessage = ""; $errorMessage = ""; $totalOk = 0; foreach ($this->_userIds as $userId) { $res = $userPermissions->revokePermission($userId, $this->_blogInfo->getId(), PERMISSION_BLOG_USER); $userInfo = $users->getUserInfoFromId($userId); if ($res) { $totalOk++; if ($totalOk < 2) { $successMessage = $this->_locale->pr("user_removed_from_blog_ok", $userInfo->getUsername()); } else { $successMessage = $this->_locale->pr("users_removed_from_blog_ok", $totalOk); } } else { if ($userInfo) { $errorMessage .= $this->_locale->pr("error_removing_user_from_blog", $userInfo->getUsername()) . "<br/>"; } else { $errorMessage .= $this->_locale->pr("error_removing_user_from_blog2", $userId) . "<br/>"; } } } $this->_view = new AdminBlogUsersListView($this->_blogInfo); if ($successMessage != "") { $this->_view->setSuccessMessage($successMessage); } if ($errorMessage != "") { $this->_view->setErrorMessage($errorMessage); } $this->setCommonData(); return true; }
function perform() { $this->_notificationText = $this->_request->getValue("newBlogUserText"); $this->_newUsername = Textfilter::filterAllHTML($this->_request->getValue("newBlogUserName")); // see if the user exists $users = new Users(); $userInfo = $users->getUserInfoFromUsername($this->_newUsername); if (!$userInfo) { $this->_view = new AdminTemplatedView($this->_blogInfo, "addbloguser"); $this->_view->setErrorMessage($this->_locale->pr("error_invalid_user"), $this->_newUsername); $this->_form->setFieldValidationStatus("newBlogUserName", false); $this->setCommonData(true); return false; } $this->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo)); // now we can add this user to the blog $userPerms = new UserPermissions(); $res = $userPerms->grantPermission($userInfo->getId(), $this->_blogInfo->getId(), PERMISSION_BLOG_USER); $this->notifyEvent(EVENT_PRE_USER_UPDATE, array("user" => &$userInfo)); if (!$res) { // there was an error adding the user to the blog $this->_view = new AdminTemplatedView($this->_blogInfo, "addbloguser"); $this->_view->setErrorMessage($this->_locale->pr("error_adding_user", $userInfo->getUsername())); $this->setCommonData(); return false; } $this->notifyEvent(EVENT_POST_USER_UPDATE, array("user" => &$userInfo)); // send a notification if enabled if ($this->_sendNotification) { $this->sendNotificationEmail($userInfo); } $this->_view = new AdminBlogUsersListView($this->_blogInfo); $this->_view->setSuccessMessage($this->_locale->pr("user_added_to_blog_ok", $userInfo->getUsername())); $this->setCommonData(); return true; }
/** * Action used to do multileveled sort on model entities. * * @access public * @since 1.0.0-alpha * @version 1.0.0-alpha */ public function actionSortList() { // check access if (!\UserPermissions::hasPerm('backend_ajax_sort_list')) { Route::factory('home')->redirectTo(); } // @TODO: check permissions $sObjects = filter_input(INPUT_POST, 'objects'); $sModel = filter_input(INPUT_POST, 'model'); $aObjectsTmp = []; $aOrderNumber = []; // if list of objects is empty if (empty($sObjects)) { $this->setStatus('error'); return __('List of objects is empty.'); } // parse objects array from query string parse_str($sObjects, $aObjectsTmp); $aObjects = $aObjectsTmp['object']; // rewrite each object foreach ($aObjects as $iID => $sParentID) { if ($sParentID === 'null') { $sParentID = 0; } $iParentID = (int) $sParentID; if (!isset($aOrderNumber[$iParentID])) { $aOrderNumber[$iParentID] = 0; } $aObjects[$iID] = ['order_parent' => $iParentID, 'order' => $aOrderNumber[$iParentID]]; $aOrderNumber[$iParentID]++; } // check if particular model has `order` property if (!property_exists($sModel, 'order_number')) { $this->setStatus('error'); return __('Wrong node type.'); } // get all model instances $aEntities = DB::query('SELECT t FROM ' . $sModel . ' t WHERE t.id IN (:list)')->param('list', array_keys($aObjects))->execute(); foreach ($aEntities as $oEntity) { /* @var $oEntity ModelCore|ModelCore\Traits\Sortable */ $aObjData = $aObjects[$oEntity->getId()]; $oEntity->setOrderNumber($aObjData['order']); $oEntity->setOrderParent($aObjData['order_parent']); $oEntity->save(); DB::flush(); } return 'saved'; }
/** * Constructor. * * @access public * @since 1.0.0-alpha * @version 1.0.0-alpha */ public function __construct() { # initialize theme Theme::initBackend(); # call parent parent::__construct(); if ($this->sModel !== NULL) { $this->setModel(new $this->sModel()); } if (!User::isLogged() || !\UserPermissions::hasPerm(static::PERM_ADMIN_ACCESS)) { Route::factory('home')->redirectTo(); } // set body classes $this->addBodyClass('skin-red'); // add main breadcrumbs and title $this->alterBreadcrumbsTitleMain(); // reset JavaScripts and CSS $this->resetCss(); $this->resetJs(); // add CSS and JavaScript files $this->addCss('https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700&subset=latin,latin-ext'); $this->addCss('https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css'); $this->addCss('https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css'); $this->addCssByTheme('/bootstrap/css/bootstrap.min.css'); $this->addCssByTheme('/css/backend.css'); $this->addJsByTheme('/plugins/jQuery/jQuery-2.1.4.min.js'); $this->addJsByTheme('/plugins/jQueryUI/jquery-ui.min.js'); $this->addJsByTheme('/bootstrap/js/bootstrap.min.js'); $this->addJsByTheme('/js/backend.js'); $this->addJsByTheme('/js/jquery.mjs.nestedSortable.js'); $this->addJsByTheme('/js/app.min.js'); $this->addJsByTheme('/js/backend_after_theme_load.js'); # add viewport $this->addMetaTagRegular('viewport', 'width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no'); // generate menu $menuView = $this->generateMenu(); $this->oViewBody->bind('menu', $menuView); }
/** * ACTION - User login. * * @access public * @return View * @since 1.0.2, 2013-12-07 * @version 1.0.7-dev, 2015-05-04 */ public function actionLogin() { $this->setTitle(Core::getAppName() . ' - ' . __('Login form')); $this->addBreadCrumb(__('Login form')); $oLoggedUser = Model\User::getLoggedUser(); if ($oLoggedUser instanceof Model\User) { Route::factory('user_profile')->redirectTo(['id' => $oLoggedUser->getId()]); } $failedLogins = \User\LoginFail::getCachedData(); if ($failedLogins > 4) { return View::factory('base/alert')->set('sType', 'danger')->set('sMsg', __('to.many.incorrect.logins')); } $oLoginForm = Form::factory('login'); $oLoginForm->addField(Form\Field\Text::factory('login', $oLoginForm)); $oLoginForm->addField(Form\Field\Password::factory('password', $oLoginForm)); if ($oLoginForm->isSubmittedAndValid()) { $sUsername = $oLoginForm->get('login'); $sPassword = $oLoginForm->get('password'); $sEncryptedPassword = Helper\Encrypter::factory()->encrypt($sUsername, $sPassword); $oUser = DB::query("SELECT u FROM \\Model\\User u WHERE u.login = :login AND u.password = :pass")->param('login', $sUsername)->param('pass', $sEncryptedPassword)->single(); if ($oUser instanceof Model\User) { Session::set('username', $sUsername); Session::set('uid', (int) $oUser->getId()); $oUser->setLoginDateNOW(); DB::flush(); # Get role permissions for particular user and set them in session \UserPermissions::reset(); Route::factory(Router::getCurrentRouteName())->redirectTo(); } else { $currentUrl = Router::currentUrl(); $alert = __('You have entered wrong username or password. Try again.'); \User\LoginFail::addLoginFail(); Session::flash($currentUrl, $alert, 'danger'); } } $oLoginForm->addToSuffix(View::factory('user/frontend/login_links')->render()); return View::factory('base/form')->bind('oForm', $oLoginForm); }
/** * 检查用户是否可以读取Swf模块 * * @param string $modular ep:Email.inbox * @return bool */ public function checkSwfPermission($modular) { if ($this->checkNotAuthSwf($modular) && !$this->checkRequireAuthSwf($modular)) { return true; } if (!($uid = Session::get(USER_AUTH_KEY))) { return false; } if (Session::is_setLocal('administrator')) { return true; } if ("MDI.Desktop" == $modular) { return true; } $accessList = Session::get('_ACCESS_LIST'); if (!$accessList) { $accessList = UserPermissions::getGUIPermissions($uid); } if (array_key_exists($modular, $accessList)) { return true; } return false; }
/** * Removes users from the database * * @param userId The identifier of the user we are trying to remove */ function deleteUser($userId) { // first, delete all of his/her permissions $perms = new UserPermissions(); $perms->revokeUserPermissions($userId); $query = "DELETE FROM " . $this->getPrefix() . "users WHERE id = {$userId};"; $result = $this->Execute($query); if (!$result) { return false; } if ($this->_db->Affected_Rows() == 0) { return false; } return true; }
if ($stmt = $mysqli->prepare("SELECT group_id FROM users\n WHERE username = ?\n LIMIT 1")) { $stmt->bind_param('s', $_SESSION['username']); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($user_group); $stmt->fetch(); //get the user's permissions if ($stmt = $mysqli->prepare("SELECT permissions FROM groups\n WHERE id = ?\n LIMIT 1")) { $stmt->bind_param('s', $user_group); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($user_permissions); $stmt->fetch(); $user_permission = new UserPermissions($user_permissions); //echo 'Permissions set'; } else { echo 'Database or SQL error'; } } else { echo 'Database or SQL error'; } //echo "Starting Tests..."; //run some tests if ($user_group == 1) { //standard user //echo "for standard user"; if (!$user_permission->hasPermission(UserPermissions::READ_ACCOUNT) == true) { echo "failed test 1"; }
/** * @private */ function getUsersInfo() { if ($this->_usersInfo == null) { $userpermissions = new UserPermissions(); $blogUsers = $userpermissions->getBlogUsers($this->getId()); $this->setUsersInfo($blogUsers); } return $this->_usersInfo; }
} // // check if the plugin has been enabled for this blog // $blogSettings = $blogInfo->getSettings(); $pluginEnabled = $blogSettings->getValue("plugin_moblog_enabled"); if (!$pluginEnabled) { $response = new MoblogResponse($request->getReplyTo(), "pLog Moblog: Error", "The plugin has not been enabled for this blog."); MoblogLogger::log("Plugin not enabled for blog " . $request->getBlogId()); $response->send(); return false; } // // now check if the user has permissions over the blog // $userPermissions = new UserPermissions(); $userPerm = $userPermissions->getUserPermissions($userInfo->getId(), $blogInfo->getId()); if (!$userPerm) { $response = new MoblogResponse($request->getReplyTo(), "pLog Moblog: Error", "You have no permissions in the given blog."); MoblogLogger::log("User '" . $request->getUser() . "' has no permissions in blog " . $request->getBlogId()); $response->send(); return false; } // // if everything's correct, then we can proceed to find if the category // chosen by the user exists. Since there is no way to fetch a category by its name, // we'll have to fetch them all and loop through them // $articleCategories = new ArticleCategories(); // load the category as defined in the plugin settings page $categoryId = $blogSettings->getValue("plugin_moblog_article_category_id");
/** * Check if currently logged user has access to this route. * * @access public * @param array $aParams * @return bool * @sicne 1.0.0-alpha * @version 1.0.0-alpha */ public function hasAccess(array $aParams = []) { // check if access was verified previously if ($this->hasAccess !== NULL) { return $this->hasAccess; } // firstly, check required permissions foreach ($this->getPermissions() as $sPermission) { if (\UserPermissions::hasPerm($sPermission) === FALSE) { return $this->hasAccess = FALSE; } } // secondly, check access functions foreach ($this->getAccessFunctions() as $oFunction) { /* @var $oFunction \Closure */ if ($oFunction($this, $aParams) === FALSE) { return $this->hasAccess = FALSE; } } // return TRUE = has access return $this->hasAccess = TRUE; }
public function updatepermission($id) { if (ACL::checkUserPermission('user.permission') == false) { return Redirect::action('dashboard'); } if (Input::has('permission')) { $permission = Input::get('permission'); $userpermission = ACL::saveUserPermission($id, $permission); } else { UserPermissions::where('user_id', '=', $id)->delete(); } $message = 'User Permission has been modified'; return Redirect::action('')->with('success', $message); }
/** * Removes a blog from the database. It also removes all its posts, its posts categories * its links, its links categories, its trackbacks and its comments * * @param blogId the id of the blog we'd like to delete */ function deleteBlog($blogId) { // first of all, delete the posts $articles = new Articles(); $articles->deleteBlogPosts($blogId); // next is to remove the article categories $articleCategories = new ArticleCategories(); $articleCategories->deleteBlogCategories($blogId); // next, all the links and links categories $myLinks = new MyLinks(); $myLinks->deleteBlogMyLinks($blogId); $myLinksCategories = new MyLinksCategories(); $myLinksCategories->deleteBlogMyLinksCategories($blogId); // the permissions for the blog $perms = new UserPermissions(); $perms->revokeBlogPermissions($blogId); // and finally, delete the blog $query = "DELETE FROM " . $this->getPrefix() . "blogs WHERE id = {$blogId}"; $result = $this->Execute($query); return $result; }
/** * Method which can be used to overwrite of access checking operation.. * * @access protected * @throws Exception\Fatal * @throws Exception\Code403 * @since 1.0.0-alpha * @version 1.0.0-alpha */ protected function alterListAccess() { if (!$this->getModel() instanceof ModelCore) { throw new Exception\Fatal('Model of this backend site is not defined. Set `$sModel` variable in your backend controller.'); } if (!\UserPermissions::hasPerm($this->getPermissionPrefix() . 'edit_own') && !\UserPermissions::hasPerm($this->getPermissionPrefix() . 'delete_own')) { throw new Exception\Code403(__('Permission denied.')); } }
/** * Fields config for backend. * * @access public * @return MConfig * @since 1.0.0 * @version 2.1.0-dev */ protected static function generateConfig() { # get all permissions list $aRoles = []; $aResult = DB::queryList('\\Model\\User\\Role')->execute(); foreach ($aResult as $oRole) { /* @var $oRole User\Role */ $aRoles[] = ['value' => $oRole->getId(), 'label' => $oRole->getName()]; } # get config from parent $config = parent::generateConfig(); # create fields $config->addField(FormField\Hidden::singleton('id')->setLabel(__('ID'))->setDisabled()); $config->addField(FormFieldPassword::singleton('password')->setLabel(__('Password'))->addRulesSet(RulesSetBuilder\String::factory()->containNumbers(':value')->containText(':value')->containUppercase(':value')->containCustomCharacters(':value'))); $config->addField(FormField\Text::singleton('login')->setLabel('Login')->addTipParagraph(__('This value can contain only letters, numbers and "-" or "_" characters.'))->setDisabled()->addRulesSet(RulesSetBuilder\String::factory()->onlyLettersNumsAndChars(':value', '\\-_', __('This value can contain only letters, numbers and "-" or "_" characters.')))->addRulesSet(RulesSetBuilder\Database::factory()->unique(':value', ':valuefrom:id', '\\Model\\User', 'login'))); $config->addField(FormField\Text::singleton('email')->setLabel('E-mail')->setDisabled()->addRulesSet(RulesSetBuilder\String::factory()->email(':value'))->addRulesSet(RulesSetBuilder\Database::factory()->unique(':value', ':valuefrom:id', '\\Model\\User', 'email'))); $config->addField(FormField\Text::singleton('firstname')->setLabel(__('Firstname'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value'))); $config->addField(FormField\Text::singleton('lastname')->setLabel(__('Lastname'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value'))); $config->addField(FormField\Text::singleton('nickname')->setLabel(__('Nickname'))); $config->addField(FormField\ImageModel::singleton('image')->setBrokerModel('\\Model\\User\\Image')->setUploadPath('uploads/users/image')->setLabel(__('Image'))->addRulesSet(RulesSetBuilder\FileModel::factory()->allowedExt(':value', ['jpg', 'png', 'gif'])->maxSize(':value', 1024))); $config->addField(FormField\Text::singleton('city')->setLabel(__('City'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value'))); $config->addField(FormField\Textarea::singleton('description')->setLabel(__('Description'))); if (\UserPermissions::hasPerm('users_edit')) { $config->addField(CheckboxRelationFormField::singleton('roles')->setRelatedModelName('\\Model\\User\\Role')->setOptions($aRoles)->setLabel(__('Roles'))); } $config->addFieldFormatter('registration_date', FieldFormatterDate::factory()); $config->addFieldFormatter('login_date', FieldFormatterDate::factory()); # return config return $config; }
<?php use Plethora\Route; use Plethora\Router; # home Router::addRoute('home', '/'); # 404 Router::addRoute('err404', '/err404')->setController('Frontend\\Error404'); # cron Router::addRoute('cron', '/cron/{token}')->setController('Cron'); # cron - clear temp directory Router::addRoute('cron_clear_temp', '/cron_clear_temp')->setController('Cron')->setAction('ClearTemp'); # changelog Router::addRoute('framework_changelog', '/fw/changelog')->setController('Base')->setAction('Changelog')->addDefault('package', 'Backend'); # backend Router::addRoute('backend', '/a(/{controller}(/{action}(/{id}(/{extra}))))')->setController('Dashboard')->addParameterType('id', '[a-zA-Z0-9]+')->addParameterType('extra', '[a-zA-Z0-9]+')->addParameterType('controller', '[a-zA-Z0-9_]+')->addParameterType('action', '[a-zA-Z0-9_]+')->addDefault('package', 'Backend')->addDefault('css', 'backend')->addDefault('id', NULL)->addDefault('extra', NULL)->addAccessFunction(function (Route $oRoute, array $aParams = []) { $sClass = '\\Controller\\Backend\\' . str_replace('_', '\\', ucfirst($aParams['controller'])); $sPrefix = call_user_func([$sClass, 'getPermissionPrefix']); $sPermission = $sPrefix . $aParams['action']; return UserPermissions::hasPerm($sPermission); }); # AJAX Router::addRoute('ajax', '/ajax(/{controller}(/{action}(/{id}(/{extra}))))')->setController('Dashboard')->addParameterType('id', '[a-zA-Z0-9]+')->addParameterType('extra', '[a-zA-Z0-9]+')->addParameterType('controller', '[a-zA-Z0-9_]+')->addParameterType('action', '[a-zA-Z0-9_]+')->addDefault('package', 'Ajax')->addDefault('css', 'backend')->addDefault('id', NULL)->addDefault('extra', NULL)->addAccessFunction(function (Route $oRoute, array $aParams = []) { $sClass = '\\Controller\\Backend\\' . str_replace('_', '\\', ucfirst($aParams['controller'])); $sPrefix = call_user_func([$sClass, 'getPermissionPrefix']); $sPermission = $sPrefix . $aParams['action']; return UserPermissions::hasPerm($sPermission); });
/** * Carries out the specified action */ function perform() { // fetch the values from the form which have already been validated $this->_blogName = Textfilter::filterAllHTML($this->_request->getValue("blogName")); $this->_blogLocale = $this->_request->getValue("blogLocale"); $this->_blogTemplate = $this->_request->getValue("blogTemplate"); $this->_blogOwner = $this->_request->getValue("blogOwner"); $this->_editBlogId = $this->_request->getValue("blogId"); $this->_blogTimeOffset = $this->_request->getValue("blogTimeOffset"); $this->_blogProperties = $this->_request->getValue("properties"); $this->_blogQuota = $this->_request->getValue("blogResourcesQuota"); $this->_blogUsers = $this->_request->getValue("blogUsers"); $this->_blogStatus = $this->_request->getValue("blogStatus"); //print_r($_REQUEST); // get the blog we're trying to update $blogs = new Blogs(); $blogInfo = $blogs->getBlogInfo($this->_editBlogId); if (!$blogInfo) { $this->_view = new AdminSiteBlogsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->tr("error_fetching_blog")); $this->setCommonData(); return false; } $this->notifyEvent(EVENT_BLOG_LOADED, array("blog" => &$blogInfo)); // make sure that the user we'd like to set as owner exists $users = new Users(); $userInfo = $users->getUserInfoFromId($this->_blogOwner); if (!$userInfo) { $this->_view = new AdminSiteBlogsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_blog_owner")); $this->setCommonData(); return false; } $this->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo)); // set the different settings $blogSettings = $blogInfo->getSettings(); $blogSettings->setValue("locale", $this->_blogLocale); $blogSettings->setValue("template", $this->_blogTemplate); $blogSettings->setValue("time_offset", $this->_blogTimeOffset); $blogInfo->setSettings($blogSettings); $blogInfo->setResourcesQuota($this->_blogQuota); $blogInfo->setBlog($this->_blogName); $blogInfo->setProperties($this->_blogProperties); $blogInfo->setOwner($this->_blogOwner); $blogInfo->setStatus($this->_blogStatus); $blogInfo->setMangledBlog(Textfilter::urlize($blogInfo->getBlog())); $this->notifyEvent(EVENT_PRE_BLOG_UPDATE, array("blog" => &$blogInfo)); if (!$blogs->updateBlog($blogInfo->getId(), $blogInfo)) { $this->_view = new AdminSiteBlogsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->pr("error_updating_blog_settings", $blogInfo->getBlog())); $this->setCommonData(); return false; } // update the user permissions, even if they didn't change (but we have no way to // check that anyway!) $permissions = new UserPermissions(); if (!$permissions->updateBlogUserPermissions($this->_editBlogId, $this->_blogUsers)) { $this->_view = new AdminSiteBlogsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->pr("error_updating_blog_settings", $blogInfo->getBlog())); $this->setCommonData(); return false; } $this->notifyEvent(EVENT_POST_BLOG_UPDATE, array("blog" => &$blogInfo)); // do it again, baby :))) if ($this->_blogInfo->getId() == $blogInfo->getId()) { $this->_blogInfo->setSettings($blogSettings); $blogInfo->setProperties($this->_blogProperties); $this->_session->setValue("blogInfo", $this->_blogInfo); $this->saveSession(); } // if everything went fine, we can show a nice message $this->_view = new AdminSiteBlogsListView($this->_blogInfo); $this->_view->setSuccessMessage($this->_locale->pr("edit_blog_settings_updated_ok", $blogInfo->getBlog())); $this->setCommonData(); // clear the cache CacheControl::resetBlogCache($blogInfo->getId()); // better to return true if everything fine return true; }
/** * Create response for particular Controller. * * @access public * @param View $oContent * @return Response * @since 1.0.0-alpha * @version 1.0.0-alpha */ public function createResponse(View $oContent = NULL) { if (is_null($oContent)) { $oContent = $this->{Router::getActionName()}(); $this->afterAction(); } $sContent = ''; if ($oContent !== NULL) { $this->oView->bind('oContent', $oContent); // developers toolbar - CSS if (Router::hasModule('dev_toolbar') && \UserPermissions::hasPerm('dev_toolbar')) { $this->addJs('/themes/_common/js/dev_toolbar.js'); $this->addCss('/themes/backend/css/dev_toolbar.css'); $this->addBodyClass('dev_toolbar'); } // render page View $sContent = $this->oViewMain->render(); // add last benchmark Benchmark::mark('end'); // developers toolbar if (Router::hasModule('dev_toolbar') && \UserPermissions::hasPerm('dev_toolbar')) { $sToolbar = \DevToolbar\Toolbar::factory()->render(); $sContent = str_replace('</body>', $sToolbar . '</body>', $sContent); } } // create response $oResponse = new Response(); $oResponse->setContent($sContent); // clear temp data after response creation Session::clearTempData(); // return response return $oResponse; }
/** * Save User Permission into acl_user_permissions */ public static function saveUserPermission($userId, $data = array()) { UserPermissions::where('user_id', '=', $userId)->delete(); foreach ($data as $key => $val) { if ($val != "" || $val != null) { $userpermission = new UserPermissions(); $userpermission->user_id = $userId; $userpermission->permission_id = $key; $userpermission->value = $val; $userpermission->date_created = new DateTime(); $userpermission->save(); } } }
public function actionGrandpermission($id) { $model = $this->loadModeluser($id); $permission = Permission::model()->findAll(); $grand = UserPermissions::model()->findAll("userid = :uid", array(":uid" => $model->id)); $arr = array(); foreach ($grand as $allow) { array_push($arr, $allow->permission_id); } if (isset($_POST['permission'])) { $collect = $_POST["permission"]; UserPermissions::model()->deleteAll("userid = :uid", array(":uid" => $model->id)); foreach ($collect as $item) { $up = new UserPermissions(); $up->userid = $model->id; $up->permission_id = $item; $up->save(); } $this->redirect("/adminuser"); } $this->render('grandpermission', array('model' => $model, 'permission' => $permission, 'grand' => $arr)); }