/** * Assign details * * A little different from those in other classes, this one only returns the info ready for output */ public function assign_details($output_text = true) { $details = array('POST_ID' => $this->post_id, 'TOPIC_ID' => $this->topic_id, 'POST_TYPE' => $this->post_type, 'POST_ACCESS' => $this->post_access, 'POST_LOCKED' => $this->post_locked, 'POST_ATTACHMENT' => $this->post_attachment, 'POST_USER_ID' => $this->post_user_id, 'POST_IP' => phpbb::$auth->acl_get('u_titania_mod_post_mod') ? $this->post_ip : false, 'POST_TIME' => phpbb::$user->format_date($this->post_time), 'POST_EDIT_REASON' => censor_text($this->post_edit_reason), 'POST_SUBJECT' => censor_text($this->post_subject), 'POST_TEXT' => $output_text ? $this->generate_text_for_display() : '', 'EDITED_MESSAGE' => $this->post_edited ? sprintf(phpbb::$user->lang['EDITED_MESSAGE'], users_overlord::get_user($this->post_edit_user, '_full'), phpbb::$user->format_date($this->post_edited)) : '', 'DELETED_MESSAGE' => $this->post_deleted != 0 ? sprintf(phpbb::$user->lang['DELETED_MESSAGE'], users_overlord::get_user($this->post_delete_user, '_full'), phpbb::$user->format_date($this->post_deleted), $this->get_url('undelete')) : '', 'U_VIEW' => $this->get_url(), 'U_EDIT' => $this->acl_get('edit') ? $this->get_url('edit') : '', 'U_QUICKEDIT' => $this->acl_get('edit') ? $this->get_url('quick_edit') : '', 'U_DELETE' => $this->acl_get('delete') && (!$this->post_deleted || phpbb::$auth->acl_get('u_titania_post_hard_delete')) ? $this->get_url('delete') : '', 'U_REPORT' => phpbb::$user->data['is_registered'] ? $this->get_url('report') : '', 'U_WARN' => false, 'U_INFO' => phpbb::$auth->acl_gets('u_titania_mod_author_mod', 'u_titania_mod_contrib_mod', 'u_titania_mod_faq_mod', 'u_titania_mod_post_mod') || $this->types->find_authed('moderate') ? $this->controller_helper->route('phpbb.titania.manage.attention.redirect', array('type' => TITANIA_POST, 'id' => $this->post_id)) : '', 'U_QUOTE' => $this->acl_get('post') ? $this->get_url('quote') : '', 'S_UNREAD_POST' => $this->unread ? true : false, 'S_POST_APPROVED' => phpbb::$auth->acl_get('u_titania_mod_post_mod') ? $this->post_approved : true, 'S_POST_REPORTED' => phpbb::$auth->acl_get('u_titania_mod_post_mod') ? $this->post_reported : false, 'S_POST_DELETED' => $this->post_deleted != 0 ? true : false, 'S_ACCESS_TEAMS' => $this->access->is_team($this->post_access), 'S_ACCESS_AUTHORS' => $this->access->is_author($this->post_access)); // Hooks titania::$hook->call_hook_ref(array(__CLASS__, __FUNCTION__), $details, $this); return $details; }
/** * Set user's access level. * * @return null */ protected function set_access_level() { if ($this->access->is_public() && $this->user->data['is_registered'] && !$this->user->data['is_bot']) { if ($this->is_author) { $this->access->set_level(access::AUTHOR_LEVEL); } } }
/** * Get the postcount for displaying * * @param int|bool $access_level Bool False to get the post count for the current user, access level id for finding from a specific level * * @return int The post count for the current user's access level */ public function get_postcount($access_level = false) { if ($access_level === false) { $access_level = $this->access->get_level(); } $is_mod = phpbb::$auth->acl_get('u_titania_mod_post_mod'); $flags = count::get_flags($access_level, $is_mod, $is_mod); return count::from_db($this->topic_posts, $flags); }
/** * Load author object and set access level. * * @param string|int $author Author username or user id. * @throws \Exception Throws exception if user is not found. * @return null */ protected function load_author($author) { $this->author = new \titania_author(false); if (!$this->author->load($author)) { throw new \Exception($this->user->lang['AUTHOR_NOT_FOUND']); } $this->is_owner = $this->user->data['user_id'] == $this->author->user_id; // Check to see if the currently accessing user is the author if ($this->access->is_public() && $this->is_owner) { $this->access->set_level(access::AUTHOR_LEVEL); } }
/** * Get quote for a post. * * @param int $post_id * @return string */ protected function get_quote($post_id) { $text = ''; $quote = $this->load_post($post_id); $quoted_post_is_accessible = $this->access->get_level() <= min($quote->post_access, $quote->topic->topic_access); $can_quote_post = $this->auth->acl_get('u_titania_mod_post_mod') || $quote->post_approved && (!$quote->post_deleted || $quote->post_deleted == $this->user->data['user_id']); // Permission check if ($quoted_post_is_accessible && $can_quote_post) { $for_edit = $quote->generate_text_for_edit(); $quote_username = \users_overlord::get_user($quote->post_user_id, '_username', true); $text = '[quote="' . $quote_username . '"]' . $for_edit['text'] . '[/quote]'; } return $text; }
/** * Check user's access against attachment access level. * * @return int Returns HTTP status code. */ protected function check_author_level_access() { // Author level check $contrib = false; switch ((int) $this->file['object_type']) { case TITANIA_FAQ: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_CONTRIB_FAQ_TABLE . ' f, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE f.faq_id = ' . (int) $this->file['object_id'] . ' AND c.contrib_id = f.contrib_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; case TITANIA_SUPPORT: case TITANIA_QUEUE_DISCUSSION: $sql = 'SELECT c.contrib_id, c.contrib_user_id FROM ' . TITANIA_POSTS_TABLE . ' p, ' . TITANIA_TOPICS_TABLE . ' t, ' . TITANIA_CONTRIBS_TABLE . ' c WHERE p.post_id = ' . (int) $this->file['object_id'] . ' AND t.topic_id = p.topic_id AND c.contrib_id = t.parent_id'; $result = $this->db->sql_query($sql); $contrib = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); break; } if ($contrib !== false) { if ($contrib['contrib_user_id'] == $this->user->data['user_id']) { // Main author $this->access->set_level(access::AUTHOR_LEVEL); } else { // Coauthor $sql = 'SELECT user_id FROM ' . TITANIA_CONTRIB_COAUTHORS_TABLE . ' WHERE contrib_id = ' . (int) $contrib['contrib_id'] . ' AND user_id = ' . (int) $this->user->data['user_id'] . ' AND active = 1'; $result = $this->db->sql_query($sql); if ($this->db->sql_fetchrow($result)) { $this->access->set_level(access::AUTHOR_LEVEL); } $this->db->sql_freeresult($result); } } // Still not authorised? return $this->file['attachment_access'] < $this->access->get_level() ? self::FORBIDDEN : self::OK; }
/** * Create select with Titania's accesses * * @param int|bool $default Default access level. False for none. * @param int $min_access Minimum access level to display * @return string */ protected function get_access_select($default = false, $min_access = access::PUBLIC_LEVEL) { if ($this->access->is_public()) { return ''; } $access_types = array(access::TEAM_LEVEL => 'ACCESS_TEAMS', access::AUTHOR_LEVEL => 'ACCESS_AUTHORS', access::PUBLIC_LEVEL => 'ACCESS_PUBLIC'); if ($default === false) { $default = access::PUBLIC_LEVEL; } $s_options = ''; foreach ($access_types as $type => $lang_key) { if ($this->access->get_level() > $type || $min_access < $type) { continue; } $selected = $default == $type ? ' selected="selected"' : ''; $s_options .= '<option value="' . $type . '"' . $selected . '>' . $this->user->lang($lang_key) . '</option>'; } return $s_options; }
/** * Parse the uploader * * @param string $tpl_file The name of the template file to use to create the uploader * @param bool $custom_sort Function used to sort the attachments * @return string The parsed HTML code ready for output */ public function parse_uploader($tpl_file = 'posting/attachments/default.html', $custom_sort = false) { // If the upload max filesize is less than 0, do not show the uploader (0 = unlimited) if (!$this->access->is_team()) { if (isset($this->ext_config->upload_max_filesize[$this->object_type]) && $this->ext_config->upload_max_filesize[$this->object_type] < 0) { return ''; } } $this->template->assign_vars(array('FORM_NAME' => $this->form_name, 'MAX_LENGTH' => $this->access->is_team() ? $this->config['max_filesize'] : false, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'S_INLINE_ATTACHMENT_OPTIONS' => true, 'S_PLUPLOAD_ENABLED' => $this->use_plupload, 'S_SET_CUSTOM_ORDER' => $this->set_custom_order, 'S_UPLOADER_KEY' => generate_link_hash('uploader_key'), 'SELECT_PREVIEW' => $this->object_type == TITANIA_SCREENSHOT, 'SELECT_REVIEW_VAR' => 'set_preview_file' . $this->object_type)); $index_dir = '-'; $index = $this->operator->get_count() - 1; if ($custom_sort == false && !$this->config['display_order']) { $index_dir = '+'; $index = 0; } $this->operator->sort($custom_sort); // Delete previous attachments list $this->template->destroy_block_vars('attach_row'); $base_url = $this->controller_helper->get_current_url(); $hash = generate_link_hash('attach_manage'); $comments = $this->get_request_comments(); $hidden_data = $this->get_basic_attachment_data(); $index_prefix = $this->use_plupload ? '' : $this->form_name . '_'; foreach ($this->operator->get_all() as $attachment_id => $attach) { $params = array('a' => $attachment_id, 'hash' => $hash); $_hidden_data = array(); foreach ($hidden_data[$attachment_id] as $property => $value) { $_hidden_data["attachment_data[{$index_prefix}{$index}][{$property}]"] = $value; } $output = array_merge($attach->get_display_vars(''), array('FILENAME' => $attach->get_filename(), 'FILE_COMMENT' => isset($comments[$attachment_id]) ? $comments[$attachment_id] : $attach->get('attachment_comment'), 'ATTACH_ID' => $attachment_id, 'INDEX' => $index_prefix . $index, 'FILESIZE' => get_formatted_filesize($attach->get('filesize')), 'S_HIDDEN' => build_hidden_fields($_hidden_data), 'S_PREVIEW' => $attach->is_preview(), 'U_VIEW_ATTACHMENT' => $attach->get_url(), 'U_DELETE' => $this->path_helper->append_url_params($base_url, array_merge($params, array('action' => 'delete_attach'))))); if ($attach->is_type(TITANIA_SCREENSHOT)) { $output = array_merge($output, array('U_MOVE_UP' => $this->path_helper->append_url_params($base_url, array_merge($params, array('action' => 'attach_up'))), 'U_MOVE_DOWN' => $this->path_helper->append_url_params($base_url, array_merge($params, array('action' => 'attach_down'))))); } $index += $index_dir == '+' ? 1 : -1; $this->template->assign_block_vars('attach_row', $output); } $this->template->assign_var('S_ATTACH_DATA', json_encode(array_values($hidden_data))); $this->template->set_filenames(array($tpl_file => $tpl_file)); return $this->template->assign_display($tpl_file); }
/** * Query search index. * * @return array */ protected function query_index() { // For those without moderator permissions do not display unapproved stuff if (!$this->auth->acl_get('m_')) { $this->engine->where_equals('approved', 1); } // Don't worry about authors level access...no search page that can search where a // person would have authors access if (!$this->access->is_team()) { $this->engine->where_equals('access_level', access::PUBLIC_LEVEL); } $this->engine->set_limit($this->sort->start, $this->sort->limit); $results = $this->engine->search(); $contribs = $faqs = $posts = array(); $this->sort->total = $results['total']; foreach ($results['documents'] as $data) { switch ($data['type']) { case TITANIA_CONTRIB: $contribs[] = $data['id']; break; case TITANIA_SUPPORT: case TITANIA_QUEUE_DISCUSSION: case TITANIA_QUEUE: $posts[] = $data['id']; break; case TITANIA_FAQ: $faqs[] = $data['id']; break; } } // Get additional data not included in result. if ($results['documents']) { $results['documents'] = $this->get_contribs($contribs, $results['documents']); $results['documents'] = $this->get_posts($posts, $results['documents']); $results['documents'] = $this->get_faqs($faqs, $results['documents']); } return $results; }