function exponent_workflow_post($object, $table, $loc, $userdata = null) { global $db, $user; $policy = exponent_workflow_getPolicy($loc->mod, $loc->src); $is_post = false; if (isset($object->id)) { // Updating an existing $object->approved = 2; $fake = null; $fake->approved = 2; $fake->id = $object->id; $db->updateObject($fake, $table); $object->wf_original = $object->id; // SET ACTIONTYPE FOR RUNACTIONS $object->wf_type = SYS_WORKFLOW_ACTION_EDITED; } else { $is_post = true; $object->approved = 0; $object->wf_original = $db->insertObject($object, $table); $object->wf_type = SYS_WORKFLOW_ACTION_POSTED; } $object->wf_major = $db->max($table . "_wf_revision", "wf_major", "wf_original", "wf_original=" . $object->wf_original); if ($object->wf_major == null) { $object->wf_major = 0; } $object->wf_minor = 1; $state = array(array($user->id + 0), array($user->id => 1)); $object->wf_state_data = serialize($state); $object->wf_user_id = $user->id; // Now check approval right off the bat. Admin is always exempt from workflow if (exponent_workflow_checkApprovalState($state, $policy) || $user->is_acting_admin == 1) { $object->wf_major++; $object->wf_minor = 0; $real_object = exponent_workflow_convertToObject($object); $real_object->approved = 1; $object->wf_updated = time(); $db->updateObject($real_object, $table); // Call spidering for implicit / admin approval. if (is_callable(array($loc->mod, "spiderContent"))) { call_user_func(array($loc->mod, "spiderContent"), $real_object); } if ($user->is_acting_admin == 1) { $object->wf_type = SYS_WORKFLOW_ACTION_POSTED_ADMIN; } else { $object->wf_type = SYS_WORKFLOW_ACTION_IMPLICIT_APPROVAL; } } else { $info = exponent_workflow_updateInfoFromRevision($object, null); $info->location_data = $object->location_data; $info->policy_id = $policy->id; $info->open_slots = $policy->max_approvers; $info->updated = time(); $db->insertObject($info, $table . "_wf_info"); $object->wf_updated = time(); } unset($object->id); $db->insertObject($object, $table . "_wf_revision"); exponent_workflow_deleteOldRevisions($table, $object->wf_original); // Now that we are almost done, we need to call the onWorkflow stuff. if (is_callable(array($table, 'onWorkflowPost'))) { if (!isset($real_object)) { $real_object = exponent_workflow_convertToObject($object); $real_object->id = $object->wf_original; } call_user_func(array($table, 'onWorkflowPost'), $real_object, $is_post, $userdata); } if ($policy != null) { // run actions, either EDIT or POST or IMPLICIT_APPROVAL exponent_workflow_runActions($policy, $object->wf_type, $object); } else { // Catch-all redirect - in case its a new post, implicitly approved, with no policy exponent_flow_redirect(); } }
# Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('manage_core', exponent_core_makeLocation('sharedcoremodule'))) { $core = null; if (isset($_GET['id'])) { $core = $db->selectObject('sharedcore_core', 'id=' . intval($_GET['id'])); } if ($core) { $db->delete('sharedcore_core', 'id=' . $core->id); if (!defined('SYS_SHAREDCORE')) { include_once BASE . 'subsystems/sharedcore.php'; } foreach ($db->selectObjects('sharedcore_site', 'core_id=' . $core->id) as $site) { $db->delete('sharedcore_extension', 'site_id=' . $site->id); exponent_sharedcore_clear($site->path, true); } $db->delete('sharedcore_site', 'core_id=' . $core->id); exponent_flow_redirect(); } else { echo SITE_404_HTML; } } else { echo SITE_403_HTML; }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $contact = null; if (isset($_GET['id'])) { // Sanitize required _GET variable, to protect against injection attacks $contact = $db->selectObject('addressbook_contact', 'id=' . intval($_GET['id'])); } if ($contact) { $loc = unserialize($contact->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $contact->id); if (exponent_permissions_check('delete', $loc) || exponent_permissions_check('delete', $iloc)) { $db->delete('addressbook_contact', 'id=' . $contact->id); exponent_flow_redirect(SYS_FLOW_SECTIONAL); } else { echo SITE_403_HTML; } } else { echo SITE_404_HTML; }