/** guifi_node_access(): construct node permissions */ function guifi_node_access($op, $node) { global $user; if (is_numeric($node)) { $node = node_load(array('nid' => $node)); } if ($op == 'view') { return TRUE; } if ($op == 'create') { return user_access('create guifi nodes'); } if ($op == 'update' or $op == 'delete') { guifi_log(GUIFILOG_TRACE, 'function guifi_node_access()', $op . ' - ' . $node->nid); if (user_access('administer guifi zones') || $node->uid == $user->uid || ($node->uid == $user->uid and user_access('edit own guifi nodes')) || in_array($user->uid, guifi_maintainers_load($node->nid, 'location', 'uid')) || in_array($user->uid, guifi_funders_load($node->nid, 'location', 'uid'))) { return TRUE; } else { // Check is authorized for being a maintainer of the zone and there is not maintainer if (empty($node->maintainers) and guifi_zone_access($op, $node->zone_id)) { return TRUE; } return FALSE; } } return FALSE; }
/** * E-mail address update form submit */ function guifi_tools_mail_update_form_submit($form, &$form_state) { global $user; guifi_log(GUIFILOG_TRACE, 'guifi_tools_mail_update_submit()', $form_state['values']); // perform the massive update to the granted rows, using guifi db api // instead of straight SQL to create the notificaton messages. $tables = array('guifi_zone', 'guifi_location', 'guifi_devices', 'guifi_services', 'guifi_users'); foreach ($tables as $table) { $sqlm = db_query('SELECT * FROM {%s} WHERE notification LIKE "%s"', $table, $form_state['values']['mail_search']); while ($amails = db_fetch_object($sqlm)) { // Check that the user has update access and creates the link $continue = FALSE; if (!user_access('administer guifi networks')) { switch ($table) { case 'guifi_users': $title = $amails->username; $type = t('User'); if (guifi_user_access('update', $amails->id)) { $continue = TRUE; } break; case 'guifi_devices': $title = $amails->nick; $type = t('Device'); if (guifi_device_access('update', $amails->id)) { $continue = TRUE; } break; case 'guifi_zone': $title = $amails->nick; $type = t('Zone'); if (guifi_zone_access('update', $amails->id)) { $continue = TRUE; } break; case 'guifi_location': $title = $amails->nick; $type = t('Node'); if (guifi_node_access('update', $amails->id)) { $continue = TRUE; } break; case 'guifi_service': $title = $amails->nick; $type = t('Service'); if (guifi_service_access('update', $amails->id)) { $continue = TRUE; } break; } } else { $continue = TRUE; } if (!$continue) { continue; } // here we have update access, so perform the update // Notify prevuious mail id, just in case... $to_mail = $amails->notification; $amails->notification = str_ireplace($form_state['values']['mail_search'], strtolower($form_state['values']['mail_replacewith']), $amails->notification); if ($to_mail == $amails->notification) { //no changes, so next continue; } $n = _guifi_db_sql($table, array('id' => $amails->id), (array) $amails, $log, $to_mail); guifi_notify($to_mail, t('The notification %notify for %type %title has been CHANGED to %new by %user.', array('%notify' => $form_state['values']['mail_search'], '%new' => $form_state['values']['mail_replacewith'], '%type' => $type, '%title' => $title, '%user' => $user->name)), $log); } // foreach row with the email found } // foreach table drupal_goto('guifi/menu/ip/mailsearch/' . $form_state['values']['mail_replacewith']); }
/** * * @param GuifiAPI $gapi GuifiAPI object * * @param mixed[] $parameters * * @return */ function guifi_api_zone_remove($gapi, $parameters) { if (!guifi_api_check_fields($gapi, array('zone_id'), $parameters)) { return FALSE; } $node = node_load($parameters['zone_id']); if (!$node->id) { $gapi->addError(500, "zone_id = {$parameters['zone_id']}"); return FALSE; } if ($node->type != 'guifi_zone') { $gapi->addError(500, "zone_id = {$node->id} is not a zone"); return FALSE; } if (node_access('delete', $node) && guifi_zone_access('update', $node)) { node_delete($node->id); } else { $gapi->addError(501); return FALSE; } return TRUE; }