#Helena F Deus (helenadeus@gmail.com)
ini_set('display_errors', 0);
if ($_REQUEST['su3d']) {
ini_set('display_errors', 1);
}
if ($_SERVER['HTTP_X_FORWARDED_HOST'] != '') {
$def = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
$def = $_SERVER['HTTP_HOST'];
}
if (file_exists('../config.inc.php')) {
include '../config.inc.php';
} else {
Header('Location: http://' . $def . '/s3db/');
exit;
}
$key = $_GET['key'];
#echo '<pre>';print_r($_GET);
#Get the key, send it to check validity
include_once '../core.header.php';
#Universal variables
$class_id = $_REQUEST['collection_id'] != '' ? $_REQUEST['collection_id'] : $_REQUEST['class_id'];
if ($class_id) {
$pl = permission4Resource(array('uid' => 'C' . $class_id, 'shared_with' => 'U' . $user_id, 'db' => $db, 'user_id' => $user_id));
#$info['C'.$class_id] = URIinfo('C'.$class_id, $user_id, $key, $db);
$pl = permission_level($pl, 'C' . $class_id, $user_id, $db);
if (!$pl['view'] && !$pl['propagate']) {
echo "User does not have access to view or query this collection";
exit;
}
}
function include_all($x)
{
extract($x);
#add a few extra variables that will be usefull in the output;
#x = array('elements'=>, 'element_info'=>, 'user_id'=>, 'db'=>)
#Example: $data = include_all(compact('elements', 'element_info', 'user_id', 'db'));
#when there is no resource_class_id, find it from the project where instance was created. WILL ASSUME THAT RESOURCE_CLASS_ID FILLED OUT IS A REQUIREMENT FOR ALL S3DB THAT SHARE RULES
if ($_REQUEST['project_id'] == '') {
$project_id = $element_info['project_id'];
} else {
$project_id = $_REQUEST['project_id'];
}
if (!$model) {
$model = 'nsy';
}
if ($letter == '') {
$letter = strtoupper(substr($elements, 0, 1));
}
if (is_array($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]])) {
foreach ($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]] as $replace => $with) {
$element_info[$replace] = $element_info[$with];
}
}
#if element is a class, return the class id
if ($letter == 'D') {
$element_info['acl'] = $user_id == '1' ? '222' : (user_is_admin($user_id, $db) ? '212' : (user_is_public($user_id, $db) ? '210' : '211'));
$element_info['created_by'] = $user_id;
$element_info['description'] = $GLOBALS['s3db_info']['server']['site_intro'];
$element_info['name'] = $GLOBALS['s3db_info']['server']['site_title'];
if ($element_info['deployment_id'] == $GLOBALS['s3db_info']['deployment']['Did']) {
$element_info['self'] = 1;
}
}
if ($letter == 'G') {
#echo '<pre>';print_r($x);exit;
$e = 'groups';
#$element_info['group_id'] = $element_info['account_id'];
#$element_info['groupname'] = $element_info['account_uname'];
#$element_info['acl'] = groupAcl($element_info, $user_id, $db);
$uid_info = uid($element_info['account_id']);
$element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
$strictuid = 1;
$strictsharedwith = 1;
$uid = 'G' . $element_info['group_id'];
$shared_with = 'U' . $user_id;
#$element_info['acl'] = permissionOnResource(compact('user_id', 'shared_with', 'db', 'uid','key','strictsharedwith','strictuid'));
$element_info['acl'] = groupAcl($element_info, $user_id, $db, $timer);
if ($timer) {
$timer->setMarker('Included resource information for ' . $letter);
}
#echo '<pre>';print_r($element_info);exit;
}
if ($letter == 'U') {
if ($element_info['account_addr_id'] != '') {
$sql = "select * from s3db_addr where addr_id = '" . $element_info['account_addr_id'] . "'";
$fields = array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country');
$db->query($sql);
while ($db->next_record()) {
for ($i = 0; $i < count($fields); $i++) {
$element_info[$fields[$i]] = $db->f($fields[$i]);
}
}
$element_info = array_delete($element_info, 'account_addr_id');
}
$element_info['user_id'] = $element_info['account_id'];
$element_info['username'] = $element_info['account_uname'];
$element_info['login'] = $element_info['account_lid'];
$element_info['address'] = $element_info['addr1'];
$uid_info = uid($element_info['account_id']);
$element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
if ($user_id != '1' && $element_info['created_by'] != $user_id && $element_info['account_id'] != $user_id) {
#if user is not seing himself and user is not admin and user was not the creator of element, then hide address, email, phone, etc.
$keys2Remove = array('account_email' => '', 'account_phone' => '', 'addr1' => '', 'addr2' => '', 'city' => '', 'state' => '', 'postal_code' => '', 'country' => '');
if (is_array($element_info)) {
$element_info = array_diff_key($element_info, $keys2Remove);
}
}
if ($user_id != '1' && $element_info['created_by'] != $user_id && $user_id != $element_info['account_id']) {
if (is_array($element_info)) {
$element_info = array_diff_key($element_info, array('account_type' => '', 'account_status' => ''));
}
} else {
//if this user has been created with a filter, what is that filter
$permission_info = array('uid' => 'U' . $element_info['created_by'], 'shared_with' => 'U' . $element_info['account_id']);
$hp = has_permission($permission_info, $db);
if ($hp) {
$element_info['filter'] = $hp;
}
}
if (is_array($element_info)) {
$element_info = array_diff_key($element_info, array('account_pwd' => ''));
}
$user_id_who_asks = $user_id;
$uid = 'U' . $element_info['user_id'];
$shared_with = $user_id_who_asks;
$strictuid = 1;
$strictsharedwith = 1;
$onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid');
if ($element_info['acl'] == '') {
$element_info['acl'] = userAcl(compact('key', 'element_info', 'user_id_who_asks', 'db'));
}
}
if ($letter == 'P') {
$element_info['name'] = $element_info['project_name'];
$element_info['description'] = $element_info['project_description'];
$id = 'P' . $element_info['project_id'];
$uid = 'P' . $element_info['project_id'];
}
if ($letter == 'C') {
$element_info['class_id'] = $element_info['resource_id'];
$element_info['collection_id'] = $element_info['class_id'];
$element_info['name'] = $element_info['entity'];
$element_info['description'] = $element_info['notes'];
#project_id to search for rule_id will be the same from the class
$uid = 'C' . $element_info['resource_id'];
}
#if element is a rule, return the class_id of the subject. If the object is a class, return the object_id... to discuss with jonas
if ($letter == 'R') {
$uid = 'R' . $element_info['rule_id'];
}
#if this is an instance, return the class_id => ASSUMING THAT EVERY S3DB THAT HAS SHARED RULES HAS RESOURCECLASSID IN INSTANCE.
if ($letter == 'I') {
if ($element_info['resource_class_id'] != '') {
$element_info['class_id'] = $element_info['resource_class_id'];
}
$element_info['instance_id'] = $element_info['resource_id'];
$element_info['item_id'] = $element_info['instance_id'];
$element_info['collection_id'] = $element_info['class_id'];
$instance_id = $element_info['instance_id'];
$uid = 'I' . $element_info['instance_id'];
}
if ($letter == 'S') {
$uid = 'S' . $element_info['statement_id'];
$info[$id] = $element_info;
$statement_id = $element_info['statement_id'];
$element_info['instance_id'] = $element_info['resource_id'];
$element_info['item_id'] = $element_info['instance_id'];
$element_info['instance_notes'] = $info['I' . $element_info['instance_id']]['notes'];
if ($info['R' . $element_info['rule_id']] == '') {
$info['R' . $element_info['rule_id']] = s3info('rule', $element_info['rule_id'], $db);
}
$element_info['object_notes'] = notes($element_info['value'], $db);
$element_info['project_folder'] = $element_info['value'];
$element_info = include_fileLinks($element_info, $db);
$element_info['subject'] = $info['R' . $element_info['rule_id']]['subject'];
$element_info['verb'] = $info['R' . $element_info['rule_id']]['verb'];
$element_info['object'] = $info['R' . $element_info['rule_id']]['object'];
$element_info['subject_id'] = $info['R' . $element_info['rule_id']]['subject_id'];
$element_info['verb_id'] = $info['R' . $element_info['rule_id']]['verb_id'];
$element_info['object_id'] = $info['R' . $element_info['rule_id']]['object_id'];
}
$strictuid = 1;
$strictsharedwith = 1;
$shared_with = 'U' . $user_id;
$toFindInfo = $element_info;
$onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid', 'timer', 'toFindInfo');
if ($element_info['acl'] == '') {
$element_info['acl'] = permission4Resource($onPermissions);
}
$element_info['permission_level'] = $element_info['acl'];
if (!$element_info['effective_permission']) {
$element_info['effective_permission'] = $element_info['acl'];
}
if (!$element_info['assigned_permission']) {
$pp = array('uid' => $uid, 'shared_with' => $shared_with);
$tmp = has_permission($pp, $db);
if ($tmp) {
$element_info['assigned_permission'] = $tmp;
} else {
$element_info['assigned_permission'] = '---';
}
}
#Define if ser can view or not view data. View is the first number in the 3d code.
$permission2user = permissionModelComp($element_info['permission_level']);
##According to the model, change the values of assigned_permission from prevous versions
$element_info['assigned_permission'] = str_replace(array('0', '1', '2'), str_split($model), $element_info['assigned_permission']);
$isOwner = $element_info['created_by'] == $user_id;
$element_info['view'] = allowed($permission2user, 0, $isOwner, $state = 3, $model);
$element_info['change'] = allowed($permission2user, 1, $isOwner, $state = 3, $model);
$element_info['propagate'] = allowed($permission2user, 2, $isOwner, $state = 3, $model);
#create the element "delete", in case it is eventually created...For now it is the same as change
$element_info['delete'] = $element_info['change'];
$element_info['delete_data'] = $element_info['add_data'];
$element_info['add_data'] = $element_info['propagate'];
return $element_info;
}
function includeAllData($pack)
{
extract($pack);
$element2query = $element2query == '' ? $s3ql['from'] : $element2query;
#echo '<pre>';print_r($data);exit;
$letter = letter($element2query);
$element = $GLOBALS['s3codes'][$letter];
if ($user_id != '1') {
if (count($data) >= 4) {
if (!ereg('^U|^G', $letter)) {
$Z = compact('user_id', 'db', 'uidQuery', 'timer', 'WhereInfo', 'shared_with_query');
$Z['toFind'] = $letter;
$Z['shared_with_user'] = '******' . $user_id;
$ids = permissionPropagation($Z);
}
}
}
if (ereg('^U|^G', $letter) && $WhereInfo) {
$whereId = array_keys($WhereInfo);
if (count($whereId) > 1) {
$array = array();
return $array;
} else {
$whereId = $whereId[0];
#Tlist provides the list of resources that are shared with the uid of interest, including users & groups
$Hlist = bottom_up_propagation_list($whereId, $db);
$Tlist = user_included_bottom_up_propagation_list('U', $whereId, $user_id, $db);
$resourceUsers = s3dbPercolate($Hlist, $Tlist, $letter);
if ($_REQUEST['su3d']) {
}
}
}
##Remove from data the uids that do not exist in ids
$str = $GLOBALS['s3ids'][$GLOBALS['s3codes'][$letter]];
$re_issued = array();
if (is_array($data)) {
foreach ($data as $ind => $array) {
$uid = $letter . $array[$str];
if ($uid != '') {
if ($user_id != '1') {
if (is_array($ids)) {
if (!ereg('^U|^G', $letter)) {
if ($ids[$uid] != '') {
$array['acl'] = $ids[$uid];
} else {
$array = array();
}
} else {
if ($resourceUsers) {
if (in_array($uid, array_keys($resourceUsers))) {
$array['permissionOnResource'] = $resourceUsers[$uid];
} else {
$array = array();
}
}
#else {
# $array=array();
#}
}
} else {
$strictuid = 1;
$strictsharedwith = 1;
$shared_with = 'U' . $user_id;
$P = compact('uid', 'shared_with', 'user_id', 'db', 'strictuid', 'strictsharedwith', 'stream', 'timer');
if (!ereg('^U|^G', $letter)) {
$array['acl'] = permission4Resource($P);
$array['permission_level'] = $array['acl'];
$permission2user = permissionModelComp($array['permission_level']);
$isOwner = $array['created_by'] == $user_id;
$array['view'] = allowed($permission2user, 0, $isOwner);
$array['change'] = allowed($permission2user, 1, $isOwner);
$array['propagate'] = allowed($permission2user, 2, $isOwner);
#create the element "delete", in case it is eventually created...For now it is the same as change
$array['delete'] = $array['change'];
$array['add_data'] = $array['propagate'];
$array['delete_data'] = $array['add_data'];
} else {
if ($resourceUsers) {
if (in_array($uid, array_keys($resourceUsers))) {
$array['permissionOnResource'] = $resourceUsers[$uid];
} else {
$array = array();
}
}
#else {
# $array=array();
#}
}
}
} else {
$array['acl'] = 'yyy';
if (ereg('^U|^G', $letter) && $resourceUsers) {
if ($resourceUsers) {
if (in_array($uid, array_keys($resourceUsers))) {
$array['permissionOnResource'] = $resourceUsers[$uid];
} else {
$array = array();
}
}
#else {
# $array=array();
#}
}
}
}
if (!empty($array)) {
$re_issued[$uid] = $array;
$element_info = $re_issued[$uid];
$info = $WhereInfo;
$C = compact('letter', 'info', 'elements', 'element_info', 'user_id', 'db', 'key', 'timer', 'model');
$element_info = include_all($C);
$element_info['uri'] = S3DB_URI_BASE . '/' . $letter . $array[$str];
#$element_info['uri'] = str_replace('central', 'TCGA', S3DB_URI_BASE.'/'.$letter.$array[$str]);
$pack['uid'] = $uid;
$pack['info'] = $element_info;
$element_info = filterDataForQuery($pack);
if ($timer) {
$timer->setMarker('Filter Data For The Query');
}
$re_issued[$uid] = $element_info;
}
}
}
$data = array_values(array_filter($re_issued));
return $data;
}