} elseif ($limitToOrderedItems) { //If we must limit to some specific items ordered (usually used for polymod multi_poly_object field) $search->addWhereCondition("itemsOrdered", $limitToOrderedItems); } else { // Params : paginate limit $search->setAttribute('itemsPerPage', $limit); $search->setAttribute('page', $start / $limit); // Params : set default direction direction if (!CMS_session::getSessionVar('direction_' . $object->getID())) { CMS_session::setSessionVar('direction_' . $object->getID(), 'desc'); } // Params : order if (CMS_session::getSessionVar('sort_' . $object->getID())) { $search->addOrderCondition(CMS_session::getSessionVar('sort_' . $object->getID()), CMS_session::getSessionVar('direction_' . $object->getID())); } else { $search->addOrderCondition('objectID', CMS_session::getSessionVar('direction_' . $object->getID())); } } //launch search $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS); // Vars for lists output purpose and pages display, see further $itemsDatas['total'] = $search->getNumRows(); //Get parsed result definition if ($resultsDefinition) { $definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE); } //loop on results items while ($item = $search->getNextResult()) { //Process actions on item if any //Unlock item if ($unlock && $object->isPrimaryResource()) {
/** * This function add method to swith between the row/block display in page edition * * @return string : the javascript to add * @access private */ function switchRows() { $switchRows = '<script type="text/javascript"> var viewWhat = "' . CMS_session::getSessionVar('viewWhat') . '"; function switchView() { var rowElements = new Array('; $count = 0; foreach (CMS_session::getSessionVar('switchRow') as $aRowID) { if ($count) { $switchRows .= ','; } $count++; $switchRows .= '"' . $aRowID . '"'; } $switchRows .= '); var blockElements = new Array('; $count = 0; foreach (CMS_session::getSessionVar('switchBlock') as $aBlockID) { if ($count) { $switchRows .= ','; } $count++; $switchRows .= '"' . $aBlockID . '"'; } $switchRows .= '); if (viewWhat=="block") { for (var i=0; i<rowElements.length; i++) { if (document.getElementById(rowElements[i])) { document.getElementById(rowElements[i]).className = "showit"; } } for (var i=0; i<blockElements.length; i++) { if (document.getElementById(blockElements[i])) { document.getElementById(blockElements[i]).className = "hideit"; } } viewWhat = "row"; } else { for (var i=0; i<rowElements.length; i++) { if (document.getElementById(rowElements[i])) { document.getElementById(rowElements[i]).className = "hideit"; } } for (var i=0; i<blockElements.length; i++) { if (document.getElementById(blockElements[i])) { document.getElementById(blockElements[i]).className = "showit"; } } viewWhat = "block"; } return true; } if (viewWhat=="row") { viewWhat = "block"; //on windows load switch row/block view CMS_addEvent(window, \'load\', function() {switchView();}); } </script>'; if (isset($this) && is_a($this, 'CMS_dialog')) { $this->setJavascript($switchRows); return true; } else { return $switchRows; } }
<tr> <td width="150" class="admin"> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LANGUAGE) . ' :</td> <td width="350" class="admin">'; $all_languages = CMS_languagesCatalog::getAllLanguages(MOD_CMS_FORMS_CODENAME); foreach ($all_languages as $aLanguage) { $checked = $aLanguage->getCode() == $items_language->getCode() ? ' checked="checked"' : ''; $content .= ' <label><input name="items_language" type="radio" value="' . $aLanguage->getCode() . '"' . $checked . ' onclick="submit();" /> ' . $aLanguage->getLabel() . '</label>'; } $content .= '</td> </tr>'; // Categories $a_all_categories = CMS_forms_formularCategories::getAllCategoriesAsArray($cms_language, true); if (sizeof($a_all_categories)) { $s_categories_listbox = CMS_moduleCategories_catalog::getListBox(array('field_name' => 'items_ctg', 'items_possible' => $a_all_categories, 'default_value' => CMS_session::getSessionVar("items_ctg"), 'attributes' => 'class="admin_input_text" style="width:250px;"')); $content .= ' <tr> <td class="admin">' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_CATEGORY, false, MOD_CMS_FORMS_CODENAME) . ' :</td> <td class="admin">' . $s_categories_listbox . '</td> </tr>'; } $content .= ' <tr> <td class="admin" colspan="2"> <input type="submit" class="admin_input_submit" value="' . $cms_language->getMessage(MESSAGE_PAGE_ACTION_SHOW) . '" /></td> </tr> </form> </table></fieldset><br />'; $content .= $cms_language->getMessage(MESSAGE_PAGE_HEADING1, false, MOD_CMS_FORMS_CODENAME) . '<br /><br />'; $items = $search->search();
$dialog->show(); exit; } else { $updateErrors = array(); foreach ($errors as $anError) { $updateErrors[] = $anError; } CMS_session::setSessionVar('patchErrors', $updateErrors); } break; } $dialog = new CMS_dialog(); $content = ''; $dialog->setTitle($cms_language->getMessage(MESSAGE_PAGE_TITLE)); //correct first error of the array $errors = CMS_session::getSessionVar('patchErrors'); $error = $errors[0]; //button message $validate_msg = !is_array($errors[1]) ? MESSAGE_PAGE_RETURN_TO_PATCH : MESSAGE_PAGE_NEXT_ERROR; switch ($error['no']) { case 5: //try to update a protected file (UPDATE.DENY) $content .= $cms_language->getMessage(MESSAGE_PAGE_ERROR_5_LABEL) . '<br /><br />'; $installParams = array_map("trim", explode("\t", $error['command'])); //get files $file = $installParams[1]; $content .= ' ' . $cms_language->getMessage(MESSAGE_PAGE_ORIGINAL_PROTECTED_FILE) . ' : <div class="cms_code"> ' . (file_exists(PATH_REALROOT_FS . $file) ? highlight_file(PATH_REALROOT_FS . $file, true) : '') . ' </div>
// check if there are other sortable object than creation date if (count($items_possible) > 1) { $sortValue = CMS_session::getSessionVar('sort_' . $object->getID()); $sortValue = $sortValue ? $sortValue : 'objectID'; $sortValues = array(); foreach ($items_possible as $key => $label) { $sortValues[] = array('id' => $key, 'label' => $label); } $sortValues = sensitiveIO::jsonEncode($sortValues); $sortItem = "{\n\t\txtype:\t\t\t\t'combo',\n\t\tname:\t\t\t\t'sort_{$object->getID()}',\n\t\thiddenName:\t\t \t'sort_{$object->getID()}',\n\t\tforceSelection:\t\ttrue,\n\t\tfieldLabel:\t\t\t'{$cms_language->getJSMessage(MESSAGE_PAGE_FIELD_SORT, false, MOD_POLYMOD_CODENAME)}',\n\t\tmode:\t\t\t\t'local',\n\t\ttriggerAction:\t\t'all',\n\t\tvalueField:\t\t\t'id',\n\t\tdisplayField:\t\t'label',\n\t\tvalue:\t\t\t\t'{$sortValue}',\n\t\tanchor:\t\t\t\t'98%',\n\t\tstore:\t\t\t\tnew Ext.data.JsonStore({\n\t\t\tfields:\t\t\t\t['id', 'label'],\n\t\t\tdata:\t\t\t\t{$sortValues}\n\t\t}),\n\t\tallowBlank:\t\t \tfalse,\n\t\tselectOnFocus:\t\ttrue,\n\t\teditable:\t\t\tfalse,\n\t\tvalidateOnBlur:\t\tfalse,\n\t\tlisteners:\t\t\t{'valid':moduleObjectWindow.search}\n\t}"; } else { $sortItem = "{\n\t\txtype:\t\t\t\t'textfield',\n\t\tfieldLabel:\t\t\t'{$cms_language->getJSMessage(MESSAGE_PAGE_FIELD_SORT, false, MOD_POLYMOD_CODENAME)}',\n\t\tanchor:\t\t\t\t'98%',\n\t\tdisabled:\t\t\ttrue,\n\t\tvalue:\t\t\t\t'{$items_possible['objectID']}',\n\t\tlisteners:\t\t\t{'valid':moduleObjectWindow.search}\n\t}"; } // build direction select $items_possible = array('asc' => $cms_language->getMessage(MESSAGE_PAGE_FIELD_ASC, false, MOD_POLYMOD_CODENAME), 'desc' => $cms_language->getMessage(MESSAGE_PAGE_FIELD_DESC, false, MOD_POLYMOD_CODENAME)); $dirValue = CMS_session::getSessionVar('direction_' . $object->getID()); $dirValue = $dirValue ? $dirValue : 'desc'; $dirValues = array(); foreach ($items_possible as $key => $label) { $dirValues[] = array('id' => $key, 'label' => $label); } $dirValues = sensitiveIO::jsonEncode($dirValues); $searchPanel .= "{\n\tlayout:\t\t\t'column',\n\txtype:\t\t\t'panel',\n\tborder:\t\t\tfalse,\n\tanchor:\t\t\t'-20px',\n\titems:[{\n\t\tcolumnWidth:\t.65,\n\t\tlayout: \t\t'form',\n\t\tborder:\t\t\tfalse,\n\t\titems: \t\t\t[{$sortItem}]\n\t},{\n\t\tcolumnWidth:\t.35,\n\t\tlayout: \t\t'form',\n\t\tborder:\t\t\tfalse,\n\t\titems: [{\n\t\t\txtype:\t\t\t\t'combo',\n\t\t\tname:\t\t\t\t'direction_{$object->getID()}',\n\t\t\thiddenName:\t\t \t'direction_{$object->getID()}',\n\t\t\tforceSelection:\t\ttrue,\n\t\t\tfieldLabel:\t\t\t' ',\n\t\t\tlabelSeparator:\t\t'',\n\t\t\tmode:\t\t\t\t'local',\n\t\t\ttriggerAction:\t\t'all',\n\t\t\tvalueField:\t\t\t'id',\n\t\t\tdisplayField:\t\t'label',\n\t\t\tvalue:\t\t\t\t'{$dirValue}',\n\t\t\tanchor:\t\t\t\t'100%',\n\t\t\tstore:\t\t\t\tnew Ext.data.JsonStore({\n\t\t\t\tfields:\t\t\t\t['id', 'label'],\n\t\t\t\tdata:\t\t\t\t{$dirValues}\n\t\t\t}),\n\t\t\tvalidateOnBlur:\t\tfalse,\n\t\t\tallowBlank:\t\t \tfalse,\n\t\t\tselectOnFocus:\t\ttrue,\n\t\t\teditable:\t\t\tfalse,\n\t\t\tlisteners:\t\t\t{'valid':moduleObjectWindow.search}\n\t\t}]\n\t}]\n},"; $description = sensitiveIO::sanitizeJSString($object->getDescription($cms_language)); if ($description) { $searchPanel .= "{\n\t\txtype:\t\t\t'panel',\n\t\tborder:\t\t\tfalse,\n\t\thtml:\t\t\t'<div style=\"color:grey;padding-top:15px;\">{$description}</div>'\n\t},"; } //check for included file $filename = PATH_ADMIN_FS . '/inc/' . $codename . "_" . $objectId . "_" . $cms_language->getCode() . ".inc.php"; if (file_exists($filename)) { ob_start();
//add message if any if ($cms_message) { $dialog->setActionMessage($cms_message); } //add back link if ($backLink) { //links are coded in query string and so ? are replaced by §§ and ampersands are replaced with § to avoid confusion $bl = str_replace(chr(167) . chr(167), "?", $backLink); $bl = str_replace(chr(167), "&", $bl); $dialog->setBackLink(SensitiveIO::sanitizeHTMLString($bl)); } //first make a diff beetween current queried Root and all user sections to see wich sections missing. $getRoot = array($startRoot); $displayed = array(); $cms_root = CMS_tree::getRoot(); $sectionsRoots = CMS_session::getSessionVar('sectionsRoots'); foreach ($getRoot as $aRootID) { if ($pages[$aRootID]) { $treeRoot = $pages[$aRootID]; } else { $treeRoot = CMS_tree::getPageByID($aRootID); $pages[$aRootID] = $treeRoot; } if (!$treeRoot || $treeRoot->hasError()) { die("Unknown tree root to display ..."); } $lineages[$aRootID] = CMS_tree::getLineage($cms_root->getID(), $treeRoot->getID(), false); if (is_array($sectionsRoots)) { foreach ($lineages[$aRootID] as $aLineagePage) { if (in_array($aLineagePage, $sectionsRoots)) { //remove this section to all user sections
$a_all_categories = CMS_moduleCategories_catalog::getAllCategoriesAsArray($cms_user, $cms_module->getCodename(), $cms_language); if (!sizeof($a_all_categories)) { //user has no right on categories so he can't edit/create items header("Location: " . $cms_module->getAdminFrontendPath(PATH_RELATIVETO_WEBROOT) . "?cms_message_id=65&" . session_name() . "=" . session_id()); exit; } $s_categories_listboxes = CMS_moduleCategories_catalog::getListBoxes(array('field_name' => 'ids', 'items_possible' => $a_all_categories, 'items_selected' => $item_relations->getCategoriesIds(), 'select_width' => '250px', 'select_height' => '120px', 'form_name' => 'frmitem')); // Default check statuses for radios $public = array(); $public[1] = $item->getAttribute('public') === true ? ' checked="checked"' : ''; $public[0] = $item->getAttribute('public') === false ? ' checked="checked"' : ''; $content = ' <table border="0" cellpadding="3" cellspacing="2"> <form name="frmitem" action="' . $_SERVER["SCRIPT_NAME"] . '" method="post" enctype="multipart/form-data" onSubmit="getSelectedOptionsInField_ids();"> <input type="hidden" name="cms_action" value="validate" /> <input type="hidden" name="language" value="' . CMS_session::getSessionVar("items_language") . '" /> <input id="itemId" type="hidden" name="item" value="' . $item->getID() . '" /> <tr> <td class="admin" align="right"> <span class="admin_text_alert">*</span> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LABEL, false, MOD_CMS_FORMS_CODENAME) . ' :</td> <td class="admin"> <input type="text" size="30" class="admin_input_text" name="name" value="' . io::htmlspecialchars($item->getAttribute('name')) . '" /></td> </tr> <tr> <td class="admin" align="right"> <span class="admin_text_alert">*</span> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_RECEIVEDATA, false, MOD_CMS_FORMS_CODENAME) . ' :</td> <td class="admin"> <input id="frm_open" type="radio" name="public" value="1"' . $public[1] . ' /><label for="frm_open">' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_FORM_OPEN, false, MOD_CMS_FORMS_CODENAME) . '</label> <input id="frm_closed" type="radio" name="public" value="-1"' . $public[0] . ' /><label for="frm_closed">' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_FORM_CLOSED, false, MOD_CMS_FORMS_CODENAME) . '</label> </td> </tr>
/** * Check if a session token is expired for a given token name * * @param string $name, token name to check * @return boolean : true if token is expired or false otherwise * @access public */ public static function tokenIsExpired($name) { //if session token check is disabled, always return false (token never expire) if (!defined('SESSION_TOKEN_CHECK') || !SESSION_TOKEN_CHECK) { return false; } $tokensDatas = CMS_session::getSessionVar('atm-tokens'); $tokens = $tokensDatas['tokens']; $tokensTime = $tokensDatas['time']; $expiredTokens = $tokensDatas['expired']; $time = time(); if (!isset($tokens[$name]) || isset($tokens[$name]) && $time - $tokensTime[$name] > SESSION_TOKEN_MAXAGE) { return true; } return false; }
$profileId = $profile->getId(); if (!isset($profile) || $profile->hasError()) { CMS_grandFather::raiseError('Unknown profile for given Id : ' . $profileId); $view->show(); } // +----------------------------------------------------------------------+ // | Session management | // +----------------------------------------------------------------------+ //Set max depth (iterations count) if ($maxDepth) { CMS_session::setSessionVar("modules_clearances_max_depth", $maxDepth); } if (!sensitiveIO::isPositiveInteger(CMS_session::getSessionVar("modules_clearances_max_depth"))) { CMS_session::setSessionVar("modules_clearances_max_depth", 3); } $maxDepth = CMS_session::getSessionVar("modules_clearances_max_depth"); // Colors used to visualize access level $clearance_colors = array(CLEARANCE_MODULE_NONE => '#FF7E71', CLEARANCE_MODULE_VIEW => '#e2faaa', CLEARANCE_MODULE_EDIT => '#CFE779', CLEARANCE_MODULE_MANAGE => '#85A122'); $bg_color_selected = "#fdf5a2"; //if user belongs to groups, all fields are disabled $disableFields = $profile->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL) || $isUser && sizeof(CMS_profile_usersGroupsCatalog::getGroupsOfUser($profile, true)) ? true : false; //unique hash relative to user module $hash = md5($moduleCodename . '-' . $profileId); /** * Module Elements rights * (This is recycled code from the V3) */ if (!function_exists("build_items_tree")) { /** * Recursive function to build items tree. *
$allclearances = CMS_profile::getAllModuleClearances(); $moduleAccess = ''; foreach ($allclearances as $clearance => $messages) { $standardDisableNone = false; if ($moduleCodename == MOD_STANDARD_CODENAME && $clearance == CLEARANCE_PAGE_NONE) { $standardDisableNone = true; } $moduleAccess .= "{\n\t\tboxLabel:\t\t'<span ext:qtip=\"" . $cms_language->getJSMessage($messages['description']) . "\" class=\"atm-help\">" . $cms_language->getJSMessage($messages['label']) . "</span>',\n\t\tname:\t\t\t'{$moduleCodename}-access-{$profileId}',\n\t\t" . ($clearance == CLEARANCE_MODULE_NONE ? "id:'{$moduleCodename}-access-{$profileId}'," : '') . "\n\t\tinputValue:\t\t" . $clearance . ",\n\t\tchecked:\t\t" . ($moduleClearance == $clearance ? 'true' : 'false') . ",\n\t\tdisabled:\t\t" . ($standardDisableNone || $disableFields || !$cms_user->hasModuleClearance($moduleCodename, $clearance) ? 'true' : 'false') . "\n\t},"; } //validations clearance $moduleAccess .= "{\n\tboxLabel:\t\t'<span ext:qtip=\"" . $cms_language->getJSMessage(MESSAGE_PAGE_AUTH_VALIDATION_USER_ADMINISTRATOR) . "\" class=\"atm-help\">" . $cms_language->getJSMessage(MESSAGE_PAGE_VALIDATION_RIGHTS) . "</span>',\n\tid:\t\t\t\t'{$moduleCodename}-validate-{$profileId}',\n\tinputValue:\t\t'1',\n\txtype:\t\t\t'checkbox',\n\tchecked:\t\t" . ($profile->hasValidationClearance($moduleCodename) ? 'true' : 'false') . ",\n\tdisabled:\t\t" . ($disableFields || !$cms_user->hasValidationClearance($moduleCodename) ? 'true' : 'false') . "\n}"; $moduleAccessSubmit = ''; if (!$disableFields) { $moduleAccessSubmit = ",buttons:[{\n\t\ttext:\t\t\t'" . $cms_language->getJSMessage(MESSAGE_PAGE_SAVE) . "',\n\t\ticonCls:\t\t'atm-pic-validate',\n\t\txtype:\t\t\t'button',\n\t\tanchor:\t\t\t'',\n\t\thandler:\t\tfunction() {\n\t\t\tvar access = Ext.getCmp('{$moduleCodename}-access-{$profileId}');\n\t\t\tvar validation = Ext.getCmp('{$moduleCodename}-validate-{$profileId}');\n\t\t\tAutomne.server.call('{$controler}', Ext.emptyFn, {\n\t\t\t\tuserId:\t\t\t'{$userId}',\n\t\t\t\tgroupId:\t\t'{$groupId}',\n\t\t\t\taction:\t\t\t'module-rights',\n\t\t\t\taccess:\t\t\taccess.getGroupValue(),\n\t\t\t\tvalidation:\t\t(validation.getValue() ? 1 : 0),\n\t\t\t\tmodule:\t\t\t'{$moduleCodename}'\n\t\t\t});\n\t\t}\n\t}]"; } $maxDepth = sensitiveIO::isPositiveInteger(CMS_session::getSessionVar("modules_clearances_max_depth")) ? CMS_session::getSessionVar("modules_clearances_max_depth") : 3; $moduleElements = "{\n\tid:\t\t\t\t'categories-rights-{$moduleCodename}-{$profileId}',\n\thtml:\t\t\t'',\n\tborder:\t\t\tfalse,\n\txtype:\t\t\t'atmPanel',\n\tautoLoad:\t\t{\n\t\turl:\t\t'modules-categories-rights.php',\n\t\tparams:\t\t\t{\n\t\t\tuserId:\t\t\t'{$userId}',\n\t\t\tgroupId:\t\t'{$groupId}',\n\t\t\tmodule:\t\t\t'{$moduleCodename}'\n\t\t},\n\t\tnocache:\ttrue,\n\t\tscope:\t\tExt.emptyFn\n\t},\n\tlisteners:{'render':function(panel) {\n\t\tpanel.getUpdater().on('update', function() {\n\t\t\tif (Ext.fly('maxDepth-{$moduleCodename}-{$profileId}')) {\n\t\t\t\tvar maxDepthField = new Ext.form.NumberField({\n\t\t\t\t\tapplyTo:\t\t'maxDepth-{$moduleCodename}-{$profileId}',\n\t\t\t\t\tmaxValue:\t\t20,\n\t\t\t\t\tminValue:\t\t2,\n\t\t\t\t\tallowDecimals:\tfalse,\n\t\t\t\t\tallowNegative:\tfalse\n\t\t\t\t});\n\t\t\t\tmaxDepthField.on('valid', function() {\n\t\t\t\t\tthis.update({\n\t\t\t\t\t\turl:\t\t'modules-categories-rights.php',\n\t\t\t\t\t\tparams:\t\t\t{\n\t\t\t\t\t\t\tuserId:\t\t\t'{$userId}',\n\t\t\t\t\t\t\tgroupId:\t\t'{$groupId}',\n\t\t\t\t\t\t\tmodule:\t\t\t'{$moduleCodename}',\n\t\t\t\t\t\t\tmaxDepth:\t\tmaxDepthField.getValue()\n\t\t\t\t\t\t},\n\t\t\t\t\t\tnocache:\ttrue,\n\t\t\t\t\t\tscope:\t\tExt.emptyFn\n\t\t\t\t\t});\n\t\t\t\t}, this, {buffer:300});\n\t\t\t}\n\t\t});\n\t}}\n}"; //rights specific to standard module if ($moduleCodename == MOD_STANDARD_CODENAME) { //TEMPLATES $templategroups = CMS_pageTemplatesCatalog::getAllGroups(); //Create templates checkboxes $templatesCheckboxes = $templateGroupsSubmit = ''; if ($templategroups) { foreach ($templategroups as $templategroup) { // Check if in template groups denied $checked = !$profile->hasTemplateGroupsDenied($templategroup) ? 'checked="true"' : ''; $disabled = $cms_user->hasTemplateGroupsDenied($templategroup) || $disableFields || $profile->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL) ? ' disabled="disabled"' : ''; $templatesCheckboxes .= '<label for="template-' . base64_encode($templategroup) . '-' . $moduleCodename . '-' . $profileId . '"><input type="checkbox" name="templates[' . base64_encode($templategroup) . ']" id="template-' . base64_encode($templategroup) . '-' . $moduleCodename . '-' . $profileId . '" ' . $checked . $disabled . ' /> ' . $templategroup . '</label> '; } if (!$disableFields) {
/** * Gets session variable with name * * @param string $name * @return void * @access public */ static function getSessionVar($name) { return CMS_session::getSessionVar($name); }