/** * Builds an SQL query to copy the given record. This honours permissions * and will only copy columns for which 'view' access is available in the * source record and 'edit' access is available in the destination record. * * Individual column failures (due to permissions) are recorded in the * $warnings variable of this class. It will be an array of Dataface_Error * objects. * * @param Dataface_Record $record The record being copied. * @param array $valls Values that should be placed in the copied version. * @param boolean $force If true this will perform the copy despite individual * column warnings. * @returns string The SQL query to copy the record. */ function buildCopyQuery($record, $vals = array(), $force = true) { $dummy = new Dataface_Record($record->_table->tablename, $vals); if (!$record->checkPermission('view') || !$dummy->checkPermission('edit')) { return Dataface_Error::permissionDenied("Failed to copy record '" . $record->getTitle() . "' because of insufficient permissions."); } $copy_fields = array_keys($record->_table->fields()); // Go through each field and see if we have copy permission. // Copy permission is two-fold: 1- make sure the source is viewable // 2- make sure the destination is editable. $failed = false; foreach ($copy_fields as $key => $fieldname) { if (!$record->checkPermission('view', array('field' => $fieldname)) || !$dummy->checkPermission('edit', array('field' => $fieldname))) { $this->warnings[] = Dataface_Error::permissionDenied("The field '{$fieldname}' could not be copied for record '" . $record->getTitle() . "' because of insufficient permissions."); unset($copy_fields[$key]); $failed = true; } } // If we are not forcing completion, any failures will result in cancellation // of the copy. if (!$force and $failed) { return Dataface_Error::permissionDenied("Failed to copy the record '" . $record->getTitle() . "' due to insufficient permissions on one or more of the columns."); } // We don't copy auto increment fields. $auto_inc_field = $record->_table->getAutoIncrementField(); if ($auto_inc_field) { $key = array_search($auto_inc_field, $copy_fields); if ($key !== false) { unset($copy_fields[$key]); } } // Now we can build the query. $sql = array(); $sql[] = "insert into `" . $record->_table->tablename . "`"; $sql[] = "(`" . implode('`,`', $copy_fields) . "`)"; $copy_values = array(); foreach ($copy_fields as $key => $val) { if (isset($vals[$val])) { $copy_values[$key] = "'" . addslashes($dummy->getSerializedValue($val)) . "' as `{$val}`"; } else { $copy_values[$key] = "`" . $val . "`"; } } $sql[] = "select " . implode(', ', $copy_values) . " from `" . $record->_table->tablename . "`"; $qb = new Dataface_QueryBuilder($record->_table->tablename); $keys = array_keys($record->_table->keys()); $q = array(); foreach ($keys as $key_fieldname) { $q[$key_fieldname] = $record->strval($key_fieldname); } $where = $qb->_where($q); $where = $qb->_secure($where); $sql[] = $where; return implode(' ', $sql); }
/** * Deletes a record from the database. * @param Dataface_Record $record Dataface_Record object to be deleted. * @param boolean $secure Whether to check permissions. * @returns mixed true if successful, or PEAR_Error if failed. */ function delete(&$record, $secure = false) { if ($secure && !$record->checkPermission('delete')) { // Use security to check to see if we are allowed to delete this // record. return Dataface_Error::permissionDenied(df_translate('scripts.Dataface.IO.delete.PERMISSION_DENIED', 'Could not delete record "' . $record->getTitle() . '" from table "' . $record->_table->tablename . '" because you have insufficient permissions.', array('title' => $record->getTitle(), 'table' => $record->_table->tablename))); } $builder = new Dataface_QueryBuilder($this->_table->tablename); if ($this->fireTriggers) { $res = $this->fireBeforeDelete($record); if (PEAR::isError($res)) { return $res; } } // do the deleting $keys =& $record->_table->keys(); if (!$keys || count($keys) == 0) { trigger_error(df_translate('scripts.Dataface.IO.delete.ERROR_NO_PRIMARY_KEY', 'Could not delete record from table "' . $record->_table->tablename . '" because no primary key was defined.', array('tablename' => $record->_table->tablename))); exit; } $query = array(); foreach (array_keys($keys) as $key) { if (!$record->strval($key)) { return PEAR::raiseError(Dataface_LanguageTool::translate('Could not delete record because missing keys', 'Could not delete record ' . $record->getTitle() . ' because not all of the keys were included.', array('title' => $record->getTitle(), 'key' => $key)), DATAFACE_E_DELETE_FAILED); } $query[$key] = '=' . $record->strval($key); } $sql = $builder->delete($query); if (PEAR::isError($sql)) { return $sql; } //$res = mysql_query($sql); $res = $this->dbObj->query($sql, null, $this->lang); if (!$res || PEAR::isError($res)) { if (PEAR::isError($res)) { $msg = $res->getMessage(); } else { $msg = mysql_error(df_db()); } return PEAR::raiseError(Dataface_LanguageTool::translate('Failed to delete record. SQL error', 'Failed to delete record ' . $record->getTitle() . ' because of an sql error. ' . mysql_error(df_db()), array('title' => $record->getTitle(), 'sql' => $sql, 'mysql_error' => $msg)), DATAFACE_E_DELETE_FAILED); } $parentIO =& $this->getParentIO(); if (isset($parentIO)) { $parentRecord =& $record->getParentRecord(); if (isset($parentRecord)) { $res = $parentIO->delete($parentRecord, $secure); if (PEAR::isError($res)) { return $res; } } } if ($this->fireTriggers) { $res2 = $this->fireAfterDelete($record); if (PEAR::isError($res2)) { return $res2; } } self::touchTable($this->_table->tablename); return $res; }
function display() { $this->_build(); $showform = true; $b = new Dataface_QueryBuilder($this->_tablename, $this->_query); if (isset($this->_query['-delete-one'])) { $q = array('-skip' => $this->_query['-cursor'], '-limit' => 1); $sql = $b->select('', $q); $res = xf_db_query($sql, $this->_db); if (!$res) { throw new Exception(df_translate('scripts.Dataface.DeleteForm._build.ERROR_TRYING_TO_FETCH', "Error trying to fetch element to be deleted.: ") . xf_db_error($this->_db), E_USER_ERROR); } if (xf_db_num_rows($res) == 0) { $msg = df_translate('scripts.Dataface.DeleteForm._build.ERROR_NO_RECORD_SELECTED', "No record is currently selected so no record can be deleted."); $showform = false; } else { $row = xf_db_fetch_array($res); $rowRec = new Dataface_Record($this->_tablename, $row); $displayCol = $rowRec->getTitle(); $msg = df_translate('scripts.Dataface.DeleteForm.display.ARE_YOU_SURE', "Are you sure you want to delete this record: "{$displayCol}"?", array('displayCol' => $displayCol)); } } else { if (isset($this->_query['-delete-found'])) { $q = $b->select_num_rows(); $res = xf_db_query($q, $this->_db); if (!$res) { throw new Exception(df_translate('scripts.Dataface.DeleteForm.display.ERROR_ESTIMATING', "Error estimating number of rows that will be deleted: ") . xf_db_error($this->_db), E_USER_ERROR); } list($num) = xf_db_fetch_row($res); if ($num <= 0) { $msg = df_translate('scripts.Dataface.DeleteForm.display.ERROR_NO_RECORDS_FOUND', "There are no records in the current found set so no records can be deleted."); $showform = false; } else { $msg = df_translate('scripts.Dataface.DeleteForm.display.ARE_YOU_SURE_MULTIPLE', "Are you sure you want to delete the found records. {$num} records will be deleted.", array('num' => $num)); } } else { $msg = df_translate('scripts.Dataface.DeleteForm.display.ERROR_GET_VARS', "Error: You must specify either '-delete-one' or '-delete-found' in GET vars."); $showform = false; } } if ($showform) { ob_start(); parent::display(); $form = ob_get_contents(); ob_end_clean(); } else { $form = ''; } $context = array('msg' => $msg, 'form' => $form); import('Dataface/SkinTool.php'); $skinTool =& Dataface_SkinTool::getInstance(); //$smarty = new Smarty; //$smarty->template_dir = $GLOBALS['Dataface_Globals_Templates']; //$smarty->compile_dir = $GLOBALS['Dataface_Globals_Templates_c']; //$smarty->assign($context); //$smarty->display('Dataface_DeleteForm.html'); $skinTool->display($context, 'Dataface_DeleteForm.html'); }