Esempio n. 1
0
/**
 * Adds a new object into access control lists
 *
 * Usage example:
 * <code>
 * $auth_permit = array(
 *     COT_GROUP_DEFAULT => 'R',
 *     COT_GROUP_GUESTS => '0',,
 *     COT_GROUP_MEMBERS => 'R',
 *     12 => 'RW', // allows Read & Write for group with ID = 12
 * );
 *
 * $auth_lock = array(
 *     COT_GROUP_DEFAULT => 'A',
 *     COT_GROUP_GUESTS => 'W12345A',
 *     COT_GROUP_MEMBERS => 'A',
 *     12 => 'R', // cannot change Read for group with ID = 12
 * );
 *
 * cot_auth_add_item('test', 'item123', $auth_permit, $auth_lock);
 * </code>
 *
 * @param string $module_name The module object belongs to
 * @param string $item_id Object identifier within the module
 * @param array $auth_permit Allowed permissions map
 * @param array $auth_lock Locked permissions map
 * @return int Number of rows inserted
 * @global CotDB $db
 */
function cot_auth_add_item($module_name, $item_id, $auth_permit = array(), $auth_lock = array())
{
    global $db, $cot_groups, $db_auth, $usr, $cot_auth_default_permit, $cot_auth_default_lock;
    $auth_permit = $auth_permit + $cot_auth_default_permit;
    $auth_lock = $auth_lock + $cot_auth_default_lock;
    $ins_array = array();
    foreach ($cot_groups as $k => $v) {
        if (!$v['skiprights']) {
            $base_grp = $k > COT_GROUP_SUPERADMINS ? COT_GROUP_DEFAULT : $k;
            $ins_array[] = array('auth_groupid' => $k, 'auth_code' => $module_name, 'auth_option' => $item_id, 'auth_rights' => cot_auth_getvalue($auth_permit[$base_grp]), 'auth_rights_lock' => cot_auth_getvalue($auth_lock[$base_grp]), 'auth_setbyuserid' => $usr['id']);
        }
    }
    $res = $db->insert($db_auth, $ins_array);
    cot_auth_reorder();
    cot_auth_clear('all');
    return $res;
}
Esempio n. 2
0
/**
 * Updates an existing category in the database
 *
 * @global Cache $cache
 * @global CotDB $db
 * @global string $db_auth
 * @global string $db_structure
 * @param string $extension Extension code
 * @param int $id Category structure_id
 * @param array $old_data Data row already present in the database
 * @param array $new_data Submitted category data
 * @param bool $is_module TRUE for modules, FALSE for plugins
 * @return mixed TRUE on success, cot_error() arguments as array on specific error, FALSE on generic error
 * @global CotDB $db
 * @global Cache $cache
 */
function cot_structure_update($extension, $id, $old_data, $new_data, $is_module = true)
{
    global $cache, $db, $db_auth, $db_config, $db_structure;
    /* === Hook === */
    foreach (cot_getextplugins('structure.update') as $pl) {
        include $pl;
    }
    /* ===== */
    if ($old_data['structure_code'] != $new_data['structure_code']) {
        if ($db->query("SELECT COUNT(*) FROM {$db_structure} WHERE structure_area=? AND structure_code=?", array($extension, $new_data['structure_code']))->fetchColumn() == 0) {
            $is_module && $db->update($db_auth, array('auth_option' => $new_data['structure_code']), "auth_code=? AND auth_option=?", array($extension, $old_data['structure_code']));
            $db->update($db_config, array('config_subcat' => $new_data['structure_code']), "config_cat=? AND config_subcat=? AND config_owner='module'", array($extension, $old_data['structure_code']));
            $area_updatecat = 'cot_' . $extension . '_updatecat';
            function_exists($area_updatecat) ? $area_updatecat($old_data['structure_code'], $new_data['structure_code']) : FALSE;
            cot_auth_reorder();
        } else {
            unset($new_data['structure_code']);
            return array('adm_cat_exists', 'default');
        }
    }
    $area_sync = 'cot_' . $extension . '_sync';
    $new_data['structure_count'] = function_exists($area_sync) ? $area_sync($new_data['structure_code']) : 0;
    $sql1 = $db->update($db_structure, $new_data, 'structure_id=' . (int) $id);
    $updated = $sql1 > 0;
    /* === Hook === */
    foreach (cot_getextplugins('structure.update.done') as $pl) {
        include $pl;
    }
    /* ===== */
    return $updated;
}
Esempio n. 3
0
        cot_message('Added');
    } elseif ($auth = cot_import('auth', 'P', 'ARR')) {
        $mask = array();
        $db->update($db_auth, array('auth_rights' => 0), "auth_groupid={$g}");
        foreach ($auth as $k => $v) {
            foreach ($v as $i => $j) {
                if (is_array($j)) {
                    $mask = 0;
                    foreach ($j as $l => $m) {
                        $mask += cot_auth_getvalue($l);
                    }
                    $db->update($db_auth, array('auth_rights' => $mask), "auth_groupid=? AND auth_code=? AND auth_option=?", array($g, $k, $i));
                }
            }
        }
        cot_auth_reorder();
        cot_auth_clear('all');
        cot_message('Updated');
    }
}
$jj = 1;
/* === Hook for the plugins === */
foreach (cot_getextplugins('admin.rights.main') as $pl) {
    include $pl;
}
/* ===== */
$adminpath[] = array(cot_url('admin', 'm=users'), $L['Users']);
$adminpath[] = array(cot_url('admin', 'm=users&n=edit&g=' . $g), $cot_groups[$g]['name']);
$adminpath[] = array(cot_url('admin', 'm=rights&g=' . $g), $L['Rights']);
$advanced && ($adminpath[] = array(cot_url('admin', 'm=rights&g=' . $g . '&advanced=1'), $L['More']));
$adminsubtitle = $L['Rights'];
Esempio n. 4
0
/**
 * Installs or updates a Cotonti extension: module or plugin.
 * Messages emitted during installation can be received through standard
 * Cotonti messages interface.
 * @param string $name Plugin code
 * @param bool $is_module TRUE for modules, FALSE for plugins
 * @param bool $update Perform update rather than new install
 * @param bool $force_update Forces extension update even if version has not changed
 * @return bool Operation status
 * @global Cache $cache
 */
function cot_extension_install($name, $is_module = false, $update = false, $force_update = false)
{
    global $cfg, $L, $cache, $usr, $db_auth, $db_config, $db_users, $db_core, $cot_groups, $cot_ext_ignore_parts, $db, $db_x, $env;
    $path = $is_module ? $cfg['modules_dir'] . "/{$name}" : $cfg['plugins_dir'] . "/{$name}";
    // Emit initial message
    if ($update) {
        cot_message(cot_rc('ext_updating', array('type' => $is_module ? $L['Module'] : $L['Plugin'], 'name' => $name)));
    } else {
        cot_message(cot_rc('ext_installing', array('type' => $is_module ? $L['Module'] : $L['Plugin'], 'name' => $name)));
    }
    // Check setup file and tags
    $setup_file = $path . "/{$name}.setup.php";
    if (!file_exists($setup_file)) {
        cot_error(cot_rc('ext_setup_not_found', array('path' => $setup_file)));
        return false;
    }
    $old_ext_format = false;
    $info = cot_infoget($setup_file, 'COT_EXT');
    if (!$info && cot_plugin_active('genoa')) {
        // Try load old format info
        $info = cot_infoget($setup_file, 'SED_EXTPLUGIN');
        if ($info) {
            $old_ext_format = true;
        }
    }
    if ($info === false) {
        cot_error('ext_invalid_format');
        return false;
    }
    // Check versions
    $res = $db->query("SELECT ct_version FROM {$db_core} WHERE ct_code = '{$name}'");
    if ($res->rowCount() == 1) {
        $current_ver = $res->fetchColumn();
        $res->closeCursor();
        if ($update) {
            if (version_compare($current_ver, $info['Version']) == 0 && !$force_update) {
                // Nothing to update
                cot_message(cot_rc('ext_up2date', array('type' => $is_module ? $L['Module'] : $L['Plugin'], 'name' => $name)));
                return COT_EXT_NOTHING_TO_UPDATE;
            }
        } else {
            cot_clear_messages();
            cot_error(cot_rc('ext_already_installed', array('name' => $name)));
            return false;
        }
    }
    if ($update) {
        // Safely drop existing bindings
        $bindings_cnt = cot_plugin_remove($name);
        cot_message(cot_rc('ext_bindings_uninstalled', array('cnt' => $bindings_cnt)));
    }
    // Install hook parts and bindings
    $hook_bindings = array();
    $dp = opendir($path);
    while ($f = readdir($dp)) {
        if (preg_match("#^{$name}(\\.([\\w\\.]+))?.php\$#", $f, $mt) && !in_array($mt[2], $cot_ext_ignore_parts)) {
            $part_info = cot_infoget($path . "/{$f}", 'COT_EXT');
            if (!$part_info && cot_plugin_active('genoa')) {
                // Try to load old format info
                $part_info = cot_infoget($path . "/{$f}", 'SED_EXTPLUGIN');
            }
            if ($part_info) {
                if (empty($part_info['Hooks'])) {
                    $hooks = $is_module ? array('module') : array('standalone');
                } else {
                    $hooks = explode(',', $part_info['Hooks']);
                    $hooks = is_array($hooks) ? array_map('trim', $hooks) : array();
                }
                if (empty($part_info['Order'])) {
                    $order = COT_PLUGIN_DEFAULT_ORDER;
                } else {
                    $order = array_map('trim', explode(',', $part_info['Order']));
                    if (count($order) == 1 || count($order) < count($hooks)) {
                        $order = (int) $order[0];
                    }
                }
                $i = 0;
                foreach ($hooks as $hook) {
                    $hook_bindings[] = array('part' => empty($mt[2]) ? 'main' : $mt[2], 'file' => $f, 'hook' => $hook, 'order' => isset($order[$i]) ? (int) $order[$i] : $order);
                    ++$i;
                }
            }
        }
    }
    closedir($dp);
    $bindings_cnt = cot_plugin_add($hook_bindings, $name, $info['Name'], $is_module);
    cot_message(cot_rc('ext_bindings_installed', array('cnt' => $bindings_cnt)));
    // Install config
    $info_cfg = cot_infoget($setup_file, 'COT_EXT_CONFIG');
    if (!$info_cfg && cot_plugin_active('genoa')) {
        // Try to load old format config
        $info_cfg = cot_infoget($setup_file, 'SED_EXTPLUGIN_CONFIG');
    }
    $options = cot_config_parse($info_cfg, $is_module);
    if ($update) {
        // Get differential config
        if (cot_config_update($name, $options, $is_module) > 0) {
            cot_message('ext_config_updated');
        }
    } elseif (count($options) > 0) {
        if (cot_config_add($name, $options, $is_module)) {
            cot_message('ext_config_installed');
        } else {
            cot_error('ext_config_error');
            return false;
        }
    }
    // Install structure config if present
    $info_cfg = cot_infoget($setup_file, 'COT_EXT_CONFIG_STRUCTURE');
    if ($info_cfg) {
        $options = cot_config_parse($info_cfg, $is_module);
        if ($update) {
            if (cot_config_update($name, $options, $is_module, '__default') > 0) {
                // Update all nested categories
                $type = $is_module ? 'module' : 'plug';
                $res = $db->query("SELECT DISTINCT config_subcat FROM {$db_config}\n\t\t\t\t\tWHERE config_owner = '{$type}' AND config_cat = '{$name}'\n\t\t\t\t\t\tAND config_subcat != '' AND config_subcat != '__default'");
                $cat_list = $res->fetchAll(PDO::FETCH_COLUMN, 0);
                foreach ($cat_list as $cat) {
                    cot_config_update($name, $options, $is_module, $cat);
                }
                cot_message('ext_config_struct_updated');
            }
        } elseif (count($options) > 0) {
            if (cot_config_add($name, $options, $is_module, '__default')) {
                cot_message('ext_config_struct_installed');
            } else {
                cot_error('ext_config_struct_error');
                return false;
            }
        }
    }
    if ($update) {
        // Only update auth locks
        if ($is_module) {
            $auth_code = $name;
            $auth_option = 'a';
        } else {
            $auth_code = 'plug';
            $auth_option = $name;
        }
        $lock_guests = cot_auth_getvalue($info['Lock_guests']);
        $db->update($db_auth, array('auth_rights_lock' => $lock_guests), "\n\t\t\tauth_code = '{$auth_code}' AND auth_option = '{$auth_option}'\n\t\t\tAND (auth_groupid = " . COT_GROUP_GUESTS . ' OR auth_groupid = ' . COT_GROUP_INACTIVE . ')');
        $lock_members = cot_auth_getvalue($info['Lock_members']);
        $ingore_groups = implode(',', array(COT_GROUP_GUESTS, COT_GROUP_INACTIVE, COT_GROUP_BANNED, COT_GROUP_SUPERADMINS));
        $db->update($db_auth, array('auth_rights_lock' => $lock_members), "auth_code = '{$auth_code}' AND auth_option = '{$auth_option}' AND auth_groupid NOT IN ({$ingore_groups})");
        cot_message('ext_auth_locks_updated');
    } else {
        // Install auth
        $insert_rows = array();
        foreach ($cot_groups as $v) {
            if (!$v['skiprights']) {
                if ($v['id'] == COT_GROUP_GUESTS || $v['id'] == COT_GROUP_INACTIVE) {
                    $ins_auth = cot_auth_getvalue($info['Auth_guests']);
                    $ins_lock = cot_auth_getvalue($info['Lock_guests']);
                    if ($ins_auth > 128 || $ins_lock < 128) {
                        $ins_auth = $ins_auth > 127 ? $ins_auth - 128 : $ins_auth;
                        $ins_lock = 128;
                    }
                } elseif ($v['id'] == COT_GROUP_BANNED) {
                    $ins_auth = 0;
                    $ins_lock = 255;
                } elseif ($v['id'] == COT_GROUP_SUPERADMINS) {
                    $ins_auth = 255;
                    $ins_lock = 255;
                } else {
                    $ins_auth = cot_auth_getvalue($info['Auth_members']);
                    $ins_lock = cot_auth_getvalue($info['Lock_members']);
                }
                if ($is_module) {
                    $insert_rows[] = array('auth_groupid' => $v['id'], 'auth_code' => $name, 'auth_option' => 'a', 'auth_rights' => $ins_auth, 'auth_rights_lock' => $ins_lock, 'auth_setbyuserid' => $usr['id']);
                } else {
                    $insert_rows[] = array('auth_groupid' => $v['id'], 'auth_code' => 'plug', 'auth_option' => $name, 'auth_rights' => $ins_auth, 'auth_rights_lock' => $ins_lock, 'auth_setbyuserid' => $usr['id']);
                }
            }
        }
        if ($db->insert($db_auth, $insert_rows)) {
            $db->update($db_users, array('user_auth' => ''), "user_auth != ''");
            cot_message('ext_auth_installed');
        }
    }
    if ($update) {
        // Find and apply patches
        if (file_exists("{$path}/setup")) {
            $new_ver = cot_apply_patches("{$path}/setup", $current_ver);
        }
        if (version_compare($info['Version'], $new_ver) > 0 || $new_ver === true) {
            $new_ver = $info['Version'];
        }
    } else {
        if (file_exists($path . "/setup/{$name}.install.sql")) {
            // Run SQL install script
            $sql_err = $db->runScript(file_get_contents("{$path}/setup/{$name}.install.sql"));
            if (empty($sql_err)) {
                cot_message(cot_rc('ext_executed_sql', array('ret' => 'OK')));
            } else {
                cot_error(cot_rc('ext_executed_sql', array('ret' => $sql_err)));
                return false;
            }
        }
        $install_handler = $old_ext_format ? $setup_file : $path . "/setup/{$name}.install.php";
        if ($old_ext_format) {
            global $action;
            $action = 'install';
        }
        if (file_exists($install_handler)) {
            // Run PHP install handler
            $envtmp = $env;
            $env = array('ext' => $name, 'location' => $name, 'type' => $is_module ? 'module' : 'plug');
            $ret = (include $install_handler);
            $env = $envtmp;
            if ($ret !== false) {
                $msg = $ret == 1 ? 'OK' : $ret;
                cot_message(cot_rc('ext_executed_php', array('ret' => $msg)));
            } else {
                cot_error(cot_rc('ext_executed_php', array('ret' => $msg ? $msg : $L['Error'])));
                return false;
            }
        }
    }
    // Register version information
    if ($update) {
        cot_extension_update($name, $new_ver, !$is_module);
        cot_message(cot_rc('ext_updated', array('type' => $is_module ? $L['Module'] : $L['Plugin'], 'name' => $name, 'ver' => $new_ver)));
    } else {
        cot_extension_add($name, $info['Name'], $info['Version'], !$is_module);
    }
    // Cleanup
    cot_auth_reorder();
    $cache && $cache->clear();
    return true;
}