static function ajax_get_model($folder, $view)
{
self::_require_access($folder, "read", $view);
$sgsml = new sgsml($folder, $view, array(), false);
$view = $sgsml->view;
$model = array('groupby' => $sgsml->schema["views"][$view]["GROUPBY"], 'start' => 0, 'limit' => $sgsml->schema["views"][$view]["LIMIT"], 'sort' => array("field" => $sgsml->schema["views"][$view]["ORDERBY"], "direction" => $sgsml->schema["views"][$view]["ORDER"]), 'fields' => array(), 'folder' => $folder, 'view' => $view, 'writable' => db_get_right($sgsml->folder, "write"));
foreach ($sgsml->current_fields as $name => $field) {
$model["fields"][$name] = array("name" => $name, "header" => empty($field["DISPLAYNAME"]) ? ucfirst($name) : $field["DISPLAYNAME"], "type" => "text", "hidden" => isset($field["HIDDENIN"][$view]) or isset($field["HIDDENIN"]["all"]));
}
return $model;
}
function _build_merge_folders($tfolders, $tfolder, $view, $write = false)
{
$folders = array();
$tfolders[] = $tfolder;
$tfolders = array_values(array_unique($tfolders));
if (count($tfolders) > 1 or $tfolders[0] != $tfolder) {
$colors = array("#DDDDFF", "#CCFFCC", "#FFDDFF", "#FFDDAA", "#FFCCCC", "#CCFFFF", "#FFFFAA", "#CCCCCC", "#FFFFFF", "#AAAAFF", "#99FF99", "#FF99FF", "#FFAA33", "#FFAAAA", "#6699FF", "#CCCC00", "#999999", "#00CC66", "#CC9933", "#CC6600");
foreach ($tfolders as $key => $folder) {
if (empty($folder) or !db_get_right($folder, $write ? "write" : "read", $view)) {
continue;
}
if (!isset($colors[$key])) {
$colors[$key] = "";
}
$folders[$folder] = array($folder, $colors[$key]);
}
} else {
$folders[$tfolder] = array($tfolder, "");
}
return $folders;
}
/**
* Check required access rights for folder and view
* - exit when access is denied
*
* @param int|string $folder Folder ID or String (/Workspace/.../)
* @param string $right Right (read, write, admin)
* @param string $view View name (e.g. display, details), optional
*/
protected static function _require_access(&$folder, $right = "read", $view = "")
{
// /Workspace/ => 101
$folder = folder_from_path($folder);
if (!db_get_right($folder, $right, $view)) {
if ($right == "read") {
$right = "{t}read access{/t}";
}
if ($right == "write") {
$right = "{t}write access{/t}";
}
if ($right == "admin") {
$right = "{t}admin access{/t}";
}
exit("{t}Access denied.{/t} " . sprintf("{t}missing right: %s{/t}", $right . " (" . $folder . ")"));
}
}
private static function _copy($ccp, $folder, $sgsml, $delete)
{
$tname = $sgsml->tname;
$vars = array("handler" => $ccp["handler"], "sqlvarsnoquote" => $ccp["vars_noquote"], "custom_name" => $ccp["custom_name"], "default_sql" => $ccp["default_sql"]);
$rows = db_select($ccp["tname"], $ccp["data_fields"], $ccp["where"], "", "", array("item" => $ccp["items"], "folder" => $ccp["folder"], "folders" => $ccp["folders"]), $vars);
if (is_array($rows) and count($rows) < count($ccp["items"])) {
exit("{t}Item(s) not found or access denied.{/t}");
}
foreach (self::_get_mappings("->") as $mapping) {
if (!strpos($mapping[1], "=")) {
continue;
}
$mapping[1] = explode(".", $mapping[1]);
if ("simple_" . $mapping[0] == $ccp["tname"] and "simple_" . $mapping[1][0] == $tname) {
$sgsml->patch_fields(array_slice($mapping[1], 1));
}
}
$mappings = array();
foreach (self::_get_mappings("|") as $mapping) {
if (strpos($mapping[0], "->")) {
continue;
}
$mapping1 = explode(".", $mapping[0]);
$mapping2 = explode(".", $mapping[1]);
$key = "simple_" . $mapping1[0] . ".simple_" . $mapping2[0];
$mappings[$key][$mapping2[1]] = $mapping1[1];
$key = "simple_" . $mapping2[0] . ".simple_" . $mapping1[0];
$mappings[$key][$mapping1[1]] = $mapping2[1];
}
$default_values = folder_get_default_values($folder);
$messages = array();
foreach ($rows as $row) {
if (empty($row["folder"]) or !db_get_right($row["folder"], "read")) {
continue;
}
if (isset($mappings[$ccp["tname"] . "." . $tname])) {
foreach ($mappings[$ccp["tname"] . "." . $tname] as $to => $from) {
$row[$to] = $row[$from];
}
}
$row = array_merge($row, $default_values);
foreach (array_keys($row) as $key) {
if (!isset($sgsml->fields[$key])) {
unset($row[$key]);
continue;
}
$field = $sgsml->fields[$key];
if ((isset($field["KEY"]) or isset($field["IS_UNIQUE"])) and !empty($row[$key]) and !isset($field["READONLYIN"])) {
$val = $row[$key];
$step = 1;
while ($step < 100 and validate::itemexists($tname, array($key => $val), -1) != "") {
$step++;
$val = $row[$key] . "_" . $step;
}
$row[$key] = $val;
}
if (isset($field["RESTORE"])) {
$row[$key] = self::_restore_value($row, $key, $field["RESTORE"]);
}
}
$id = $row["id"];
$row["id"] = -1;
$row["folder"] = $folder;
if (isset($row["syncid"])) {
$row["syncid"] = "";
}
$newfiles = array();
if (is_array($ccp["file_fields"]) and count($ccp["file_fields"]) > 0) {
foreach ($ccp["file_fields"] as $file_field) {
if (!empty($row[$file_field])) {
$data_files = explode("|", trim($row[$file_field], "|"));
$row[$file_field] = array();
foreach ($data_files as $file) {
if (!file_exists($file)) {
continue;
}
$target = self::_paste_item_copyfile($file, $row["id"], $tname);
$row[$file_field][] = $target;
$newfiles[] = $target;
}
$row[$file_field] = implode("|", $row[$file_field]);
}
}
}
if (!empty($sgsml->att["DISABLE_TRIGGER_CCP"])) {
unset($sgsml->att["TRIGGER_NEW"]);
}
$result = $sgsml->insert($row);
if (!is_numeric($result)) {
if (is_array($result) and count($result) > 0) {
$message = "{t}Error pasting asset{/t}:";
foreach ($result as $field => $errors) {
foreach ($errors as $error) {
$message .= "\n" . $error[0] . ": " . $error[1];
}
}
} else {
$message = $result;
}
$messages[] = $message;
} else {
if ($delete) {
asset::delete_items($ccp["folder"], "display", array($id), $ccp["delete_mode"]);
}
sys_log_stat("copied_records", 1);
}
foreach ($newfiles as $file) {
if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) {
@unlink($file);
}
}
}
return $messages;
}
private function _save(array &$data, $id = -1)
{
$insert = ($id > 0 or !is_numeric($id)) ? false : true;
if (count($data) == 0) {
return array();
}
if (!empty($this->att["DEFAULT_SQL"]) and $this->att["DEFAULT_SQL"] == "no_select") {
return self::_error("{t}Module{/t}", "{t}Access denied.{/t}");
}
if (!empty($data["folder"])) {
// check permissions
if (!db_get_right($data["folder"], "write", $this->view)) {
return self::_error("{t}Folder{/t}", "{t}Access denied.{/t}", "folder");
}
$this->folder = $data["folder"];
} else {
$data["folder"] = $this->folder;
}
// fill data array
list($rdata, $data_row, $error) = $this->_complete_data($data, $id);
if ($error) {
return $error;
}
// validate
if ($result = $this->_validate($rdata, $id)) {
return $result;
}
if ($insert) {
$id = sql_genID($this->tname) * 100;
$sql_data = array("id" => $id, "dsize" => 0, "history" => sprintf("{t}Item created by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
} else {
$sql_data = array("dsize" => 0, "history" => sprintf("{t}Item edited (%s) by %s at %s{/t}\n", "@fields@", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
}
// count sizes, move files to store, delete old files
foreach ($this->current_fields as $field_name => $field) {
if ($field["SIMPLE_TYPE"] == "id") {
continue;
}
if ($field["SIMPLE_TYPE"] == "files" and !empty($rdata[$field_name])) {
foreach ($rdata[$field_name] as $val) {
if (file_exists($val)) {
$sql_data["dsize"] += filesize($val);
}
}
// TODO 2 store handler?
if (!empty($data_row[$field_name])) {
$data_old = explode("|", trim($data_row[$field_name], "|"));
foreach ($data_old as $filekey => $file) {
if (in_array($file, $rdata[$field_name])) {
continue;
}
if (ARCHIVE_DELETED_FILES and file_exists($file)) {
$i = 1;
$m = "";
$trash_name = SIMPLE_STORE . "/trash/" . $this->folder . "_" . $id . "_";
$trash_file = modify::basename($file);
while (file_exists($trash_name . $m . $trash_file)) {
$m = $i++ . "_";
}
rename($file, $trash_name . $m . $trash_file);
touch($trash_name . $m . $trash_file);
} else {
@unlink($file);
}
}
}
foreach ($rdata[$field_name] as $filekey => $file) {
if ($file == "") {
unset($rdata[$field_name][$filekey]);
$data[$field_name] = implode("|", $rdata[$field_name]);
continue;
}
if (file_exists(SIMPLE_CACHE . "/upload/" . basename($file))) {
$filebase = modify::basename(basename($file));
list($target, $filename) = sys_build_filename($filebase, $this->tname);
dirs_checkdir($target);
$target .= sys_get_pathnum($id) . "/";
dirs_checkdir($target);
$target .= md5($id) . $filename;
rename(SIMPLE_CACHE . "/upload/" . basename($file), $target);
$rdata[$field_name][$filekey] = $target;
$data[$field_name] = implode("|", $rdata[$field_name]);
}
}
$basenames = array();
foreach (array_reverse($rdata[$field_name]) as $filekey => $file) {
$basename = modify::basename($file);
if (isset($basenames[$basename])) {
$old_filekey = $basenames[$basename];
$basename = preg_replace("|_rev\\d+|", "", $basename);
$base = $basename;
$i = 1;
while (isset($basenames[$basename])) {
if ($pos = strrpos($base, ".")) {
$basename = substr($base, 0, $pos) . "_rev" . $i++ . substr($base, $pos);
} else {
$basename = $base . "_rev" . $i++;
}
}
$target = str_replace(modify::basename($file), $basename, $file);
if (rename($file, $target)) {
// swap
$rdata[$field_name][$filekey] = $rdata[$field_name][$old_filekey];
$rdata[$field_name][$old_filekey] = $target;
$data[$field_name] = implode("|", $rdata[$field_name]);
}
}
$basenames[$basename] = $filekey;
}
}
if (!empty($field["STORE"]) and is_array($field["STORE"])) {
foreach ($field["STORE"] as $store) {
list($class, $function, $params) = sys_find_callback("modify", $store["FUNCTION"]);
$rdata[$field_name] = call_user_func(array($class, $function), $rdata[$field_name], $rdata, $params);
}
}
if (!isset($sql_data[$field_name]) and !is_null($rdata[$field_name])) {
$sql_data[$field_name] = $rdata[$field_name];
}
}
// transform
foreach ($sql_data as $key => $value) {
$sql_data[$key] = self::scalarize($value, $this->fields[$key]);
}
// reduce to new values
$sys_fields = array("history" => "", "dsize" => "", "seen" => "");
foreach ($sql_data as $data_key => $data_value) {
if (isset($sys_fields[$data_key])) {
continue;
}
$addfield = true;
$field = $this->fields[$data_key];
if (!isset($this->current_fields[$data_key])) {
$addfield = false;
}
if (isset($field["NOTINALL"])) {
$addfield = false;
}
if (isset($field["NOTIN"]) and in_array($this->view, $field["NOTIN"])) {
$addfield = false;
}
if (isset($field["READONLYIN"]) and (in_array($this->view, $field["READONLYIN"]) or in_array("all", $field["READONLYIN"]))) {
$addfield = false;
}
if (isset($field["ONLYIN"])) {
if (in_array($this->view, $field["ONLYIN"])) {
$addfield = true;
} else {
$addfield = false;
}
}
if (!$addfield) {
unset($sql_data[$data_key]);
}
}
// build history
$sql_data = $this->build_history($sql_data, $data_row);
if (!array_diff(array_keys($sql_data), array("history", "seen"))) {
$sql_data = array();
}
// save in db
if ($insert) {
$error_sql = db_insert($this->tname, $sql_data, array("handler" => $this->handler));
if ($error_sql != "") {
return self::_error("{t}SQL failed.{/t}", $error_sql);
}
if ($this->notification) {
sys_notification("{t}Item successfully created.{/t} (" . $id . ")");
}
} else {
if (count($sql_data) == 0) {
return $id;
}
$error_sql = db_update($this->tname, $sql_data, array("id=@id@"), array("id" => $id, "folder" => $this->folder), array("handler" => $this->handler));
if ($error_sql != "") {
return self::_error("{t}SQL failed.{/t}", $error_sql);
}
if ($this->notification) {
sys_notification("{t}Item successfully updated.{/t} (" . (is_numeric($id) ? $id : 1) . ")");
}
}
if (empty($this->handler)) {
db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $this->folder));
db_update_treesize($this->tname, $this->folder);
if (!$insert and $this->folder != $data_row["folder"]) {
db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $data_row["folder"]));
db_update_treesize($this->tname, $data_row["folder"]);
db_search_delete($this->tname, $id, $data_row["folder"]);
}
if (empty($this->att["NO_SEARCH_INDEX"])) {
db_search_update($this->tname, $id, $this->fields);
}
sys_log_stat($insert ? "new_records" : "changed_records", 1);
}
// call triggers
$trigger = "";
if ($insert and !empty($this->att["TRIGGER_NEW"])) {
$trigger = $this->att["TRIGGER_NEW"];
}
if (!$insert and !empty($this->att["TRIGGER_EDIT"])) {
$trigger = $this->att["TRIGGER_EDIT"];
}
if ($trigger and $result = asset_process_trigger($trigger, $id, $rdata, $this->tname)) {
return self::_error("{t}Trigger failed{/t}", $result);
}
// send notification
$tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $this->folder));
if ($tree_notification != "") {
$rdata["notification"] .= "," . $tree_notification;
}
if (!$insert and $this->folder != $data_row["folder"]) {
$tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $data_row["folder"]));
if ($tree_notification != "") {
$rdata["notification"] .= "," . $tree_notification;
}
}
if (!empty($rdata["notification"])) {
$rdata["notification"] = trim($rdata["notification"], ",");
$smtp_data = asset::build_notification($this->att["NAME"], $this->current_fields, $rdata, $sql_data, $id, $data_row);
if ($result = asset_process_trigger("sendmail", $id, $smtp_data)) {
return self::_error("{t}Trigger failed{/t}", $result);
}
}
// update stats
if (!empty($this->handler)) {
foreach ($sql_data as $data_key => $data_value) {
$field = $this->fields[$data_key];
if ($field["SIMPLE_TYPE"] != "files") {
continue;
}
foreach (explode("|", $data_value) as $file) {
if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) {
@unlink($file);
}
}
}
}
return $id;
}
function _upload_create_file($db_path, $target_lnk, $path, $filename)
{
list($id, $left, $unused) = _upload_process_folder_string($db_path . "/");
if ($left != 0 or $id == 0) {
sys_error("path not found", "409 Conflict");
}
$ftype = db_select_value("simple_sys_tree", "ftype", "id=@id@", array("id" => $id));
if (db_get_right($id, "write") and !empty($ftype) and $ftype == "files") {
list($target, $a_filename) = sys_build_filename($filename, "simple_files");
dirs_checkdir($target);
$target .= sys_get_pathnum($id) . "/";
dirs_checkdir($target);
$target .= md5($id) . $a_filename;
if ($fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) {
while (!feof($fp)) {
fwrite($ft, fread($fp, 8192));
}
fclose($fp);
fclose($ft);
$a_id = sql_genID("simple_files") * 100;
$data = array("id" => $a_id, "folder" => $id, "dsize" => filesize($target), "filedata" => "|" . $target . "|", "filename" => $filename, "rread_users" => "|anonymous|", "rwrite_users" => "|anonymous|", "history" => t("{t}Item created by %s at %s{/t}", $_SESSION["username"], sys_date(t("{t}m/d/y g:i:s a{/t}"))) . "\n");
$error_sql = db_insert("simple_files", $data);
if ($error_sql == "") {
db_update_treesize("simple_files", $id);
$fields = array("filename" => "text", "filedata" => "files", "folder" => "id", "id" => "id");
db_search_update("simple_files", $a_id, array(), $fields);
sys_log_stat("new_records", 1);
file_put_contents($target_lnk, $path . "/" . $a_id . "_0__" . $filename . "\n" . $target, LOCK_EX);
_upload_success();
}
}
}
sys_error("cant write new", "403 Forbidden");
}
