/** * Checks if a user has access to a selected item. if no item permissions are * set, access permission is denied. The user needs to have necessary category * permission as well. * Also, the item needs to be Published * * @return boolean : TRUE if the no errors occured */ public function accessGranted() { if (publisher_userIsAdmin()) { return true; } if ($this->status() != _PUBLISHER_STATUS_PUBLISHED) { return false; } // Do we have access to the parent category if ($this->publisher->getHandler('permission')->isGranted('category_read', $this->categoryid())) { return true; } return false; }
if ($itemObj->pagescount() > 0) { if ($item_page_id == -1) { $item_page_id = 0; } include_once XOOPS_ROOT_PATH . '/class/pagenav.php'; $pagenav = new XoopsPageNav($itemObj->pagescount(), 1, $item_page_id, 'page', 'itemid=' . $itemObj->itemid()); $xoopsTpl->assign('pagenav', $pagenav->renderNav()); } // Creating the files object associated with this item $file = array(); $files = array(); $embeded_files = array(); $filesObj = $itemObj->getFiles(); // check if user has permission to modify files $hasFilePermissions = true; if (!(publisher_userIsAdmin() || publisher_userIsModerator($itemObj))) { $hasFilePermissions = false; } foreach ($filesObj as $fileObj) { $file = array(); $file['mod'] = false; if ($hasFilePermissions || is_object($xoopsUser) && $fileObj->getVar('uid') == $xoopsUser->getVar('uid')) { $file['mod'] = true; } if ($fileObj->mimetype() == 'application/x-shockwave-flash') { $file['content'] = $fileObj->displayFlash(); if (strpos($item['maintext'], '[flash-' . $fileObj->getVar('fileid') . ']')) { $item['maintext'] = str_replace('[flash-' . $fileObj->getVar('fileid') . ']', $file['content'], $item['maintext']); } else { $embeded_files[] = $file; }
* @since 1.0 * @author trabis <*****@*****.**> * @version $Id$ */ defined("XOOPS_ROOT_PATH") or die("XOOPS root path not defined"); define("PUBLISHER_DIRNAME", basename(dirname(dirname(__FILE__)))); define("PUBLISHER_URL", XOOPS_URL . '/modules/' . PUBLISHER_DIRNAME); define("PUBLISHER_IMAGES_URL", PUBLISHER_URL . '/images'); define("PUBLISHER_ADMIN_URL", PUBLISHER_URL . '/admin'); define("PUBLISHER_UPLOADS_URL", XOOPS_URL . '/uploads/' . PUBLISHER_DIRNAME); define("PUBLISHER_ROOT_PATH", XOOPS_ROOT_PATH . '/modules/' . PUBLISHER_DIRNAME); define("PUBLISHER_UPLOADS_PATH", XOOPS_ROOT_PATH . '/uploads/' . PUBLISHER_DIRNAME); xoops_loadLanguage('common', PUBLISHER_DIRNAME); include_once PUBLISHER_ROOT_PATH . '/include/functions.php'; include_once PUBLISHER_ROOT_PATH . '/include/constants.php'; include_once PUBLISHER_ROOT_PATH . '/include/seo_functions.php'; include_once PUBLISHER_ROOT_PATH . '/class/metagen.php'; include_once PUBLISHER_ROOT_PATH . '/class/session.php'; include_once PUBLISHER_ROOT_PATH . '/class/publisher.php'; include_once PUBLISHER_ROOT_PATH . '/class/request.php'; $debug = true; $publisher = PublisherPublisher::getInstance($debug); //This is needed or it will not work in blocks. global $publisher_isAdmin; // Load only if module is installed if (is_object($publisher->getModule())) { // Find if the user is admin of the module $publisher_isAdmin = publisher_userIsAdmin(); // get current page $publisher_current_page = publisher_getCurrentPage(); }
xoops_loadLanguage('admin', PUBLISHER_DIRNAME); $op = PublisherRequest::getString('op'); $fileid = PublisherRequest::getInt('fileid'); if ($fileid == 0) { redirect_header("index.php", 2, _MD_PUBLISHER_NOITEMSELECTED); exit; } $fileObj = $publisher->getHandler('file')->get($fileid); // if the selected item was not found, exit if (!$fileObj) { redirect_header("index.php", 1, _NOPERM); exit; } $itemObj = $publisher->getHandler('item')->get($fileObj->getVar('itemid')); // if the user does not have permission to modify this file, exit if (!(publisher_userIsAdmin() || publisher_userIsModerator($itemObj) || is_object($xoopsUser) && $fileObj->getVar('uid') == $xoopsUser->getVar('uid'))) { redirect_header("index.php", 1, _NOPERM); exit; } /* -- Available operations -- */ switch ($op) { case "default": case "mod": include_once XOOPS_ROOT_PATH . '/header.php'; include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php'; // FILES UPLOAD FORM $files_form = $fileObj->getForm(); $files_form->display(); break; case "modify": $fileid = isset($_POST['fileid']) ? intval($_POST['fileid']) : 0;
if (!publisher_userIsAdmin() || !publisher_userIsModerator($itemObj)) { if (isset($_GET['op']) && $_GET['op'] == 'del' && !$publisher->getConfig('perm_delete')) { redirect_header("index.php", 1, _NOPERM); exit; } else { if (!$publisher->getConfig('perm_edit')) { redirect_header("index.php", 1, _NOPERM); exit; } } } $categoryObj = $itemObj->category(); } else { // we are submitting a new article // if the user is not admin AND we don't allow user submission, exit if (!(publisher_userIsAdmin() || $publisher->getConfig('perm_submit') == 1 && (is_object($xoopsUser) || $publisher->getConfig('perm_anon_submit') == 1))) { redirect_header("index.php", 1, _NOPERM); exit; } $itemObj = $publisher->getHandler('item')->create(); $categoryObj = $publisher->getHandler('category')->create(); } if (isset($_GET['op']) && $_GET['op'] == 'clone') { $formtitle = _MD_PUBLISHER_SUB_CLONE; $itemObj->setNew(); $itemObj->setVar('itemid', 0); } else { $formtitle = _MD_PUBLISHER_SUB_SMNAME; } $op = ''; if (isset($_POST['additem'])) {
/** * Checks if a user has access to a selected item. if no item permissions are * set, access permission is denied. The user needs to have necessary category * permission as well. * Also, the item needs to be Published * * @return boolean : TRUE if the no errors occured */ public function accessGranted() { global $xoopsUser; if (publisher_userIsAdmin()) { return true; } if ($this->status() != _PUBLISHER_STATUS_PUBLISHED) { return false; } $gperm_handler = xoops_gethandler('groupperm'); $groups = $xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS; $module_id = $this->publisher->getModule()->getVar('mid'); // Do we have access to the parent category if ($gperm_handler->checkRight('category_read', $this->categoryid(), $groups, $module_id)) { return true; } return false; }