function ResourcesUserRoots($range_id='') { global $user, $perm, $auth; if($range_id){ $this->range_id = $range_id; } if (!$this->range_id) $this->range_id=$user->id; if (get_object_type($this->range_id) == "user") { //load the global perms in the resources-system (check if the user ist resources-root) $this->resources_global_perm=getGlobalPerms($this->range_id); //load the global studip perms (check, if user id root) $this->user_global_perm=get_global_perm($this->range_id); if ($this->resources_global_perm == "admin") $global_perm="root"; else $global_perm=$this->user_global_perm; } //root or resoures root are able to see all resources (roots in tree) if ($global_perm == "root") { $query = "SELECT resource_id FROM resources_objects WHERE resource_id = root_id ORDER BY name"; $statement = DBManager::get()->query($query); while ($resource_id = $statement->fetchColumn()) { $this->my_roots[$resource_id] = $resource_id; } } else { $my_objects = search_administrable_objects(); $my_objects[$user->id] = TRUE; $my_objects["global"] = TRUE; //create the clause with all my id's $i=0; $clause = " ("; foreach ($my_objects as $key=>$val) { if ($i) $clause .= ", "; $clause .= "'$key'"; $i++; } $clause .= ") "; //all objects where I have owner perms... $query = "SELECT resource_id, parent_id, root_id, level FROM resources_objects WHERE owner_id IN (?) ORDER BY level DESC"; $statement = DBManager::get()->prepare($query); $statement->execute(array( array_keys($my_objects) )); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $my_resources[$row['resource_id']] = array( 'root_id' => $row['root_id'], 'parent_id' => $row['parent_id'], 'level' => $row['level'] ); $roots[$row['root_id']][] = $row['resource_id']; } //...and all objects where I have add perms... $query = "SELECT resource_id, parent_id, root_id, level FROM resources_user_resources LEFT JOIN resources_objects USING (resource_id) WHERE user_id IN ('all', ?) ORDER BY level DESC"; $statement = DBManager::get()->prepare($query); $statement->execute(array( array_keys($my_objects) )); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $my_resources[$row['resource_id']] = array( 'root_id' => $row['root_id'], 'parent_id' => $row['parent_id'], 'level' => $row['level'] ); $roots[$row['root_id']][] = $row['resource_id']; } if (is_array($my_resources)) { $query = "SELECT parent_id FROM resources_objects WHERE resource_id = ?"; $statement = DBManager::get()->prepare($query); foreach ($my_resources as $key => $val) { if (!$this->checked[$key]) { if (sizeof($roots[$val["root_id"]]) == 1) { $this->my_roots[$key] = $key; } else { //there are more than 2 resources in one thread... $statement->execute(array($key)); $superordinated_id = $statement->fetchColumn(); $statement->closeCursor(); $top = FALSE; $last_found = $key; while (!$top && $superordinated_id) { $statement->execute(array($superordinated_id)); $parent_id = $statement->fetchColumn(); $statement->closeCursor(); if ($my_resources[$superordinated_id]) { $checked[$last_found] = TRUE; $last_found = $superordinated_id; } $superordinated_id = $parent_id; if ($parent_id == "0") { $top = TRUE; } } $this->my_roots[$last_found] = $last_found; } } } } } }
function ResourceObjectPerms ($resource_id, $user_id='') { global $user, $perm; if ($user_id) $this->user_id=$user_id; else $this->user_id=$user->id; $this->resource_id=$resource_id; if (!$this->resource_id){ $this->perm = false; return; } $resObject = ResourceObject::Factory($this->resource_id); $is_room = $resObject->isRoom(); if ($is_room) { $inheritance = Config::get()->RESOURCES_INHERITANCE_PERMS_ROOMS; } else { $inheritance = Config::get()->RESOURCES_INHERITANCE_PERMS; } //check if user is root if ($perm->have_perm('root')) { $this->changePerm('admin'); } //check if resources admin elseif (getGlobalPerms($this->user_id) === 'admin') { $this->changePerm('admin'); } //check, if the resource is locked at the moment (only rooms!) if (($this->perm != "admin") && ($resObject->isLocked())) { $this->perm = FALSE; return; } //check if the user is owner of the object if ($this->perm != "admin") { $result = DBManager::get()->query("SELECT owner_id FROM resources_objects WHERE owner_id='$this->user_id' AND resource_id = '$this->resource_id' "); if ($result->fetch()) { $this->owner=TRUE; $this->changePerm("admin"); } else { $this->owner=FALSE; } } //else check all the other possibilities if ($this->perm != "admin") { $my_administrable_objects = search_administrable_objects(); //the administrative ones.... $my_objects=search_my_objects(); //...and the other, where the user is autor. $my_objects["all"] = TRUE; $my_objects = array_merge((array)$my_administrable_objects, (array)$my_objects); //check if one of my administrable (system) objects owner of the resourcen object, so that I am too... if (is_array($my_objects) && count($my_objects)){ $objects_sql = " ('" . join("','", array_keys($my_objects)) . "') "; $superordinated_id = $this->resource_id; $top=FALSE; while ((!$top) && ($k<10000) && ($superordinated_id)) { $result = DBManager::get()->query("SELECT owner_id, resource_id FROM resources_objects WHERE owner_id IN $objects_sql AND resource_id = '$superordinated_id' "); while ($data = $result->fetch(PDO::FETCH_ASSOC)) { if ($my_objects[$data['owner_id']]["perms"] == "admin"){ $this->changePerm("admin"); } else { switch ($inheritance) { case "1": $this->changePerm($my_objects[$data['owner_id']]["perms"]); break; default: case "2": $this->changePerm("autor"); break; } } if ($this->perm == "admin") break; } ++$k; if ($this->perm == "admin") break; //also check the additional perms... $result = DBManager::get()->query("SELECT user_id,perms FROM resources_user_resources WHERE user_id IN $objects_sql AND resource_id = '$superordinated_id' "); while ($data = $result->fetch(PDO::FETCH_ASSOC)){ $this->changePerm($data['perms']); if ($this->perm == "admin") break; } if ($this->perm == "admin") break; //select the next superordinated object $result = DBManager::get()->query("SELECT parent_id FROM resources_objects WHERE resource_id = '$superordinated_id'"); $data = $result->fetch(PDO::FETCH_ASSOC); $superordinated_id = $data['parent_id']; if ($data['parent_id'] == "0") $top = TRUE; } } } }
function showSearchForm($name, $search_string = '', $user_only = FALSE, $administrable_objects_only = FALSE, $admins = FALSE, $allow_all = FALSE, $sem = TRUE, $img_dir = "left") { $template = $GLOBALS['template_factory']->open('resources/search_form'); $template->set_attributes(compact(words('name search_string img_dir allow_all'))); if ($search_string) { if ($user_only) { //Nur in Personen suchen if ($admins) { //nur admins anzeigen $my_objects = search_admin_user($search_string); } else { //auch andere... } } else { if ($administrable_objects_only) { $my_objects = search_administrable_objects($search_string, FALSE, $sem); } else { //komplett in allen Objekten suchen $my_objects = search_objects($search_string, FALSE, $sem); } } // We need the results grouped by 'art' $temp = $my_objects ?: array(); $results = array(); foreach ($temp as $key => $val) { $art = $val['art'] ?: $val['name']; if (!isset($results[$art])) { $results[$art] = array(); } $results[$art][$key] = $val; } $template->results = $results; } echo $template->render(); }
function restore() { global $perm, $user; //if perm is root or resources admin, load all rooms/objects if (($perm->have_perm ("root")) || ($this->global_perms == "admin")) { //hier muss auch admin rein!! { if ($this->only_rooms) { $query = "SELECT resource_id, resources_objects.name FROM resources_categories LEFT JOIN resources_objects USING (category_id) WHERE resources_categories.is_room = 1 AND resource_id IS NOT NULL ORDER BY resources_objects.name"; } else { $query = "SELECT resource_id, resources_objects.name FROM resources_objects ORDER BY resources_objects.name"; } $statement = DBManager::get()->query($query); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $this->insertResource($row['resource_id'], $row['name']); } //if tutor, dozent or admin, load all the rooms of all his administrable objects } elseif ($perm->have_perm ("tutor")) { $my_objects=search_administrable_objects(); $my_objects[$this->user_id]=TRUE; $my_objects["all"]=TRUE; if (is_array($my_objects) && count($my_objects)){ $query = "SELECT is_room, resource_id, resources_objects.name, lockable FROM resources_objects LEFT JOIN resources_categories USING (category_id) WHERE owner_id IN (?)"; $statement = DBManager::get()->prepare($query); $statement->execute(array( array_keys($my_objects) )); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { if (!$this->only_rooms || ($this->only_rooms && $row['is_room'])) { $this->insertResource($row['resource_id'], $row['name'], $row['lockable']); } $my_resources[$row['resource_id']] = true; } $query = "SELECT is_room, resources_user_resources.resource_id, resources_objects.name, lockable FROM resources_user_resources INNER JOIN resources_objects USING (resource_id) LEFT JOIN resources_categories USING (category_id) WHERE resources_user_resources.user_id IN (?)"; $statement = DBManager::get()->prepare($query); $statement->execute(array( array_keys($my_objects) )); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { if (!isset($my_resources[$row['resource_id']])){ if (!$this->only_rooms || ($this->only_rooms && $row['is_room'])) { $this->insertResource($row['resource_id'], $row['name'], $row['lockable']); } $my_resources[$row['resource_id']] = true; } } if (is_array($my_resources)){ $this->walkThread(array_keys($my_resources)); } } } /* if (!$perm->have_perm("admin")) { $query = "SELECT resource_id FROM resources_objects WHERE owner_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_id)); while ($resource_id = $statement->fetchColumn()) { $this->walkThread($resource_id); } $query = "SELECT resource_id FROM resources_user_resources WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_id)); while ($resource_id = $statement->fetchColumn()) { $this->walkThread($resource_id); } } */ }