public function loadPermissionDurationObject($pdID)
{
if ($pdID > 0) {
$pd = PermissionDuration::getByID($pdID);
$this->duration = $pd;
}
}
public function getAllTimedAssignmentsForPage()
{
$db = Loader::db();
$assignments = array();
$r = $db->Execute('select peID, pkID, pdID from PagePermissionAssignments ppa inner join PermissionAccessList pal on ppa.paID = pal.paID where pdID > 0 and cID = ?', array($this->object->getCollectionID()));
while ($row = $r->FetchRow()) {
$pk = PagePermissionKey::getByID($row['pkID']);
$pae = PermissionAccessEntity::getByID($row['peID']);
$pd = PermissionDuration::getByID($row['pdID']);
$ppc = new PageContentPermissionTimedAssignment();
$ppc->setDurationObject($pd);
$ppc->setAccessEntityObject($pae);
$ppc->setPermissionKeyObject($pk);
$assignments[] = $ppc;
}
$r = $db->Execute('select arHandle from Areas where cID = ? and arOverrideCollectionPermissions = 1', array($this->object->getCollectionID()));
while ($row = $r->FetchRow()) {
$r2 = $db->Execute('select peID, pdID, pkID from AreaPermissionAssignments apa inner join PermissionAccessList pal on apa.paID = pal.paID where pdID > 0 and cID = ? and arHandle = ?', array($this->object->getCollectionID(), $row['arHandle']));
while ($row2 = $r2->FetchRow()) {
$pk = AreaPermissionKey::getByID($row2['pkID']);
$pae = PermissionAccessEntity::getByID($row2['peID']);
$area = Area::get($this->getPermissionObject(), $row['arHandle']);
$pk->setPermissionObject($area);
$pd = PermissionDuration::getByID($row2['pdID']);
$ppc = new PageContentPermissionTimedAssignment();
$ppc->setDurationObject($pd);
$ppc->setAccessEntityObject($pae);
$ppc->setPermissionKeyObject($pk);
$assignments[] = $ppc;
}
}
$r = $db->Execute('select peID, cvb.cvID, cvb.bID, pdID, pkID from BlockPermissionAssignments bpa
inner join PermissionAccessList pal on bpa.paID = pal.paID inner join CollectionVersionBlocks cvb on cvb.cID = bpa.cID and cvb.cvID = bpa.cvID and cvb.bID = bpa.bID
where pdID > 0 and cvb.cID = ? and cvb.cvID = ? and cvb.cbOverrideAreaPermissions = 1', array($this->object->getCollectionID(), $this->object->getVersionID()));
while ($row = $r->FetchRow()) {
$pk = BlockPermissionKey::getByID($row['pkID']);
$pae = PermissionAccessEntity::getByID($row['peID']);
$arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks where bID = ? and cvID = ? and cID = ?', array($row['bID'], $row['cvID'], $this->object->getCollectionID()));
$b = Block::getByID($row['bID'], $this->object, $arHandle);
$pk->setPermissionObject($b);
$pd = PermissionDuration::getByID($row['pdID']);
$ppc = new PageContentPermissionTimedAssignment();
$ppc->setDurationObject($pd);
$ppc->setAccessEntityObject($pae);
$ppc->setPermissionKeyObject($pk);
$assignments[] = $ppc;
}
return $assignments;
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$p = new Permissions();
if ($p->canAccessTaskPermissions()) {
if ($_REQUEST['task'] == 'add_access_entity' && Loader::helper("validation/token")->validate('add_access_entity')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
$pd = PermissionDuration::getByID($_REQUEST['pdID']);
$pa->addListITem($pe, $pd, $_REQUEST['accessType']);
}
if ($_REQUEST['task'] == 'remove_access_entity' && Loader::helper("validation/token")->validate('remove_access_entity')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
$pa->removeListItem($pe);
}
if ($_REQUEST['task'] == 'save_permission' && Loader::helper("validation/token")->validate('save_permission')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pa->save($_POST);
}
if ($_REQUEST['task'] == 'display_access_cell' && Loader::helper("validation/token")->validate('display_access_cell')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa));
}
}
public static function translateFromRequest()
{
$dt = Loader::helper('form/date_time');
$dateStart = $dt->translate('pdStartDate');
$dateEnd = $dt->translate('pdEndDate');
if ($dateStart || $dateEnd) {
// create a PermissionDuration object
if ($_REQUEST['pdID']) {
$pd = PermissionDuration::getByID($_REQUEST['pdID']);
} else {
$pd = new PermissionDuration();
}
if ($_REQUEST['pdStartDateAllDayActivate']) {
$pd->setStartDateAllDay(1);
$dateStart = date('Y-m-d 00:00:00', strtotime($dateStart));
} else {
$pd->setStartDateAllDay(0);
}
if ($_REQUEST['pdEndDateAllDayActivate']) {
$pd->setEndDateAllDay(1);
$dateEnd = date('Y-m-d 23:59:59', strtotime($dateEnd));
} else {
$pd->setEndDateAllDay(0);
}
$pd->setStartDate($dateStart);
$pd->setEndDate($dateEnd);
if ($_POST['pdRepeatPeriod'] && $_POST['pdRepeat']) {
$pd->setRepeatPeriod($_POST['pdRepeatPeriod']);
if ($_POST['pdRepeatPeriod'] == 'daily') {
$pd->setRepeatEveryNum($_POST['pdRepeatPeriodDaysEvery']);
} else {
if ($_POST['pdRepeatPeriod'] == 'weekly') {
$pd->setRepeatEveryNum($_POST['pdRepeatPeriodWeeksEvery']);
$pd->setRepeatPeriodWeekDays($_POST['pdRepeatPeriodWeeksDays']);
} else {
if ($_POST['pdRepeatPeriod'] == 'monthly') {
$pd->setRepeatMonthBy($_POST['pdRepeatPeriodMonthsRepeatBy']);
$pd->setRepeatEveryNum($_POST['pdRepeatPeriodMonthsEvery']);
}
}
}
$pd->setRepeatPeriodEnd($dt->translate('pdEndRepeatDateSpecific'));
} else {
$pd->setRepeatPeriod(false);
}
$pd->save();
} else {
unset($pd);
}
return $pd;
}
protected function setupFilePermissions()
{
$u = new User();
if ($this->permissionLevel == false || $u->isSuperUser()) {
return false;
}
$accessEntities = $u->getUserAccessEntityObjects();
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$db = Loader::db();
// figure out which sets can read files in, not read files in, and read only my files in.
$fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1');
$viewableSets = array(-1);
$nonviewableSets = array(-1);
$myviewableSets = array(-1);
$owpae = FileUploaderPermissionAccessEntity::getOrCreate();
if (count($fsIDs) > 0) {
$pk = PermissionKey::getByHandle($this->permissionLevel);
foreach ($fsIDs as $fsID) {
$fs = FileSet::getByID($fsID);
$pk->setPermissionObject($fs);
$list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
if (count($list) > 0) {
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$myviewableSets[] = $fs->getFileSetID();
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$viewableSets[] = $fs->getFileSetID();
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
} else {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
$fs = FileSet::getGlobal();
$fk = PermissionKey::getByHandle('search_file_set');
$fk->setPermissionObject($fs);
$accessEntities[] = $owpae;
$list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$valid = 'mine';
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_INCLUDE;
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_EXCLUDE;
}
}
}
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
if ($valid == 'mine') {
// this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)');
}
// this excludes all file that are found in sets that I can't find
$this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
$db = Loader::db();
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\'');
if ($this->permissionLevel == 'search_file_set') {
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\'');
} else {
$vpPKID = $vpvPKID;
}
$pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
$activePDIDs = array();
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
// exclude files where its overridden but I don't have the ability to read
$this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)");
// exclude detail files where read is excluded
$this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))");
}
/**
* Sets up a list to only return items the proper user can access
*/
public function setupPermissions()
{
$u = new User();
if ($u->isSuperUser() || $this->ignorePermissions) {
return;
// super user always sees everything. no need to limit
}
$accessEntities = $u->getUserAccessEntityObjects();
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$owpae = PageOwnerPermissionAccessEntity::getOrCreate();
// now we retrieve a list of permission duration object IDs that are attached view_page or view_page_version
// against any of these access entity objects. We just get'em all.
$db = Loader::db();
$activePDIDs = array();
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page\'');
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page_versions\'');
$pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
if ($this->includeAliases) {
$cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)';
} else {
$cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID';
}
if ($this->displayOnlyApprovedPages) {
$cvIsApproved = ' and cv.cvIsApproved = 1';
}
$uID = 0;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . " or ppa1.pkID = " . $vpvPKID . ")) > 0\n\t\t\tor (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . " or ppaExclude.pkID = " . $vpvPKID . ")) = 0)");
}
