/** * create shorcut(s) * @param object $p input params * @return json responce */ public function shortcut($p) { if (!$this->validateParams($p)) { return array('success' => false, 'msg' => L\get('ErroneousInputData')); } /* security checks */ foreach ($p['sourceIds'] as $sourceId) { if (!\CB\Security::canRead($sourceId)) { return array('success' => false, 'msg' => L\get('Access_denied')); } } if (!\CB\Security::canWrite($p['targetId'])) { return array('success' => false, 'msg' => L\get('Access_denied')); } $rez = array('success' => true, 'targetId' => $p['targetId'], 'processedIds' => array()); $shortcutObject = new Objects\Shortcut(); foreach ($p['sourceIds'] as $id) { $rez['processedIds'][] = $shortcutObject->create(array('id' => null, 'pid' => $p['targetId'], 'target_id' => $id)); } Solr\Client::runCron(); return $rez; }
/** * move an object to $pid or over $targetId * * we'll use the same principle as for copy * * @param int $pid if not specified then will be set to pid of targetId * @param int $targetId * @return int the id of moved object or false */ public function moveTo($pid = false, $targetId = false) { // check input params if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) { return false; } /* security check */ if (!\CB\Security::canRead($this->id)) { return false; } /* end of security check */ //load current object from db into a variable to be passed to log and events $this->oldObject = clone $this; $this->oldObject->load($this->id); if (is_numeric($targetId)) { /* target security check */ if (!\CB\Security::canWrite($targetId)) { return false; } /* end of target security check */ // marking overwriten object with dstatus = 3 DB\dbQuery('UPDATE tree SET updated = 1 ,dstatus = 3 ,did = $2 WHERE id = $1', array($targetId, $_SESSION['user']['id'])) or die(DB\dbQueryError()); //get pid from target if not specified $res = DB\dbQuery('SELECT pid FROM tree WHERE id = $1', $targetId) or die(DB\dbQueryError()); if ($r = $res->fetch_assoc()) { $pid = $r['pid']; } $res->close(); } else { /* pid security check */ if (!\CB\Security::canWrite($pid)) { return false; } /* end of pid security check */ } /* check again if we have pid set It can be unset when not existent $targetId is specified */ if (!is_numeric($pid)) { return false; } // moving the object to $pid DB\dbQuery('UPDATE tree SET updated = 1 ,pid = $2 WHERE id = $1', array($this->id, $pid)) or die(DB\dbQueryError()); $this->moveCustomDataTo($pid); // move childs from overwriten targetId (which has been marked with dstatus = 3) // to newly copied object if (is_numeric($targetId)) { DB\dbQuery('UPDATE tree SET updated = 1 ,pid = $2 WHERE pid = $1 AND dstatus = 0', array($targetId, $this->id)) or die(DB\dbQueryError()); } $this->load(); $this->logAction('move', array('old' => $this->oldObject)); return $this->id; }
/** * get objects acl list * @param $p client side request params with field config * @param boolean $inherited flag to include inherited rules also * @return array json responce */ public function getObjectAcl($p, $inherited = true) { $rez = array('success' => true, 'data' => array(), 'name' => ''); if (!is_numeric($p['id'])) { return $rez; } $id = $p['id']; if (empty($this->internalAccessing) && !Security::canRead($id)) { throw new \Exception(L\get('Access_denied')); } $obj = Objects::getCachedObject($id); $od = $obj->getData(); $rez['name'] = $obj->getHtmlSafeName(); $rez['inherit_acl'] = $od['inherit_acl']; /* set object title, path and inheriting access ids path*/ $objIds = array(); $res = DB\dbQuery('SELECT ti.`path` ,ts.`set` `obj_ids` FROM tree_info ti LEFT JOIN tree_acl_security_sets ts ON ti.security_set_id = ts.id WHERE ti.id = $1', $id); if ($r = $res->fetch_assoc()) { $objIds = explode(',', $r['obj_ids']); } $res->close(); /* end of set object title and path*/ /* get the full set of access credentials(users and/or groups) including inherited from parents */ $res = DB\dbQuery('SELECT DISTINCT u.id ,u.`name` ,u.`first_name` ,u.`last_name` ,u.`system` ,u.`enabled` ,u.`type` ,u.`sex` FROM tree_acl a JOIN users_groups u ON a.user_group_id = u.id WHERE a.node_id ' . ($inherited ? ' in (0' . implode(',', $objIds) . ')' : ' = $1 ') . ' ORDER BY u.`type`, 2', $id); while ($r = $res->fetch_assoc()) { $r['user_group_id'] = $r['id']; $r['name'] = User::getDisplayName($r); $r['iconCls'] = $r['type'] == 1 ? 'icon-users' : 'icon-user-' . $r['sex']; unset($r['sex']); $access = $this->getUserGroupAccessForObject($id, $r['id']); $r['allow'] = implode(',', $access[0]); $r['deny'] = implode(',', $access[1]); $rez['data'][] = $r; } $res->close(); /* end of get the full set of access credentials(users and/or groups) including inherited from parents */ return $rez; }
/** * add comments for an objects * @param array $p input params (id, msg) */ public function addComment($p) { $rez = array('success' => false); if (empty($p['id']) || !is_numeric($p['id']) || empty($p['msg'])) { $rez['msg'] = L\get('Wrong_input_data'); return $rez; } if (!Security::canRead($p['id'])) { throw new \Exception(L\get('Access_denied')); } $commentTemplates = Templates::getIdsByType('comment'); if (empty($commentTemplates)) { $rez['msg'] = 'No comment templates found'; return $rez; } $co = new Objects\Comment(); $data = array('pid' => $p['id'], 'draftId' => @$p['draftId'], 'template_id' => array_shift($commentTemplates), 'system' => 2, 'data' => array('_title' => $p['msg'])); $id = $co->create($data); Solr\Client::runCron(); return array('success' => true, 'data' => \CB\Objects\Plugins\Comments::loadComment($id)); }
/** * move an object to $pid or over $targetId * * we'll use the same principle as for copy * * @param int $pid if not specified then will be set to pid of targetId * @param int $targetId * @return int the id of moved object or false */ public function moveTo($pid = false, $targetId = false) { // check input params if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) { return false; } /* security check */ if (!\CB\Security::canRead($this->id)) { return false; } /* end of security check */ //load current object from db into a variable to be passed to log and events $this->oldObject = clone $this; $this->oldObject->load($this->id); if (is_numeric($targetId)) { /* target security check */ if (!\CB\Security::canWrite($targetId)) { return false; } /* end of target security check */ // marking overwriten object with dstatus = 3 DM\Tree::update(array('id' => $targetId, 'updated' => 1, 'dstatus' => 3, 'did' => User::getId())); $r = DM\Tree::read($targetId); if (!empty($r)) { $pid = $r['pid']; } } else { /* pid security check */ if (!\CB\Security::canWrite($pid)) { return false; } /* end of pid security check */ } /* check again if we have pid set It can be unset when not existent $targetId is specified */ if (!is_numeric($pid)) { return false; } // moving the object to $pid DM\Tree::update(array('id' => $this->id, 'pid' => $pid, 'updated' => 1)); $this->moveCustomDataTo($pid); // move childs from overwriten targetId (which has been marked with dstatus = 3) // to newly copied object if (is_numeric($targetId)) { DM\Tree::moveActiveChildren($targetId, $this->id); } $this->load(); $this->logAction('move', array('old' => $this->oldObject)); return $this->id; }
/** * get objects acl list * @param $p client side request params with field config * @param boolean $inherited flag to include inherited rules also * @return array json responce */ public function getObjectAcl($p, $inherited = true) { $rez = array('success' => true, 'data' => array(), 'name' => ''); if (!is_numeric($p['id'])) { return $rez; } if (empty($this->internalAccessing) && !Security::canRead($p['id'])) { throw new \Exception(L\get('Access_denied')); } /* set object title, path and inheriting access ids path*/ $obj_ids = array(); $res = DB\dbQuery('SELECT ti.`path` ,t.name ,t.inherit_acl ,ts.`set` `obj_ids` FROM tree t JOIN tree_info ti ON t.id = ti.id LEFT JOIN tree_acl_security_sets ts ON ti.security_set_id = ts.id WHERE t.id = $1', $p['id']) or die(DB\dbQueryError()); if ($r = $res->fetch_assoc()) { $rez['path'] = Path::replaceCustomNames($r['path']); $rez['name'] = Path::replaceCustomNames($r['name']); $rez['inherit_acl'] = $r['inherit_acl']; $obj_ids = explode(',', $r['obj_ids']); } $res->close(); /* end of set object title and path*/ /* get the full set of access credentials(users and/or groups) including inherited from parents */ $lid = Config::get('user_language_index', 1); $res = DB\dbQuery('SELECT DISTINCT u.id , u.l' . $lid . ' `name` , u.`system` , u.`enabled` , u.`type` , u.`sex` FROM tree_acl a JOIN users_groups u ON a.user_group_id = u.id WHERE a.node_id ' . ($inherited ? ' in (0' . implode(',', $obj_ids) . ')' : ' = $1 ') . ' ORDER BY u.`type`, 2', $p['id']) or die(DB\dbQueryError()); while ($r = $res->fetch_assoc()) { $r['user_group_id'] = $r['id']; $r['iconCls'] = $r['type'] == 1 ? 'icon-users' : 'icon-user-' . $r['sex']; unset($r['sex']); $access = $this->getUserGroupAccessForObject($p['id'], $r['id']); $r['allow'] = implode(',', $access[0]); $r['deny'] = implode(',', $access[1]); $rez['data'][] = $r; } $res->close(); /* end of get the full set of access credentials(users and/or groups) including inherited from parents */ return $rez; }