/** * Check if comment public or limited public status was changed. Limited public status is like community or protected. * * @return boolean false if status was not changed or neither the previous nor current status is public or limited public, true otherwise */ function check_publish_status_changed() { if (!isset($this->previous_status) || $this->previous_status == $this->status) { // Status was not changed return false; } $previous_status_permvalue = get_status_permvalue($this->previous_status); $current_status_permvalue = get_status_permvalue($this->status); $published_statuses_permvalue = get_status_permvalue('published_statuses'); if ($current_status_permvalue & $published_statuses_permvalue) { // status has been changed to another public or limited public status return true; } if ($previous_status_permvalue & $published_statuses_permvalue) { // srevious status was public or limited public status, but current status is not return true; } // This comment was not publsihed before and it is not published now either return false; }
/** * Get perm post/comment statuses for a user or group * * @param object db row * @param string the prefix of the db row: 'bloguser_' or 'bloggroup_' * @param string current perm status * @param string the title of the chekbox * @param string the type of the permission: 'post' or 'comment' */ function coll_perm_status_checkbox($row, $prefix, $perm_status, $title, $type) { global $edited_Blog, $permission_to_change_admin; $row_id_coll = get_id_coll_from_prefix($prefix); $default_status = NULL; switch ($type) { case 'post': $perm_statuses = 'perm_poststatuses'; $type_param = ''; break; case 'comment': $perm_statuses = 'perm_cmtstatuses'; if (!check_default_create_comment_perm($row->{$perm_statuses})) { // Doesn't have at least as high comment create permission as anonymous users have $default_status = $edited_Blog->get_setting('new_feedback_status'); } $type_param = 'cmt_'; break; default: debug_die('Invalid $type param on advanced perms form!'); } $r = '<input type="checkbox"'; if (!empty($id)) { $r .= ' id="' . $id . '"'; } $r .= ' name="blog_perm_' . $perm_status . '_' . $type_param . $row->{$row_id_coll} . '"'; if ($prefix == 'bloguser_' && $edited_Blog->owner_user_ID == $row->user_ID) { // Collection owner has the permissions to edit all item/comment statuses by default $r .= ' checked="checked" disabled="disabled"'; } else { // Not owner if (get_status_permvalue($perm_status) & $row->{$perm_statuses}) { $r .= ' checked="checked"'; } if (!$permission_to_change_admin && $row->{$prefix . 'perm_admin'}) { $r .= ' disabled="disabled"'; } } if ($perm_status == $default_status) { $title .= "\n" . T_('Note: Anonymous users may create comments with this status. You will probably want to give the same permission to this user/group.'); } $r .= ' class="checkbox" value="1" title="' . $title . '" />'; if ($perm_status == $default_status) { // This is the default comment status checkbox, and user has no permission to create comment with this status ( like anonymous users ) or a higher status $r = '<span class="red-bordered-checkbox">' . $r . '</span>'; } return $r; }
/** * Check if the user has the given role in any blog * * @param string role name, available values ( post_owner, moderator ) * @return mixed NULL if the given roll name is not defined or there are no blogs, true if the user is super admin, 0 if the user doesn't have the given role, positive number otherwise */ function check_role($rolename) { global $DB; if ($this->check_perm('blogs', 'editall')) { // if user has global editall blogs permission then it has any kind of role in all blogs return true; } switch ($rolename) { case 'post_owner': // User is considerated as a post owner, if already has at least one post, or he has right to create posts if ($this->get_num_posts() > 0) { // User already has at least one post return true; } $role_conditions = array('perm_poststatuses' => array('IS NOT NULL', '<> ""')); break; case 'member': // User has member role if is member of at least one blog $role_conditions = array('ismember' => array('IS NOT NULL', '<> 0')); break; case 'comment_editor': // User has permission to edit some other users comments at least in one status $role_conditions = array('perm_edit_cmt' => array('IS NOT NULL', '<> "no"', '<> "own"'), 'perm_cmtstatuses' => array('IS NOT NULL', '<> 0')); break; case 'comment_moderator': // set comment moderator perm names $edit_perm_name = 'perm_edit_cmt'; $statuses_perm_name = 'perm_cmtstatuses'; case 'post_moderator': if ($rolename == 'post_moderator') { // set post moderator perm names $edit_perm_name = 'perm_edit'; $statuses_perm_name = 'perm_poststatuses'; } // User is a moderator if has moderator permission at least in one blog // A moderator must have permissions to create post/comment with at least two statuses from moderation statuses + published status $check_statuses = get_visibility_statuses('moderation'); // Create addition of statuses perm values $perms_value = get_status_permvalue('published'); foreach ($check_statuses as $status) { $perms_value = $perms_value + get_status_permvalue($status); } // Check if user has permission to edit other comments than his own and has create permission on at least two statuses defined above $role_conditions = array($edit_perm_name => array('IS NOT NULL', '<> "no"', '<> "own"'), $statuses_perm_name => array('IS NOT NULL', 'BIT_COUNT( $perm_field$ & ' . $perms_value . ' ) > 1')); break; default: // roll with the given roll name is not defined return NULL; } $where_clause = ''; $perm_prefixes = array('bloguser_', 'bloggroup_'); foreach ($perm_prefixes as $prefix) { // Check requred perms on blogusers and bloggroups as well $where_part = ''; foreach ($role_conditions as $perm_name => $conditions) { // Go through each required permission $perm_field = $prefix . $perm_name; foreach ($conditions as $condition) { // Check all defined conditions and join with 'AND' operator if (strpos($condition, '$perm_field$') !== false) { // The $perm_filed must be replaced in the middle of the condition $where_part .= '( ' . str_replace('$perm_field$', $perm_field, $condition) . ' ) AND '; } else { // The $perm_filed must be added into the beginning of the condition $where_part .= '( ' . $perm_field . ' ' . $condition . ' ) AND '; } } } // Remove the last ' AND ' from the end of this where clause part $where_part = substr($where_part, 0, strlen($where_part) - 5); // Add the created conditions to the final where clause $where_clause .= '( ' . $where_part . ' )'; if ($prefix != 'bloggroup_') { // 'bloggroup_' perm check is the last, but everywhere else we need an 'OR' operator $where_clause .= ' OR '; } } // Count blog ids where this user has the required permissions for the given role $SQL = new SQL(); $SQL->SELECT('count( blog_ID )'); $SQL->FROM('T_blogs'); $SQL->FROM_add('LEFT JOIN T_coll_user_perms ON (blog_advanced_perms <> 0 AND blog_ID = bloguser_blog_ID AND bloguser_user_ID = ' . $this->ID . ' )'); $SQL->FROM_add('LEFT JOIN T_coll_group_perms ON (blog_advanced_perms <> 0 AND blog_ID = bloggroup_blog_ID AND bloggroup_group_ID = ' . $this->grp_ID . ' )'); $SQL->WHERE('blog_owner_user_ID = ' . $this->ID); $SQL->WHERE_or($where_clause); return $DB->get_var($SQL->get(), 0, NULL, 'Check user role in all blogs'); }
$cmt_count = 0; foreach ($comments_map[$blog_ID] as $status => $content) { $status_perm_value = get_status_permvalue($status); if ($perms['perm_statuses'] & $status_perm_value) { // User has permission to edit comments with this status // TODO asimo> Here probably we should also check if user is able to deprecate/recycle the comment. // Check if User has permission to raise comment status $ordered_statuses = get_visibility_statuses('ordered-index'); $raise_status_allowed = false; $current_status_found = false; foreach ($ordered_statuses as $ordered_status => $order_index) { if ($ordered_status == $status) { $current_status_found = true; } elseif ($current_status_found && $order_index !== 0) { // This is a higher status then the currently checked status $ordered_status_perm_value = get_status_permvalue($ordered_status); if ($perms['perm_statuses'] & $ordered_status_perm_value) { // User has permission to a higher status, so the comment status can be raised $raise_status_allowed = true; break; } } } if (!$raise_status_allowed) { // User is not allowed to raise these comment statuses continue; } // Check if the comment author level allows the edit permission foreach ($content as $level => $count) { switch ($perms['perm_edit']) { case 'all':
/** * Provide link to publish a post to the highest available public status for the current User * * @param $params * @return boolean true if link was displayed false otherwise */ function highest_publish_link($params = array()) { global $current_User, $admin_url; if (!is_logged_in(false)) { return false; } $params = array_merge(array('before' => '', 'after' => '', 'text' => '#', 'before_text' => '', 'after_text' => '', 'title' => '', 'class' => '', 'glue' => '&', 'save_context' => true, 'redirect_to' => ''), $params); $curr_status_permvalue = get_status_permvalue($this->status); // get the current User highest publish status for this item Blog list($highest_status, $publish_text) = get_highest_publish_status('post', $this->get_blog_ID()); // Get binary value of the highest available status $highest_status_permvalue = get_status_permvalue($highest_status); if ($curr_status_permvalue >= $highest_status_permvalue || $highest_status_permvalue <= get_status_permvalue('private')) { // Current User has no permission to change this comment status to a more public status return false; } if (!$current_User->check_perm('item_post!' . $highest_status, 'edit', false, $this)) { // User has no right to edit this post return false; } $glue = $params['glue']; $text = $params['text'] == '#' ? $publish_text : $params['text']; $r = $params['before']; $r .= '<a href="' . $admin_url . '?ctrl=items' . $glue . 'action=publish' . $glue . 'post_status=' . $highest_status . $glue . 'post_ID=' . $this->ID . $glue . url_crumb('item'); if ($params['redirect_to']) { $r .= $glue . 'redirect_to=' . rawurlencode($params['redirect_to']); } elseif ($params['save_context']) { $r .= $glue . 'redirect_to=' . rawurlencode(regenerate_url('', '', '', '&')); } $r .= '" title="' . $params['title'] . '"'; if (!empty($params['class'])) { $r .= ' class="' . $params['class'] . '"'; } $r .= '>' . $params['before_text'] . $text . $params['after_text'] . '</a>'; $r .= $params['after']; echo $r; return true; }
/** * Create comment form submit buttons * * Note: Publsih in only displayed when comment is in draft status * * @param $Form * @param $edited_Comment * */ function echo_comment_buttons($Form, $edited_Comment) { global $Blog, $current_User, $highest_publish_status; // ---------- SAVE ------------ $Form->submit(array('actionArray[update]', T_('Save!'), 'SaveButton')); // ---------- PUBLISH --------- list($highest_publish_status, $publish_text) = get_highest_publish_status('comment', $Blog->ID); $current_status_value = get_status_permvalue($edited_Comment->status); $highest_status_value = get_status_permvalue($highest_publish_status); $Form->hidden('publish_status', $highest_publish_status); if ($current_status_value < $highest_status_value && $highest_publish_status != 'draft' && $current_User->check_perm('comment!' . $highest_publish_status, 'edit', false, $edited_Comment)) { // User may publish this comment with a "more public" status $publish_style = 'display: inline'; } else { $publish_style = 'display: none'; } $Form->submit(array('actionArray[update_publish]', $publish_text, 'SaveButton', '', $publish_style)); }
/** * Check blog advanced user/group permission * * @param array blog user or group advanced permission settings * @param integer the user ID for whow we are checking the permission * @param string permission name * @param string permission level * @param Object permission target which can be a Comment or an Item depends from the permission what we are checking * @return boolean true if checked User/Group has permission, false otherwise */ function check_blog_advanced_perm(&$blog_perms, $user_ID, $permname, $permlevel, $perm_target = NULL) { if (empty($blog_perms)) { return false; } // Check if permission is granted: switch ($permname) { case 'stats': // Wiewing stats is the same perm as being authorized to edit properties: (TODO...) if ($permlevel == 'view') { return $blog_perms['blog_properties']; } // No other perm can be granted here (TODO...) return false; case 'blog_post_statuses': // We grant this permission only if user has rights to create posts with any status different then 'deprecated' or 'redirected' $deprecated_value = get_status_permvalue('deprecated'); $redirected_value = get_status_permvalue('redirected'); return (~($deprecated_value + $redirected_value) & $blog_perms['blog_post_statuses']) > 0; case 'blog_comment_statuses': // We grant this permission only if user has rights to create comments with any status different then 'deprecated' $deprecated_value = get_status_permvalue('deprecated'); return (~$deprecated_value & $blog_perms['blog_cmt_statuses']) > 0; case 'blog_comments': $edit_permname = 'blog_edit_cmt'; $perm = $blog_perms['blog_cmt_statuses'] > 0; break; case 'blog_post!published': case 'blog_post!community': case 'blog_post!protected': case 'blog_post!private': case 'blog_post!review': case 'blog_post!draft': case 'blog_post!deprecated': case 'blog_post!redirected': // We want a specific post permission: $status = substr($permname, 10); $edit_permname = 'blog_edit'; $perm_statuses_value = $blog_perms['blog_post_statuses']; if (!empty($perm_target)) { $Item =& $perm_target; $creator_user_ID = $Item->creator_user_ID; } $perm = $perm_statuses_value & get_status_permvalue($status); break; case 'blog_comment!published': case 'blog_comment!community': case 'blog_comment!protected': case 'blog_comment!private': case 'blog_comment!review': case 'blog_comment!draft': case 'blog_comment!deprecated': // We want a specific comment permission: $status = substr($permname, 13); $edit_permname = 'blog_edit_cmt'; $perm_statuses_value = $blog_perms['blog_cmt_statuses']; if (!empty($perm_target)) { $Comment =& $perm_target; $creator_user_ID = $Comment->author_user_ID; } $perm = $perm_statuses_value & get_status_permvalue($status); break; case 'files': switch ($permlevel) { case 'add': return $blog_perms['blog_media_upload']; case 'view': return $blog_perms['blog_media_browse']; case 'edit': return $blog_perms['blog_media_change']; default: return false; } break; case 'blog_edit': case 'blog_edit_cmt': if ($permlevel == 'no') { // Doesn't make sensce to check that the user has at least 'no' permission debug_die('Invalid edit pemlevel!'); } $edit_permvalue = $blog_perms[$permname]; switch ($edit_permvalue) { case 'all': return true; case 'le': return $permlevel != 'all'; case 'lt': return $permlevel != 'all' && $permlevel != 'le'; case 'anon': return $permlevel == 'anon' || $permlevel == 'own'; case 'own': return $permlevel == 'own'; default: return false; } default: return $blog_perms[$permname]; } // TODO: the following probably should be handled by the Item class! if ($perm && ($permlevel == 'edit' || $permlevel == 'moderate') && (!empty($creator_user_ID) || !empty($Comment))) { // Can we edit this specific Item/Comment? $edit_permvalue = $blog_perms[$edit_permname]; switch ($edit_permvalue) { case 'own': // Own posts/comments only: return $creator_user_ID == $user_ID; case 'lt': // Own + Lower level posts only: // Own + Lower level posts only: case 'le': // Own + Lower or equal level posts only: if (empty($creator_user_ID) || $creator_user_ID == $user_ID) { // allow if the comment creator is not registered or it is the current User return true; } $UserCache =& get_UserCache(); // Get creator User $creator_User =& $UserCache->get_by_ID($creator_user_ID, false, false); // Get user for who we are checking this permission $User =& $UserCache->get_by_ID($user_ID, false, false); return $creator_User && $User && ($creator_User->level < $User->level || $edit_permvalue == 'le' && $creator_User->level == $User->level); case 'anon': // Anonymous comment or own comment ( This perm value may have only for comments ) return empty($creator_user_ID) || $creator_user_ID == $user_ID; case 'all': return true; case 'no': default: return false; } } if ($perm && $permlevel == 'edit' && empty($creator_user_ID)) { return $blog_perms[$edit_permname] != 'no'; } if ($perm && $permlevel == 'moderate' && empty($creator_user_ID)) { // check moderator rights return in_array($blog_perms[$edit_permname], array('anon', 'lt', 'le', 'all')); } return $perm; }
/** * Update the advanced user/group permissions for edited blog * * @param int Blog ID * @param string 'user' or 'group' */ function blog_update_perms($blog, $context = 'user') { global $DB; /** * @var User */ global $current_User; if ($context == 'user') { $table = 'T_coll_user_perms'; $prefix = 'bloguser_'; $ID_field = 'bloguser_user_ID'; } else { $table = 'T_coll_group_perms'; $prefix = 'bloggroup_'; $ID_field = 'bloggroup_group_ID'; } // Get affected user/group IDs: $IDs = param($context . '_IDs', '/^[0-9]+(,[0-9]+)*$/', ''); $ID_array = explode(',', $IDs); // pre_dump( $ID_array ); // Can the current user touch advanced admin permissions? if (!$current_User->check_perm('blog_admin', 'edit', false, $blog)) { // We have no permission to touch advanced admins! // echo 'restrict'; // Get the users/groups which are adavnced admins $admins_ID_array = $DB->get_col("SELECT {$ID_field}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM {$table}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE {$ID_field} IN (" . implode(',', $ID_array) . ")\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}blog_ID = {$blog}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}perm_admin <> 0"); // Take the admins out of the list: $ID_array = array_diff($ID_array, $admins_ID_array); // pre_dump( $ID_array ); } // else echo 'adv admin'; if (empty($ID_array)) { return; } // Delete old perms for this blog: $DB->query("DELETE FROM {$table}\n\t\t\t\t\t\t\t\tWHERE {$ID_field} IN (" . implode(',', $ID_array) . ")\n\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}blog_ID = " . $blog); $inserted_values = array(); foreach ($ID_array as $loop_ID) { // Check new permissions for each user: // echo "<br/>getting perms for $ID_field : $loop_ID <br />"; // Use checkboxes $perm_post = array(); $ismember = param('blog_ismember_' . $loop_ID, 'integer', 0); $perm_published = param('blog_perm_published_' . $loop_ID, 'string', ''); if (!empty($perm_published)) { $perm_post[] = 'published'; } $perm_community = param('blog_perm_community_' . $loop_ID, 'string', ''); if (!empty($perm_community)) { $perm_post[] = 'community'; } $perm_protected = param('blog_perm_protected_' . $loop_ID, 'string', ''); if (!empty($perm_protected)) { $perm_post[] = 'protected'; } $perm_private = param('blog_perm_private_' . $loop_ID, 'string', ''); if (!empty($perm_private)) { $perm_post[] = 'private'; } $perm_review = param('blog_perm_review_' . $loop_ID, 'string', ''); if (!empty($perm_review)) { $perm_post[] = 'review'; } $perm_draft = param('blog_perm_draft_' . $loop_ID, 'string', ''); if (!empty($perm_draft)) { $perm_post[] = 'draft'; } $perm_deprecated = param('blog_perm_deprecated_' . $loop_ID, 'string', ''); if (!empty($perm_deprecated)) { $perm_post[] = 'deprecated'; } $perm_redirected = param('blog_perm_redirected_' . $loop_ID, 'string', ''); if (!empty($perm_redirected)) { $perm_post[] = 'redirected'; } $perm_page = param('blog_perm_page_' . $loop_ID, 'integer', 0); $perm_intro = param('blog_perm_intro_' . $loop_ID, 'integer', 0); $perm_podcast = param('blog_perm_podcast_' . $loop_ID, 'integer', 0); $perm_sidebar = param('blog_perm_sidebar_' . $loop_ID, 'integer', 0); $perm_edit = param('blog_perm_edit_' . $loop_ID, 'string', 'no'); $perm_delpost = param('blog_perm_delpost_' . $loop_ID, 'integer', 0); $perm_edit_ts = param('blog_perm_edit_ts_' . $loop_ID, 'integer', 0); $perm_delcmts = param('blog_perm_delcmts_' . $loop_ID, 'integer', 0); $perm_recycle_owncmts = param('blog_perm_recycle_owncmts_' . $loop_ID, 'integer', 0); $perm_vote_spam_comments = param('blog_perm_vote_spam_cmts_' . $loop_ID, 'integer', 0); $perm_cmtstatuses = 0; $perm_cmtstatuses += param('blog_perm_published_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('published') : 0; $perm_cmtstatuses += param('blog_perm_community_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('community') : 0; $perm_cmtstatuses += param('blog_perm_protected_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('protected') : 0; $perm_cmtstatuses += param('blog_perm_private_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('private') : 0; $perm_cmtstatuses += param('blog_perm_review_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('review') : 0; $perm_cmtstatuses += param('blog_perm_draft_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('draft') : 0; $perm_cmtstatuses += param('blog_perm_deprecated_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('deprecated') : 0; $perm_edit_cmt = param('blog_perm_edit_cmt_' . $loop_ID, 'string', 'no'); $perm_cats = param('blog_perm_cats_' . $loop_ID, 'integer', 0); $perm_properties = param('blog_perm_properties_' . $loop_ID, 'integer', 0); if ($current_User->check_perm('blog_admin', 'edit', false, $blog)) { // We have permission to give advanced admins perm! $perm_admin = param('blog_perm_admin_' . $loop_ID, 'integer', 0); } else { $perm_admin = 0; } $perm_media_upload = param('blog_perm_media_upload_' . $loop_ID, 'integer', 0); $perm_media_browse = param('blog_perm_media_browse_' . $loop_ID, 'integer', 0); $perm_media_change = param('blog_perm_media_change_' . $loop_ID, 'integer', 0); // Update those permissions in DB: if ($ismember || count($perm_post) || $perm_delpost || $perm_edit_ts || $perm_delcmts || $perm_recycle_owncmts || $perm_vote_spam_comments || $perm_cmtstatuses || $perm_cats || $perm_properties || $perm_admin || $perm_media_upload || $perm_media_browse || $perm_media_change) { // There are some permissions for this user: $ismember = 1; // Must have this permission // insert new perms: $inserted_values[] = " ( {$blog}, {$loop_ID}, {$ismember}, " . $DB->quote(implode(',', $perm_post)) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . $DB->quote($perm_edit) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_delpost}, {$perm_edit_ts}, {$perm_delcmts}, {$perm_recycle_owncmts}, {$perm_vote_spam_comments}, {$perm_cmtstatuses},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . $DB->quote($perm_edit_cmt) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_cats}, {$perm_properties}, {$perm_admin}, {$perm_media_upload},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_media_browse}, {$perm_media_change}, {$perm_page},\t{$perm_intro}, {$perm_podcast},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_sidebar} )"; } } // Proceed with insertions: if (count($inserted_values)) { $DB->query("INSERT INTO {$table}( {$prefix}blog_ID, {$ID_field}, {$prefix}ismember,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_poststatuses, {$prefix}perm_edit, {$prefix}perm_delpost, {$prefix}perm_edit_ts,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_delcmts, {$prefix}perm_recycle_owncmts, {$prefix}perm_vote_spam_cmts, {$prefix}perm_cmtstatuses, {$prefix}perm_edit_cmt,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_cats, {$prefix}perm_properties, {$prefix}perm_admin,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_media_upload, {$prefix}perm_media_browse, {$prefix}perm_media_change,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_page, {$prefix}perm_intro, {$prefix}perm_podcast, {$prefix}perm_sidebar )\n\t\t\t\t\t\t\t\t\tVALUES " . implode(',', $inserted_values)); } }
/** * Update the advanced user/group permissions for edited blog * * @param int Blog ID * @param string 'user' or 'group' */ function blog_update_perms($blog, $context = 'user') { global $DB; /** * @var User */ global $current_User; if ($context == 'user') { $table = 'T_coll_user_perms'; $prefix = 'bloguser_'; $ID_field = 'bloguser_user_ID'; } else { $table = 'T_coll_group_perms'; $prefix = 'bloggroup_'; $ID_field = 'bloggroup_group_ID'; } // Get affected user/group IDs: $IDs = param($context . '_IDs', '/^[0-9]+(,[0-9]+)*$/', ''); $ID_array = explode(',', $IDs); // Can the current user touch advanced admin permissions? if (!$current_User->check_perm('blog_admin', 'edit', false, $blog)) { // We have no permission to touch advanced admins! // Get the users/groups which are advanced admins $admins_ID_array = $DB->get_col("SELECT {$ID_field}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM {$table}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE {$ID_field} IN (" . implode(',', $ID_array) . ")\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}blog_ID = {$blog}\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}perm_admin <> 0"); // Take the admins out of the list: $ID_array = array_diff($ID_array, $admins_ID_array); } if (empty($ID_array)) { return; } // Delete old perms for this blog: $DB->query("DELETE FROM {$table}\n\t\t\t\t\t\t\t\tWHERE {$ID_field} IN (" . implode(',', $ID_array) . ")\n\t\t\t\t\t\t\t\t\t\t\tAND {$prefix}blog_ID = " . $blog); $inserted_values = array(); foreach ($ID_array as $loop_ID) { // Check new permissions for each user: // Use checkboxes $perm_post = array(); $ismember = param('blog_ismember_' . $loop_ID, 'integer', 0); $can_be_assignee = param('blog_can_be_assignee_' . $loop_ID, 'integer', 0); $perm_published = param('blog_perm_published_' . $loop_ID, 'string', ''); if (!empty($perm_published)) { $perm_post[] = 'published'; } $perm_community = param('blog_perm_community_' . $loop_ID, 'string', ''); if (!empty($perm_community)) { $perm_post[] = 'community'; } $perm_protected = param('blog_perm_protected_' . $loop_ID, 'string', ''); if (!empty($perm_protected)) { $perm_post[] = 'protected'; } $perm_private = param('blog_perm_private_' . $loop_ID, 'string', ''); if (!empty($perm_private)) { $perm_post[] = 'private'; } $perm_review = param('blog_perm_review_' . $loop_ID, 'string', ''); if (!empty($perm_review)) { $perm_post[] = 'review'; } $perm_draft = param('blog_perm_draft_' . $loop_ID, 'string', ''); if (!empty($perm_draft)) { $perm_post[] = 'draft'; } $perm_deprecated = param('blog_perm_deprecated_' . $loop_ID, 'string', ''); if (!empty($perm_deprecated)) { $perm_post[] = 'deprecated'; } $perm_redirected = param('blog_perm_redirected_' . $loop_ID, 'string', ''); if (!empty($perm_redirected)) { $perm_post[] = 'redirected'; } $perm_item_type = param('blog_perm_item_type_' . $loop_ID, 'string', 'standard'); $perm_edit = param('blog_perm_edit_' . $loop_ID, 'string', 'no'); $perm_delpost = param('blog_perm_delpost_' . $loop_ID, 'integer', 0); $perm_edit_ts = param('blog_perm_edit_ts_' . $loop_ID, 'integer', 0); $perm_delcmts = param('blog_perm_delcmts_' . $loop_ID, 'integer', 0); $perm_recycle_owncmts = param('blog_perm_recycle_owncmts_' . $loop_ID, 'integer', 0); $perm_vote_spam_comments = param('blog_perm_vote_spam_cmts_' . $loop_ID, 'integer', 0); $perm_cmtstatuses = 0; $perm_cmtstatuses += param('blog_perm_published_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('published') : 0; $perm_cmtstatuses += param('blog_perm_community_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('community') : 0; $perm_cmtstatuses += param('blog_perm_protected_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('protected') : 0; $perm_cmtstatuses += param('blog_perm_private_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('private') : 0; $perm_cmtstatuses += param('blog_perm_review_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('review') : 0; $perm_cmtstatuses += param('blog_perm_draft_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('draft') : 0; $perm_cmtstatuses += param('blog_perm_deprecated_cmt_' . $loop_ID, 'integer', 0) ? get_status_permvalue('deprecated') : 0; $perm_edit_cmt = param('blog_perm_edit_cmt_' . $loop_ID, 'string', 'no'); $perm_cats = param('blog_perm_cats_' . $loop_ID, 'integer', 0); $perm_properties = param('blog_perm_properties_' . $loop_ID, 'integer', 0); if ($current_User->check_perm('blog_admin', 'edit', false, $blog)) { // We have permission to give advanced admins perm! $perm_admin = param('blog_perm_admin_' . $loop_ID, 'integer', 0); } else { $perm_admin = 0; } $perm_media_upload = param('blog_perm_media_upload_' . $loop_ID, 'integer', 0); $perm_media_browse = param('blog_perm_media_browse_' . $loop_ID, 'integer', 0); $perm_media_change = param('blog_perm_media_change_' . $loop_ID, 'integer', 0); // Update those permissions in DB: if ($ismember || $can_be_assignee || count($perm_post) || $perm_delpost || $perm_edit_ts || $perm_delcmts || $perm_recycle_owncmts || $perm_vote_spam_comments || $perm_cmtstatuses || $perm_cats || $perm_properties || $perm_admin || $perm_media_upload || $perm_media_browse || $perm_media_change) { // There are some permissions for this user: $ismember = 1; // Must have this permission // insert new perms: $inserted_values[] = " ( {$blog}, {$loop_ID}, {$ismember}, {$can_be_assignee}, " . $DB->quote(implode(',', $perm_post)) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . $DB->quote($perm_item_type) . ", " . $DB->quote($perm_edit) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_delpost}, {$perm_edit_ts}, {$perm_delcmts}, {$perm_recycle_owncmts}, {$perm_vote_spam_comments}, {$perm_cmtstatuses},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . $DB->quote($perm_edit_cmt) . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_cats}, {$perm_properties}, {$perm_admin}, {$perm_media_upload},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$perm_media_browse}, {$perm_media_change} )"; } } // Proceed with insertions: if (count($inserted_values)) { $DB->query("INSERT INTO {$table}( {$prefix}blog_ID, {$ID_field}, {$prefix}ismember, {$prefix}can_be_assignee,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_poststatuses, {$prefix}perm_item_type, {$prefix}perm_edit, {$prefix}perm_delpost, {$prefix}perm_edit_ts,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_delcmts, {$prefix}perm_recycle_owncmts, {$prefix}perm_vote_spam_cmts, {$prefix}perm_cmtstatuses, {$prefix}perm_edit_cmt,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_cats, {$prefix}perm_properties, {$prefix}perm_admin,\n\t\t\t\t\t\t\t\t\t\t\t{$prefix}perm_media_upload, {$prefix}perm_media_browse, {$prefix}perm_media_change )\n\t\t\t\t\t\t\t\t\tVALUES " . implode(',', $inserted_values)); } // Unassign users from the items of the blog $DB->query('UPDATE T_items__item SET post_assigned_user_ID = NULL WHERE post_main_cat_ID IN ( SELECT cat_ID FROM T_categories WHERE cat_blog_ID = ' . $DB->quote($blog) . ' ) AND post_assigned_user_ID NOT IN ( SELECT bloguser_user_ID FROM T_coll_user_perms WHERE bloguser_can_be_assignee = 1 AND bloguser_blog_ID = ' . $DB->quote($blog) . ' ) AND post_assigned_user_ID NOT IN ( SELECT user_ID FROM T_users INNER JOIN T_coll_group_perms ON user_grp_ID = bloggroup_group_ID WHERE bloggroup_can_be_assignee = 1 AND bloggroup_blog_ID = ' . $DB->quote($blog) . ' )'); if ($DB->rows_affected > 0) { global $Messages; $Messages->add(sprintf('%d tasks have lost their assignee due to new permissions (this may include fixes to older inconsistencies in the DB).', $DB->rows_affected), 'warning'); } // BLOCK CACHE INVALIDATION: BlockCache::invalidate_key('set_coll_ID', $blog); // Settings have changed BlockCache::invalidate_key('set_coll_ID', 'any'); // Settings of a have changed (for widgets tracking a change on ANY blog) // cont_coll_ID // Content has not changed }