$item['root'] = $pageID; } } } } else { if (CMS_tree::getPageByID($tag['attributes'][$name])) { $item['root'] = $varAttributes['root']; } } } break; default: if (strpos($varAttributes['vartype'], 'fields') !== false) { // Assume it's a polymod object field $fieldId = io::substr($varAttributes['vartype'], strrpos($varAttributes['vartype'], 'fields') + 9, -2); $objectId = CMS_poly_object_catalog::getObjectIDForField($fieldId); if (io::isPositiveInteger($objectId)) { $objectFields = CMS_poly_object_catalog::getFieldsDefinition($objectId); if (sensitiveIO::isPositiveInteger($fieldId)) { //subobjects $field = $objectFields[$fieldId]; if (is_object($field)) { //check if field has a method to provide a list of names $objectType = $field->getTypeObject(); if (method_exists($objectType, 'getListOfNamesForObject')) { //check if we can associate unused objects $params = $objectType->getParamsValues(); if (method_exists($objectType, 'getParamsValues') && isset($params['associateUnused']) && $params['associateUnused']) { $objectsNames = $objectType->getListOfNamesForObject(true, array(), false); } else { $objectsNames = $objectType->getListOfNamesForObject(true);
/** * Get field search SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param integer $value : the category value to search * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; $supportedOperator = array('editableOnly', 'strict', 'not in', 'not in strict'); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unkown search operator : " . $operator . ", use default search instead"); $operator = false; } if ($operator == 'editableOnly') { global $cms_user; //get module codename $moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID()); //get a list of all viewvable categories for current user $editableCats = array_keys(CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, $moduleCodename, true, true)); //if no viewvable categories, user has no rights to view anything if (!$editableCats) { return false; } //add previously found IDs to where clause $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand value in (" . @implode(',', $editableCats) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; $q = new CMS_query($sql); $IDs = array(); if (!$q->hasError()) { while ($id = $q->getValue('objectID')) { $IDs[$id] = $id; } } //if no results, no need to continue if (!$IDs) { return false; } $where = $IDs ? ' and objectID in (' . implode(',', $IDs) . ')' : ''; } if ($value == CMS_moduleCategory::LINEAGE_PARK_POSITION) { //if it is a public search, and field is mandatory, no objects should be returned if ($this->_field->getValue('required') && $public) { return false; } $module = CMS_poly_object_catalog::getModuleCodenameForField($fieldID); //add deleted cats to searchs $viewvableCats = CMS_moduleCategories_catalog::getDeletedCategories($module); //add zero value for objects without categories $viewvableCats[] = 0; //get object type id $objectID = CMS_poly_object_catalog::getObjectIDForField($fieldID); //first we get objects with deleted or no categories (value 0) $sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\tand value in (" . implode(',', $viewvableCats) . ")\n\t\t\t\t\t{$where}\n\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); $deletedIDs = array(); while ($r = $qTmp->getArray()) { if ($r['objectID']) { $deletedIDs[$r['objectID']] = $r['objectID']; } } //then if we get objects with no categories at all (not referenced in mod_subobject_integer table) $sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t{$where}\n\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); $noCatsIDs = $catsIDs = array(); while ($r = $qTmp->getArray()) { if ($r['objectID']) { $catsIDs[$r['objectID']] = $r['objectID']; } } $IDs = array(); if (preg_match_all('#\\d+#', $where, $IDs)) { $IDs = array_shift($IDs); } $noCatsIDs = array_diff($IDs, $catsIDs); $IDs = array_merge($deletedIDs, $noCatsIDs); //if no results, no need to continue if (!$IDs) { return false; } //then we mix the too results and we return it as a fake SQL request to keep system compatibility $sql = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct id_moo as objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_object_polyobjects\n\t\t\t\twhere \n\t\t\t\t\tid_moo in (" . implode(',', $IDs) . ")\n\t\t\t\t"; } else { if ($operator == 'strict') { if (!is_array($value)) { $value = array($value); } //get categories searched $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; } elseif ($operator == 'not in strict') { if (!is_array($value)) { $value = array($value); } //get categories searched $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value not in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; } else { if (!is_array($value)) { $value = array($value); } $lineages = array(); foreach ($value as $catID) { if ($catID) { //get lineage of category searched $lineages[] = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID); } } $sql = ''; if ($operator == 'not in') { foreach ($lineages as $lineage) { $sql .= $sql ? ' and ' : ''; $sql .= "\n\t\t\t\t\t\tlineage_mca != '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tand lineage_mca not like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' "; } } else { foreach ($lineages as $lineage) { $sql .= $sql ? ' or ' : ''; $sql .= "\n\t\t\t\t\t\tlineage_mca = '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tor lineage_mca like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' "; } } $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca=value\n\t\t\t\t\t\t" . ($sql ? " and (" . $sql . ") " : '') . "\n\t\t\t\t\t\t{$where}"; } } return $sql; }