/**
* Builds an SQL query to copy the given record. This honours permissions
* and will only copy columns for which 'view' access is available in the
* source record and 'edit' access is available in the destination record.
*
* Individual column failures (due to permissions) are recorded in the
* $warnings variable of this class. It will be an array of Dataface_Error
* objects.
*
* @param Dataface_Record $record The record being copied.
* @param array $valls Values that should be placed in the copied version.
* @param boolean $force If true this will perform the copy despite individual
* column warnings.
* @returns string The SQL query to copy the record.
*/
function buildCopyQuery($record, $vals = array(), $force = true)
{
$dummy = new Dataface_Record($record->_table->tablename, $vals);
if (!$record->checkPermission('view') || !$dummy->checkPermission('edit')) {
return Dataface_Error::permissionDenied("Failed to copy record '" . $record->getTitle() . "' because of insufficient permissions.");
}
$copy_fields = array_keys($record->_table->fields());
// Go through each field and see if we have copy permission.
// Copy permission is two-fold: 1- make sure the source is viewable
// 2- make sure the destination is editable.
$failed = false;
foreach ($copy_fields as $key => $fieldname) {
if (!$record->checkPermission('view', array('field' => $fieldname)) || !$dummy->checkPermission('edit', array('field' => $fieldname))) {
$this->warnings[] = Dataface_Error::permissionDenied("The field '{$fieldname}' could not be copied for record '" . $record->getTitle() . "' because of insufficient permissions.");
unset($copy_fields[$key]);
$failed = true;
}
}
// If we are not forcing completion, any failures will result in cancellation
// of the copy.
if (!$force and $failed) {
return Dataface_Error::permissionDenied("Failed to copy the record '" . $record->getTitle() . "' due to insufficient permissions on one or more of the columns.");
}
// We don't copy auto increment fields.
$auto_inc_field = $record->_table->getAutoIncrementField();
if ($auto_inc_field) {
$key = array_search($auto_inc_field, $copy_fields);
if ($key !== false) {
unset($copy_fields[$key]);
}
}
// Now we can build the query.
$sql = array();
$sql[] = "insert into `" . $record->_table->tablename . "`";
$sql[] = "(`" . implode('`,`', $copy_fields) . "`)";
$copy_values = array();
foreach ($copy_fields as $key => $val) {
if (isset($vals[$val])) {
$copy_values[$key] = "'" . addslashes($dummy->getSerializedValue($val)) . "' as `{$val}`";
} else {
$copy_values[$key] = "`" . $val . "`";
}
}
$sql[] = "select " . implode(', ', $copy_values) . " from `" . $record->_table->tablename . "`";
$qb = new Dataface_QueryBuilder($record->_table->tablename);
$keys = array_keys($record->_table->keys());
$q = array();
foreach ($keys as $key_fieldname) {
$q[$key_fieldname] = $record->strval($key_fieldname);
}
$where = $qb->_where($q);
$where = $qb->_secure($where);
$sql[] = $where;
return implode(' ', $sql);
}
/**
* Deletes a record from the database.
* @param Dataface_Record $record Dataface_Record object to be deleted.
* @param boolean $secure Whether to check permissions.
* @returns mixed true if successful, or PEAR_Error if failed.
*/
function delete(&$record, $secure = false)
{
if ($secure && !$record->checkPermission('delete')) {
// Use security to check to see if we are allowed to delete this
// record.
return Dataface_Error::permissionDenied(df_translate('scripts.Dataface.IO.delete.PERMISSION_DENIED', 'Could not delete record "' . $record->getTitle() . '" from table "' . $record->_table->tablename . '" because you have insufficient permissions.', array('title' => $record->getTitle(), 'table' => $record->_table->tablename)));
}
$builder = new Dataface_QueryBuilder($this->_table->tablename);
if ($this->fireTriggers) {
$res = $this->fireBeforeDelete($record);
if (PEAR::isError($res)) {
return $res;
}
}
// do the deleting
$keys =& $record->_table->keys();
if (!$keys || count($keys) == 0) {
trigger_error(df_translate('scripts.Dataface.IO.delete.ERROR_NO_PRIMARY_KEY', 'Could not delete record from table "' . $record->_table->tablename . '" because no primary key was defined.', array('tablename' => $record->_table->tablename)));
exit;
}
$query = array();
foreach (array_keys($keys) as $key) {
if (!$record->strval($key)) {
return PEAR::raiseError(Dataface_LanguageTool::translate('Could not delete record because missing keys', 'Could not delete record ' . $record->getTitle() . ' because not all of the keys were included.', array('title' => $record->getTitle(), 'key' => $key)), DATAFACE_E_DELETE_FAILED);
}
$query[$key] = '=' . $record->strval($key);
}
$sql = $builder->delete($query);
if (PEAR::isError($sql)) {
return $sql;
}
//$res = mysql_query($sql);
$res = $this->dbObj->query($sql, null, $this->lang);
if (!$res || PEAR::isError($res)) {
if (PEAR::isError($res)) {
$msg = $res->getMessage();
} else {
$msg = mysql_error(df_db());
}
return PEAR::raiseError(Dataface_LanguageTool::translate('Failed to delete record. SQL error', 'Failed to delete record ' . $record->getTitle() . ' because of an sql error. ' . mysql_error(df_db()), array('title' => $record->getTitle(), 'sql' => $sql, 'mysql_error' => $msg)), DATAFACE_E_DELETE_FAILED);
}
$parentIO =& $this->getParentIO();
if (isset($parentIO)) {
$parentRecord =& $record->getParentRecord();
if (isset($parentRecord)) {
$res = $parentIO->delete($parentRecord, $secure);
if (PEAR::isError($res)) {
return $res;
}
}
}
if ($this->fireTriggers) {
$res2 = $this->fireAfterDelete($record);
if (PEAR::isError($res2)) {
return $res2;
}
}
self::touchTable($this->_table->tablename);
return $res;
}
function display()
{
$this->_build();
$showform = true;
$b = new Dataface_QueryBuilder($this->_tablename, $this->_query);
if (isset($this->_query['-delete-one'])) {
$q = array('-skip' => $this->_query['-cursor'], '-limit' => 1);
$sql = $b->select('', $q);
$res = xf_db_query($sql, $this->_db);
if (!$res) {
throw new Exception(df_translate('scripts.Dataface.DeleteForm._build.ERROR_TRYING_TO_FETCH', "Error trying to fetch element to be deleted.: ") . xf_db_error($this->_db), E_USER_ERROR);
}
if (xf_db_num_rows($res) == 0) {
$msg = df_translate('scripts.Dataface.DeleteForm._build.ERROR_NO_RECORD_SELECTED', "No record is currently selected so no record can be deleted.");
$showform = false;
} else {
$row = xf_db_fetch_array($res);
$rowRec = new Dataface_Record($this->_tablename, $row);
$displayCol = $rowRec->getTitle();
$msg = df_translate('scripts.Dataface.DeleteForm.display.ARE_YOU_SURE', "Are you sure you want to delete this record: "{$displayCol}"?", array('displayCol' => $displayCol));
}
} else {
if (isset($this->_query['-delete-found'])) {
$q = $b->select_num_rows();
$res = xf_db_query($q, $this->_db);
if (!$res) {
throw new Exception(df_translate('scripts.Dataface.DeleteForm.display.ERROR_ESTIMATING', "Error estimating number of rows that will be deleted: ") . xf_db_error($this->_db), E_USER_ERROR);
}
list($num) = xf_db_fetch_row($res);
if ($num <= 0) {
$msg = df_translate('scripts.Dataface.DeleteForm.display.ERROR_NO_RECORDS_FOUND', "There are no records in the current found set so no records can be deleted.");
$showform = false;
} else {
$msg = df_translate('scripts.Dataface.DeleteForm.display.ARE_YOU_SURE_MULTIPLE', "Are you sure you want to delete the found records. {$num} records will be deleted.", array('num' => $num));
}
} else {
$msg = df_translate('scripts.Dataface.DeleteForm.display.ERROR_GET_VARS', "Error: You must specify either '-delete-one' or '-delete-found' in GET vars.");
$showform = false;
}
}
if ($showform) {
ob_start();
parent::display();
$form = ob_get_contents();
ob_end_clean();
} else {
$form = '';
}
$context = array('msg' => $msg, 'form' => $form);
import('Dataface/SkinTool.php');
$skinTool =& Dataface_SkinTool::getInstance();
//$smarty = new Smarty;
//$smarty->template_dir = $GLOBALS['Dataface_Globals_Templates'];
//$smarty->compile_dir = $GLOBALS['Dataface_Globals_Templates_c'];
//$smarty->assign($context);
//$smarty->display('Dataface_DeleteForm.html');
$skinTool->display($context, 'Dataface_DeleteForm.html');
}
