public function add($cID, $arHandle, $btID, $action) { $c = \Page::getByID($cID); if (is_object($c) && !$c->isError()) { $a = \Area::getOrCreate($c, $arHandle); if (is_object($a)) { $ap = new \Permissions($a); $bt = \BlockType::getByID($btID); if (is_object($bt) && $ap->canAddBlock($bt)) { $controller = $bt->getController(); return $this->deliverResponse($controller, $action); } } } $response = new Response(t('Access Denied')); return $response; }
Loader::model('pile'); // we're taking an existing block and aliasing it to here foreach ($_REQUEST['pcID'] as $pcID) { $pc = PileContent::get($pcID); $p = $pc->getPile(); if ($p->isMyPile()) { if ($_REQUEST['deletePileContents']) { $pc->delete(); } } if ($pc->getItemType() == "BLOCK") { $bID = $pc->getItemID(); $b = Block::getByID($bID); $b->setBlockAreaObject($a); $bt = BlockType::getByHandle($b->getBlockTypeHandle()); if ($ap->canAddBlock($bt)) { if (!$bt->includeAll()) { $nvc = $c->getVersionToModify(); $b->alias($nvc); } else { $b->alias($c); } } } } } else { if (isset($_REQUEST['bID'])) { if ($_REQUEST['globalBlock']) { $scrapbookHelper = Loader::helper('concrete/scrapbook'); $c1 = $scrapbookHelper->getGlobalScrapbookPage(); $a1 = Area::get($c1, $_REQUEST['globalScrapbook']);
<?php defined('C5_EXECUTE') or die("Access Denied."); use Concrete\Block\Form\MiniSurvey; $miniSurvey = new MiniSurvey(); $bID = $_GET['bID']; //Permissions Check $bID = $_REQUEST['bID']; if ($_GET['cID'] && $_GET['arHandle']) { $c = Page::getByID($_GET['cID'], 'RECENT'); $a = Area::get($c, $_GET['arHandle']); if (intval($_GET['bID']) == 0) { //add survey mode $ap = new Permissions($a); $bt = BlockType::getByID($_GET['btID']); if (!$ap->canAddBlock($bt)) { $badPermissions = true; } } else { //edit survey mode // this really ought to be refactored if (!$a->isGlobalArea()) { $b = Block::getByID($_REQUEST['bID'], $c, $a); if ($b->getBlockTypeHandle() == BLOCK_HANDLE_SCRAPBOOK_PROXY) { $b = Block::getByID($b->getController()->getOriginalBlockID()); $b->setBlockAreaObject($a); $b->loadNewCollection($c); $bID = $b->getBlockID(); } } else { $b = Block::getByID($_REQUEST['bID'], Stack::getByName($a->getAreaHandle()), STACKS_AREA_NAME);
<?php defined('C5_EXECUTE') or die("Access Denied."); $c = Page::getByID($_REQUEST['cID']); $cp = new Permissions($c); $bt = BlockType::getByID($_REQUEST['btID']); $a = Area::get($c, $_REQUEST['arHandle']); if (!is_object($a)) { exit; } $ap = new Permissions($a); $canContinue = ($_REQUEST['btask'] == 'alias') ? $ap->canAddBlocks() : $ap->canAddBlock($bt); if (!$canContinue) { exit; } $c->loadVersionObject('RECENT'); require_once(DIR_FILES_ELEMENTS_CORE . '/dialog_header.php'); if ($ap->canAddBlock($bt)) { $cnt = $bt->getController(); if (!is_a($cnt, 'BlockController')) { $jsh = Loader::helper('concrete/interface'); print '<div class="ccm-error">' . t('Unable to load the controller for this block type. Perhaps it has been moved or removed.') . '</div>'; print '<br><br>'; print $jsh->button_js(t('Close'), 'jQuery.fn.dialog.closeTop()', 'left'); } else { $bv = new BlockView(); $bv->render($bt, 'add', array(
<?php defined('C5_EXECUTE') or die("Access Denied."); $miniSurvey= new Minisurvey(); //Permissions Check if($_GET['cID'] && $_GET['arHandle']){ $c = Page::getByID($_GET['cID'], 'RECENT'); $a = Area::get($c, $_GET['arHandle']); if(intval($_GET['bID'])==0){ //add survey mode $ap = new Permissions($a); $bt = BlockType::getByID($_GET['btID']); if(!$ap->canAddBlock($bt)) $badPermissions=true; }else{ //edit survey mode $b = Block::getByID($_GET['bID'], $c, $a); $bp = new Permissions($b); if( !$bp->canWrite() ) $badPermissions=true; } }else $badPermissions=true; if($badPermissions){ echo t('Invalid Permissions'); die; } switch ($_GET['mode']){ case 'addQuestion': $miniSurvey->addEditQuestion($_POST);