/** * Checks to see if the page in question is a valid composer draft for the logged in user */ protected static function isValidComposerPage($entry) { $ct = CollectionType::getByID($entry->getCollectionTypeID()); if (!$ct->isCollectionTypeIncludedInComposer()) { return false; } $cp = new Permissions($entry); if (!$cp->canEditPageContents()) { return false; } return true; }
<?php defined('C5_EXECUTE') or die("Access Denied."); $json = Loader::helper('json'); $c = Page::getByID($_REQUEST['cID']); $a = Area::get($c, $_GET['arHandle']); if (!is_object($c) || !is_object($a)) { $jsonData = array(); $jsonData['msg'] = t('Access Denied.'); echo $json->encode($jsonData); exit; } $nvc = $c->getVersionToModify(); $cp = new Permissions($c); $ap = new Permissions($a); if (!$cp->canEditPageContents() || !$ap->canAddLayoutToArea()) { $jsonData = array(); $jsonData['msg'] = t('Access Denied.'); echo $json->encode($jsonData); exit; } $valt = Loader::helper('validation/token'); $token = '&' . $valt->getParameter(); if ($_GET['task'] == 'deletePreset') { $layoutPreset = LayoutPreset::getByID($_REQUEST['lpID']); if (is_object($layoutPreset)) { $layout = $layoutPreset->getLayoutObject(); $layoutID = $layout->layoutID; } } else { $layoutID = intval($_REQUEST['layoutID']);
} else { ?> href="<?php echo URL::to('/ccm/system/page/check_in', $c->getCollectionID(), $valt->generate()); ?> " data-panel-url="<?php echo URL::to('/ccm/system/panels/page/check_in'); ?> "><?php echo t('Save Changes'); } ?> </a></li> <?php } else { if ($permissions->canEditPageContents()) { ?> <li class="ccm-toolbar-page-edit"><i class="fa fa-pencil mobile-leading-icon"></i><a <?php if ($c->isMasterCollection()) { ?> data-disable-panel="check-in"<?php } ?> data-toolbar-action="check-out" href="<?php echo DIR_REL; ?> /<?php echo DISPATCHER_FILENAME; ?>
$c = Page::getByID($_REQUEST['cID']); $a = Area::get($c, $_GET['arHandle']); $ax = $a; $cx = $c; if (!is_object($a)) { die('Invalid Area'); } if ($a->isGlobalArea()) { $cx = Stack::getByName($a->getAreaHandle()); $ax = Area::get($cx, STACKS_AREA_NAME); } $cp = new Permissions($cx); $ap = new Permissions($ax); $valt = Loader::helper('validation/token'); $token = '&' . $valt->getParameter(); if (!$cp->canEditPageContents()) { die(t("Access Denied.")); } $args = array('c' => $c, 'a' => $a, 'cp' => $cp, 'ap' => $ap, 'token' => $token); Loader::element("dialog_header"); if ($a->isGlobalArea()) { echo '<div class="ccm-ui"><div class="alert-message block-message warning">'; echo t('This is a global area. Content added here will be visible on every page that contains this area.'); echo '</div></div>'; } switch ($_GET['atask']) { case 'add': $toolSection = "block_area_add_new"; $canViewPane = $ap->canAddBlocks(); break; case 'add_from_stack':
switch ($cp->getError()) { case COLLECTION_FORBIDDEN: $v = View::getInstance(); $v->setCollectionObject($c); $v->render('/page_forbidden'); break; } } if (!$c->isActive() && !$cp->canViewPageVersions()) { $v = View::getInstance(); $v->render('/page_not_found'); } ## If there's no error, then we build the collection, but first we load it with the appropriate ## version. We pass the function the collection object, as well as the collection permissions ## object, which the function will use to determine what version we get to see if ($cp->canEditPageContents() || $cp->canEditPageProperties() || $cp->canViewPageVersions()) { $cvID = $_REQUEST['cvID'] ? $_REQUEST['cvID'] : "RECENT"; $c->loadVersionObject($cvID); } $vp = new Permissions($c->getVersionObject()); if ($_REQUEST['ccm-disable-controls'] == true || intval($cvID) > 0) { $v = View::getInstance(); $v->disableEditing(); $v->disableLinks(); } // returns the $vp object, which we then check if (is_object($vp) && $vp->isError()) { // if we've gotten an error getting information about this particular collection // than we load up the Content class, and get prepared to fire away switch ($vp->getError()) { case COLLECTION_NOT_FOUND:
defined('C5_EXECUTE') or die("Access Denied."); use Concrete\Core\Attribute\Set as AttributeSet; $cp = new Permissions($c); $pk = PermissionKey::getByHandle('edit_page_properties'); $pk->setPermissionObject($c); $asl = $pk->getMyAssignment(); $seoSet = AttributeSet::getByHandle('seo'); ?> <section> <header><?php echo t('Page Settings'); ?> </header> <?php if ($cp->canEditPageContents() || $cp->canEditPageTheme() || $cp->canEditPageProperties() || $cp->canEditPageTemplate()) { ?> <menu class="ccm-panel-page-basics"> <?php $pagetype = PageType::getByID($c->getPageTypeID()); if (is_object($pagetype) && $cp->canEditPageContents()) { ?> <li> <a href="#" data-launch-panel-detail="page-composer" data-panel-detail-url="<?php echo URL::to('/ccm/system/panels/details/page/composer'); ?> " data-panel-transition="fade"> <?php
/** * @param \Concrete\Core\Page\Page $c * * @return bool */ private function userCanEdit(\Concrete\Core\Page\Page $c) { static $canEdit; if (!isset($canEdit)) { $canEdit = false; $me = $this->getCurrentUser(); if ($me !== null) { $cp = new \Permissions($c); if ($cp->canEditPageContents()) { $canEdit = true; } } } return $canEdit; }
<li class="ccm-toolbar-page-edit-mode-active ccm-toolbar-page-edit"><i class="fa fa-pencil mobile-leading-icon"></i><a data-toolbar-action="check-in" <? if ($vo->isNew() && !$c->isMasterCollection()) { ?>href="javascript:void(0)" data-launch-panel="check-in"><?php echo t( 'Save Changes') ?><? } else { ?>href="<?= URL::to( '/ccm/system/page/check_in', $c->getCollectionID(), Loader::helper( 'validation/token') ->generate()) ?>" data-panel-url="<?= URL::to( '/ccm/system/panels/page/check_in') ?>"><?php echo t( 'Save Changes') ?><? } ?></a></li> <? } else if ($permissions->canEditPageContents()) { ?> <li class="ccm-toolbar-page-edit"><i class="fa fa-pencil mobile-leading-icon"></i><a data-toolbar-action="check-out" href="<?= DIR_REL ?>/<?= DISPATCHER_FILENAME ?>?cID=<?= $c->getCollectionID() ?>&ctask=check-out<?= $token ?>"><?php echo t( 'Edit this Page') ?></a></li> <? } ?> <li class="parent-ul"><i class="fa fa-cog mobile-leading-icon"></i><a href="#"><?php echo t( 'Page Properties') ?><i class="fa fa-caret-down"></i></a> <ul class="list-unstyled"> <? $pagetype = PageType::getByID($c->getPageTypeID()); if (is_object($pagetype) && $cp->canEditPageContents()) { ?> <li><a class="dialog-launch" dialog-width="640" dialog-height="640" dialog-modal="false" dialog-title="<?= t('Composer') ?>" href="<?= URL::to( '/ccm/system/panels/details/page/composer') ?>?cID=<?= $cID ?>"><?= t( 'Composer') ?></a></li>
menuHTML += '</div>'; menuHTML += '<span class="label notice"><?php echo t('Version %s', $c->getVersionID()); ?> </span>'; menuHTML += '<?php echo t('Page currently in edit mode on %s', date(DATE_APP_GENERIC_MDYT)); ?> '; menuHTML += '</div>'; <? } else { ?> menuHTML += '<div class="ccm-edit-overlay-actions">'; <? if ($cp->canEditPageContents()) { ?> menuHTML += '<a id="ccm-nav-check-out" href="<? if (!$cantCheckOut) { ?><?php echo DIR_REL; ?> /<?php echo DISPATCHER_FILENAME; ?> ?cID=<?php echo $c->getCollectionID(); ?> &ctask=check-out<?php echo $token; ?> <? } else { ?>javascript:void(0);<? } ?>" class="btn primary <? if ($cantCheckOut) { ?> disabled <? } ?> launch-tooltip" <? if ($cantCheckOut) { ?>title="<?php echo t('Someone has already checked this page out for editing.'); ?>
<?php defined('C5_EXECUTE') or die("Access Denied."); $c = Page::getByID($_REQUEST['cID']); $cp = new Permissions($c); if (!$cp->canEditPageProperties() && !$cp->canEditPageContents()) { die(t("Access Denied.")); } $v = CollectionVersion::get($c, "RECENT", true); if ($cp->canApprovePageVersions()) { $approveChecked = ""; if (isset($_SESSION['checkInApprove'])) { if ($_SESSION['checkInApprove'] == true) { $approveChecked = " checked"; } } } Loader::element('pane_header', array('c' => $c)); ?> <div class="ccm-pane-controls"> <div id="ccm-edit-collection"> <form method="post" id="ccm-check-in" action="<?php echo DIR_REL; ?> /<?php echo DISPATCHER_FILENAME; ?> ?cID=<?php echo $c->getCollectionID(); ?> &ctask=check-in">
<?php defined('C5_EXECUTE') or die("Access Denied."); use Concrete\Core\Attribute\Set as AttributeSet; $cp = new Permissions($c); $pk = PermissionKey::getByHandle('edit_page_properties'); $pk->setPermissionObject($c); $asl = $pk->getMyAssignment(); $seoSet = AttributeSet::getByHandle('seo'); ?> <section> <header><?php echo t('Page Settings'); ?> </header> <? if ($cp->canEditPageContents() || $cp->canEditPageTheme() || $cp->canEditPageProperties() || $cp->canEditPageTemplate()) { ?> <menu class="ccm-panel-page-basics"> <?php $pagetype = PageType::getByID($c->getPageTypeID()); if (is_object($pagetype) && $cp->canEditPageContents()) { ?> <li> <a href="#" data-launch-panel-detail="page-composer" data-panel-detail-url="<?php echo URL::to('/ccm/system/panels/details/page/composer'); ?> "
/** * @param Page|View|Collection $page * @param User $user */ public static function handleRequest($page) { if (!is_object($page)) { return; } if (is_a($page, 'View')) { $page = $page->getCollectionObject(); } if (!is_object($page) || !is_a($page, 'Collection') || $page->isError()) { return; } $db = Loader::db(); $ak = null; $config = null; $rs = $db->Query('select * from atHandleHttpsConfig where akEnabled = 1'); while ($row = $rs->FetchRow()) { $ak = CollectionAttributeKey::getByID($row['akID']); if (is_object($ak)) { $config = $row; break; } } $rs->Close(); if (!is_object($ak)) { return; } $akPage = $page; for (;;) { $handling = $akPage->getAttribute($ak); if (!(is_string($handling) && strlen($handling))) { $handling = $row['akDefaultRequirement']; if (!(is_string($handling) && strlen($handling))) { return; } } if ($handling !== self::SSLHANDLING_INHERIT) { break; } $cID = $akPage->getCollectionID(); if (empty($cID) || $cID == HOME_CID) { break; } if (!is_a($akPage, 'Page')) { // Need to load the Page object associated to the Collection object we received $akPage = Page::getByID($cID, 'ACTIVE'); if (!is_object($akPage)) { break; } } $parentCID = $akPage->getCollectionParentID(); if (empty($parentCID)) { break; } $akPage = Page::getByID($parentCID, 'ACTIVE'); if (!is_object($akPage) || $akPage->isError()) { break; } } $switchTo = ''; switch ($handling) { case self::SSLHANDLING_REQUIRE_HTTP: if (self::isHTTPSRequest()) { $switchTo = 'http'; } break; case self::SSLHANDLING_REQUIRE_HTTPS: if (!self::isHTTPSRequest()) { $switchTo = 'https'; } } if (!strlen($switchTo)) { return; } if (!$config['akRedirectEditors']) { $user = User::isLoggedIn() ? new User() : null; if (is_object($user) && $user->getUserID()) { if (is_a($page, 'Collection')) { $page = Page::getByID($page->getCollectionID()); } $pp = new Permissions($page); if (!$pp->isError()) { if ($pp->canEditPageContents() || $pp->canEditPageProperties()) { return; } } } } $finalURL = ''; if ($config['akCustomDomains']) { switch ($switchTo) { case 'http': $finalURL = $config['akHTTPDomain']; break; case 'https': $finalURL = $config['akHTTPSDomain']; break; } } if (!strlen($finalURL)) { $finalURL = $switchTo . '://' . self::getRequestDomain(); } $request = Request::get(); $finalURL = rtrim($finalURL, '/') . trim(DIR_REL, '/') . '/' . @ltrim($request->getRequestPath(), '/'); if (isset($_SERVER) && is_array($_SERVER) && array_key_exists('QUERY_STRING', $_SERVER) && is_string($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING'])) { $finalURL .= '?' . $_SERVER['QUERY_STRING']; } @ob_clean(); if (!isset($_POST) || !is_array($_POST) || empty($_POST)) { header('Location: ' . $finalURL); } else { ?> <!doctype html> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=<?php echo h(APP_CHARSET); ?> "> <meta charset="<?php echo h(APP_CHARSET); ?> "> <script type="text/javascript"> window.onload = function() { var F = document.all ? document.all('form') : document.getElementById('form'); F.submit(); }; </script> </head> <body> <form id="form" method="POST" action="<?php echo h($finalURL); ?> "><?php foreach ($_POST as $key => $value) { self::writeFormPost($key, $value); } ?> </form> </body> </html><?php } die; }