public static function rulePermissions($access) { $view = new Zikula_Request_Http(); $objectType = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $objectId = $view->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); $permission = SecurityUtil::checkPermission($this->name . '::', '::', $access); if ($objectType == 'category') { $permission = SecurityUtil::checkPermission($this->name . ':Category:', $objectId, $access); } return $permission; }
/** * Retrieve identifier parameters for a given object type. * * @param Zikula_Request_Http $request Instance of Zikula_Request_Http. * @param array $args List of arguments used as fallback if request does not contain a field. * @param string $objectType Name of treated entity type. * @param array $idFields List of identifier field names. * * @return array List of fetched identifiers. */ public static function retrieveIdentifier(Zikula_Request_Http $request, array $args, $objectType = '', array $idFields) { foreach ($idFields as $idField) { $defaultValue = isset($args[$idField]) && is_numeric($args[$idField]) ? $args[$idField] : 0; $id = $request->getGet()->filter($idField, $defaultValue); if (!$id && $idField != 'id' && count($idFields) == 1) { $defaultValue = isset($args['id']) && is_numeric($args['id']) ? $args['id'] : 0; $id = (int) $request->getGet()->filter('id', $defaultValue, FILTER_VALIDATE_INT); } $idValues[$idField] = $id; } return $idValues; }
/** * Smarty function to wrap MUBoard_Form_View generated form controls with suitable form tags. * * @param array $params Parameters passed in the block tag. * @param string $content Content of the block. * @param Zikula_Form_View $view Reference to Zikula_Form_View object. * * @return string The rendered output. */ function smarty_block_muboardform($params, $content, $view) { if ($content) { PageUtil::addVar('stylesheet', 'system/Theme/style/form/style.css'); $encodingHtml = array_key_exists('enctype', $params) ? " enctype=\"{$params['enctype']}\"" : ''; $action = htmlspecialchars(System::getCurrentUri()); $classString = ''; if (isset($params['cssClass'])) { $classString = "class=\"{$params['cssClass']}\" "; } $request = new Zikula_Request_Http(); $id = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); $forumid = $request->getGet()->filter('forum', 0, FILTER_SANITIZE_NUMBER_INT); // we check if the entrypoint is part of the url $stripentrypoint = ModUtil::getVar('ZConfig', 'shorturlsstripentrypoint'); // get url name $tables = DBUtil::getTables(); $modcolumn = $tables['modules_column']; $module = 'MUBoard'; $where = "{$modcolumn['name']} = '" . DataUtil::formatForStore($module) . "'"; $module = DBUtil::selectObject('modules', $where); $urlname = $module['url']; if (ModUtil::getVar('ZConfig', 'shorturls') == 0) { if (strpos($action, "func=display") !== false) { $action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&answer=1'; } if (strpos($action, "func=edit&ot=posting") !== false && $forumid > 0) { $action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&forum' . $forumid; } } else { if (strpos($action, $urlname . "/posting/id.") !== false) { if ($stripentrypoint == 1) { $action = $urlname . '/edit/ot/posting/answer/1'; } elseif ($stripentrypoint == 0) { $action = 'index.php/' . $urlname . '/edit/ot/posting/answer/1'; } } if (strpos($action, "edit/ot/posting/forum/") !== false && $forumid > 0) { if ($stripentrypoint == 1) { $action = $urlname . '/edit/ot/posting/forum/' . $forumid; } elseif ($stripentrypoint == 0) { $action = 'index.php/' . $urlname . '/edit/ot/posting/forum/' . $forumid; } } } $view->postRender(); $formId = $view->getFormId(); $out = "\n <form id=\"{$formId}\" {$classString}action=\"{$action}\" method=\"post\"{$encodingHtml}>\n {$content}\n <div>\n {$view->getStateHTML()}\n {$view->getStateDataHTML()}\n {$view->getIncludesHTML()}\n {$view->getCsrfTokenHtml()}\n <input type=\"hidden\" name=\"__formid\" id=\"form__id\" value=\"{$formId}\" />\n <input type=\"hidden\" name=\"FormEventTarget\" id=\"FormEventTarget\" value=\"\" />\n <input type=\"hidden\" name=\"FormEventArgument\" id=\"FormEventArgument\" value=\"\" />\n <script type=\"text/javascript\">\n <!--\n function FormDoPostBack(eventTarget, eventArgument)\n {\n var f = document.getElementById('{$formId}');\n if (!f.onsubmit || f.onsubmit())\n {\n f.FormEventTarget.value = eventTarget;\n f.FormEventArgument.value = eventArgument;\n f.submit();\n }\n }\n // -->\n </script>\n </div>\n </form>\n "; return $out; } }
/** * Build a generic Doctrine query supporting WHERE and ORDER BY * * @param string $where The where clause to use when retrieving the collection (optional) (default=''). * @param string $orderBy The order-by clause to use when retrieving the collection (optional) (default=''). * @param boolean $useJoins Whether to include joining related objects (optional) (default=true). * * @return Doctrine\ORM\Query query instance to be further processed */ protected function _intBaseQuery($where = '', $orderBy = '', $useJoins = true) { $view = new Zikula_Request_Http(); $ot = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $type = $view->getGet()->filter('type', 'user', FILTER_SANITIZE_STRING); $func = $view->getGet()->filter('func', 'view', FILTER_SANITIZE_STRING); $selection = 'tbl'; if ($useJoins === true) { $selection .= $this->addJoinsToSelection(); } $qb = $this->getEntityManager()->createQueryBuilder(); $qb->select($selection)->from('MUBoard_Entity_Posting', 'tbl'); if ($useJoins === true) { $this->addJoinsToFrom($qb); } if ($func == 'view' && $ot == 'posting') { if ($where != '') { $where .= ' AND '; } $where .= 'tbl.parent_id IS NULL'; } if (!empty($where)) { $qb->where($where); } // add order by clause if (!empty($orderBy)) { $qb->add('orderBy', 'tbl.' . $orderBy); } $query = $qb->getQuery(); // TODO - see https://github.com/zikula/core/issues/118 // use FilterUtil to support generic filtering //$fu = new FilterUtil('MUBoard', $this); // you could set explicit filters at this point, something like // $fu->setFilter('type:eq:' . $args['type'] . ',id:eq:' . $args['id']); // supported operators: eq, ne, like, lt, le, gt, ge, null, notnull // process request input filters and add them to the query. //$fu->enrichQuery($query); return $query; }
/** * * This method gets the state of the posting abo */ public static function getStateOfPostingAbo($postingid) { $request = new Zikula_Request_Http(); // get objecttype $ot = $request->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $forumid = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); // get repositoy for Categories $repository = MUBoard_Util_Model::getAboRepository(); if (UserUtil::isLoggedIn() == true) { // get actual userid $userid = UserUtil::getVar('uid'); // look for abo $where = 'tbl.postingid = \'' . DataUtil::formatForStore($postingid) . '\''; $where .= ' AND '; $where .= 'tbl.userid = \'' . DataUtil::formatForStore($userid) . '\''; $abo = $repository->selectWhere($where); if ($ot == 'posting') { if (!$abo) { $url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>"; } if ($abo) { $url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>"; } } if ($ot == 'forum') { if (!$abo) { $url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>"; } if ($abo) { $url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>"; } } } else { $out = ''; } return $out; }