/** * @param array $treeNodes * @return OTreeNode|int * @throws \Exception */ public function getView($treeNodes) { $bright = new Bright(); $tree = new Tree(); $cal = new Calendar(); $maps = new Maps(); $user = new User(); $root = $bright->getRoot(); $numTreeNodes = count($treeNodes); $groups = array(); if ($numTreeNodes > 0) { $child = $root; //new OTreeNode(); for ($i = 0; $i < $numTreeNodes; $i++) { // Check if an alternative parser is required if ($child && isset($child->parser) && (int) $child->parser > 1) { $child->parser = (int) $child->parser; switch ($child->parser) { case Router::$CALENDAR_PARSER: // Must be last item if ($i < $numTreeNodes - 1) { return 404; } $event = $cal->getEventByLabel($treeNodes[$i]); if (!$event) { return 404; } $c = new OTreeNode(); $c->treeId = $child->treeId; $c->page = $event; $c->path = join('/', $treeNodes); return $c; break; case Router::$MARKER_PARSER: // Must be last item if ($i < $numTreeNodes - 1) { return 404; } $marker = $maps->getMarkerByLabel($treeNodes[$i]); if (!$marker) { return 404; } $result = new OTreeNode(); $result->parentId = $child->treeId; $result->page = $marker; $result->path = join('/', $treeNodes); return $result; break; case Router::$USER_PARSER: $userPage = $user->getUserByLabel($treeNodes[$i]); if (!$userPage) { return 404; } $child = new OTreeNode(); $child->page = $userPage; $child->path = join('/', $treeNodes); return $child; break; } } else { $child = $tree->getChildByLabel($child->treeId, $treeNodes[$i]); } if (!$child) { return 404; } if ($child->loginrequired) { $groups = array_merge($groups, $child->requiredgroups); } } // Check if we're member of the required groups $hasAccess = true; if (count($groups) > 0) { $authenticatedUser = $user->getAuthUser(); if ($authenticatedUser) { $missing = array_diff($groups, $authenticatedUser->usergroups); if (count($missing) > 0) { //insufficient rights $hasAccess = false; } } else { $hasAccess = false; } } if ($hasAccess === false) { // Redirect to login $path = BASEURL; $path .= USEPREFIX ? $_SESSION['prefix'] : ''; $path .= LOGINPAGE; // Include treeId, so we can redirect back when login successful header('Location:' . $path . '?tid=' . $child->treeId); exit; } // Build path (no need to get it from the db, we just checked it, it exists :D) $child = $bright->getChild($child->treeId); $child->path = join('/', $treeNodes); return $child; } //ROOT return $root; }
/** * Removes a user from the given group * @since 1.5 * @param int $userId the Id of the user * @param int $groupId the Id of the group * @return bool * @throws \Exception */ public function removeUserFromGroup($userId, $groupId) { // No permissions required, // First we have to find a way to gracefully by-pass // the authentication system, to allow apps to manage // users. // if(!$this -> IS_AUTH) // throw $this -> throwException(Exceptions::NO_USER_AUTH); // if(!$this -> MANAGE_USER) // throw $this -> throwException(Exceptions::MISSING_PERMISSION_USER); if (!is_numeric($userId)) { throw $this->throwException(ParameterException::INTEGER_EXCEPTION); } if (!is_numeric($groupId)) { throw $this->throwException(ParameterException::INTEGER_EXCEPTION); } $c = new Cache(); $c->deleteCacheByPrefix('user'); $sql = "DELETE FROM `userusergroups` WHERE `groupId`={$groupId} AND `userId`={$userId}"; $res = $this->_conn->deleteRow($sql) == 1; $uc = new User(); $au = $uc->getAuthUser(); // Update session if necessary if ($au->userId == $userId) { $user = $uc->getUser($userId); $_SESSION['user'] = serialize($user); } return $res; }
/** * Gets the children of a node, but does not parse it to a OTreeNode object * You can specify fields from the content table to include as well. * @param int $parentId The parentId of the node * @param boolean $includePath Specifies whether the full path to the node should be included (deprecated) * @param boolean $onlyPublished Specifies whether publication rules should be taken into account * @param mixed $showInNav Specifies whether show in navigation rules apply. When null, rules don't apply. When false, only nodes which <b>don't</b> show in navigation are returned. When true, only nodes with show in navigation = true are returned * @param array $additionalFields An array of fields from the content table to fetch as well * @param string $lang The language of the additional fields * @return array An array of objects */ public function getSimplyfiedChildren($parentId, $includePath = false, $onlyPublished = false, $showInNav = null, $additionalFields = null, $lang = '') { if ($parentId == -1) { $parentId = '(SELECT treeId FROM tree WHERE parentId = 0)'; } $published = ''; if ($onlyPublished) { //Show only published $ts = time(); $published = "AND ((UNIX_TIMESTAMP(p.publicationdate) <= {$ts} AND UNIX_TIMESTAMP(p.expirationdate) >= {$ts}) OR p.alwayspublished = 1) "; } $navsql = $this->_getShowInNavSql($showInNav); $addjoin = ''; $straddfield = ''; $addfield = array(); if ($additionalFields != null) { $langs = explode(',', AVAILABLELANG); // If empty, use default language // Alternatively, we could use the selected language, may be better... if ($lang == '') { $lang = $langs[0]; } $i = 0; if (count($langs) <= 1) { foreach ($additionalFields as $field) { $addfield[] = 'c' . $i . '.`value` AS `' . Connection::getInstance()->escape_string($field) . '`'; $addjoin .= 'LEFT JOIN content c' . $i . ' ON c' . $i . '.pageId = p.pageId AND c' . $i . '.`lang`=\'' . Connection::getInstance()->escape_string($lang) . '\' AND c' . $i . '.`field`=\'' . Connection::getInstance()->escape_string($field) . '\'' . "\r\n"; $i++; } } else { $index = array_search($lang, $langs); array_splice($langs, $index, 1); $numlangs = count($langs); foreach ($additionalFields as $field) { $sel = 'IFNULL(c' . $i . '.`value`,'; if ($numlangs > 1) { // 1 additional language //$sel .= 'c0'. $i . $langs[0] .'.`value`'; //} else { // 2 or more additional languages for ($j = 0; $j < $numlangs; $j++) { // Skip last value if ($j < $numlangs - 1) { $sel .= 'IFNULL(c' . $i . $langs[$j] . '.`value`,'; // Create joins $addjoin .= 'LEFT JOIN content c' . $i . $langs[$j] . ' ON c' . $i . $langs[$j] . '.pageId = p.pageId AND c' . $i . $langs[$j] . '.`lang`=\'' . Connection::getInstance()->escape_string($langs[$j]) . '\' AND c' . $i . $langs[$j] . '.`field`=\'' . Connection::getInstance()->escape_string($field) . '\'' . "\r\n"; } } } $sel .= 'c' . $i . $langs[$numlangs - 1] . '.`value`' . str_repeat(')', $numlangs) . ' as `' . Connection::getInstance()->escape_string($field) . '`'; $addjoin .= 'LEFT JOIN content c' . $i . $langs[$numlangs - 1] . ' ON c' . $i . $langs[$numlangs - 1] . '.pageId = p.pageId AND c' . $i . $langs[$numlangs - 1] . '.`lang`=\'' . Connection::getInstance()->escape_string($langs[$numlangs - 1]) . '\' AND c' . $i . $langs[$numlangs - 1] . '.`field`=\'' . Connection::getInstance()->escape_string($field) . '\'' . "\r\n"; $addfield[] = $sel; $addjoin .= 'LEFT JOIN content c' . $i . ' ON c' . $i . '.pageId = p.pageId AND c' . $i . '.`lang`=\'' . Connection::getInstance()->escape_string($lang) . '\' AND c' . $i . '.`field`=\'' . Connection::getInstance()->escape_string($field) . '\'' . "\r\n"; $i++; } } $straddfield = join(', ', $addfield) . ', '; } $u = new User(); $user = $u->getAuthUser(); $uid = $user ? (int) $user->userId : 'null'; // Select all pages where no login is required // Next, select pages where login IS required, and join on the usergroups // Group it together and order is by index // @ todo: multiple groups $sql = "SELECT t.*, p.*, {$straddfield} (SELECT COUNT(`treeId`) FROM tree WHERE parentId=t.treeId) AS numChildren FROM tree t\nINNER JOIN `page` p ON t.pageId = p.pageId\n{$addjoin}\nWHERE parentId={$parentId} AND loginrequired = 0 {$navsql} {$published}\n\nUNION\n\nSELECT t.*, p.*, {$straddfield} (SELECT COUNT(`treeId`) FROM tree WHERE parentId=t.treeId) AS numChildren FROM tree t\nINNER JOIN `page` p ON t.pageId = p.pageId\nINNER JOIN treeaccess ta ON t.treeId = ta.treeId\nINNER JOIN userusergroups uug ON ta.groupId = uug.groupId AND uug.userId={$uid}\n{$addjoin}\nWHERE parentId={$parentId} AND loginrequired = 1 {$navsql} {$published}\n\nORDER BY `index`"; $children = $this->_conn->getRows($sql); return $children; }