/** * Store the value of this attribute in the database. * * @param Db $db The database object * @param array $record The record which holds the values to store * @param string $mode The mode we're in * * @return bool True if succesfull, false if not */ public function store($db, $record, $mode) { // Read the current actions available/editable and user rights before changing them $user = SecurityManager::atkGetUser(); $isAdmin = $user['name'] == 'administrator' || $this->canGrantAll(); $allActions = $this->getAllActions($record, false); $editableActions = $this->getEditableActions($record); $delquery = 'DELETE FROM ' . Config::getGlobal('auth_accesstable') . ' WHERE ' . $this->m_accessField . "='" . $record[$this->m_ownerInstance->primaryKeyField()] . "'"; if ($db->query($delquery)) { $checked = $record[$this->fieldName()]; $children = []; if (!empty($this->m_parentAttrName)) { $children = $this->getChildGroups($db, $record[$this->m_ownerInstance->primaryKeyField()]); } foreach ($checked as $node => $actions) { $actions = array_unique($actions); $nodeModule = Tools::getNodeModule($node); $nodeType = Tools::getNodeType($node); $validActions = []; if (is_array($allActions[$nodeModule][$nodeType])) { $validActions = array_intersect($actions, $allActions[$nodeModule][$nodeType]); } // If you're not an admin, leave out all actions which are not editable (none if no editable actions available) if (!$isAdmin) { $validActions = isset($editableActions[$nodeModule][$nodeType]) ? array_intersect($validActions, $editableActions[$nodeModule][$nodeType]) : []; } foreach ($validActions as $action) { $query = 'INSERT INTO ' . Config::getGlobal('auth_accesstable') . ' (node, action, ' . $this->m_accessField . ') '; $query .= "VALUES ('" . $db->escapeSQL($node) . "','" . $db->escapeSQL($action) . "','" . $record[$this->m_ownerInstance->primaryKeyField()] . "')"; if (!$db->query($query)) { // error. return false; } } if (count($children) > 0 && count($validActions) > 0) { $query = 'DELETE FROM ' . Config::getGlobal('auth_accesstable') . ' ' . 'WHERE ' . $this->m_accessField . ' IN (' . implode(',', $children) . ') ' . "AND node = '" . $db->escapeSQL($node) . "' " . "AND action NOT IN ('" . implode("','", $validActions) . "')"; if (!$db->query($query)) { // error. return false; } } } } return true; }
/** * Drop an existing index. * * @param string $name Index name * * @return bool */ public function dropIndex($name) { $table = $this->m_db->quoteIdentifier($this->m_table); $name = $this->m_db->quoteIdentifier($this->getIndexName($name)); return $this->m_db->query("DROP INDEX {$name} ON {$table}"); }