/** * Generates module specific actions * * @param $userId The user for whom the list of permitted actions must be computed. * @param $pageId The page on which the permissible action for the user is computed * * @return $actionbar The list of permitted module specific actions for the 'user' of 'page'. */ function getActionbarModule($userId, $pageId) { $action_query = "SELECT perm_id, perm_action, perm_text FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE perm_action != 'create' AND page_module = '" . getEffectivePageModule($pageId) . "'"; $action_result = mysql_query($action_query); $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'"; $allow_login_result = mysql_query($allow_login_query); $allow_login_result = mysql_fetch_array($allow_login_result); $actionbarPage = array(); while ($action_row = mysql_fetch_assoc($action_result)) { if (getPermissions($userId, $pageId, $action_row['perm_action'])) { $actionbarPage[$action_row['perm_action']] = $action_row['perm_text']; } } $actionbar = "<div id=\"cms-actionbarModule\">"; if (is_array($actionbarPage) > 0) { foreach ($actionbarPage as $action => $actionname) { if (!$allow_login_result[0] && $actionname == "View" && !$userId) { continue; } $actionbar .= "<span class=\"cms-actionbarModuleItem\"><a class=\"robots-nofollow\" rel=\"nofollow\" href=\"./+{$action}\">{$actionname}</a></span>\n"; } } $actionbar .= "</div>"; return $actionbar; }
function getPermissions($userid, $pageid, $action, $module = "") { if ($action != "admin" && getPermissions($userid, 0, "admin")) { return true; } if ($module == "") { $query = "SELECT 1 FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE page_module=\"page\" AND perm_action=\"{$action}\""; $result = mysql_query($query); if (mysql_num_rows($result) >= 1) { $module = 'page'; } else { $module = getEffectivePageModule($pageid); } } $permission = false; if ($module == "menu" || $module == "external") { return getPermissions($userid, getParentPage($pageid), $action); } /// Find all groups the user belongs to, ordered by priority /// For each group, starting with lowest priority, get permission for the page $pagePath = array(); parseUrlDereferenced($pageid, $pagePath); foreach (getGroupIds($userid) as $groupid) { if ($permission === true) { break; } $permission = getPagePermission($pagePath, $groupid, $action, $module); } if ($permission === false) { $permission = getPagePermission($pagePath, $userid, $action, $module, 'user'); } return $permission; }
/** * Determines the module type of a given page * @param $pageid Page id of the page, whose module name is to be determined * @return String containing the module name of the given page */ function getEffectivePageModule($pageId) { $pagemodule_query = "SELECT `page_module`, `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`='" . $pageId . "'"; $pagemodule_result = mysql_query($pagemodule_query); $pagemodule_row = mysql_fetch_assoc($pagemodule_result); if ($pagemodule_row['page_module'] == "link") { return getEffectivePageModule($pagemodule_row['page_modulecomponentid']); } return $pagemodule_row['page_module']; }