/**
* Determines which permissions a user can grant, and to which groups and users on a given page
* @param $userid User id of the user attempting to grant permissions
* @param $pagepath Array containing the page ids of the nodes on the path to the given page
* @param $modifiableGroups Buffer to store the groups the user can grant permissions to
* @param $grantableActions Buffer to store the list of actions the user can grant permissions for
* @return Boolean, indicating whether the function was successful
*/
function grantPermissions($userid, $pageid)
{
//serving change permission requests
if (isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
$permtype = escape($_GET['permtype']);
$pageid = escape($_GET['pageid']);
$usergroupid = escape($_GET['usergroupid']);
$permid = escape($_GET['permid']);
$perm = escape($_GET['perm']);
$flag = true;
if ($perm == 'Y' || $perm == 'N') {
if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
if ($permission['perm_permission'] != $perm) {
mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
} else {
mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('{$permtype}','{$pageid}','{$usergroupid}','{$permid}','{$perm}')");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
} else {
if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
}
if ($flag) {
echo "1";
} else {
echo "0";
}
disconnect();
exit;
}
//serving refresh permissions request
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
global $cmsFolder, $urlRequestRoot, $templateFolder;
$pageid = escape($_GET['pageid']);
if (mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
$pagepath = array();
parseUrlDereferenced($pageid, $pagepath);
$pageid = $pagepath[count($pagepath) - 1];
$groups = array_reverse(getGroupIds($userid));
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
if ($maxPriorityGroup == -1) {
return 'You do not have the required permissions to view this page.';
}
if ($virtue == 'user') {
$grantableActions = getGroupPermissions($groups, $pagepath, $userid);
} else {
$grantableActions = getGroupPermissions($groups, $pagepath);
}
$actionCount = count($_POST['permission']);
$checkedActions = array();
for ($i = 0; $i < $actionCount; $i++) {
list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
if (isset($_POST[$modTemp . $actTemp])) {
if (isset($grantableActions[$modTemp])) {
for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
if ($grantableActions[$modTemp][$j][1] == $actTemp) {
$checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
break;
}
}
}
}
}
if (count($checkedActions) > 0) {
$grantableActions = $checkedActions;
}
$modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
$modifiableGroupIds = array(0, 1);
for ($i = 0; $i < count($modifiableGroups); $i++) {
$modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
}
$permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
$ret = <<<RET
pageid = {$pageid};
{$permissions}
RET;
echo $ret;
} else {
echo "Error: Invalid Pageid passed";
}
disconnect();
exit;
}
global $cmsFolder, $urlRequestRoot;
$pagepath = array();
parseUrlDereferenced($pageid, $pagepath);
$pageid = $pagepath[count($pagepath) - 1];
$groups = array_reverse(getGroupIds($userid));
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
if ($maxPriorityGroup == -1) {
return 'You do not have the required permissions to view this page.';
}
if ($virtue == 'user') {
$grantableActions = getGroupPermissions($groups, $pagepath, $userid);
} else {
$grantableActions = getGroupPermissions($groups, $pagepath);
}
if (isset($_POST['permission'])) {
$actionCount = count($_POST['permission']);
} else {
$actionCount = "";
}
$checkedActions = array();
for ($i = 0; $i < $actionCount; $i++) {
list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
if (isset($_POST[$modTemp . $actTemp])) {
if (isset($grantableActions[$modTemp])) {
for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
if ($grantableActions[$modTemp][$j][1] == $actTemp) {
$checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
break;
}
}
}
}
}
if (count($checkedActions) > 0) {
$grantableActions = $checkedActions;
}
$modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
$modifiableGroupIds = array(0, 1);
for ($i = 0; $i < count($modifiableGroups); $i++) {
$modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
}
$perms = json_encode(formatPermissions($grantableActions));
$permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
$groups = customGetGroups($maxPriorityGroup);
$users = customGetAllUsers();
global $templateFolder;
$smarttableconfig = array('permtable' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'), 'permtable2' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'));
$ret = smarttable::render(array('permtable', 'permtable2'), $smarttableconfig);
$globals = getGlobalSettings();
$baseURL = "./+grant&doaction=changePerm";
if ($globals['url_rewrite'] == 'false') {
$baseURL = prettyurl($baseURL);
}
$selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};";
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') {
$get_selectedPerms = array();
$get_selectedGroups = array();
$get_selectedUsers = array();
foreach ($_POST as $key => $var) {
if (substr($key, 0, 12) == "permissions_") {
$get_selectedPerms[] = (int) substr($key, 12);
}
}
list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
$save = 0;
foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
$found = false;
foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
foreach ($get_selectedPerms as $selected_perm) {
if ($selected_perm == $get_permId) {
$get_selectedGroups[] = (int) $get_groupId;
$found = true;
}
}
if ($found) {
break;
}
}
if ($get_groupId == 0 && $found) {
$save += 1;
}
if ($get_groupId == 1 && $found) {
$save += 2;
}
}
foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
$found = false;
foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
foreach ($get_selectedPerms as $selected_perm) {
if ($selected_perm == $get_permId) {
$get_selectedUsers[] = (int) $get_userId;
$found = true;
}
}
if ($found) {
break;
}
}
}
$get_selectedGroups = filterByPriority($maxPriorityGroup, $get_selectedGroups);
if ($save % 2 == 1) {
$get_selectedGroups[] = 0;
}
if ($save / 2 == 1) {
$get_selectedGroups[] = 1;
}
$selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
}
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') {
$get_selectedPerms = array();
$get_selectedGroups = array();
$get_selectedUsers = array();
foreach ($_POST as $key => $var) {
if (substr($key, 0, 6) == "users_") {
$get_selectedUsers[] = (int) substr($key, 6);
} else {
if (substr($key, 0, 7) == "groups_") {
$get_selectedGroups[] = (int) substr($key, 7);
}
}
}
list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
$save = 0;
foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
if (isPresent($get_groupId, $get_selectedGroups)) {
foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
if (!isPresent($get_permId, $get_selectedPerms)) {
$get_selectedPerms[] = $get_permId;
}
}
}
}
foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
if (isPresent($get_userId, $get_selectedUsers)) {
foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
if (!isPresent($get_permId, $get_selectedPerms)) {
$get_selectedPerms[] = $get_permId;
}
}
}
}
$selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
}
$ret .= <<<RET
<style type="text/css" title="currentStyle">
\tdiv#permtable_filter input { width: 90px; }
\tdiv#permtable2_filter input { width: 90px; }
</style>
<script type="text/javascript" language="javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts/permissionsTable.js"></script>
<script type="text/javascript">
var baseURL = "{$baseURL}";
var pageid = {$pageid};
var permissions = {$perms};
var permGroups;
var permUsers;
var groups = {{$groups}};
var users = {{$users}};
{$permissions}
{$selected}
</script>
<div id='info'></div>
<INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
<div id='permTable'>
</div>
<table width=100%>
<tr>
<td width=50%>
<a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br>
<form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'>
<table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
</tbody></table>
</form>
</td>
<td width=50%>
<a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br>
<form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'>
<table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
</tbody></table>
</form>
</td>
</tr>
</table>
<a href='javascript:populateList()'>Click here if the lists are empty</a>
RET;
global $STARTSCRIPTS;
$STARTSCRIPTS .= " populateList();";
return $ret;
}
function convertUrif($x, $attr)
{
$y = "";
$z = $x;
$len = strlen($attr);
if ($len != 0) {
while (1) {
$z = $x;
$count = 0;
if (strpos($x, $attr)) {
$y .= substr($x, $count, strpos($x, $attr) + $len + 2);
} else {
$y .= substr($x, $count);
}
$count = strpos($x, $attr) + $len + 2;
if ($count == $len + 2) {
break;
}
$x = substr($x, $count - 1);
if ($x[0] != '"' && $x[0] != "'") {
$x = substr($x, 1);
continue;
}
$x = substr($x, 1);
//echo "<br>" . substr($x,0,strpos($x,"\"")) . " => " . prettyurl(substr($x,0,strpos($x,"\"")));
$count1 = strpos($x, "\"") == -1 || !strpos($x, "\"") ? 10000 : strpos($x, "\"");
$count2 = strpos($x, "'") == -1 || !strpos($x, "'") ? 10000 : strpos($x, "'");
$count = $count1 < $count2 ? $count1 : $count2;
// echo substr($x,0,$count) ." => ". prettyurl(substr($x,0,$count)). "<br>";
$y .= prettyurl(substr($x, 0, $count));
$x = substr($x, $count);
}
}
return $y;
}
