function init() { $this->type_entity = new entity($this->admin_page->type_id); if (!reason_site_can_edit_type($this->admin_page->site_id, $this->admin_page->type_id)) { echo 'This site does not have permission to edit ' . $this->type_entity->get_value('plural_name') . '.'; die; } if (empty($this->admin_page->id)) { if (reason_user_has_privs($this->admin_page->user_id, 'add')) { $new_id = create_entity($this->admin_page->site_id, $this->admin_page->type_id, $this->admin_page->user_id, '', array('entity' => array('state' => 'Pending'))); header('Location: ' . unhtmlentities($this->admin_page->make_link(array('id' => $new_id), true))); die; } else { echo 'You do not have the privileges needed to add a ' . $this->type_entity->get_value('name'); die; } } $this->entity = new entity($this->admin_page->id); if ($this->_cm_ok_to_run()) { $this->_do_admin_page_prep(); $this->disco_item = $this->_build_content_manager(); } $this->head_items->add_javascript(JQUERY_UI_URL, true); $this->head_items->add_javascript(JQUERY_URL, true); $this->head_items->add_stylesheet(JQUERY_UI_CSS_URL); $this->head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'change_detection.js'); }
function show_add() { // lets make sure permissions allow this if (reason_site_can_edit_type($this->admin_page->site_id, $this->admin_page->type_id)) { echo '<div class="addLink">' . "\n" . '<div class="roundedTop">' . "\n" . '<img src="' . REASON_ADMIN_IMAGES_DIRECTORY . 'trans.gif" alt="" class="roundedCorner" />' . "\n" . '</div>' . "\n" . '<div class="roundedContent">' . "\n"; $type = new entity($this->admin_page->type_id); echo '<a href="' . $this->admin_page->make_link(array('cur_module' => 'Editor', 'id' => '', 'new_entity' => 1)) . '">Add ' . $type->get_value('name') . '</a>' . "\n"; if (array_key_exists($type->get_value('unique_name'), $this->import_modules)) { $import_module = $this->import_modules[$type->get_value('unique_name')]; echo '<div class="smallText importBlock"><a href="' . $this->admin_page->make_link(array('cur_module' => $import_module, 'id' => '')) . '">Batch Import ' . ($type->get_value('plural_name') ? $type->get_value('plural_name') : $type->get_value('name')) . '</a></div>' . "\n"; } echo '</div>' . "\n" . '<div class="roundedBottom">' . "\n" . '<img src="' . REASON_ADMIN_IMAGES_DIRECTORY . 'trans.gif" alt="" class="roundedCorner" />' . "\n" . '</div>' . "\n" . '</div>' . "\n"; } else { echo '<div class="addLink">' . "\n" . '<div class="roundedTop">' . "\n" . '<img src="' . REASON_ADMIN_IMAGES_DIRECTORY . 'trans.gif" alt="" class="roundedCorner" />' . "\n" . '</div>' . "\n" . '<div class="roundedContent">' . "\n"; echo '<strong>Warning</strong><p>The site is not allowed to add or edit items of this type.</p><p>If this is unexpected, contact an administrator.</p>'; echo '</div>' . "\n" . '<div class="roundedBottom">' . "\n" . '<img src="' . REASON_ADMIN_IMAGES_DIRECTORY . 'trans.gif" alt="" class="roundedCorner" />' . "\n" . '</div>' . "\n" . '</div>' . "\n"; } }
function show_admin_live($row, $options) { echo '<td>'; if (reason_user_has_privs($this->admin_page->user_id, 'edit')) { echo '<strong>'; $edit_link = $this->admin_page->make_link(array('cur_module' => 'Editor', 'id' => $row->id())); $preview_link = $this->admin_page->make_link(array('cur_module' => 'Preview', 'id' => $row->id())); $duplicate_link = $this->admin_page->make_link(array('cur_module' => 'Duplicate', 'id' => $row->id())); if (reason_site_can_edit_type($this->admin_page->site_id, $this->admin_page->type_id)) { echo '<a href="' . $preview_link . '">' . 'Preview</a> | <a href="' . $duplicate_link . '">Duplicate</a> | <a href="' . $edit_link . '">Edit</a>'; } else { echo '<a href="' . $preview_link . '">' . 'Preview</a>'; } echo '</strong>'; } else { echo ' '; } echo '</td>' . "\n"; }
function get_main_links($second = false) { $links = array(); $entity = new entity($this->id); $user = new entity($this->user_id); $links['Preview'] = array('title' => 'Preview', 'link' => $this->make_link(array('cur_module' => 'Preview'))); $can_edit = $entity->get_value('state') == 'Pending' ? reason_user_has_privs($this->user_id, 'edit_pending') : reason_user_has_privs($this->user_id, 'edit'); if ($can_edit && reason_site_can_edit_type($this->site_id, $this->type_id)) { $links['Edit'] = array('title' => 'Edit', 'link' => $this->make_link(array('cur_module' => 'Editor')), 'locked' => !$entity->user_can_edit($user, 'fields')); if ($second) { $rels = $second; } else { $rels = $this->get_rels(); } foreach ($rels as $rel) { $ass_name = !empty($rel['display_name']) ? $rel['display_name'] : $rel['entity_name']; $index = $rel['id']; $links[$index] = array('title' => $ass_name, 'icon' => '<img src="' . reason_get_type_icon_url($rel['relationship_b']) . '" alt="" />', 'link' => $this->make_link(array('site_id' => $this->site_id, 'type_id' => $this->type_id, 'rel_id' => $rel['id'], 'id' => $this->id, 'user_id' => $this->user_id, 'cur_module' => 'Associator')), 'rel_info' => $rel, 'locked' => !$entity->user_can_edit_relationship($index, $user, 'right')); } if ($second) { $rels = $this->get_backward_rels('I AM A GOLDEN GOD!!!'); } else { $rels = $this->get_backward_rels(); } foreach ($rels as $rel) { $ass_name = !empty($rel['display_name_reverse_direction']) ? $rel['display_name_reverse_direction'] : $rel['entity_name']; $index = $rel['id']; $links[$index] = array('title' => $ass_name, 'icon' => '<img src="' . reason_get_type_icon_url($rel['relationship_a']) . '" alt="" />', 'link' => $this->make_link(array('site_id' => $this->site_id, 'type_id' => $this->type_id, 'rel_id' => $rel['id'], 'id' => $this->id, 'user_id' => $this->user_id, 'cur_module' => 'ReverseAssociator')), 'rel_info' => $rel, 'locked' => !$entity->user_can_edit_relationship($index, $user, 'left')); } } $links['Finish'] = array('title' => '<strong>Finish</strong>', 'link' => $this->make_link(array('cur_module' => 'Finish'))); // if the entity is new, give the link to cancel its creation $e = new entity($this->id); if ($e->get_value('new') && $e->get_value('state') == 'Pending' && $can_edit && !$e->get_value('name') && $this->cur_module == 'Editor') { $links['Cancel'] = array('title' => 'Cancel', 'link' => $this->make_link(array('cur_module' => 'Cancel'))); } // This is a hack because the 'new_entity' variable is getting passed around a little too promiscuously. Really newness should be stored in the db with the entity and removed upon finish. MR 3/11/2004 */ /*$e = new entity( $this->id ); $created = prettify_mysql_timestamp( $e->get_value('creation_date'), 'Y-m-d' ); $today = date('Y-m-d'); if( !empty( $this->request[ 'new_entity' ] ) && $created == $today ) $links[ 'Cancel' ] = array( 'title' => 'Cancel' , 'link' => $this->make_link( array( 'cur_module' => 'Cancel' ) ) ); */ return $links; }
/** * Could an unidentified user of the given role edit this entity? * * Note that without a given user, this function cannot check * site membership or other important aspects of privilege-granting. * Therefore, this method should only be used for informational * purposes, not to grant privileges, unless other checks are done. * * @param string $role_name * @param string $fields_or_rels 'fields','relationships', or 'all' * @return boolean */ public function role_could_edit($role_name, $fields_or_rels = 'all') { static $cache = array('all' => array(), 'fields' => array(), 'relationships' => array()); if (!isset($cache[$fields_or_rels])) { trigger_error('2nd parameter of role_could_edit must be one of: "' . implode('", "', array_keys($cache)) . '". Given "' . $fields_or_rels . '"; setting to "all".'); $fields_or_rels = 'all'; } if (isset($cache[$fields_or_rels][$this->_entity->id()][$role_name])) { return $cache[$fields_or_rels][$this->_entity->id()][$role_name]; } if ($this->_entity->get_value('state') == 'Live' && reason_role_has_privs($role_name, 'edit') || $this->_entity->get_value('state') == 'Pending' && reason_role_has_privs($role_name, 'edit_pending') || $this->_entity->get_value('state') == 'Deleted' && (reason_role_has_privs($role_name, 'publish') || reason_role_has_privs($role_name, 'expunge'))) { $owner = $this->_entity->get_owner(); if (!reason_site_can_edit_type($owner, $this->_entity->get_value('type'))) { return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = false; } if (reason_role_has_privs($role_name, 'bypass_locks')) { return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = true; } switch ($fields_or_rels) { case 'all': return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = !($this->get_all_fields_lock() && $this->get_all_relationships_lock('left') && $this->get_all_relationships_lock('right')); case 'fields': return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = !$this->get_all_fields_lock(); case 'relationships': return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = !($this->get_all_relationships_lock('left') && $this->get_all_relationships_lock('right')); default: trigger_error('Programming error: $fields_or_rels not an acceptable value'); return false; } } else { return $cache[$fields_or_rels][$this->_entity->id()][$role_name] = false; } }
function show_admin_associate($row, $options) { if (!$this->_cur_user_has_edit_privs()) { echo '<td class="viewerCol_admin"> </td>'; return; } $e_rel = $this->admin_page->rel_id; $e_id = $this->admin_page->id; $e = new entity($e_id); $user = new entity($this->admin_page->user_id); $e_type = $e->get_value('type'); static $one_to_many = false; static $found_connections = false; if (!$found_connections) { $found_connections = true; $q = 'SELECT * FROM allowable_relationship WHERE id = ' . $e_rel . ' AND required = "yes"'; $r = db_query($q, 'error selecting connections'); $ar = mysql_fetch_array($r, MYSQL_ASSOC); if ($ar and $ar['connections'] == 'one_to_many') { $one_to_many = true; } else { $one_to_many = false; } } $entity_a_or_b = $this->rel_direction == 'b_to_a' ? 'entity_a' : 'entity_b'; $lock_check_dir = $this->rel_direction == 'b_to_a' ? 'right' : 'left'; $link = array('rel_id' => $e_rel, $entity_a_or_b => $row->id()); if ($this->get_relationship_lock_state() || !$row->user_can_edit_relationship($this->admin_page->rel_id, $user, $lock_check_dir)) { $link = ''; $name = 'Locked'; } elseif (!$this->select) { // B TO A BEHAVIOR // if the associated item is borrowed, and that relationship is not in the scope of the current site, // we do not provide the DoDisassociate link. if ($this->rel_direction == 'b_to_a') { if ($row->get_value('sharing') == 'owns' || $this->site_id == $row->get_value('rel_site_id')) { $link = array_merge($link, array('cur_module' => 'DoDisassociate')); } else { $link = ''; } $name = 'Deselect'; } else { $link = array_merge($link, array('cur_module' => 'DoDisassociate')); $name = 'Deselect'; } } else { $link = array_merge($link, array('cur_module' => 'DoAssociate')); $name = 'Select'; } //echo '<td class="'.$options[ 'class' ].'"><strong>'; echo '<td class="viewerCol_admin"><strong>'; if (!$this->select and $one_to_many) { echo 'Selected'; } else { if (!empty($link)) { // lets add a CSRF token for the GET request - we should make all these requests go via POST but // this is better than nothing to prevent CSRF attacks. $link = array_merge($link, array('admin_token' => $this->admin_page->get_admin_token())); echo '<a href="' . $this->admin_page->make_link($link) . '">' . $name . '</a>'; } else { echo $name; } } if (reason_user_has_privs($this->admin_page->user_id, 'manage_locks') && $row->relationship_has_lock($this->admin_page->rel_id, $lock_check_dir)) { echo ' <img class="lockIndicator" src="' . REASON_HTTP_BASE_PATH . 'ui_images/lock_12px_grey_trans.png" alt="Locked for some users" title="Locked for some users" width="12" height="12" />'; } if (empty($this->admin_page->request[CM_VAR_PREFIX . 'type_id'])) { $this->rel_type =& $this->admin_page->module->rel_type; // THIS IS HOW THE B TO A WAS CODED - REVIEW AND DELETE THIS CONDITION IF POSSIBLE if ($this->rel_direction == 'b_to_a') { $ass_mod = new AssociatorModule($this->admin_page); $ass_mod->rel_type =& $this->admin_page->module->rel_type; $edit_link = $ass_mod->get_second_level_vars(); $edit_link['new_entity'] = ''; } else { $edit_link = $this->admin_page->module->get_second_level_vars(); $edit_link['new_entity'] = ''; } $preview_link = $edit_link; $preview_link['id'] = $row->id(); $preview_link['cur_module'] = 'Preview'; $edit_link['id'] = $row->id(); $edit_link['cur_module'] = 'Edit'; $sharing = $row->get_value('sharing'); $owned = is_array($sharing) ? in_array('owns', $sharing) : $row->get_value('sharing') == 'owns'; $borrowed = is_array($sharing) ? in_array('borrows', $sharing) : $row->get_value('sharing') == 'borrows'; echo ' | <a href="' . $this->admin_page->make_link($preview_link) . '">Preview</a>'; if ($owned && reason_site_can_edit_type($this->site_id, $this->rel_type)) { echo ' | <a href="' . $this->admin_page->make_link($edit_link) . '">Edit</a>'; } if ($borrowed) { echo ' | Borrowed'; } if ($owned && $borrowed) { echo '<p><strong>Note: </strong><em>Item is owned AND borrowed by the site.</em></p>'; } if (!$owned && !$borrowed) { echo '<p><strong>Note: </strong><em>Item is not currently owned or borrowed by the site.</em></p>'; } } echo '</strong></td>'; }