/**
*
* アイテムへのアクセス権限をチェックする
*
* @refer itemop_t
* @param sess_id セッションID
* @param iid チェック対象となるアイテムのID
* @param op アクセスの種類
* @return true 権限あり
* @return false 権限なし
*
*/
function xnp_get_item_permission($sess_id, $iid, $op)
{
$iid = (int) $iid;
global $xoopsDB;
$uid = 0;
if (_xnpal_sessionID2UID($sess_id, $uid) != RES_OK) {
return false;
}
if ($op == OP_READ) {
$sql = "SELECT DISTINCT tlink.item_id FROM " . $xoopsDB->prefix("xoonips_index_item_link") . " AS tlink";
$sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_index") . " AS tx ON tlink.index_id = tx.index_id";
$sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_item_basic") . " AS ti ON tlink.item_id = ti.item_id";
$sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_groups_users_link") . " as tgulink ON tx.gid=tgulink.gid";
$sql .= " WHERE ( " . (public_item_target_user_all() ? "1" : "0");
$sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}=" . UID_GUEST;
$sql .= " AND certify_state=" . CERTIFIED;
$sql .= " OR " . (!public_item_target_user_all() ? "1" : "0");
$sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}<>" . UID_GUEST;
$sql .= " AND certify_state=" . CERTIFIED;
$sql .= " OR tx.open_level=" . OL_GROUP_ONLY;
$sql .= " AND tgulink.uid={$uid}";
$sql .= " AND ( certify_state=" . CERTIFIED;
$sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0";
//モデレータならOR 1,それ以外は OR 0
$sql .= " OR tgulink.is_admin=1 )";
//グループ管理者か?
if ($uid != UID_GUEST) {
$sql .= " AND tgulink.uid={$uid}";
}
$sql .= " OR tx.open_level=" . OL_PRIVATE;
$sql .= " AND tx.uid={$uid}";
$sql .= " OR " . (xnp_is_moderator($sess_id, $uid) ? "1" : "0");
$sql .= " OR tx.uid IS NULL ";
$sql .= " AND tx.open_level=" . OL_PUBLIC;
$sql .= " AND ( certify_state=" . CERTIFIED;
$sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1 )" : " OR 0 )";
//モデレータならOR 1,それ以外は OR 0
$sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0";
//モデレータならOR 1,それ以外は OR 0
$sql .= ") AND tlink.item_id={$iid} ";
if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) {
return $item_id == $iid;
}
} else {
if ($op == OP_MODIFY || $op == OP_DELETE) {
// modifying items by moderator is permitted then returns true;
if ($op == OP_MODIFY && xnp_is_moderator($sess_id, $uid) && xnp_get_config_value('moderator_modify_any_items', $val) == RES_OK && $val == 'on') {
return true;
}
// modifying items by group owner is permitted then returns true;
$item_compo_handler =& xoonips_getormcompohandler('xoonips', 'item');
if ($op == OP_MODIFY && $item_compo_handler->getPerm($iid, $uid, 'write')) {
return true;
}
//TODO 条件追加:todo自分のアイテムでも承認待ち状態なら編集・削除できない
$sql = "SELECT item_id FROM " . $xoopsDB->prefix("xoonips_item_basic");
$sql .= " WHERE uid={$uid}";
$sql .= " AND item_id={$iid}";
if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) {
return $item_id == $iid;
}
}
}
return false;
}
EOT;
if ($index_id != '') {
echo <<<EOT
<tr class="odd">
<td>
{$export_recursive}
</td>
<td>
<input type="radio" name="recursive_item" value="1" checked="checked" />{$yes}
<input type="radio" name="recursive_item" value="0" />{$no}
</td>
</tr>
EOT;
}
$value = '';
if (xnp_get_config_value('export_attachment', $value) != RES_OK) {
$value = 'off';
}
if ($value == 'on') {
echo <<<EOT
<tr class="even">
<td>
{$export_attachment}
</td>
<td>
<input type="radio" name="attachment" value="1" checked="checked" />{$yes}
<input type="radio" name="attachment" value="0" />{$no}
</td>
</tr>
EOT;
} else {
return $val['item_id'];
}
}
}
return 0;
}
// Value that sends to tree-block put on header.php behind.
$xoonipsURL = 'editindex.php';
$xoonipsEditIndex = true;
$xoonipsSelectedTab = xoonipsGetTopIndex($xid);
$xoopsOption['template_main'] = 'xoonips_editindex.html';
include XOOPS_ROOT_PATH . '/header.php';
$error_messages = array();
unset($indexCount);
// get certyfy_item from configration
$result = xnp_get_config_value('certify_item', $certify_item);
if ($result != RES_OK) {
redirect_header(XOOPS_URL . '/', 3, "ERROR xnp_get_config_value can't get certify_item(result={$result})");
}
$handler = xoops_gethandler('user');
$user = $handler->get($uid);
$operation_user_name = $user->getVar('name');
$error = false;
// operate
if ($op == 'open' || $op == '') {
}
if ($op == 'add_to_public' && isset($check)) {
// check token ticket
if (!$xoopsGTicket->check(true, 'xoonips_edit_index')) {
exit;
}
redirect_header(XOOPS_URL . '/modules/xoonips/detail.php?item_id=' . $item_id, 3, _MD_XOONIPS_ITEM_FORBIDDEN);
}
xoonips_delete_item($item_id);
}
if ($op == 'print') {
require_once XOOPS_ROOT_PATH . '/class/template.php';
$xoopsTpl = new XoopsTpl();
xoops_header(false);
$xoopsTpl->assign('meta_copyright', $myxoopsConfigMetaFooter['meta_copyright']);
$xoopsTpl->assign('meta_author', $myxoopsConfigMetaFooter['meta_author']);
$xoopsTpl->assign('sitename', $myxoopsConfig['sitename']);
include_once XOOPS_ROOT_PATH . '/modules/' . $itemtype['viewphp'];
eval("\$body = " . $modname . "GetPrinterFriendlyDetailBlock( \$item_id );");
echo "</head><body onload='window.print();'>\n";
$val = "";
xnp_get_config_value('printer_friendly_header', $val);
$xoopsTpl->assign('printer_friendly_header', $val);
$xoopsTpl->assign('item_url', xnpGetItemDetailURL($item_id, $doi));
$xoopsTpl->assign('body', $body);
$xoopsTpl->display("db:xoonips_detail_print.html");
xoops_footer();
exit;
}
$xoopsOption['template_main'] = 'xoonips_detail.html';
include XOOPS_ROOT_PATH . '/header.php';
$item_lock_handler =& xoonips_getormhandler('xoonips', 'item_lock');
if ($item_lock_handler->isLocked($item_id)) {
$xoopsTpl->assign('locked_message', sprintf(_MD_XOONIPS_WARNING_CANNOT_EDIT_LOCKED_ITEM, xoonips_get_lock_type_string($item_lock_handler->getLockType($item_id))));
} else {
$xoopsTpl->assign('locked_message', false);
}
