/** * * アイテムへのアクセス権限をチェックする * * @refer itemop_t * @param sess_id セッションID * @param iid チェック対象となるアイテムのID * @param op アクセスの種類 * @return true 権限あり * @return false 権限なし * */ function xnp_get_item_permission($sess_id, $iid, $op) { $iid = (int) $iid; global $xoopsDB; $uid = 0; if (_xnpal_sessionID2UID($sess_id, $uid) != RES_OK) { return false; } if ($op == OP_READ) { $sql = "SELECT DISTINCT tlink.item_id FROM " . $xoopsDB->prefix("xoonips_index_item_link") . " AS tlink"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_index") . " AS tx ON tlink.index_id = tx.index_id"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_item_basic") . " AS ti ON tlink.item_id = ti.item_id"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_groups_users_link") . " as tgulink ON tx.gid=tgulink.gid"; $sql .= " WHERE ( " . (public_item_target_user_all() ? "1" : "0"); $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}=" . UID_GUEST; $sql .= " AND certify_state=" . CERTIFIED; $sql .= " OR " . (!public_item_target_user_all() ? "1" : "0"); $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}<>" . UID_GUEST; $sql .= " AND certify_state=" . CERTIFIED; $sql .= " OR tx.open_level=" . OL_GROUP_ONLY; $sql .= " AND tgulink.uid={$uid}"; $sql .= " AND ( certify_state=" . CERTIFIED; $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0"; //モデレータならOR 1,それ以外は OR 0 $sql .= " OR tgulink.is_admin=1 )"; //グループ管理者か? if ($uid != UID_GUEST) { $sql .= " AND tgulink.uid={$uid}"; } $sql .= " OR tx.open_level=" . OL_PRIVATE; $sql .= " AND tx.uid={$uid}"; $sql .= " OR " . (xnp_is_moderator($sess_id, $uid) ? "1" : "0"); $sql .= " OR tx.uid IS NULL "; $sql .= " AND tx.open_level=" . OL_PUBLIC; $sql .= " AND ( certify_state=" . CERTIFIED; $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1 )" : " OR 0 )"; //モデレータならOR 1,それ以外は OR 0 $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0"; //モデレータならOR 1,それ以外は OR 0 $sql .= ") AND tlink.item_id={$iid} "; if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) { return $item_id == $iid; } } else { if ($op == OP_MODIFY || $op == OP_DELETE) { // modifying items by moderator is permitted then returns true; if ($op == OP_MODIFY && xnp_is_moderator($sess_id, $uid) && xnp_get_config_value('moderator_modify_any_items', $val) == RES_OK && $val == 'on') { return true; } // modifying items by group owner is permitted then returns true; $item_compo_handler =& xoonips_getormcompohandler('xoonips', 'item'); if ($op == OP_MODIFY && $item_compo_handler->getPerm($iid, $uid, 'write')) { return true; } //TODO 条件追加:todo自分のアイテムでも承認待ち状態なら編集・削除できない $sql = "SELECT item_id FROM " . $xoopsDB->prefix("xoonips_item_basic"); $sql .= " WHERE uid={$uid}"; $sql .= " AND item_id={$iid}"; if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) { return $item_id == $iid; } } } return false; }
EOT; if ($index_id != '') { echo <<<EOT <tr class="odd"> <td> {$export_recursive} </td> <td> <input type="radio" name="recursive_item" value="1" checked="checked" />{$yes} <input type="radio" name="recursive_item" value="0" />{$no} </td> </tr> EOT; } $value = ''; if (xnp_get_config_value('export_attachment', $value) != RES_OK) { $value = 'off'; } if ($value == 'on') { echo <<<EOT <tr class="even"> <td> {$export_attachment} </td> <td> <input type="radio" name="attachment" value="1" checked="checked" />{$yes} <input type="radio" name="attachment" value="0" />{$no} </td> </tr> EOT; } else {
return $val['item_id']; } } } return 0; } // Value that sends to tree-block put on header.php behind. $xoonipsURL = 'editindex.php'; $xoonipsEditIndex = true; $xoonipsSelectedTab = xoonipsGetTopIndex($xid); $xoopsOption['template_main'] = 'xoonips_editindex.html'; include XOOPS_ROOT_PATH . '/header.php'; $error_messages = array(); unset($indexCount); // get certyfy_item from configration $result = xnp_get_config_value('certify_item', $certify_item); if ($result != RES_OK) { redirect_header(XOOPS_URL . '/', 3, "ERROR xnp_get_config_value can't get certify_item(result={$result})"); } $handler = xoops_gethandler('user'); $user = $handler->get($uid); $operation_user_name = $user->getVar('name'); $error = false; // operate if ($op == 'open' || $op == '') { } if ($op == 'add_to_public' && isset($check)) { // check token ticket if (!$xoopsGTicket->check(true, 'xoonips_edit_index')) { exit; }
redirect_header(XOOPS_URL . '/modules/xoonips/detail.php?item_id=' . $item_id, 3, _MD_XOONIPS_ITEM_FORBIDDEN); } xoonips_delete_item($item_id); } if ($op == 'print') { require_once XOOPS_ROOT_PATH . '/class/template.php'; $xoopsTpl = new XoopsTpl(); xoops_header(false); $xoopsTpl->assign('meta_copyright', $myxoopsConfigMetaFooter['meta_copyright']); $xoopsTpl->assign('meta_author', $myxoopsConfigMetaFooter['meta_author']); $xoopsTpl->assign('sitename', $myxoopsConfig['sitename']); include_once XOOPS_ROOT_PATH . '/modules/' . $itemtype['viewphp']; eval("\$body = " . $modname . "GetPrinterFriendlyDetailBlock( \$item_id );"); echo "</head><body onload='window.print();'>\n"; $val = ""; xnp_get_config_value('printer_friendly_header', $val); $xoopsTpl->assign('printer_friendly_header', $val); $xoopsTpl->assign('item_url', xnpGetItemDetailURL($item_id, $doi)); $xoopsTpl->assign('body', $body); $xoopsTpl->display("db:xoonips_detail_print.html"); xoops_footer(); exit; } $xoopsOption['template_main'] = 'xoonips_detail.html'; include XOOPS_ROOT_PATH . '/header.php'; $item_lock_handler =& xoonips_getormhandler('xoonips', 'item_lock'); if ($item_lock_handler->isLocked($item_id)) { $xoopsTpl->assign('locked_message', sprintf(_MD_XOONIPS_WARNING_CANNOT_EDIT_LOCKED_ITEM, xoonips_get_lock_type_string($item_lock_handler->getLockType($item_id)))); } else { $xoopsTpl->assign('locked_message', false); }