private function storePermissions() { global $objDatabase; $status = true; if ($this->protected) { // set protection if ($this->access_id || ($this->access_id = \Permission::createNewDynamicAccessId())) { \Permission::removeAccess($this->access_id, 'dynamic'); if (count($this->access_groups)) { \Permission::setAccess($this->access_id, 'dynamic', $this->access_groups); } } else { // remove protection due that no new access-ID could have been created $this->access_id = 0; $status = false; } } elseif ($this->access_id) { // remove protection \Permission::removeAccess($this->access_id, 'dynamic'); $this->access_id = 0; } if (!$status) { return false; } if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_download`\n SET\n `access_id` = " . intval($this->access_id) . "\n WHERE `id` = " . $this->id) === false) { return false; } else { return true; } }
/** * Validate and save settings from $_POST into the database. * * @global ADONewConnection * @global array $_ARRAYLANG */ function _saveSettings() { global $objDatabase, $_ARRAYLANG; $this->_arrSettings = $this->createSettingsArray(); for ($i = 0; $i <= 4; $i++) { $oldMediaSetting = $this->_arrSettings['media' . $i . '_frontend_changable']; $newMediaSetting = ''; if (isset($_POST['mediaSettings_Media' . $i . 'FrontendChangable'])) { $newMediaSetting = $_POST['mediaSettings_Media' . $i . 'FrontendChangable']; } if (!is_numeric($newMediaSetting)) { if (is_numeric($oldMediaSetting)) { // remove AccessId \Permission::removeAccess($oldMediaSetting, 'dynamic'); } // save new setting $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . contrexx_addslashes($newMediaSetting) . '" WHERE `name` = "media' . $i . '_frontend_changable" '); } else { $accessGroups = ''; if (isset($_POST['media' . $i . '_access_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_access_associated_groups']; } // get groups \Permission::removeAccess($oldMediaSetting, 'dynamic'); if (isset($_POST['media' . $i . '_access_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_access_associated_groups']; } // add AccessID $newMediaSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newMediaSetting, 'dynamic', $accessGroups); } $query = 'UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . intval($newMediaSetting) . '" WHERE `name` = "media' . $i . '_frontend_changable"'; $objDatabase->Execute($query); } $oldManageSetting = $this->_arrSettings['media' . $i . '_frontend_managable']; $newManageSetting = ''; if (isset($_POST['mediaSettings_Media' . $i . 'FrontendManagable'])) { $newManageSetting = $_POST['mediaSettings_Media' . $i . 'FrontendManagable']; } if (!is_numeric($newManageSetting)) { if (is_numeric($oldManageSetting)) { // remove AccessId \Permission::removeAccess($oldManageSetting, 'dynamic'); } // save new setting $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . contrexx_addslashes($newManageSetting) . '" WHERE `name` = "media' . $i . '_frontend_managable" '); } else { $accessGroups = ''; if (isset($_POST['media' . $i . '_manage_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_manage_associated_groups']; } // get groups \Permission::removeAccess($oldManageSetting, 'dynamic'); if (isset($_POST['media' . $i . '_manage_associated_groups'])) { $accessGroups = $_POST['media' . $i . '_manage_associated_groups']; } // add AccessID $newManageSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newManageSetting, 'dynamic', $accessGroups); } $objDatabase->Execute(' UPDATE ' . DBPREFIX . 'module_media_settings SET `value` = "' . intval($newManageSetting) . '" WHERE `name` = "media' . $i . '_frontend_managable" '); } } $this->_arrSettings = $this->createSettingsArray(); $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_SETTINGS_SAVE_SUCCESSFULL']; }
/** * Clones the protection of this page to another page * @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to get the same protection as $this * @param boolean $frontend Wheter the front- or backend protection should be cloned * @return boolean True on success, false otherwise */ public function copyProtection($page, $frontend) { if ($frontend) { $accessId = $this->getFrontendAccessId(); } else { $accessId = $this->getBackendAccessId(); } $groups = \Permission::getGroupIdsForAccessId($accessId); if ($frontend) { $page->setFrontendProtection($this->isFrontendProtected()); $newAccessId = $page->getFrontendAccessId(); } else { $page->setBackendProtection($this->isBackendProtected()); $newAccessId = $page->getBackendAccessId(); } foreach ($groups as $groupId) { if (!\Permission::setAccess($newAccessId, 'dynamic', $groupId)) { return false; } } return true; }
public function setAssignedGroupIds($page, $ids, $frontend) { $accessId = $this->getAccessId($page, $frontend); \Permission::setAccess($accessId, 'dynamic', $ids); }
private function saveSettings() { global $objDatabase; /** * save mailtemplates */ foreach ($_POST["filesharingMail"] as $lang => $inputs) { $objMailTemplate = $objDatabase->Execute("SELECT `subject`, `content` FROM " . DBPREFIX . "module_filesharing_mail_template WHERE `lang_id` = " . intval($lang)); $content = str_replace(array('{', '}'), array('[[', ']]'), contrexx_input2db($inputs["content"])); if ($objMailTemplate === false or $objMailTemplate->RecordCount() == 0) { $objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing_mail_template (`subject`, `content`, `lang_id`) VALUES ('" . contrexx_input2db($inputs["subject"]) . "', '" . contrexx_raw2db($content) . "', '" . contrexx_raw2db($lang) . "')"); } else { $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing_mail_template SET `subject` = '" . contrexx_input2db($inputs["subject"]) . "', `content` = '" . contrexx_raw2db($content) . "' WHERE `lang_id` = '" . contrexx_raw2db($lang) . "'"); } } /** * save permissions */ \Cx\Core\Setting\Controller\Setting::init('FileSharing', 'config'); $oldFilesharingSetting = \Cx\Core\Setting\Controller\Setting::getValue('permission', 'FileSharing'); $newFilesharingSetting = $_POST['filesharingSettingsPermission']; if (!is_numeric($newFilesharingSetting)) { if (is_numeric($oldFilesharingSetting)) { // remove AccessId \Permission::removeAccess($oldFilesharingSetting, 'dynamic'); } } else { $accessGroups = ''; if (isset($_POST['filesharing_access_associated_groups'])) { $accessGroups = $_POST['filesharing_access_associated_groups']; } // get groups \Permission::removeAccess($oldFilesharingSetting, 'dynamic'); if (isset($_POST['filesharing_access_associated_groups'])) { $accessGroups = $_POST['filesharing_access_associated_groups']; } // add AccessID $newFilesharingSetting = \Permission::createNewDynamicAccessId(); // save AccessID if (count($accessGroups)) { \Permission::setAccess($newFilesharingSetting, 'dynamic', $accessGroups); } } // save new setting \Cx\Core\Setting\Controller\Setting::set('permission', $newFilesharingSetting); \Cx\Core\Setting\Controller\Setting::updateAll(); }
/** * Update news * * @global ADONewConnection * @global array * @global array * @param integer $newsid * @return boolean result */ function update() { global $objDatabase, $_ARRAYLANG, $_CONFIG; if (!$this->hasCategories()) { return $this->manageCategories(); } if (isset($_POST['newsId'])) { $objFWUser = \FWUser::getFWUserObject(); $id = intval($_POST['newsId']); $userId = $objFWUser->objUser->getId(); $changelog = mktime(); $date = $this->dateFromInput($_POST['newsDate']); $redirect = !empty($_POST['newsRedirect']) && $_POST['newsTypeRadio'] == 'redirect' ? contrexx_strip_tags($_POST['newsRedirect']) : ''; $source = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsSource'])); $url1 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl1'])); $url2 = \FWValidator::getUrl(contrexx_strip_tags($_POST['newsUrl2'])); $newsPublisherName = !empty($_POST['newsPublisherName']) ? contrexx_input2raw($_POST['newsPublisherName']) : ''; $newsAuthorName = !empty($_POST['newsAuthorName']) ? contrexx_input2raw($_POST['newsAuthorName']) : ''; $newsPublisherId = !empty($_POST['newsPublisherId']) ? contrexx_input2raw($_POST['newsPublisherId']) : '0'; $newsAuthorId = !empty($_POST['newsAuthorId']) ? contrexx_input2raw($_POST['newsAuthorId']) : '0'; $newsCategories = !empty($_POST['newsCat']) ? contrexx_input2raw($_POST['newsCat']) : array(); $typeId = !empty($_POST['newsType']) ? intval($_POST['newsType']) : 0; $newsScheduledActive = !empty($_POST['newsScheduled']) ? intval($_POST['newsScheduled']) : 0; $status = empty($_POST['status']) ? $status = 0 : intval($_POST['status']); $newsTeaserOnly = isset($_POST['newsUseOnlyTeaser']) ? intval($_POST['newsUseOnlyTeaser']) : 0; $newsTeaserShowLink = isset($_POST['newsTeaserShowLink']) ? intval($_POST['newsTeaserShowLink']) : 0; $newsTeaserImagePath = contrexx_addslashes($_POST['newsTeaserImagePath']); $newsTeaserImageThumbnailPath = contrexx_addslashes($_POST['newsTeaserImageThumbnailPath']); $newsTeaserFrames = ''; $newsComments = !empty($_POST['allowComment']) ? intval($_POST['allowComment']) : 0; if (isset($_POST['newsTeaserFramesAsso']) && count($_POST['newsTeaserFramesAsso']) > 0) { foreach ($_POST['newsTeaserFramesAsso'] as $frameId) { intval($frameId) > 0 ? $newsTeaserFrames .= ';' . intval($frameId) : false; } } $startDate = $this->dateFromInput($_POST['startDate']); $endDate = $this->dateFromInput($_POST['endDate']); $newsFrontendAccess = !empty($_POST['news_read_access']); $newsFrontendGroups = $newsFrontendAccess && isset($_POST['news_read_access_associated_groups']) && is_array($_POST['news_read_access_associated_groups']) ? array_map('intval', $_POST['news_read_access_associated_groups']) : array(); $newsBackendAccess = !empty($_POST['news_modify_access']); $newsBackendGroups = $newsBackendAccess && isset($_POST['news_modify_access_associated_groups']) && is_array($_POST['news_modify_access_associated_groups']) ? array_map('intval', $_POST['news_modify_access_associated_groups']) : array(); $objResult = $objDatabase->SelectLimit('SELECT `frontend_access_id`, `backend_access_id`, `userid` FROM `' . DBPREFIX . 'module_news` WHERE `id` = ' . $id, 1); if ($objResult && $objResult->RecordCount() == 1) { $newsFrontendAccessId = $objResult->fields['frontend_access_id']; $newsBackendAccessId = $objResult->fields['backend_access_id']; $newsUserId = $objResult->fields['userid']; } else { $newsFrontendAccessId = 0; $newsBackendAccessId = 0; $newsUserId = 0; } if ($this->arrSettings['news_message_protection'] == '1') { if ($newsBackendAccessId && !\Permission::hasAllAccess() && !\Permission::checkAccess($newsBackendAccessId, 'dynamic', true) && $newsUserId != $objFWUser->objUser->getId()) { return false; } if ($newsFrontendAccess) { if ($newsFrontendAccessId) { $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsFrontendAccessId)); $arrFormerFrontendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array(); $arrNewGroups = array_diff($newsFrontendGroups, $arrFormerFrontendGroupIds); $arrRemovedGroups = array_diff($arrFormerFrontendGroupIds, $newsFrontendGroups); if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds); foreach ($arrUnknownNewGroups as $groupId) { if (!in_array($groupId, $arrFormerFrontendGroupIds)) { unset($arrNewGroups[array_search($groupId, $arrNewGroups)]); } } $arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds); foreach ($arrUnknownRemovedGroups as $groupId) { if (in_array($groupId, $arrFormerFrontendGroupIds)) { unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]); } } } if (count($arrRemovedGroups)) { \Permission::removeAccess($newsFrontendAccessId, 'dynamic', $arrRemovedGroups); } if (count($arrNewGroups)) { \Permission::setAccess($newsFrontendAccessId, 'dynamic', $arrNewGroups); } } else { if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $newsFrontendGroups = array_intersect($newsFrontendGroups, $arrUserGroupIds); } $newsFrontendAccessId = \Permission::createNewDynamicAccessId(); if (count($newsFrontendGroups)) { \Permission::setAccess($newsFrontendAccessId, 'dynamic', $newsFrontendGroups); } } } else { if ($newsFrontendAccessId) { \Permission::removeAccess($newsFrontendAccessId, 'dynamic'); } $newsFrontendAccessId = 0; } if ($newsBackendAccess) { if ($newsBackendAccessId) { $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $newsBackendAccessId)); $arrFormerBackendGroupIds = $objGroup ? $objGroup->getLoadedGroupIds() : array(); $arrNewGroups = array_diff($newsBackendGroups, $arrFormerBackendGroupIds); $arrRemovedGroups = array_diff($arrFormerBackendGroupIds, $newsBackendGroups); if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $arrUnknownNewGroups = array_diff($arrNewGroups, $arrUserGroupIds); foreach ($arrUnknownNewGroups as $groupId) { if (!in_array($groupId, $arrFormerBackendGroupIds)) { unset($arrNewGroups[array_search($groupId, $arrNewGroups)]); } } $arrUnknownRemovedGroups = array_diff($arrRemovedGroups, $arrUserGroupIds); foreach ($arrUnknownRemovedGroups as $groupId) { if (in_array($groupId, $arrFormerBackendGroupIds)) { unset($arrRemovedGroups[array_search($groupId, $arrRemovedGroups)]); } } } if (count($arrRemovedGroups)) { \Permission::removeAccess($newsBackendAccessId, 'dynamic', $arrRemovedGroups); } if (count($arrNewGroups)) { \Permission::setAccess($newsBackendAccessId, 'dynamic', $arrNewGroups); } } else { if ($this->arrSettings['news_message_protection_restricted'] == '1' && !\Permission::hasAllAccess()) { $arrUserGroupIds = $objFWUser->objUser->getAssociatedGroupIds(); $newsBackendGroups = array_intersect($newsBackendGroups, $arrUserGroupIds); } $newsBackendAccessId = \Permission::createNewDynamicAccessId(); if (count($newsBackendGroups)) { \Permission::setAccess($newsBackendAccessId, 'dynamic', $newsBackendGroups); } } } else { if ($newsBackendAccessId) { \Permission::removeAccess($newsBackendAccessId, 'dynamic'); } $newsBackendAccessId = 0; } } $objFWUser->objUser->getDynamicPermissionIds(true); // find out original user's id $orig_user_sql = "\n SELECT userid\n FROM " . DBPREFIX . "module_news\n WHERE id = '{$id}'\n "; $orig_user_rs = $objDatabase->Execute($orig_user_sql); if ($orig_user_rs == false) { \DBG::msg("We're in trouble! sql failure: {$orig_user_sql}"); } else { $orig_userid = $orig_user_rs->fields['userid']; } $set_userid = $orig_userid ? $orig_userid : $userId; // $finishednewstext = $newstext.'<br>'.$_ARRAYLANG['TXT_LAST_EDIT'].': '.$date; $activeLanguages = isset($_POST['newsManagerLanguages']) ? $_POST['newsManagerLanguages'] : array(); if (count(\FWLanguage::getActiveFrontendLanguages()) == 1) { $activeLanguages = \FWLanguage::getActiveFrontendLanguages(); } $locales = array('active' => $activeLanguages, 'title' => $_POST['newsTitle'], 'text' => $_POST['news_text'], 'teaser_text' => isset($_POST['newsTeaserText']) ? $_POST['newsTeaserText'] : array()); if (!$this->validateNews($locales, $newsCategories)) { return $this->edit(); } // store locales $localesSaving = $this->storeLocales($id, $locales); $categoryManipulation = $this->manipulateCategories($newsCategories, $id); $relatedNews = !empty($_POST['relatedNews']) ? contrexx_input2raw($_POST['relatedNews']) : array(); $enableRelatedNews = !empty($_POST['enableRelatedNews']) ? 1 : 0; $realtedNewsManipulation = $this->manipulateRelatedNews($relatedNews, $id); $newsTags = !empty($_POST['newsTags']) ? contrexx_input2raw($_POST['newsTags']) : array(); $enableTags = !empty($_POST['enableTags']) ? intval($_POST['enableTags']) : 0; //Update Tags $tagManipulation = $this->manipulateTags($newsTags, $id); // Set start and end dates as NULL if newsScheduled checkbox is not checked if ($newsScheduledActive == 0) { $startDate = NULL; $endDate = NULL; } $objResult = $objDatabase->Execute("UPDATE " . DBPREFIX . "module_news\n SET date='" . $date . "',\n redirect='" . $redirect . "',\n source='" . $source . "',\n url1='" . $url1 . "',\n url2='" . $url2 . "',\n publisher='" . contrexx_raw2db($newsPublisherName) . "',\n publisher_id=" . intval($newsPublisherId) . ",\n author='" . contrexx_raw2db($newsAuthorName) . "',\n author_id=" . intval($newsAuthorId) . ",\n typeid='" . $typeId . "',\n userid = '" . $set_userid . "',\n status = '" . $status . "',\n " . (isset($_POST['validate']) ? "validated='1'," : "") . "\n startdate = " . $this->dbFromDate($startDate) . ",\n enddate = " . $this->dbFromDate($endDate) . ",\n frontend_access_id = '" . $newsFrontendAccessId . "',\n backend_access_id = '" . $newsBackendAccessId . "',\n " . ($_CONFIG['newsTeasersStatus'] == '1' ? "teaser_only = '" . $newsTeaserOnly . "',\n teaser_frames = '" . $newsTeaserFrames . "'," : "") . "\n teaser_show_link = " . $newsTeaserShowLink . ",\n teaser_image_path = '" . $newsTeaserImagePath . "',\n teaser_image_thumbnail_path = '" . $newsTeaserImageThumbnailPath . "',\n changelog = '" . $changelog . "',\n allow_comments = '" . $newsComments . "',\n enable_related_news='" . $enableRelatedNews . "',\n enable_tags='" . $enableTags . "'\n WHERE id = '" . $id . "'"); if ($objResult === false || $localesSaving === false || $categoryManipulation === false || $realtedNewsManipulation === false || $tagManipulation === false) { $this->strErrMessage = empty($this->errMsg) ? $_ARRAYLANG['TXT_DATABASE_QUERY_ERROR'] : implode('<br>', $this->errMsg); } else { $this->createRSS(); $this->strOkMessage = $_ARRAYLANG['TXT_DATA_RECORD_UPDATED_SUCCESSFUL']; } } return $this->overview(); }
private function storePermissions() { global $objDatabase; if (!$this->permission_set) { return true; } $status = true; foreach ($this->arrPermissionTypes as $type) { if ($this->{$type . '_protected'}) { // set protection if ($this->{$type . '_access_id'} || ($this->{$type . '_access_id'} = \Permission::createNewDynamicAccessId())) { \Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic'); if (count($this->{$type . '_groups'})) { \Permission::setAccess($this->{$type . '_access_id'}, 'dynamic', $this->{$type . '_groups'}); } } else { // remove protection due that no new access-ID could have been created $this->{$type . '_access_id'} = 0; $status = false; } } elseif ($this->{$type . '_access_id'}) { // remove protection \Permission::removeAccess($this->{$type . '_access_id'}, 'dynamic'); $this->{$type . '_access_id'} = 0; } } if (!$status) { return false; } if ($objDatabase->Execute("\n UPDATE `" . DBPREFIX . "module_downloads_category`\n SET\n `read_access_id` = " . intval($this->read_access_id) . ",\n `add_subcategories_access_id` = " . intval($this->add_subcategories_access_id) . ",\n `manage_subcategories_access_id` = " . intval($this->manage_subcategories_access_id) . ",\n `add_files_access_id` = " . intval($this->add_files_access_id) . ",\n `manage_files_access_id` = " . intval($this->manage_files_access_id) . "\n WHERE `id` = " . $this->id) === false) { return false; } else { if ($this->set_permissions_recursive) { foreach ($this->arrPermissionTypes as $type) { $arrPermissions[$type] = array('protected' => $this->{$type . '_protected'}, 'groups' => $this->{$type . '_groups'}); } $objSubcategory = Category::getCategories(array('parent_id' => $this->getId())); while (!$objSubcategory->EOF) { $objSubcategory->setPermissionsRecursive(true); $objSubcategory->setPermissions($arrPermissions); $objSubcategory->setVisibility($this->visibility); $objSubcategory->store(); $objSubcategory->next(); } } return true; } }