/** * MakeViewPopupMenu * Return "view" popup menus * * @param Array $search_info Search info * @param User_API $user (REF) Current user record * @return String Returns "View" popup menu HTML string * * @uses GetLang() * @uses SendStudio_Functions::ParseTemplate() */ function MakeViewPopupMenu($search_info, &$user) { $tempCommonRows = array(); $tempListRows = array(); $tempSegmentRows = array(); $tempSelectedListID = 0; $tempSelectedSegmentID = '-'; $tempSelectedAllList = false; if (array_key_exists('List', $search_info)) { $tempSelectedListID = intval($search_info['List']); } if (array_key_exists('Segment', $search_info) && is_array($search_info['Segment'])) { $tempSelectedSegmentID = $search_info['Segment']; } $tempSelectedAllList = ($tempSelectedListID == 0 && $tempSelectedSegmentID == 0); /** * List views */ if ($user->HasAccess('Lists') && !empty($search_info['List'])) { $tempListList = $user->GetLists(); foreach ($tempListList as $tempListID => $tempListRecord) { $GLOBALS['RowAction'] = 'index.php?Page=Subscribers&Action=Manage&Lists[]=' . $tempListID; $GLOBALS['RowTitle'] = htmlspecialchars($tempListRecord['name'], ENT_QUOTES, SENDSTUDIO_CHARSET); $GLOBALS['RowCaption'] = ' <img border="0" src="images/nodejoinsmall.gif" /> ' . htmlspecialchars($this->TruncateName($tempListRecord['name'], 55), ENT_QUOTES, SENDSTUDIO_CHARSET); if ($tempSelectedListID == $tempListID) { $GLOBALS['RowCaption'] = '<b>' . $GLOBALS['RowCaption'] . '</b>'; } array_push($tempListRows, $this->ParseTemplate('Subscribers_Manage_ViewPicker_Row', true)); } unset($tempListList); } else { $GLOBALS['DisplayStyleList'] = 'none'; } /** * ----- */ /** * Segment views */ if ($user->HasAccess('Segments') && !empty($search_info['Segment'])) { $tempSegmentList = $user->GetSegmentList(); if (count($tempSegmentList) == 0) { $GLOBALS['SegmentDisplay'] = 'none'; } else { $GLOBALS['SegmentDisplay'] = ''; foreach ($tempSegmentList as $tempSegmentID => $tempSegmentRecord) { $GLOBALS['RowAction'] = 'index.php?Page=Subscribers&Action=Manage&Segment=' . $tempSegmentID; $GLOBALS['RowTitle'] = htmlspecialchars($tempSegmentRecord['segmentname'], ENT_QUOTES, SENDSTUDIO_CHARSET); $GLOBALS['RowCaption'] = ' <img border="0" src="images/nodejoinsmall.gif" /> ' . htmlspecialchars($this->TruncateName($tempSegmentRecord['segmentname'], 55), ENT_QUOTES, SENDSTUDIO_CHARSET); if ($tempSelectedSegmentID == $tempSegmentID) { $GLOBALS['RowCaption'] = '<b>' . $GLOBALS['RowCaption'] . '</b>'; } array_push($tempSegmentRows, $this->ParseTemplate('Subscribers_Manage_ViewPicker_Row', true)); } unset($tempSegmentList); } } else { $GLOBALS['DisplayStyleSegment'] = 'none'; } /** * ----- */ unset($GLOBALS['RowCaption']); unset($GLOBALS['RowTitle']); unset($GLOBALS['RowAction']); $GLOBALS['CommonViews'] = implode('', $tempCommonRows); $GLOBALS['ListViews'] = implode('', $tempListRows); $GLOBALS['SegmentViews'] = implode('', $tempSegmentRows); $output = $this->ParseTemplate('Subscribers_Manage_ViewPicker', true); unset($GLOBALS['SegmentViews']); unset($GLOBALS['ListViews']); unset($GLOBALS['CommonViews']); return $output; }
/** * _checkPermissionCanEdit * Check whether or not a user can edit a segment * * Checking user privilege in this instance will also means checking * whether or not a user have access to all mailing list used in a segment. * Once lists used in a segment become "restricted" to a user, user should not be able to edit * the segment at all. * * Here's the logic: * (1) If Admin go to (7), otherwise go to (2) * (2) If segment is owned by user, go to (3), otherwise go (4) * (3) If user have "edit" permission, go to (7), otherwise (6) * (4) If user is allowed to have "edit" access to the segment, then check (5), otherwise go (7) * (5) If user DO NOT have access to all the lists in the segment, go (6), otherwise go (7) * (6) CANNOT EDIT * (7) CAN EDIT * * @param Segment_API $segmentapi Current segment API * @param User_API $userapi Current user API * * @return Boolean Returns TRUE if user have edit privilege on segment, FALSE otherwise * * @uses User_API::HasAccess() * @uses User_API::GetLists() * * @access private */ function _checkPermissionCanEdit($segmentapi, $userapi) { if ($userapi->Admin()) { return true; } $haveAccess = false; $userList = array_keys($userapi->GetLists()); if ($segmentapi->ownerid == $userapi->userid) { if ($userapi->HasAccess('Segments', 'Edit')) { $haveAccess = true; } } else { if ($userapi->HasAccess('Segments', 'Edit', $segmentapi->segmentid)) { if (count(array_intersect($userList, $segmentapi->searchinfo['Lists'])) == count($segmentapi->searchinfo['Lists'])) { $haveAccess = true; } } } return $haveAccess; }