} } else { // add $module_id = rex_post('module_id', 'int'); $CM->setQuery('SELECT * FROM ' . $REX['TABLE_PREFIX'] . 'module WHERE id=' . $module_id); } if ($CM->getRows() != 1) { // ------------- START: MODUL IST NICHT VORHANDEN $global_warning = $I18N->msg('module_not_found'); $slice_id = ''; $function = ''; // ------------- END: MODUL IST NICHT VORHANDEN } else { // ------------- MODUL IST VORHANDEN // ----- RECHTE AM MODUL ? if ($function != 'delete' && !rex_template::hasModule($template_attributes, $ctype, $module_id)) { $global_warning = $I18N->msg('no_rights_to_this_function'); $slice_id = ''; $function = ''; } elseif (!($REX['USER']->isAdmin() || $REX['USER']->hasPerm('module[' . $module_id . ']') || $REX['USER']->hasPerm('module[0]'))) { // ----- RECHTE AM MODUL: NEIN $global_warning = $I18N->msg('no_rights_to_this_function'); $slice_id = ''; $function = ''; } else { // ----- RECHTE AM MODUL: JA // *********************** daten einlesen $REX_ACTION = array(); $REX_ACTION['SAVE'] = true; foreach ($REX['VARIABLES'] as $obj) { $REX_ACTION = $obj->getACRequestValues($REX_ACTION);
function preArticle() { global $REX, $I18N; // ---------- moduleselect: nur module nehmen auf die der user rechte hat if ($this->mode == 'edit') { $MODULE = rex_sql::factory(); $modules = $MODULE->getArray('select * from ' . $REX['TABLE_PREFIX'] . 'module order by name'); $template_ctypes = rex_getAttributes('ctype', $this->template_attributes, array()); // wenn keine ctyes definiert sind, gibt es immer den CTYPE=1 if (count($template_ctypes) == 0) { $template_ctypes = array(1 => 'default'); } $this->MODULESELECT = array(); foreach ($template_ctypes as $ct_id => $ct_name) { $this->MODULESELECT[$ct_id] = new rex_select(); $this->MODULESELECT[$ct_id]->setName('module_id'); $this->MODULESELECT[$ct_id]->setSize('1'); $this->MODULESELECT[$ct_id]->setStyle('class="rex-form-select"'); $this->MODULESELECT[$ct_id]->setAttribute('onchange', 'this.form.submit();'); $this->MODULESELECT[$ct_id]->addOption('---------------------------- ' . $I18N->msg('add_block'), ''); foreach ($modules as $m) { if ($REX['USER']->isAdmin() || $REX['USER']->hasPerm('module[' . $m['id'] . ']')) { if (rex_template::hasModule($this->template_attributes, $ct_id, $m['id'])) { $this->MODULESELECT[$ct_id]->addOption(rex_translate($m['name'], null, false), $m['id']); } } } } } }
function getArticle($curctype = -1) { global $REX, $I18N; if ($this->content != "") { echo $this->content; return; } $this->ctype = $curctype; $module_id = rex_request('module_id', 'int'); $sliceLimit = ''; if ($this->getSlice) { $sliceLimit = " AND " . $REX['TABLE_PREFIX'] . "article_slice.id = '" . $this->getSlice . "' "; } // ----- start: article caching ob_start(); ob_implicit_flush(0); if (!$this->viasql && !$this->getSlice) { if ($this->article_id != 0) { $article_content_file = $REX['INCLUDE_PATH'] . '/generated/articles/' . $this->article_id . '.' . $this->clang . '.content'; if (!file_exists($article_content_file)) { include_once $REX["INCLUDE_PATH"] . "/functions/function_rex_generate.inc.php"; $generated = rex_generateArticleContent($this->article_id, $this->clang); if ($generated !== true) { // fehlermeldung ausgeben echo $generated; } } if (file_exists($article_content_file)) { eval(rex_get_file_contents($article_content_file)); } } } else { if ($this->article_id != 0) { // ---------- alle teile/slices eines artikels auswaehlen $sql = "SELECT " . $REX['TABLE_PREFIX'] . "module.id, " . $REX['TABLE_PREFIX'] . "module.name, " . $REX['TABLE_PREFIX'] . "module.ausgabe, " . $REX['TABLE_PREFIX'] . "module.eingabe, " . $REX['TABLE_PREFIX'] . "article_slice.*, " . $REX['TABLE_PREFIX'] . "article.re_id\r\n FROM\r\n " . $REX['TABLE_PREFIX'] . "article_slice\r\n LEFT JOIN " . $REX['TABLE_PREFIX'] . "module ON " . $REX['TABLE_PREFIX'] . "article_slice.modultyp_id=" . $REX['TABLE_PREFIX'] . "module.id\r\n LEFT JOIN " . $REX['TABLE_PREFIX'] . "article ON " . $REX['TABLE_PREFIX'] . "article_slice.article_id=" . $REX['TABLE_PREFIX'] . "article.id\r\n WHERE\r\n " . $REX['TABLE_PREFIX'] . "article_slice.article_id='" . $this->article_id . "' AND\r\n " . $REX['TABLE_PREFIX'] . "article_slice.clang='" . $this->clang . "' AND\r\n " . $REX['TABLE_PREFIX'] . "article.clang='" . $this->clang . "' AND \r\n " . $REX['TABLE_PREFIX'] . "article_slice.revision='" . $this->slice_revision . "'\r\n " . $sliceLimit . "\r\n ORDER BY " . $REX['TABLE_PREFIX'] . "article_slice.re_article_slice_id"; $this->CONT = new rex_sql(); if ($this->debug) { $this->CONT->debugsql = 1; } $this->CONT->setQuery($sql); $RE_CONTS = array(); $RE_CONTS_CTYPE = array(); $RE_MODUL_OUT = array(); $RE_MODUL_IN = array(); $RE_MODUL_ID = array(); $RE_MODUL_NAME = array(); $RE_C = array(); // ---------- SLICE IDS/MODUL SETZEN - speichern der daten for ($i = 0; $i < $this->CONT->getRows(); $i++) { $RE_SLICE_ID = $this->CONT->getValue('re_article_slice_id'); $RE_CONTS[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'article_slice.id'); $RE_CONTS_CTYPE[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'article_slice.ctype'); $RE_MODUL_IN[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'module.eingabe'); $RE_MODUL_OUT[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'module.ausgabe'); $RE_MODUL_ID[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'module.id'); $RE_MODUL_NAME[$RE_SLICE_ID] = $this->CONT->getValue($REX['TABLE_PREFIX'] . 'module.name'); $RE_C[$RE_SLICE_ID] = $i; $this->CONT->next(); } // ---------- moduleselect: nur module nehmen auf die der user rechte hat if ($this->mode == 'edit') { $MODULE = new rex_sql(); $modules = $MODULE->getArray('select * from ' . $REX['TABLE_PREFIX'] . 'module order by name'); $template_ctypes = rex_getAttributes('ctype', $this->template_attributes, array()); // wenn keine ctyes definiert sind, gibt es immer den CTYPE=1 if (count($template_ctypes) == 0) { $template_ctypes = array(1 => 'default'); } $MODULESELECT = array(); foreach ($template_ctypes as $ct_id => $ct_name) { $MODULESELECT[$ct_id] = new rex_select(); $MODULESELECT[$ct_id]->setName('module_id'); $MODULESELECT[$ct_id]->setSize('1'); $MODULESELECT[$ct_id]->setStyle('class="rex-form-select"'); $MODULESELECT[$ct_id]->setAttribute('onchange', 'this.form.submit();'); $MODULESELECT[$ct_id]->addOption('---------------------------- ' . $I18N->msg('add_block'), ''); foreach ($modules as $m) { if ($REX['USER']->isAdmin() || $REX['USER']->hasPerm('module[' . $m['id'] . ']')) { if (rex_template::hasModule($this->template_attributes, $ct_id, $m['id'])) { $MODULESELECT[$ct_id]->addOption(rex_translate($m['name'], NULL, FALSE), $m['id']); } } } } } // ---------- SLICE IDS SORTIEREN UND AUSGEBEN $I_ID = 0; $PRE_ID = 0; $LCTSL_ID = 0; $this->CONT->reset(); $this->content = ""; for ($i = 0; $i < $this->CONT->getRows(); $i++) { // ----- ctype unterscheidung if ($this->mode != "edit" && $i == 0) { $this->content = "<?php if (\$this->ctype == '" . $RE_CONTS_CTYPE[$I_ID] . "' || (\$this->ctype == '-1')) { ?>"; } // ------------- EINZELNER SLICE - AUSGABE $this->CONT->counter = $RE_C[$I_ID]; $slice_content = ""; $SLICE_SHOW = TRUE; if ($this->mode == "edit") { $form_url = 'index.php'; $this->ViewSliceId = $RE_CONTS[$I_ID]; // ----- add select box einbauen if ($this->function == "add" && $this->slice_id == $I_ID) { $slice_content = $this->addSlice($I_ID, $module_id); } else { // ----- BLOCKAUSWAHL - SELECT $MODULESELECT[$this->ctype]->setId("module_id" . $I_ID); $slice_content = ' <div class="rex-form rex-form-content-editmode"> <form action="' . $form_url . '" method="get" id="slice' . $RE_CONTS[$I_ID] . '"> <fieldset class="rex-form-col-1"> <legend><span>' . $I18N->msg("add_block") . '</span></legend> <input type="hidden" name="article_id" value="' . $this->article_id . '" /> <input type="hidden" name="page" value="content" /> <input type="hidden" name="mode" value="' . $this->mode . '" /> <input type="hidden" name="slice_id" value="' . $I_ID . '" /> <input type="hidden" name="function" value="add" /> <input type="hidden" name="clang" value="' . $this->clang . '" /> <input type="hidden" name="ctype" value="' . $this->ctype . '" /> <div class="rex-form-wrapper"> <div class="rex-form-row"> <p class="rex-form-col-a rex-form-select"> ' . $MODULESELECT[$this->ctype]->get() . ' <noscript><input class="rex-form-submit" type="submit" name="btn_add" value="' . $I18N->msg("add_block") . '" /></noscript> </p> </div> </div> </fieldset> </form> </div>'; } // ----- EDIT/DELETE BLOCK - Wenn Rechte vorhanden if ($REX['USER']->isAdmin() || $REX['USER']->hasPerm("module[" . $RE_MODUL_ID[$I_ID] . "]")) { $msg = ''; if ($this->slice_id == $RE_CONTS[$I_ID]) { if ($this->warning != '') { $msg .= rex_warning($this->warning); } if ($this->info != '') { $msg .= rex_info($this->info); } } $sliceUrl = 'index.php?page=content&article_id=' . $this->article_id . '&mode=edit&slice_id=' . $RE_CONTS[$I_ID] . '&clang=' . $this->clang . '&ctype=' . $this->ctype . '%s#slice' . $RE_CONTS[$I_ID]; $listElements = array(); $listElements[] = '<a href="' . sprintf($sliceUrl, '&function=edit') . '" class="rex-tx3">' . $I18N->msg('edit') . ' <span>' . $RE_MODUL_NAME[$I_ID] . '</span></a>'; $listElements[] = '<a href="' . sprintf($sliceUrl, '&function=delete&save=1') . '" class="rex-tx2" onclick="return confirm(\'' . $I18N->msg('delete') . ' ?\')">' . $I18N->msg('delete') . ' <span>' . $RE_MODUL_NAME[$I_ID] . '</span></a>'; if ($REX['USER']->hasPerm('moveSlice[]')) { $moveUp = $I18N->msg('move_slice_up'); $moveDown = $I18N->msg('move_slice_down'); // upd stamp übergeben, da sonst ein block nicht mehrfach hintereindander verschoben werden kann // (Links wären sonst gleich und der Browser lässt das klicken auf den gleichen Link nicht zu) $listElements[] = '<a href="' . sprintf($sliceUrl, '&upd=' . time() . '&function=moveup') . '" title="' . $moveUp . '" class="rex-slice-move-up"><span>' . $RE_MODUL_NAME[$I_ID] . '</span></a>'; $listElements[] = '<a href="' . sprintf($sliceUrl, '&upd=' . time() . '&function=movedown') . '" title="' . $moveDown . '" class="rex-slice-move-down"><span>' . $RE_MODUL_NAME[$I_ID] . '</span></a>'; } // ----- EXTENSION POINT $listElements = rex_register_extension_point('ART_SLICE_MENU', $listElements, array('article_id' => $this->article_id, 'clang' => $this->clang, 'ctype' => $RE_CONTS_CTYPE[$I_ID], 'module_id' => $RE_MODUL_ID[$I_ID], 'slice_id' => $RE_CONTS[$I_ID])); $mne = $msg; if ($this->function == "edit" && $this->slice_id == $RE_CONTS[$I_ID]) { $mne .= '<div class="rex-content-editmode-module-name rex-form-content-editmode-edit-slice">'; } else { $mne .= '<div class="rex-content-editmode-module-name">'; } $mne .= ' <h3 class="rex-hl4">' . htmlspecialchars($RE_MODUL_NAME[$I_ID]) . '</h3> <div class="rex-navi-slice"> <ul> '; $listElementFlag = true; foreach ($listElements as $listElement) { $class = ''; if ($listElementFlag) { $class = ' class="rex-navi-first"'; $listElementFlag = false; } $mne .= '<li' . $class . '>' . $listElement . '</li>'; } $mne .= '</ul></div></div>'; $slice_content .= $mne; if ($this->function == "edit" && $this->slice_id == $RE_CONTS[$I_ID]) { // **************** Aktueller Slice // ----- PRE VIEW ACTION [EDIT] $REX_ACTION = array(); // nach klick auf den übernehmen button, // die POST werte übernehmen if (rex_var::isEditEvent()) { foreach ($REX['VARIABLES'] as $obj) { $REX_ACTION = $obj->getACRequestValues($REX_ACTION); } } else { foreach ($REX['VARIABLES'] as $obj) { $REX_ACTION = $obj->getACDatabaseValues($REX_ACTION, $this->CONT); } } if ($this->function == 'edit') { $modebit = '2'; } elseif ($this->function == 'delete') { $modebit = '4'; } else { $modebit = '1'; } // pre-action and add $ga = new rex_sql(); if ($this->debug) { $ga->debugsql = 1; } $ga->setQuery('SELECT preview FROM ' . $REX['TABLE_PREFIX'] . 'module_action ma,' . $REX['TABLE_PREFIX'] . 'action a WHERE preview != "" AND ma.action_id=a.id AND module_id=' . $RE_MODUL_ID[$I_ID] . ' AND ((a.previewmode & ' . $modebit . ') = ' . $modebit . ')'); for ($t = 0; $t < $ga->getRows(); $t++) { $iaction = $ga->getValue('preview'); // ****************** VARIABLEN ERSETZEN foreach ($REX['VARIABLES'] as $obj) { $iaction = $obj->getACOutput($REX_ACTION, $iaction); } eval('?>' . $iaction); // ****************** SPEICHERN FALLS NOETIG foreach ($REX['VARIABLES'] as $obj) { $obj->setACValues($this->CONT, $REX_ACTION); } $ga->next(); } // ----- / PRE VIEW ACTION $slice_content .= $this->editSlice($RE_CONTS[$I_ID], $RE_MODUL_IN[$I_ID], $RE_CONTS_CTYPE[$I_ID], $RE_MODUL_ID[$I_ID]); } else { // Modulinhalt ausgeben $slice_content .= ' <!-- *** OUTPUT OF MODULE-OUTPUT - START *** --> <div class="rex-content-editmode-slice-output"> <div class="rex-content-editmode-slice-output-2"> ' . $RE_MODUL_OUT[$I_ID] . ' </div> </div> <!-- *** OUTPUT OF MODULE-OUTPUT - END *** --> '; $slice_content = $this->replaceVars($this->CONT, $slice_content); } } else { // ----- hat keine rechte an diesem modul $mne = ' <div class="rex-content-editmode-module-name"> <h3 class="rex-hl4" id="slice' . $RE_CONTS[$I_ID] . '">' . $RE_MODUL_NAME[$I_ID] . '</h3> <div class="rex-navi-slice"> <ul> <li>' . $I18N->msg('no_editing_rights') . ' <span>' . $RE_MODUL_NAME[$I_ID] . '</span></li> </ul> </div> </div>'; $slice_content .= $mne . $RE_MODUL_OUT[$I_ID]; $slice_content = $this->replaceVars($this->CONT, $slice_content); } } else { // ----- wenn mode nicht edit if ($this->getSlice) { while (list($k, $v) = each($RE_CONTS)) { $I_ID = $k; } } $slice_content .= $RE_MODUL_OUT[$I_ID]; $slice_content = $this->replaceVars($this->CONT, $slice_content); } // --------------- ENDE EINZELNER SLICE // --------------- EP: SLICE_SHOW $slice_content = rex_register_extension_point('SLICE_SHOW', $slice_content, array('article_id' => $this->article_id, 'clang' => $this->clang, 'ctype' => $RE_CONTS_CTYPE[$I_ID], 'module_id' => $RE_MODUL_ID[$I_ID], 'slice_id' => $RE_CONTS[$I_ID], 'function' => $this->function, 'function_slice_id' => $this->slice_id)); // ---------- slice in ausgabe speichern wenn ctype richtig if ($this->ctype == -1 or $this->ctype == $RE_CONTS_CTYPE[$I_ID]) { $this->content .= $slice_content; // last content type slice id $LCTSL_ID = $RE_CONTS[$I_ID]; } // ----- zwischenstand: ctype .. wenn ctype neu dann if if ($this->mode != "edit" && isset($RE_CONTS_CTYPE[$RE_CONTS[$I_ID]]) && $RE_CONTS_CTYPE[$I_ID] != $RE_CONTS_CTYPE[$RE_CONTS[$I_ID]] && $RE_CONTS_CTYPE[$RE_CONTS[$I_ID]] != "") { $this->content .= "<?php } if(\$this->ctype == '" . $RE_CONTS_CTYPE[$RE_CONTS[$I_ID]] . "' || \$this->ctype == '-1'){ ?>"; } // zum nachsten slice $I_ID = $RE_CONTS[$I_ID]; $PRE_ID = $I_ID; } // ----- end: ctype unterscheidung if ($this->mode != "edit" && $i > 0) { $this->content .= "<?php } ?>"; } // ----- add module im edit mode if ($this->mode == "edit") { $form_url = 'index.php'; if ($this->function == "add" && $this->slice_id == $LCTSL_ID) { $slice_content = $this->addSlice($LCTSL_ID, $module_id); } else { // ----- BLOCKAUSWAHL - SELECT $MODULESELECT[$this->ctype]->setId("module_id" . $LCTSL_ID); // $slice_content = $add_select_box; $slice_content = ' <div class="rex-form rex-form-content-editmode"> <form action="' . $form_url . '" method="get"> <fieldset class="rex-form-col-1"> <legend><span>' . $I18N->msg("add_block") . '</span></legend> <input type="hidden" name="article_id" value="' . $this->article_id . '" /> <input type="hidden" name="page" value="content" /> <input type="hidden" name="mode" value="' . $this->mode . '" /> <input type="hidden" name="slice_id" value="' . $LCTSL_ID . '" /> <input type="hidden" name="function" value="add" /> <input type="hidden" name="clang" value="' . $this->clang . '" /> <input type="hidden" name="ctype" value="' . $this->ctype . '" /> <div class="rex-form-wrapper"> <div class="rex-form-row"> <p class="rex-form-col-a rex-form-select"> ' . $MODULESELECT[$this->ctype]->get() . ' <noscript><input class="rex-form-submit" type="submit" name="btn_add" value="' . $I18N->msg("add_block") . '" /></noscript> </p> </div> </div> </fieldset> </form> </div>'; } $this->content .= $slice_content; } // -------------------------- schreibe content if ($this->eval === FALSE) { echo $this->replaceLinks($this->content); } else { eval("?>" . $this->content); } } else { echo $I18N->msg('no_article_available'); } } // ----- end: article caching $CONTENT = ob_get_contents(); ob_end_clean(); return $CONTENT; }
public static function checkPermissions($ep) { $AddonPerm = rex_config::get('slice_ui'); $article = rex_sql::factory(); // $article->setDebug(); $articleTable = rex::getTablePrefix() . 'article'; $article->setTable($articleTable); // $article->setDebug(); $article->setQuery(' SELECT article.*, template.attributes as template_attributes FROM ' . rex::getTablePrefix() . 'article as article LEFT JOIN ' . rex::getTablePrefix() . 'template as template ON template.id=article.template_id WHERE article.id = ? AND clang_id = ?', array($ep['article_id'], $ep['clang'])); $ctype = 1; if ($c = rex_request('ctype')) { $ctype = $c; } $template_attributes = json_decode($article->getValue('template_attributes'), 1); if ($template_attributes === null) { $template_attributes = array(); } $AddonPerm['ctypes'] = $AddonPerm['ctypes'][$article->getValue('template_id')]; if (!rex_template::hasModule($template_attributes, $ep['ctype'], $ep['module_id'])) { return false; } elseif (!(rex::getUser()->isAdmin() || rex::getUser()->hasPerm('module[' . $ep['module_id'] . ']') || rex::getUser()->hasPerm('module[0]'))) { return false; } if (strpos(rex_get('page', 'string'), 'content/paste') === false) { if (!empty($AddonPerm['modules']) && !in_array('all', $AddonPerm['modules']) && !in_array($ep['module_id'], $AddonPerm['modules']) || !empty($AddonPerm['ctypes']) && !in_array('all', $AddonPerm['ctypes']) && !in_array($ep['ctype'], $AddonPerm['ctypes'])) { return false; } } return true; }
/** * {@inheritdoc} */ protected function preArticle($articleContent, $module_id) { // ---------- moduleselect: nur module nehmen auf die der user rechte hat if ($this->mode == 'edit') { $MODULE = rex_sql::factory(); $modules = $MODULE->getArray('select * from ' . rex::getTablePrefix() . 'module order by name'); $template_ctypes = isset($this->template_attributes['ctype']) ? $this->template_attributes['ctype'] : []; // wenn keine ctyes definiert sind, gibt es immer den CTYPE=1 if (count($template_ctypes) == 0) { $template_ctypes = [1 => 'default']; } $this->MODULESELECT = []; foreach ($template_ctypes as $ct_id => $ct_name) { foreach ($modules as $m) { if (rex::getUser()->getComplexPerm('modules')->hasPerm($m['id'])) { if (rex_template::hasModule($this->template_attributes, $ct_id, $m['id'])) { $this->MODULESELECT[$ct_id][] = ['name' => rex_i18n::translate($m['name'], false), 'id' => $m['id']]; } } } } } return parent::preArticle($articleContent, $module_id); }
} } else { // add $module_id = rex_post('module_id', 'int'); $CM->setQuery('SELECT * FROM ' . $REX['TABLE_PREFIX'] . 'module WHERE id=' . $module_id); } if ($CM->getRows() != 1) { // ------------- START: MODUL IST NICHT VORHANDEN $global_warning = $I18N->msg('module_not_found'); $slice_id = ''; $function = ''; // ------------- END: MODUL IST NICHT VORHANDEN } else { // ------------- MODUL IST VORHANDEN // ----- RECHTE AM MODUL ? if (!rex_template::hasModule($template_attributes, $ctype, $module_id)) { $global_warning = $I18N->msg('no_rights_to_this_function'); $slice_id = ''; $function = ''; } elseif (!($REX['USER']->isAdmin() || $REX['USER']->hasPerm('module[' . $module_id . ']') || $REX['USER']->hasPerm('module[0]'))) { // ----- RECHTE AM MODUL: NEIN $global_warning = $I18N->msg('no_rights_to_this_function'); $slice_id = ''; $function = ''; } else { // ----- RECHTE AM MODUL: JA // *********************** daten einlesen $REX_ACTION = array(); $REX_ACTION['SAVE'] = true; foreach ($REX['VARIABLES'] as $obj) { $REX_ACTION = $obj->getACRequestValues($REX_ACTION);