/** * * アイテムへのアクセス権限をチェックする * * @refer itemop_t * @param sess_id セッションID * @param iid チェック対象となるアイテムのID * @param op アクセスの種類 * @return true 権限あり * @return false 権限なし * */ function xnp_get_item_permission($sess_id, $iid, $op) { $iid = (int) $iid; global $xoopsDB; $uid = 0; if (_xnpal_sessionID2UID($sess_id, $uid) != RES_OK) { return false; } if ($op == OP_READ) { $sql = "SELECT DISTINCT tlink.item_id FROM " . $xoopsDB->prefix("xoonips_index_item_link") . " AS tlink"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_index") . " AS tx ON tlink.index_id = tx.index_id"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_item_basic") . " AS ti ON tlink.item_id = ti.item_id"; $sql .= " LEFT JOIN " . $xoopsDB->prefix("xoonips_groups_users_link") . " as tgulink ON tx.gid=tgulink.gid"; $sql .= " WHERE ( " . (public_item_target_user_all() ? "1" : "0"); $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}=" . UID_GUEST; $sql .= " AND certify_state=" . CERTIFIED; $sql .= " OR " . (!public_item_target_user_all() ? "1" : "0"); $sql .= " AND tx.open_level=" . OL_PUBLIC . " AND {$uid}<>" . UID_GUEST; $sql .= " AND certify_state=" . CERTIFIED; $sql .= " OR tx.open_level=" . OL_GROUP_ONLY; $sql .= " AND tgulink.uid={$uid}"; $sql .= " AND ( certify_state=" . CERTIFIED; $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0"; //モデレータならOR 1,それ以外は OR 0 $sql .= " OR tgulink.is_admin=1 )"; //グループ管理者か? if ($uid != UID_GUEST) { $sql .= " AND tgulink.uid={$uid}"; } $sql .= " OR tx.open_level=" . OL_PRIVATE; $sql .= " AND tx.uid={$uid}"; $sql .= " OR " . (xnp_is_moderator($sess_id, $uid) ? "1" : "0"); $sql .= " OR tx.uid IS NULL "; $sql .= " AND tx.open_level=" . OL_PUBLIC; $sql .= " AND ( certify_state=" . CERTIFIED; $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1 )" : " OR 0 )"; //モデレータならOR 1,それ以外は OR 0 $sql .= xnp_is_moderator($sess_id, $uid) ? " OR 1" : " OR 0"; //モデレータならOR 1,それ以外は OR 0 $sql .= ") AND tlink.item_id={$iid} "; if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) { return $item_id == $iid; } } else { if ($op == OP_MODIFY || $op == OP_DELETE) { // modifying items by moderator is permitted then returns true; if ($op == OP_MODIFY && xnp_is_moderator($sess_id, $uid) && xnp_get_config_value('moderator_modify_any_items', $val) == RES_OK && $val == 'on') { return true; } // modifying items by group owner is permitted then returns true; $item_compo_handler =& xoonips_getormcompohandler('xoonips', 'item'); if ($op == OP_MODIFY && $item_compo_handler->getPerm($iid, $uid, 'write')) { return true; } //TODO 条件追加:todo自分のアイテムでも承認待ち状態なら編集・削除できない $sql = "SELECT item_id FROM " . $xoopsDB->prefix("xoonips_item_basic"); $sql .= " WHERE uid={$uid}"; $sql .= " AND item_id={$iid}"; if (_xnpal_queryGetUnsignedInt("getItemPermission", $sql, $item_id) == RES_OK) { return $item_id == $iid; } } } return false; }
$xoonips_oncheck_private_handler_id = $textutil->html_special_chars($get_vals['on_check_private_handler_id']); // tree node images $tree_image_path = XOOPS_THEME_PATH . '/' . $myxoopsConfig['theme_set'] . '/' . XOONIPS_TREE_SWAP_IMAGE_DIR; if (!is_dir($tree_image_path)) { $tree_image_path = XOOPS_ROOT_PATH . '/modules/xoonips/images'; } $tree_image_url = str_replace(XOOPS_ROOT_PATH, XOOPS_URL, $tree_image_path); // check compat33 node image if (file_exists($tree_image_path . '/tree_root_normal.gif')) { // new node image found $tree_image_compat33 = false; } else { $tree_image_compat33 = true; } $uid = is_object($xoopsUser) ? $xoopsUser->getVar('uid', 'n') : UID_GUEST; if ($uid == UID_GUEST && !public_item_target_user_all()) { // // for guest access, show message that access to index tree is forbidden. // xoops_header(false); echo '</head><body><div style="font-size: 10pt;">'; echo _MD_XOONIPS_INDEX_FORBIDDEN; echo '</div>'; xoops_footer(); exit; } // get index tree structure include_once 'include/gentree.php'; $indexes = genIndexTree0($xnpsid); $is_moderator = xnp_is_moderator($xnpsid, $uid); if ($is_moderator && $get_vals['puid'] > 0) {