function updatePermissionsDB($force = 0)
{
if ($this->changedpermissions || $force) {
$scope = get_class($this);
$id = $this->id;
$site = $this->owning_site;
$n = array_unique(array_merge($this->editors, $this->editorsToDelete, array_keys($this->permissions)));
// printpre($n);
foreach ($n as $editor) {
$p2 = $this->permissions[$editor];
if (!is_array($p2)) {
// echo "p2: ************************** BE CAREFUL!!!! ********************************<br />";
$p2 = array();
$p2[ADD] = 0;
$p2[EDIT] = 0;
$p2[DELETE] = 0;
$p2[VIEW] = 0;
$p2[DISCUSS] = 0;
}
// print_r($p);
// now get the permissions for the parent object. We need to do this so that we can determine whether
// the child permissions have simply inherited the parent permissions, or they have added something new.
// if a section object, get permissions for the site
if ($scope == "section") {
$p1 = $this->owningSiteObj->permissions[$editor];
} else {
if ($scope == "page") {
$p1 = $this->owningSectionObj->permissions[$editor];
} else {
if ($scope == "story") {
$p1 = $this->owningPageObj->permissions[$editor];
}
}
}
if (!is_array($p1) && $scope != 'site') {
// echo "p1: ************************** BE CAREFUL!!!! ********************************<br />";
$p1 = array();
$p1[ADD] = 0;
$p1[EDIT] = 0;
$p1[DELETE] = 0;
$p1[VIEW] = 0;
$p1[DISCUSS] = 0;
}
// Make sure that everyone and institute aren't given
// add, edit, or delete permission
if ($editor == 'everyone' || $editor == 'institute') {
if ($p1[ADD] || $p1[EDIT] || $p1[DELETE] || $p2[ADD] || $p2[EDIT] || $p2[DELETE]) {
printError("Ahh, trying to give {$editor} invalid permissions!");
}
$p1[ADD] = 0;
$p1[EDIT] = 0;
$p1[DELETE] = 0;
$p2[ADD] = 0;
$p2[EDIT] = 0;
$p2[DELETE] = 0;
}
// note that if a certain permission is set in $p1, it is impossible that the same permission is not set in $p2 (because $p2 inherits $p1's permissions)
// thus, there are 3 possibilities:
// 1) $p1 - SET, $p2 - SET
// 2) $p1 - UNSET, $p2 - SET
// 3) $p1 - UNSET, $p2 - UNSET
// now, put the inherited permissions in $p_inherit and the new permissions in $p_new
$p_inherit = array();
$p_new = array();
if ($scope != "site") {
foreach ($p1 as $key => $value) {
// in case 1) and 3) $p2 inherits $p1's permission
if ($p1[$key] || !$p1[$key] && !$p2[$key]) {
$p_inherit[$key] = 1;
$p_new[$key] = 0;
} else {
$p_inherit[$key] = 0;
$p_new[$key] = 1;
}
}
} else {
$p_new = $p2;
// everything is new
foreach ($p2 as $key => $value) {
$p_inherit[$key] = 0;
}
// nothing is inherited
}
// convert $p_new to a "'a','v',..." format.
$p_new_str = "";
if ($p_new[ADD]) {
$p_new_str .= "a,";
}
if ($p_new[EDIT]) {
$p_new_str .= "e,";
}
if ($p_new[DELETE]) {
$p_new_str .= "d,";
}
if ($p_new[VIEW]) {
$p_new_str .= "v,";
}
if ($p_new[DISCUSS]) {
$p_new_str .= "di,";
}
if ($p_new_str) {
$p_new_str = substr($p_new_str, 0, strlen($p_new_str) - 1);
}
// strip last comma from the end of a string
// find the id and type of this editor
if ($editor == 'everyone' || $editor == 'institute') {
$ed_type = $editor;
$ed_id = 'NULL';
} else {
if ($ugroup_id = ugroup::getGroupID($editor)) {
$ed_type = 'ugroup';
$ed_id = "'" . addslashes($ugroup_id) . "'";
} else {
$ed_type = 'user';
// Make sure the person is in the DB and synched.
synchronizeLocalUserAndClassDB($editor);
// need to fetch the id from the user table
$query = "SELECT user_id FROM user WHERE user_uname = '" . addslashes($editor) . "'";
$r = db_query($query);
if (!db_num_rows($r)) {
echo $query . "<br />";
die("updatePermissionsDB() :: could not find an ID to associate with editor: '{$editor}'!!!");
}
$arr = db_fetch_assoc($r);
$ed_id = "'" . addslashes($arr['user_id']) . "'";
}
}
// echo "<br /><br /><b>***** New permissions in $scope #$id with editor $editor: '".$p_new_str."'</b><br />";
// echo "EID: $ed_id; ETYPE: $ed_type <br />";
// see if the editor is in the site_editors table
if ($scope == "site") {
$site_id = $id;
} else {
$site_id = $this->owningSiteObj->id;
}
$query = "\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tFK_editor\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tsite_editors\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tFK_editor <=> " . $ed_id . " AND\n\t\t\t\t\t\t\tsite_editors_type = '" . addslashes($ed_type) . "' AND\n\t\t\t\t\t\t\tFK_site = '" . addslashes($site_id) . "'\n\t\t\t\t\t";
// echo $query."<br />";
$r_editor = db_query($query);
// this query checks to see if the editor is in the site_editors table
// if the editor is not in the site_editors then insert him
if (!db_num_rows($r_editor)) {
$query = "\n\t\t\t\t\t\t\tINSERT\n\t\t\t\t\t\t\tINTO site_editors\n\t\t\t\t\t\t\t\t(FK_site, FK_editor, site_editors_type)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('" . addslashes($site_id) . "', " . $ed_id . ", '" . addslashes($ed_type) . "')\n\t\t\t\t\t\t";
// echo $query."<br />";
db_query($query);
}
// now that we have all the information pertaining to this user, check if the permission entry is already present
// if yes, update it
// if not, insert it
$query = "\n\t\t\t\t\tSELECT \n\t\t\t\t\t\tpermission_id \n\t\t\t\t\tFROM \n\t\t\t\t\t\tpermission \n\t\t\t\t\tWHERE \n\t\t\t\t\t\tpermission_scope_type='" . addslashes($scope) . "' AND \n\t\t\t\t\t\tFK_scope_id='" . addslashes($id) . "' AND \n\t\t\t\t\t\tFK_editor <=> " . $ed_id . " AND \n\t\t\t\t\t\tpermission_editor_type = '" . addslashes($ed_type) . "'\n\t\t\t\t";
// echo $query."<br />";
$r_perm = db_query($query);
// this query checks to see if the entry exists in the permission table
// if permission entry exists
if (db_num_rows($r_perm)) {
$a = db_fetch_assoc($r_perm);
// if we are changing the permissions, update the db
if ($p_new_str) {
$query = "\n\t\t\t\t\t\t\tUPDATE \n\t\t\t\t\t\t\t\tpermission \n\t\t\t\t\t\t\tSET \n\t\t\t\t\t\t\t\tpermission_value='" . addslashes($p_new_str) . "' \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tpermission_id = '" . addslashes($a[permission_id]) . "'\n\t\t\t\t\t\t";
// echo $query."<br />";
db_query($query);
} else {
$query = "\n\t\t\t\t\t\t\tDELETE FROM \n\t\t\t\t\t\t\t\tpermission \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\tpermission_id = '" . addslashes($a[permission_id]) . "'\n\t\t\t\t\t\t";
db_query($query);
}
} else {
if ($p_new_str) {
// need to insert permissions
$query = "\n\t\t\t\t\t\tINSERT\n\t\t\t\t\t\tINTO permission\n\t\t\t\t\t\t\t(FK_editor, permission_editor_type, FK_scope_id, permission_scope_type, permission_value)\n\t\t\t\t\t\tVALUES (" . $ed_id . ", '" . addslashes($ed_type) . "', '" . addslashes($id) . "', '" . addslashes($scope) . "', '" . addslashes($p_new_str) . "')\n\t\t\t\t\t";
// echo $query."<br />";
db_query($query);
}
}
}
}
}
//printpre($_REQUEST);
/******************************************************************************
* Save changes to the DB
******************************************************************************/
if ($_REQUEST[savechanges]) {
if ($isOwner) {
/* print "<pre>"; print_r($_SESSION[obj]); print "</pre>"; */
/* begin bug-fix X-294273alpha. thank you, Adam. */
// go through each editor and make sure that they are in the local DB.
print_r($_SESSION[obj]->getEditors());
foreach ($_SESSION[obj]->getEditors() as $_editor) {
if (!$_editor) {
continue;
}
print "synchronizing {$_editor}...<br />";
synchronizeLocalUserAndClassDB($_editor);
}
/* end bug-fix. Again, thank you, Adam. */
$_SESSION[obj]->updateDB(1);
// print_r($_SESSION[obj]->editorsToDelete);
$_SESSION[obj]->deletePendingEditors();
// echo "<pre>";
// print_r($_SESSION[obj]);
unset($_SESSION[obj], $_SESSION[editors]);
Header("Location: close.php");
exit;
}
}
/******************************************************************************
* Editor Actions:
******************************************************************************/
