public function getComments($options = array(), $record_id = null, $record_type = null)
{
$request = Zend_Controller_Front::getInstance()->getRequest();
$params = $request->getParams();
if (!$record_id) {
$record_id = $this->_getRecordId($params);
}
if (!$record_type) {
$record_type = $this->_getRecordType($params);
}
$db = get_db();
$commentTable = $db->getTable('Comment');
$searchParams = array('record_type' => $record_type, 'record_id' => $record_id);
if (isset($options['approved'])) {
$searchParams['approved'] = $options['approved'];
}
if (!is_allowed('Commenting_Comment', 'update-approved')) {
$searchParams['flagged'] = 0;
$searchParams['is_spam'] = 0;
}
$select = $commentTable->getSelectForFindBy($searchParams);
if (isset($options['order'])) {
$select->order("ORDER BY added " . $options['order']);
}
return $commentTable->fetchObjects($select);
}
public function getRepresentation(Omeka_Record_AbstractRecord $comment)
{
$user = current_user();
if ($user->role == 'admin' || $user->role == 'super') {
$allowAll = true;
} else {
$allowAll = false;
}
$representation = array('id' => $comment->id, 'url' => self::getResourceUrl("/comments/{$comment->id}"), 'record_id' => $comment->record_id, 'record_type' => $comment->record_type, 'path' => $comment->path, 'added' => self::getDate($comment->added), 'body' => $comment->body, 'author_name' => $comment->author_name, 'author_url' => $comment->author_url, 'approved' => (bool) $comment->approved);
if ($allowAll) {
$representation['ip'] = $comment->ip;
$representation['user_agent'] = $comment->user_agent;
$representation['flagged'] = $comment->flagged;
$representation['is_spam'] = $comment->is_spam;
}
if ($comment->parent_comment_id) {
$representation['parent_comment'] = array('id' => $comment->parent_comment_id, 'resource' => 'comments', 'url' => self::getResourceUrl("/comments/{$comment->parent_comment_id}"));
} else {
$representation['parent_comment'] = null;
}
$typeResource = Inflector::tableize($comment->record_type);
$representation['record_url'] = array('id' => $comment->record_id, 'resource' => $typeResource, 'url' => self::getResourceUrl("/{$typeResource}/{$comment->record_id}"));
if ($comment->user_id) {
$representation['user'] = array('id' => $comment->user_id, 'url' => self::getResourceUrl("/users/{$comment->user_id}"));
} else {
$representation['user'] = null;
}
if ($user && is_allowed('Commenting_Comment', 'update-approved')) {
$representation['author_email'] = $comment->author_email;
}
return $representation;
}
function filterAdminNavigationMain($nav)
{
if (is_allowed('ConditionalElements_Index', 'index')) {
$nav[] = array('label' => __('Conditional Elements'), 'uri' => url('conditional-elements'));
}
return $nav;
}
/**
* Get the REST representation of an item.
*
* @param Item $record
* @return array
*/
public function getRepresentation(Omeka_Record_AbstractRecord $record)
{
$representation = array('id' => $record->id, 'url' => self::getResourceUrl("/items/{$record->id}"), 'public' => (bool) $record->public, 'featured' => (bool) $record->featured, 'added' => self::getDate($record->added), 'modified' => self::getDate($record->modified));
if ($record->item_type_id) {
$representation['item_type'] = array('id' => $record->item_type_id, 'url' => self::getResourceUrl("/item_types/{$record->item_type_id}"), 'name' => $record->Type->name, 'resource' => 'item_types');
} else {
$representation['item_type'] = null;
}
if ($record->collection_id) {
//check that user has access to the collection
$collection = $record->getCollection();
if (is_allowed($collection, 'show')) {
$representation['collection'] = array('id' => $record->collection_id, 'url' => self::getResourceUrl("/collections/{$record->collection_id}"), 'resource' => 'collections');
} else {
$representation['collection'] = null;
}
} else {
$representation['collection'] = null;
}
if ($record->owner_id) {
$representation['owner'] = array('id' => $record->owner_id, 'url' => self::getResourceUrl("/users/{$record->owner_id}"), 'resource' => 'users');
} else {
$representation['owner'] = null;
}
$representation['files'] = array('count' => $record->getTable('File')->count(array('item_id' => $record->id)), 'url' => self::getResourceUrl("/files?item={$record->id}"), 'resource' => 'files');
$representation['tags'] = $this->getTagRepresentations($record);
$representation['element_texts'] = $this->getElementTextRepresentations($record);
return $representation;
}
/**
* Add the Simple Vocab navigation link.
*/
public function filterAdminNavigationMain($nav)
{
if (is_allowed('SimpleVocab_Index', 'index')) {
$nav[] = array('label' => __('Simple Vocab'), 'uri' => url('simple-vocab'));
}
return $nav;
}
/**
* Display Solr results.
*/
public function indexAction()
{
// Get pagination settings.
$limit = get_option('per_page_public');
$page = $this->_request->page ? $this->_request->page : 1;
$start = ($page - 1) * $limit;
// determine whether to display private items or not
// items will only be displayed if:
// solr_search_display_private_items has been enabled in the Solr Search admin panel
// user is logged in
// user_role has sufficient permissions
$user = current_user();
if (get_option('solr_search_display_private_items') && $user && is_allowed('Items', 'showNotPublic')) {
// limit to public items
$limitToPublicItems = false;
} else {
$limitToPublicItems = true;
}
// Execute the query.
$results = $this->_search($start, $limit, $limitToPublicItems);
// Set the pagination.
Zend_Registry::set('pagination', array('page' => $page, 'total_results' => $results->response->numFound, 'per_page' => $limit));
// Push results to the view.
$this->view->results = $results;
}
/**
* reassignfiles admin navigation filter
*/
public function filterAdminNavigationMain($nav)
{
if (is_allowed('ReassignFiles_Index', 'index')) {
$nav[] = array('label' => __('Reassign Files'), 'uri' => url('reassign-files'));
}
return $nav;
}
public function __construct()
{
parent::__construct();
$this->load->helper(array('jbimages', 'language'));
// is_allowed is a helper function which is supposed to return False if upload operation is forbidden
// [See jbimages/is_alllowed.php]
if (is_allowed() === FALSE) {
exit;
}
// User configured settings
$this->config->load('uploader_settings', TRUE);
$this->load->library('encrypt');
$this->load->model('comm_model', 'comm');
$this->load->helper('directory');
$this->username = $this->input->cookie('username', TRUE);
$this->password = $this->input->cookie('password', TRUE);
$hash_1 = $this->input->cookie('hash_1', TRUE);
$hash_2 = $this->input->cookie('hash_2', TRUE);
$this->username = $this->encrypt->decode($this->username, $hash_1);
$this->password = $this->encrypt->decode($this->password, $hash_2);
if (!$this->username || !$this->password) {
header("Location:" . site_url("reg_login/login_in"));
die;
} elseif (!($rs = $this->comm->find("member", array("username" => $this->username, "password" => $this->password)))) {
header("Location:" . site_url("reg_login/login_in"));
die;
}
$this->userid = $rs['userid'];
}
function getCenterPiece(&$centerpiece, &$centerpiecelinks)
{
$user =& atkGetUser();
$theme =& atkinstance("atk.ui.atktheme");
// Set the dispatchfile for this menu based on the theme setting, or to the default if not set.
// This makes sure that all calls to dispatch_url will generate a url for the main frame and not
// within the menu itself.
$dispatcher = $theme->getAttribute('dispatcher', atkconfig("dispatcher", "index.php"));
// do not use atkSelf here!
$c =& atkinstance("atk.atkcontroller");
$c->setPhpFile($dispatcher);
if ($theme->getAttribute('useframes', true)) {
$target = 'target="main"';
} else {
$target = "";
}
//$centerpiece = $centerpiecelinks['pim'] = href(dispatch_url("dashboard.mainboard", "start"), atktext("pim"), SESSION_NEW, false,$target);
// change location link - if location_name is null there is only one location!
if ($user['location_id'] !== null) {
$current_location = atktext('current_location') . ': ' . $user['location_name'];
$atktarget = "index.php?atknodetype=locations.location&atkaction=change&atklevel=0&atkprevlevel=0&atkselect=[atkprimkey]";
$params = array("atkfilter" => $filter, "atktarget" => $atktarget);
$centerpiece = $centerpiecelinks['change_location'] = href(dispatch_url("locations.location", "select", $params), $current_location, SESSION_NEW, false, $target);
}
// if user settings is allowed put link to it
if (is_allowed("loginmanager.settings", "edit") && substr($user['name'], 0, 4) != 'demo') {
$centerpiece .= ' ';
$centerpiece .= $centerpiecelinks['userprefs'] = href(dispatch_url("loginmanager.settings", "edit"), atktext("userprefs"), SESSION_NEW, false, $target);
}
}
public function filterAdminNavigationMain($nav)
{
if (is_allowed('OmekaApiImport_Index', 'index')) {
$nav[] = array('label' => __('Omeka Api Import'), 'uri' => url('omeka-api-import/index/index'));
}
return $nav;
}
/**
* Render html for the save panel buttons
*
* @param string $content
* @return string
*/
public function render($content)
{
$noAttribs = $this->getOption('noAttribs');
$record = $this->getRecord();
$content = $this->getOption('content');
$this->removeOption('content');
$this->removeOption('noAttribs');
$this->removeOption('openOnly');
$this->removeOption('closeOnly');
$this->removeOption('record');
$attribs = null;
if (!$noAttribs) {
$attribs = $this->getOptions();
}
$html = "<input id='save-changes' class='submit big green button' type='submit' value='" . __('Save Changes') . "' name='submit' />";
if ($record) {
if ($this->hasPublicPage() && $record->exists()) {
set_theme_base_url('public');
$publicPageUrl = record_url($record, 'show');
revert_theme_base_url();
$html .= "<a href='{$publicPageUrl}' class='big blue button' target='_blank'>" . __('View Public Page') . "</a>";
}
if (is_allowed($record, 'delete')) {
$recordDeleteConfirm = record_url($record, 'delete-confirm');
$html .= "<a href='{$recordDeleteConfirm}' class='big red button delete-confirm'>" . __('Delete') . "</a>";
}
}
//used by SavePanelHook to locate where to insert hook content
$html .= "<div id='button-field-line'></div>";
return $html;
}
public function jsonCustomDataBeforeActions($aObject, $actionUrlParameters, $parameters)
{
$actions = '';
$actions .= is_allowed($this->resource, 'create') ? '<a class="btn btn-xs bs-tooltip" href="' . route('create' . ucfirst($this->routeSuffix), ['offset' => $this->request->input('start'), 'id' => $aObject['id_044']]) . '" data-original-title="' . trans('comunik::pulsar.duplicate_campaign') . '"><i class="fa fa-files-o"></i></a>' : null;
$actions .= is_allowed($this->resource, 'access') ? '<a class="btn btn-xs bs-tooltip" href="' . route('preview' . ucfirst($this->routeSuffix), [Crypt::encrypt($aObject['id_044'])]) . '" data-original-title="' . trans('comunik::pulsar.preview_campaign') . '" target="_blank"><i class="fa fa-eye"></i></a>' : null;
$actions .= is_allowed($this->resource, 'access') ? '<a class="btn btn-xs bs-tooltip" href="' . route('sendTest' . ucfirst($this->routeSuffix), [$aObject['id_044'], $this->request->input('start')]) . '" data-original-title="' . trans('comunik::pulsar.send_test_email') . '"><i class="fa fa-share"></i></a>' : null;
return $actions;
}
function checkIdentity()
{
$userId = $_POST['userId'];
$targetId = $_POST['targetId'];
if (!is_allowed($userId, $targetId)) {
echo 'notAllowed';
die;
}
}
public function __construct()
{
parent::__construct();
$this->load->helper(array('jbimages', 'language'));
if (is_allowed() === FALSE) {
exit;
}
$this->config->load('uploader_settings', TRUE);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// check permission user, all parameters ['resource', 'action'] are passed in route.php file
$action = $request->route()->getAction();
if (isset($action['resource'])) {
if (!is_allowed($action['resource'], $action['action'])) {
return view('pulsar::errors.default', ['error' => 403, 'message' => trans('pulsar::pulsar.message_error_403')]);
}
}
return $next($request);
}
public function getSelect()
{
$select = parent::getSelect();
$request = Zend_Controller_Front::getInstance()->getRequest();
//only show approved comments to api without a proper key
if ($request && $request->getControllerName() == 'api') {
if (!is_allowed('Commenting_Comment', 'update-approved')) {
$select->where('approved = ?', 1);
}
}
return $select;
}
public function __construct()
{
parent::__construct();
$this->load->helper(array('jbimages', 'language'));
// is_allowed is a helper function which is supposed to return False if upload operation is forbidden
// [See jbimages/is_alllowed.php]
if (is_allowed() === FALSE) {
exit;
}
// User configured settings
$this->config->load('uploader_settings', TRUE);
}
public function getCommentForm()
{
if (get_option('commenting_allow_public') == 1 || is_allowed('Commenting_Comment', 'add')) {
require_once COMMENTING_PLUGIN_DIR . '/CommentForm.php';
$commentSession = new Zend_Session_Namespace('commenting');
$form = new Commenting_CommentForm();
if ($commentSession->post) {
$form->isValid(unserialize($commentSession->post));
}
unset($commentSession->post);
return $form;
}
}
/**
* Helper to determine if tagging is enabled on current page or not.
*/
public function isTaggingAllowed()
{
static $isAllowed = null;
if (is_null($isAllowed)) {
$request = Zend_Controller_Front::getInstance()->getRequest();
// TODO Set this in config form.
// if (($request->getControllerName() == 'items' || $request->getControllerName() == 'files' )
if ($request->getControllerName() == 'items' && $request->getActionName() == 'show' && (get_option('tagging_public_allow_tag') == 1 || is_allowed('Tagging_Tagging', 'add'))) {
$isAllowed = true;
} else {
$isAllowed = false;
}
}
return $isAllowed;
}
public function getContributor()
{
$owner = $this->Item->getOwner();
//if the user has been deleted, make a fake user called "Deleted User"
if (!$owner) {
$owner = new User();
$owner->name = '[' . __('Unknown User') . ']';
return $owner;
}
$user = current_user();
if ($user && $user->id == $owner->id) {
return $owner;
}
//mimic an actual user, but anonymous if user doesn't have access
if ($this->anonymous == 1 && !is_allowed('Contribution_Items', 'view-anonymous')) {
$owner = new User();
$owner->name = __('Anonymous');
}
return $owner;
}
/**
* Check AJAX requests.
*
* 400 Bad Request
* 403 Forbidden
* 500 Internal Server Error
*
* @param string $action
*/
protected function _checkAjax($action)
{
// Only allow AJAX requests.
$request = $this->getRequest();
if (!$request->isXmlHttpRequest()) {
$this->getResponse()->setHttpResponseCode(403);
return false;
}
// Allow only valid calls.
if ($request->getControllerName() != 'ajax' || $request->getActionName() != $action) {
$this->getResponse()->setHttpResponseCode(400);
return false;
}
// Allow only allowed users.
if (!is_allowed('ArchiveFolder_Index', $action)) {
$this->getResponse()->setHttpResponseCode(403);
return false;
}
return true;
}
public function editAction()
{
$this->view->addHelperPath(USER_PROFILES_DIR . '/helpers', 'UserProfiles_View_Helper_');
$allTypes = $this->_helper->db->getTable('UserProfilesType')->findAll();
$typeId = $this->getParam('type');
//if no typeId
if (!$typeId) {
$typeId = $allTypes['0']->id;
}
$profileType = $this->_helper->db->getTable('UserProfilesType')->find($typeId);
$userId = $this->_getParam('id');
if ($userId) {
$user = $this->_helper->db->getTable('User')->find($userId);
} else {
$user = current_user();
$userId = $user->id;
}
$this->view->user = $user;
$userProfile = $this->_helper->db->getTable()->findByUserIdAndTypeId($userId, $typeId);
if (!$userProfile) {
$userProfile = new UserProfilesProfile();
$userProfile->setOwner($user);
$userProfile->type_id = $typeId;
$userProfile->setRelationData(array('subject_id' => $userId));
}
if (!is_allowed($userProfile, 'edit')) {
throw new Omeka_Controller_Exception_403();
}
if ($this->_getParam('submit')) {
$userProfile->setPostData($_POST);
if ($userProfile->save(false)) {
fire_plugin_hook('user_profiles_save', array('post' => $_POST, 'profile' => $userProfile, 'type' => $profileType));
$this->redirect("user-profiles/profiles/user/id/{$userId}/type/{$typeId}");
} else {
$this->_helper->flashMessenger($userProfile->getErrors());
}
}
$this->view->userprofilesprofile = $userProfile;
$this->view->userprofilestype = $profileType;
$this->view->profile_types = apply_filters('user_profiles_type', $allTypes);
}
public function indexAction()
{
$exception = $this->request->getParam('exception');
if (!$exception instanceof \Exception) {
return ['exception' => $exception, 'message' => static::ERROR];
}
$code = $exception->getCode() ?: 404;
$message = env('development') || $code === 403 ? $exception->getMessage() : static::ERROR;
if ($this->request->isAjax()) {
return new JsonResponse(['error' => ['message' => $exception->getMessage(), 'code' => $exception->getCode(), 'file' => $exception->getFile(), 'line' => $exception->getLine(), 'trace' => $exception->getTrace()]], $code);
}
if ($exception->getCode() === 403) {
if (Auth::identity() === \null) {
if (is_allowed(app('router')->getRoute('admin-login')->getHandler())) {
return new RedirectResponse(route('admin-login', ['backTo' => urlencode(route())]));
}
}
}
$this->response->setCode($code);
return ['exception' => $exception, 'message' => $message];
}
function is_allowed_upload($serverid = 0, $path = "any", $userid = 0)
{
global $tab, $db, $login, $sec;
if (!$userid) {
$userid = $login[id];
}
$user = getuser($userid);
$path = str_replace("\\", "/", $path);
if (is_allowed($sec[id])) {
return "mod";
}
if ($path == "any") {
if ($user[upload_allow]) {
return 1;
} else {
return 0;
}
}
$q = $db->query_str("SELECT * FROM {$tab['upload_access']} WHERE serverid='{$serverid}' AND userid='{$userid}'");
while ($set = $db->fetch_array($q)) {
$server = getftpaccesscodes($set[serverid]);
if ($server[path][0] != "/") {
$server[path] = "/" . $server[path];
}
if ($server[path][strlen($server[path]) - 1] == "/") {
$server[path] = substr($server[path], 0, -1);
}
if ($path[0] != "/") {
$path = "/" . $path;
}
if ($path[strlen($path) - 1] != "/") {
$path .= "/";
}
if (preg_match("#^{$server['path']}{$set['path']}#iUs", $path)) {
return 1;
}
}
return 0;
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postLogin(Request $request)
{
$this->validate($request, ['user' => 'required', 'password' => 'required']);
$credentials = $request->only('user', 'password');
if (auth('pulsar')->attempt($credentials, $request->has('remember'))) {
// check if user has access
if (!auth('pulsar')->user()->access_010) {
auth('pulsar')->logout();
return redirect($this->loginPath)->withInput($request->only('user', 'remember'))->withErrors(['loginErrors' => 3]);
}
// set user access control list
session(['userAcl' => AclLibrary::getProfileAcl(auth('pulsar')->user()->profile_id_010)]);
// check if user has permission to access
if (!is_allowed('pulsar', 'access')) {
auth('pulsar')->logout();
return redirect($this->loginPath)->withInput($request->only('user', 'remember'))->withErrors(['loginErrors' => 2]);
}
session(['packages' => Package::getRecords(['active_012' => true, 'orderBy' => ['column' => 'sorting_012', 'order' => 'desc']])]);
session(['baseLang' => Lang::getBaseLang()]);
return redirect()->intended($this->redirectTo);
}
return redirect($this->loginPath)->withInput($request->only('user', 'remember'))->withErrors(['loginErrors' => 1]);
}
echo head(array('title' => $title, 'bodyclass' => 'item-types'));
echo flash();
?>
<form method="post" action="">
<?php
include 'form.php';
?>
<section class="three columns omega">
<div id="save" class="panel">
<input type="submit" class="big green button" name="submit" value="<?php
echo __('Save Changes');
?>
">
<?php
if (is_allowed('ItemTypes', 'delete')) {
?>
<?php
echo link_to($item_type, 'delete-confirm', __('Delete'), array('class' => 'big red button delete-confirm'));
?>
<?php
}
?>
<?php
fire_plugin_hook("admin_item_types_panel_buttons", array('view' => $this, 'record' => $item_type));
?>
<?php
fire_plugin_hook("admin_item_types_panel_fields", array('view' => $this, 'record' => $item_type));
?>
</div>
</section>
/**
* Append an Exhibits section to admin dashboard
*
* @param array $stats Array of "statistics" displayed on dashboard
* @return array
*/
function exhibit_builder_dashboard_stats($stats)
{
if (is_allowed('ExhibitBuilder_Exhibits', 'browse')) {
$stats[] = array(link_to('exhibits', array(), total_records('Exhibits')), __('exhibits'));
}
return $stats;
}
echo $label;
?>
</strong></td>
<td></td>
<td>
<?php
echo $this->formText('action-geolocation-address', "", array('name' => 'action-geolocation-address', 'id' => 'action-geolocation-address', 'class' => 'textinput', "style" => "margin-bottom:0; width:45%"));
?>
<?php
echo $this->formText('action-geolocation-radius', 10, array('name' => 'action-geolocation-radius', 'size' => '10', 'id' => 'action-geolocation-radius', 'class' => 'textinput', "style" => "margin-bottom:0; width: 55px;"));
?>
</td>
</tr>-->
<?php
if (is_allowed('Users', 'browse')) {
?>
<tr>
<td><strong><?php
echo $this->formLabel('user-search', __('Search By User'));
?>
</strong></td>
<td></td>
<td>
<?php
echo $this->formSelect('owner_id', '', array('id' => 'owner_id', "class" => "facet-search-value", "style" => "margin-bottom:0; width:50%"), get_table_options('User'));
?>
</td>
</tr>
<?php
}
<div class="col-md-4">
<div class="field">
<?php
echo $this->formLabel('tag-search', __('Search By Tags'));
?>
<div class="inputs">
<?php
echo $this->formText('tags', @$_REQUEST['tags'], array('size' => '40', 'id' => 'tag-search'));
?>
</div>
</div>
<?php
if (is_allowed('Items', 'showNotPublic')) {
?>
<div class="field">
<?php
echo $this->formLabel('public', __('Public/Non-Public'));
?>
<div class="inputs">
<?php
echo $this->formSelect('public', @$_REQUEST['public'], array(), label_table_options(array('1' => __('Only Public Items'), '0' => __('Only Non-Public Items'))));
?>
</div>
</div>
<?php
}
?>
echo __('There are no collections on this page.');
?>
<?php
echo link_to('collections', null, __('View All Collections'));
?>
</p>
<?php
}
} else {
?>
<h2><?php
echo __('You have no collections.');
?>
</h2>
<?php
if (is_allowed('Collections', 'add')) {
?>
<p><?php
echo __('Get started by adding your first collection.');
?>
</p>
<a href="<?php
echo html_escape(url('collections/add'));
?>
" class="add big green button"><?php
echo __('Add a Collection');
?>
</a>
<?php
}
}