/**
* Checks if a user has access to a selected item. if no item permissions are
* set, access permission is denied. The user needs to have necessary category
* permission as well.
* Also, the item needs to be Published
*
* @return boolean : TRUE if the no errors occured
*/
public function accessGranted()
{
if (publisher_userIsAdmin()) {
return true;
}
if ($this->status() != _PUBLISHER_STATUS_PUBLISHED) {
return false;
}
// Do we have access to the parent category
if ($this->publisher->getHandler('permission')->isGranted('category_read', $this->categoryid())) {
return true;
}
return false;
}
if ($itemObj->pagescount() > 0) {
if ($item_page_id == -1) {
$item_page_id = 0;
}
include_once XOOPS_ROOT_PATH . '/class/pagenav.php';
$pagenav = new XoopsPageNav($itemObj->pagescount(), 1, $item_page_id, 'page', 'itemid=' . $itemObj->itemid());
$xoopsTpl->assign('pagenav', $pagenav->renderNav());
}
// Creating the files object associated with this item
$file = array();
$files = array();
$embeded_files = array();
$filesObj = $itemObj->getFiles();
// check if user has permission to modify files
$hasFilePermissions = true;
if (!(publisher_userIsAdmin() || publisher_userIsModerator($itemObj))) {
$hasFilePermissions = false;
}
foreach ($filesObj as $fileObj) {
$file = array();
$file['mod'] = false;
if ($hasFilePermissions || is_object($xoopsUser) && $fileObj->getVar('uid') == $xoopsUser->getVar('uid')) {
$file['mod'] = true;
}
if ($fileObj->mimetype() == 'application/x-shockwave-flash') {
$file['content'] = $fileObj->displayFlash();
if (strpos($item['maintext'], '[flash-' . $fileObj->getVar('fileid') . ']')) {
$item['maintext'] = str_replace('[flash-' . $fileObj->getVar('fileid') . ']', $file['content'], $item['maintext']);
} else {
$embeded_files[] = $file;
}
* @since 1.0
* @author trabis <*****@*****.**>
* @version $Id$
*/
defined("XOOPS_ROOT_PATH") or die("XOOPS root path not defined");
define("PUBLISHER_DIRNAME", basename(dirname(dirname(__FILE__))));
define("PUBLISHER_URL", XOOPS_URL . '/modules/' . PUBLISHER_DIRNAME);
define("PUBLISHER_IMAGES_URL", PUBLISHER_URL . '/images');
define("PUBLISHER_ADMIN_URL", PUBLISHER_URL . '/admin');
define("PUBLISHER_UPLOADS_URL", XOOPS_URL . '/uploads/' . PUBLISHER_DIRNAME);
define("PUBLISHER_ROOT_PATH", XOOPS_ROOT_PATH . '/modules/' . PUBLISHER_DIRNAME);
define("PUBLISHER_UPLOADS_PATH", XOOPS_ROOT_PATH . '/uploads/' . PUBLISHER_DIRNAME);
xoops_loadLanguage('common', PUBLISHER_DIRNAME);
include_once PUBLISHER_ROOT_PATH . '/include/functions.php';
include_once PUBLISHER_ROOT_PATH . '/include/constants.php';
include_once PUBLISHER_ROOT_PATH . '/include/seo_functions.php';
include_once PUBLISHER_ROOT_PATH . '/class/metagen.php';
include_once PUBLISHER_ROOT_PATH . '/class/session.php';
include_once PUBLISHER_ROOT_PATH . '/class/publisher.php';
include_once PUBLISHER_ROOT_PATH . '/class/request.php';
$debug = true;
$publisher = PublisherPublisher::getInstance($debug);
//This is needed or it will not work in blocks.
global $publisher_isAdmin;
// Load only if module is installed
if (is_object($publisher->getModule())) {
// Find if the user is admin of the module
$publisher_isAdmin = publisher_userIsAdmin();
// get current page
$publisher_current_page = publisher_getCurrentPage();
}
xoops_loadLanguage('admin', PUBLISHER_DIRNAME);
$op = PublisherRequest::getString('op');
$fileid = PublisherRequest::getInt('fileid');
if ($fileid == 0) {
redirect_header("index.php", 2, _MD_PUBLISHER_NOITEMSELECTED);
exit;
}
$fileObj = $publisher->getHandler('file')->get($fileid);
// if the selected item was not found, exit
if (!$fileObj) {
redirect_header("index.php", 1, _NOPERM);
exit;
}
$itemObj = $publisher->getHandler('item')->get($fileObj->getVar('itemid'));
// if the user does not have permission to modify this file, exit
if (!(publisher_userIsAdmin() || publisher_userIsModerator($itemObj) || is_object($xoopsUser) && $fileObj->getVar('uid') == $xoopsUser->getVar('uid'))) {
redirect_header("index.php", 1, _NOPERM);
exit;
}
/* -- Available operations -- */
switch ($op) {
case "default":
case "mod":
include_once XOOPS_ROOT_PATH . '/header.php';
include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
// FILES UPLOAD FORM
$files_form = $fileObj->getForm();
$files_form->display();
break;
case "modify":
$fileid = isset($_POST['fileid']) ? intval($_POST['fileid']) : 0;
if (!publisher_userIsAdmin() || !publisher_userIsModerator($itemObj)) {
if (isset($_GET['op']) && $_GET['op'] == 'del' && !$publisher->getConfig('perm_delete')) {
redirect_header("index.php", 1, _NOPERM);
exit;
} else {
if (!$publisher->getConfig('perm_edit')) {
redirect_header("index.php", 1, _NOPERM);
exit;
}
}
}
$categoryObj = $itemObj->category();
} else {
// we are submitting a new article
// if the user is not admin AND we don't allow user submission, exit
if (!(publisher_userIsAdmin() || $publisher->getConfig('perm_submit') == 1 && (is_object($xoopsUser) || $publisher->getConfig('perm_anon_submit') == 1))) {
redirect_header("index.php", 1, _NOPERM);
exit;
}
$itemObj = $publisher->getHandler('item')->create();
$categoryObj = $publisher->getHandler('category')->create();
}
if (isset($_GET['op']) && $_GET['op'] == 'clone') {
$formtitle = _MD_PUBLISHER_SUB_CLONE;
$itemObj->setNew();
$itemObj->setVar('itemid', 0);
} else {
$formtitle = _MD_PUBLISHER_SUB_SMNAME;
}
$op = '';
if (isset($_POST['additem'])) {
/**
* Checks if a user has access to a selected item. if no item permissions are
* set, access permission is denied. The user needs to have necessary category
* permission as well.
* Also, the item needs to be Published
*
* @return boolean : TRUE if the no errors occured
*/
public function accessGranted()
{
global $xoopsUser;
if (publisher_userIsAdmin()) {
return true;
}
if ($this->status() != _PUBLISHER_STATUS_PUBLISHED) {
return false;
}
$gperm_handler = xoops_gethandler('groupperm');
$groups = $xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
$module_id = $this->publisher->getModule()->getVar('mid');
// Do we have access to the parent category
if ($gperm_handler->checkRight('category_read', $this->categoryid(), $groups, $module_id)) {
return true;
}
return false;
}
