Пример #1
0
function include_all($x)
{
    extract($x);
    #add a few extra variables that will be usefull in the output;
    #x = array('elements'=>, 'element_info'=>, 'user_id'=>, 'db'=>)
    #Example: $data = include_all(compact('elements', 'element_info', 'user_id', 'db'));
    #when there is no resource_class_id, find it from the project where instance was created. WILL ASSUME THAT RESOURCE_CLASS_ID FILLED OUT IS A REQUIREMENT FOR ALL S3DB THAT SHARE RULES
    if ($_REQUEST['project_id'] == '') {
        $project_id = $element_info['project_id'];
    } else {
        $project_id = $_REQUEST['project_id'];
    }
    if (!$model) {
        $model = 'nsy';
    }
    if ($letter == '') {
        $letter = strtoupper(substr($elements, 0, 1));
    }
    if (is_array($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]])) {
        foreach ($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]] as $replace => $with) {
            $element_info[$replace] = $element_info[$with];
        }
    }
    #if element is a class, return the class id
    if ($letter == 'D') {
        $element_info['acl'] = $user_id == '1' ? '222' : (user_is_admin($user_id, $db) ? '212' : (user_is_public($user_id, $db) ? '210' : '211'));
        $element_info['created_by'] = $user_id;
        $element_info['description'] = $GLOBALS['s3db_info']['server']['site_intro'];
        $element_info['name'] = $GLOBALS['s3db_info']['server']['site_title'];
        if ($element_info['deployment_id'] == $GLOBALS['s3db_info']['deployment']['Did']) {
            $element_info['self'] = 1;
        }
    }
    if ($letter == 'G') {
        #echo '<pre>';print_r($x);exit;
        $e = 'groups';
        #$element_info['group_id'] = $element_info['account_id'];
        #$element_info['groupname'] = $element_info['account_uname'];
        #$element_info['acl'] = groupAcl($element_info, $user_id, $db);
        $uid_info = uid($element_info['account_id']);
        $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
        $strictuid = 1;
        $strictsharedwith = 1;
        $uid = 'G' . $element_info['group_id'];
        $shared_with = 'U' . $user_id;
        #$element_info['acl'] = permissionOnResource(compact('user_id', 'shared_with', 'db', 'uid','key','strictsharedwith','strictuid'));
        $element_info['acl'] = groupAcl($element_info, $user_id, $db, $timer);
        if ($timer) {
            $timer->setMarker('Included resource information for ' . $letter);
        }
        #echo '<pre>';print_r($element_info);exit;
    }
    if ($letter == 'U') {
        if ($element_info['account_addr_id'] != '') {
            $sql = "select * from s3db_addr where addr_id = '" . $element_info['account_addr_id'] . "'";
            $fields = array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country');
            $db->query($sql);
            while ($db->next_record()) {
                for ($i = 0; $i < count($fields); $i++) {
                    $element_info[$fields[$i]] = $db->f($fields[$i]);
                }
            }
            $element_info = array_delete($element_info, 'account_addr_id');
        }
        $element_info['user_id'] = $element_info['account_id'];
        $element_info['username'] = $element_info['account_uname'];
        $element_info['login'] = $element_info['account_lid'];
        $element_info['address'] = $element_info['addr1'];
        $uid_info = uid($element_info['account_id']);
        $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
        if ($user_id != '1' && $element_info['created_by'] != $user_id && $element_info['account_id'] != $user_id) {
            #if user is not seing himself and user is not admin and user was not the creator of element, then hide address, email, phone, etc.
            $keys2Remove = array('account_email' => '', 'account_phone' => '', 'addr1' => '', 'addr2' => '', 'city' => '', 'state' => '', 'postal_code' => '', 'country' => '');
            if (is_array($element_info)) {
                $element_info = array_diff_key($element_info, $keys2Remove);
            }
        }
        if ($user_id != '1' && $element_info['created_by'] != $user_id && $user_id != $element_info['account_id']) {
            if (is_array($element_info)) {
                $element_info = array_diff_key($element_info, array('account_type' => '', 'account_status' => ''));
            }
        } else {
            //if this user has been created with a filter, what is that filter
            $permission_info = array('uid' => 'U' . $element_info['created_by'], 'shared_with' => 'U' . $element_info['account_id']);
            $hp = has_permission($permission_info, $db);
            if ($hp) {
                $element_info['filter'] = $hp;
            }
        }
        if (is_array($element_info)) {
            $element_info = array_diff_key($element_info, array('account_pwd' => ''));
        }
        $user_id_who_asks = $user_id;
        $uid = 'U' . $element_info['user_id'];
        $shared_with = $user_id_who_asks;
        $strictuid = 1;
        $strictsharedwith = 1;
        $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid');
        if ($element_info['acl'] == '') {
            $element_info['acl'] = userAcl(compact('key', 'element_info', 'user_id_who_asks', 'db'));
        }
    }
    if ($letter == 'P') {
        $element_info['name'] = $element_info['project_name'];
        $element_info['description'] = $element_info['project_description'];
        $id = 'P' . $element_info['project_id'];
        $uid = 'P' . $element_info['project_id'];
    }
    if ($letter == 'C') {
        $element_info['class_id'] = $element_info['resource_id'];
        $element_info['collection_id'] = $element_info['class_id'];
        $element_info['name'] = $element_info['entity'];
        $element_info['description'] = $element_info['notes'];
        #project_id to search for rule_id will be the same from the class
        $uid = 'C' . $element_info['resource_id'];
    }
    #if element is a rule, return the class_id of the subject. If the object is a class, return the object_id... to discuss with jonas
    if ($letter == 'R') {
        $uid = 'R' . $element_info['rule_id'];
    }
    #if this is an instance, return the class_id => ASSUMING THAT EVERY S3DB THAT HAS SHARED RULES HAS RESOURCECLASSID IN INSTANCE.
    if ($letter == 'I') {
        if ($element_info['resource_class_id'] != '') {
            $element_info['class_id'] = $element_info['resource_class_id'];
        }
        $element_info['instance_id'] = $element_info['resource_id'];
        $element_info['item_id'] = $element_info['instance_id'];
        $element_info['collection_id'] = $element_info['class_id'];
        $instance_id = $element_info['instance_id'];
        $uid = 'I' . $element_info['instance_id'];
    }
    if ($letter == 'S') {
        $uid = 'S' . $element_info['statement_id'];
        $info[$id] = $element_info;
        $statement_id = $element_info['statement_id'];
        $element_info['instance_id'] = $element_info['resource_id'];
        $element_info['item_id'] = $element_info['instance_id'];
        $element_info['instance_notes'] = $info['I' . $element_info['instance_id']]['notes'];
        if ($info['R' . $element_info['rule_id']] == '') {
            $info['R' . $element_info['rule_id']] = s3info('rule', $element_info['rule_id'], $db);
        }
        $element_info['object_notes'] = notes($element_info['value'], $db);
        $element_info['project_folder'] = $element_info['value'];
        $element_info = include_fileLinks($element_info, $db);
        $element_info['subject'] = $info['R' . $element_info['rule_id']]['subject'];
        $element_info['verb'] = $info['R' . $element_info['rule_id']]['verb'];
        $element_info['object'] = $info['R' . $element_info['rule_id']]['object'];
        $element_info['subject_id'] = $info['R' . $element_info['rule_id']]['subject_id'];
        $element_info['verb_id'] = $info['R' . $element_info['rule_id']]['verb_id'];
        $element_info['object_id'] = $info['R' . $element_info['rule_id']]['object_id'];
    }
    $strictuid = 1;
    $strictsharedwith = 1;
    $shared_with = 'U' . $user_id;
    $toFindInfo = $element_info;
    $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid', 'timer', 'toFindInfo');
    if ($element_info['acl'] == '') {
        $element_info['acl'] = permission4Resource($onPermissions);
    }
    $element_info['permission_level'] = $element_info['acl'];
    if (!$element_info['effective_permission']) {
        $element_info['effective_permission'] = $element_info['acl'];
    }
    if (!$element_info['assigned_permission']) {
        $pp = array('uid' => $uid, 'shared_with' => $shared_with);
        $tmp = has_permission($pp, $db);
        if ($tmp) {
            $element_info['assigned_permission'] = $tmp;
        } else {
            $element_info['assigned_permission'] = '---';
        }
    }
    #Define if ser can view or not view data. View is the first number in the 3d code.
    $permission2user = permissionModelComp($element_info['permission_level']);
    ##According to the model, change the values of assigned_permission from prevous versions
    $element_info['assigned_permission'] = str_replace(array('0', '1', '2'), str_split($model), $element_info['assigned_permission']);
    $isOwner = $element_info['created_by'] == $user_id;
    $element_info['view'] = allowed($permission2user, 0, $isOwner, $state = 3, $model);
    $element_info['change'] = allowed($permission2user, 1, $isOwner, $state = 3, $model);
    $element_info['propagate'] = allowed($permission2user, 2, $isOwner, $state = 3, $model);
    #create the element "delete", in case it is eventually created...For now it is the same as change
    $element_info['delete'] = $element_info['change'];
    $element_info['delete_data'] = $element_info['add_data'];
    $element_info['add_data'] = $element_info['propagate'];
    return $element_info;
}
Пример #2
0
} else {
    $def = $_SERVER['HTTP_HOST'];
}
if (file_exists('../config.inc.php')) {
    include '../config.inc.php';
} else {
    Header('Location: http://' . $def . '/s3db/');
    exit;
}
$key = $_GET['key'];
#Get the key, send it to check validity
#echo '<pre>';print_r($db);
include_once '../core.header.php';
if ($key != '') {
    $args = '?key=' . $_REQUEST['key'];
}
include '../webActions.php';
$id = $_REQUEST['id'];
if ($key) {
    $user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db);
} else {
    $user_id = $_SESSION['user']['account_id'];
}
$user_info = s3info('user', $user_id, $db);
ereg('(.*)/(edituser.php)$', $_SERVER['PHP_SELF'], $script);
if (!user_is_admin($user_id, $db)) {
    if ($script[2] != 'edituser.php' || $user_id != $_REQUEST['id'] || user_is_public($user_id, $db)) {
        Header('Location: ' . $action['main']);
        exit;
    }
}