function getPublishableChanges($user = false)
{
if (!$user) {
$user = static::getUser($this->ID);
} else {
$user = static::getUser($user);
}
$changes = array();
// Setup the default search array to just be pages
$search = array("`module` = ''");
// Add each module the user has publisher permissions to
if (is_array($user["permissions"]["module"])) {
foreach ($user["permissions"]["module"] as $module => $permission) {
if ($permission == "p") {
$search[] = "`module` = '{$module}'";
}
}
}
// Add module group based permissions as well
if (isset($user["permissions"]["module_gbp"]) && is_array($user["permissions"]["module_gbp"])) {
foreach ($user["permissions"]["module_gbp"] as $module => $groups) {
foreach ($groups as $group => $permission) {
if ($permission == "p") {
$search[] = "`module` = '{$module}'";
}
}
}
}
$q = sqlquery("SELECT * FROM bigtree_pending_changes WHERE " . implode(" OR ", $search) . " ORDER BY date DESC");
while ($f = sqlfetch($q)) {
$ok = false;
if (!$f["item_id"]) {
$id = "p" . $f["id"];
} else {
$id = $f["item_id"];
}
// If they're an admin, they've got it.
if ($user["level"] > 0) {
$ok = true;
// Check permissions on a page if it's a page.
} elseif ($f["table"] == "bigtree_pages") {
$r = $this->getPageAccessLevelByUser($id, $user["id"]);
// If we're a publisher, this is ours!
if ($r == "p") {
$ok = true;
}
} else {
// Check our list of modules.
if ($user["permissions"]["module"][$f["module"]] == "p") {
$ok = true;
} else {
// Check our group based permissions
$item = BigTreeAutoModule::getPendingItem($f["table"], $id);
$level = $this->getAccessLevel(static::getModule($f["module"]), $item["item"], $f["table"], $user);
if ($level == "p") {
$ok = true;
}
}
}
// We're a publisher, get the info about the change and put it in the change list.
if ($ok) {
$f["mod"] = static::getModule($f["module"]);
$f["user"] = static::getUser($f["user"]);
$changes[] = $f;
}
}
return $changes;
}
// If there's a preprocess function for this module, let's get'r'done.
$bigtree["preprocessed"] = array();
if ($bigtree["form"]["preprocess"]) {
$bigtree["preprocessed"] = call_user_func($bigtree["form"]["preprocess"], $_POST);
// Update the $_POST
if (is_array($bigtree["preprocessed"])) {
foreach ($bigtree["preprocessed"] as $key => $val) {
$_POST[$key] = $val;
}
}
}
// Find out what kind of permissions we're allowed on this item. We need to check the EXISTING copy of the data AND what it's turning into and find the lowest of the two permissions.
$bigtree["access_level"] = $admin->getAccessLevel($bigtree["module"], $_POST, $bigtree["form"]["table"]);
if ($_POST["id"] && $bigtree["access_level"] && $bigtree["access_level"] != "n") {
$original_item = BigTreeAutoModule::getItem($bigtree["form"]["table"], $_POST["id"]);
$existing_item = BigTreeAutoModule::getPendingItem($bigtree["form"]["table"], $_POST["id"]);
$previous_permission = $admin->getAccessLevel($bigtree["module"], $existing_item["item"], $bigtree["form"]["table"]);
$original_permission = $admin->getAccessLevel($bigtree["module"], $original_item["item"], $bigtree["form"]["table"]);
// If the current permission is e or p, drop it down to e if the old one was e.
if ($previous_permission != "p") {
$bigtree["access_level"] = $previous_permission;
}
// Check the original. If we're not already at "you're not allowed" then apply the original permission.
if ($bigtree["access_level"] != "n" && $original_permission != "p") {
$bigtree["access_level"] = $original_permission;
}
}
// If permission check fails, stop and throw the denied page.
if (!$bigtree["access_level"] || $bigtree["access_level"] == "n") {
$admin->stop(file_get_contents(BigTree::path("admin/auto-modules/forms/_denied.php")));
}
<?php
$change = $admin->getPendingChange($_POST["id"]);
// See if we have permission.
$item_id = $change["item_id"] ? $change["item_id"] : "p" . $change["id"];
if ($change["module"]) {
// It's a module. Check permissions on this.
$data = BigTreeAutoModule::getPendingItem($change["table"], $item_id);
$permission_level = $admin->getAccessLevel($admin->getModule($change["module"]), $data["item"], $change["table"]);
} else {
if ($change["item_id"]) {
$permission_level = $admin->getPageAccessLevel($item_id);
} else {
$f = $admin->getPendingChange($change["id"]);
$permission_level = $admin->getPageAccessLevel($f["changes"]["parent"]);
}
}
// If they're not a publisher, they have no business here.
if ($permission_level != "p") {
die("Permission denied.");
}
$change["changes"] = BigTreeAutoModule::sanitizeData($change["table"], $change["changes"]);
// This is an update to an existing entry.
if (!is_null($change["item_id"])) {
if ($change["table"] == "bigtree_pages") {
$page_data = $cms->getPendingPage($change["item_id"]);
$admin->updatePage($change["item_id"], $page_data);
} else {
BigTreeAutoModule::updateItem($change["table"], $change["item_id"], $change["changes"], $change["mtm_changes"], $change["tags_changes"]);
}
// It's a new entry, let's publish it.
<?php
header("Content-type: text/javascript");
$id = sqlescape($_GET["id"]);
// Grab View Data
$view = BigTreeAutoModule::getView(sqlescape($_GET["view"]));
$table = $view["table"];
// Get module
$module = $admin->getModule(BigTreeAutoModule::getModuleForView($view["id"]));
// Get the item
$current_item = BigTreeAutoModule::getPendingItem($table, $id);
$item = $current_item["item"];
// Check permission
$access_level = $admin->getAccessLevel($module, $item, $table);
if ($access_level != "n") {
$original_item = BigTreeAutoModule::getItem($table, $id);
$original_access_level = $admin->getAccessLevel($module, $original_item["item"], $table);
if ($original_access_level != "p") {
$access_level = $original_access_level;
}
}
<?php
// Check for a page lock
$force = isset($_GET["force"]) ? true : false;
$admin->lockCheck($bigtree["form"]["table"], $bigtree["edit_id"], "admin/auto-modules/forms/_locked.php", $force);
$pending_entry = BigTreeAutoModule::getPendingItem($bigtree["form"]["table"], $bigtree["edit_id"]);
$original_item = BigTreeAutoModule::getItem($bigtree["form"]["table"], $bigtree["edit_id"]);
if (!$pending_entry) {
?>
<div class="container">
<section>
<h3>Error</h3>
<p>The item you are trying to edit no longer exists.</p>
</section>
</div>
<?php
} else {
$bigtree["related_view"] = BigTreeAutoModule::getRelatedViewForForm($bigtree["form"]);
$bigtree["entry"] = $item = $pending_entry["item"];
// Check access levels
$bigtree["access_level"] = $admin->getAccessLevel($bigtree["module"], $item, $bigtree["form"]["table"]);
if ($bigtree["access_level"] != "n") {
$original_permission_level = $admin->getAccessLevel($bigtree["module"], $original_item["item"], $bigtree["form"]["table"]);
if ($original_permission_level != "p") {
$bigtree["access_level"] = $original_permission_level;
}
}
if (!$bigtree["access_level"] || $bigtree["access_level"] == "n") {
include BigTree::path("admin/auto-modules/forms/_denied.php");
} else {
$bigtree["many-to-many"] = $many_to_many = $pending_entry["mtm"];
