/** * Process * Process does the basic work to figure out: * - which addon you're trying to access (and whether it exists & is active/enabled) * - whether you have access to perform that action * - whether to print a header/footer or not * * Then hands control over to the addon itself to do the rest. * * @uses HasAccess * @uses Interspire_Addons * @uses Interspire_Addons::GetAvailableAddons * @uses Interspire_Addons::Process * * @return Void Doesn't return anything. */ function Process() { // if we're not viewing an addon, then show an "access denied" message // there's no way to view a list of addons to run // they all have to appear in a menu somewhere. if (!isset($_GET['Addon'])) { $this->DenyAccess(); return; } /** * print_header tells us whether to print the header/footer at all. */ $print_header = true; /** * popup_header tells us whether it's a popup window or not. * If it's a full window, that includes the nav menus etc. * If it's a popup window, then none of that is shown. */ $popup_header = false; $get_keywords = array_map('strtolower', array_keys($_GET)); /** * See if the 'ajax' keyword is used in the get string anywhere as a key. * If it is, don't show the header/footer. */ if (in_array('ajax', $get_keywords)) { $print_header = false; } /** * See if the 'popup' keyword is used in the get string anywhere as a key. * If it is, show the popup header/footer. */ if (in_array('popup', $get_keywords)) { $popup_header = true; } if ($print_header) { $this->PrintHeader($popup_header); } $addon = strtolower($_GET['Addon']); require_once(SENDSTUDIO_BASE_DIRECTORY . DIRECTORY_SEPARATOR . 'addons' . DIRECTORY_SEPARATOR . 'interspire_addons.php'); $addon_system = new Interspire_Addons(); $addons = $addon_system->GetAvailableAddons(); if (!isset($addons[$addon])) { $this->DenyAccess(); if ($print_header) { $this->PrintFooter($popup_header); } return; } $action = 'Default'; if (isset($_GET['Action']) && $_GET['Action'] !== '') { $action = $_GET['Action']; } /** * Check the user has access to this addon and what you are trying to do. * The first argument is always the addon id (eg 'surveys'). * * The second argument is the action you are trying to perform. * eg 'create', 'edit', 'delete', 'stats' * This must match up to the methods in the addon itself * eg if you're trying to get the addon to create something, the permission is 'create' and the addon method must be 'Admin_Create_Action' * */ $user = IEM::GetCurrentUser(); $admin_action = $action; if ($admin_action == 'Default') { $admin_action = null; } if(!is_null($admin_action)){$admin_action = strtolower($admin_action);} // Survey permission addon... added in the group now foreach ($user->group->permissions as $perm_key => &$perm ) { if ($perm_key == 'surveys') { $perm[] = "submit"; $perm[] = "tinymcesurveylist"; foreach ($perm as $perm_action) { switch ($perm_action): case 'create': $perm[] = "build"; $perm[] = "save"; break; case 'viewresponsesdefault': $perm[] = "viewresponses"; $perm[] = "downloadattach"; break; case 'editresponse': $perm[] = "saveresponse"; $perm[] = "downloadattach"; case 'exportdefault': $perm[] = "export"; case 'resultdefault': $perm[] = "result"; $perm[] = "result_responseslist"; break; endswitch; } } } // Check if addon is enabled or disabled if (!$addon_system->isEnabled($addon)) { $this->DenyAccess(); } if (!is_null($admin_action)) { $access = $user->HasAccess($addon, $admin_action); if(!$access){ $this->DenyAccess(); if ($print_header) {$this->PrintFooter($popup_header);} return; } } else { $access = $user->HasAccess($addon); if(!$access){ $this->DenyAccess(); if ($print_header) {$this->PrintFooter($popup_header);} return; } } try { if(is_null($action)){$action = "Default";} $result = Interspire_Addons::Process($addon, 'Admin_Action_'.$action); echo $result; } catch (Exception $e) { echo "Error!: " . $e->getMessage(); } if ($print_header) { $this->PrintFooter($popup_header); } }