/**
* We take any permissions function run on the permissions class and send it into the category
* object
*/
public function __call($f, $a)
{
if (!is_object($this->response)) {
// handles task permissions
$permission = Loader::helper('text')->uncamelcase($f);
}
if (count($a) > 0) {
if (is_object($this->response)) {
$r = call_user_func_array(array($this->response, $f), $a);
} else {
$pk = PermissionKey::getByHandle($permission);
$r = call_user_func_array(array($pk, $f), $a);
}
} else {
if (is_object($this->response)) {
$r = $this->response->{$f}();
} else {
$pk = PermissionKey::getByHandle($permission);
if (is_object($pk)) {
$r = $pk->validate();
} else {
throw new Exception(t('Unable to get permission key for %s', $permission));
}
}
}
if (is_array($r) || is_object($r)) {
return $r;
} else {
if ($r) {
return 1;
} else {
return 0;
}
}
}
public function getPermissionAccessObject()
{
$db = Loader::db();
if ($this->permissionObjectToCheck instanceof Area) {
$r = $db->GetOne('select paID from AreaPermissionAssignments where cID = ? and arHandle = ? and pkID = ? ' . $filterString, array($this->permissionObjectToCheck->getCollectionID(), $this->permissionObjectToCheck->getAreaHandle(), $this->pk->getPermissionKeyID()));
if ($r) {
return PermissionAccess::getByID($r, $this->pk, false);
}
} else {
if (isset($this->inheritedPermissions[$this->pk->getPermissionKeyHandle()])) {
// this is a page
$pk = PermissionKey::getByHandle($this->inheritedPermissions[$this->pk->getPermissionKeyHandle()]);
$pk->setPermissionObject($this->permissionObjectToCheck);
$pae = $pk->getPermissionAccessObject();
return $pae;
} else {
if (isset($this->blockTypeInheritedPermissions[$this->pk->getPermissionKeyHandle()])) {
$pk = PermissionKey::getByHandle($this->blockTypeInheritedPermissions[$this->pk->getPermissionKeyHandle()]);
$pae = $pk->getPermissionAccessObject();
return $pae;
}
}
}
return false;
}
/** Executes the job.
* @return string Returns a string describing the job result in case of success.
* @throws Exception Throws an exception in case of errors.
*/
public function run() {
Cache::disableCache();
Cache::disableLocalCache();
try {
$db = Loader::db();
$instances = array(
'navigation' => Loader::helper('navigation'),
'dashboard' => Loader::helper('concrete/dashboard'),
'view_page' => PermissionKey::getByHandle('view_page')
);
$rsPages = $db->query('SELECT cID FROM Pages WHERE (cID > 1) ORDER BY cID');
$relName = ltrim(SITEMAPXML_FILE, '\\/');
$osName = rtrim(DIR_BASE, '\\/') . '/' . $relName;
$urlName = rtrim(BASE_URL . DIR_REL, '\\/') . '/' . $relName;
if(!file_exists($osName)) {
@touch($osName);
}
if(!is_writable($osName)) {
throw new Exception(t('The file %s is not writable', $osName));
}
if(!$hFile = fopen($osName, 'w')) {
throw new Exception(t('Cannot open file %s', $osName));
}
if(!@fprintf($hFile, '<?xml version="1.0" encoding="%s"?>' . self::EOL . '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">', APP_CHARSET)) {
throw new Exception(t('Error writing header of %s', $osName));
}
$addedPages = 0;
if(self::AddPage($hFile, 1, $instances)) {
$addedPages++;
}
while($rowPage = $rsPages->FetchRow()) {
if(self::AddPage($hFile, intval($rowPage['cID']), $instances)) {
$addedPages++;
}
}
$rsPages->Close();
unset($rsPages);
if(!@fwrite($hFile, self::EOL . '</urlset>')) {
throw new Exception(t('Error writing footer of %s', $osName));
}
@fflush($hFile);
@fclose($hFile);
unset($hFile);
return t('%1$s file saved (%2$d pages).', $urlName, $addedPages);
}
catch(Exception $x) {
if(isset($rsPages) && $rsPages) {
$rsPages->Close();
$rsPages = null;
}
if(isset($hFile) && $hFile) {
@fflush($hFile);
@ftruncate($hFile, 0);
@fclose($hFile);
$hFile = null;
}
throw $x;
}
}
public function getPermissionAccessObject()
{
$db = Loader::db();
if ($this->permissionObjectToCheck instanceof Block) {
$co = $this->permissionObjectToCheck->getBlockCollectionObject();
$arHandle = $this->permissionObjectToCheck->getAreaHandle();
$paID = $db->GetOne('select paID from BlockPermissionAssignments where cID = ? and cvID = ? and bID = ? and pkID = ? ' . $filterString, array($co->getCollectionID(), $co->getVersionID(), $this->permissionObject->getBlockID(), $this->pk->getPermissionKeyID()));
if ($paID) {
$pae = PermissionAccess::getByID($paID, $this->pk, false);
}
} else {
if ($this->permissionObjectToCheck instanceof Area && isset($this->inheritedAreaPermissions[$this->pk->getPermissionKeyHandle()])) {
$pk = PermissionKey::getByHandle($this->inheritedAreaPermissions[$this->pk->getPermissionKeyHandle()]);
$pk->setPermissionObject($this->permissionObjectToCheck);
$pae = $pk->getPermissionAccessObject();
} else {
if ($this->permissionObjectToCheck instanceof Page && isset($this->inheritedPagePermissions[$this->pk->getPermissionKeyHandle()])) {
$pk = PermissionKey::getByHandle($this->inheritedPagePermissions[$this->pk->getPermissionKeyHandle()]);
$pk->setPermissionObject($this->permissionObjectToCheck);
$pae = $pk->getPermissionAccessObject();
}
}
}
return $pae;
}
public function remove_tree()
{
if ($this->token->validate('remove_tree')) {
$tree = Tree::getByID(Loader::helper('security')->sanitizeInt($_REQUEST['treeID']));
$treeType = $tree->getTreeTypeObject();
if (is_object($treeType)) {
$treeTypeHandle = $treeType->getTreeTypeHandle();
}
if (is_object($tree) && $treeTypeHandle == 'topic') {
if (\PermissionKey::getByHandle('remove_topic_tree')->validate()) {
$tree->delete();
$this->redirect('/dashboard/system/attributes/topics', 'tree_deleted');
}
}
}
}
/** Executes the job.
* @return string Returns a string describing the job result in case of success.
* @throws Exception Throws an exception in case of errors.
*/
public function run()
{
Cache::disableCache();
Cache::disableLocalCache();
try {
$db = Loader::db();
$instances = array('navigation' => Loader::helper('navigation'), 'dashboard' => Loader::helper('concrete/dashboard'), 'view_page' => PermissionKey::getByHandle('view_page'), 'guestGroup' => Group::getByID(GUEST_GROUP_ID), 'now' => new DateTime('now'), 'ak_exclude_sitemapxml' => CollectionAttributeKey::getByHandle('exclude_sitemapxml'), 'ak_sitemap_changefreq' => CollectionAttributeKey::getByHandle('sitemap_changefreq'), 'ak_sitemap_priority' => CollectionAttributeKey::getByHandle('sitemap_priority'));
$instances['guestGroupAE'] = array(GroupPermissionAccessEntity::getOrCreate($instances['guestGroup']));
$xmlDoc = new SimpleXMLElement('<' . '?xml version="1.0" encoding="' . APP_CHARSET . '"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" />');
$rs = Loader::db()->Query('SELECT cID FROM Pages');
while ($row = $rs->FetchRow()) {
self::addPage($xmlDoc, intval($row['cID']), $instances);
}
$rs->Close();
Events::fire('on_sitemap_xml_ready', $xmlDoc);
$dom = dom_import_simplexml($xmlDoc)->ownerDocument;
$dom->formatOutput = true;
$addedPages = count($xmlDoc->url);
$relName = ltrim(SITEMAPXML_FILE, '\\/');
$osName = rtrim(DIR_BASE, '\\/') . '/' . $relName;
$urlName = rtrim(BASE_URL . DIR_REL, '\\/') . '/' . $relName;
if (!file_exists($osName)) {
@touch($osName);
}
if (!is_writable($osName)) {
throw new Exception(t('The file %s is not writable', $osName));
}
if (!($hFile = @fopen($osName, 'w'))) {
throw new Exception(t('Cannot open file %s', $osName));
}
if (!@fwrite($hFile, $dom->saveXML())) {
throw new Exception(t('Error writing to file %s', $osName));
}
@fflush($hFile);
@fclose($hFile);
unset($hFile);
return t('%1$s file saved (%2$d pages).', sprintf('<a href="%s" target="_blank">%s</a>', $urlName, preg_replace('/^https?:\\/\\//i', '', $urlName)), $addedPages);
} catch (Exception $x) {
if (isset($hFile) && $hFile) {
@fflush($hFile);
@ftruncate($hFile, 0);
@fclose($hFile);
$hFile = null;
}
throw $x;
}
}
public function canGuestsViewThisBlock()
{
$pk = PermissionKey::getByHandle('view_block');
$pk->setPermissionObject($this->getPermissionObject());
$gg = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
$accessEntities = array($gg);
$valid = false;
$list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
foreach ($list as $l) {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$valid = true;
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$valid = false;
}
}
return $valid;
}
public function run() {
$j = Job::getByHandle('index_search_all');
if (!is_object($j)) {
Job::installByHandle('index_search_all');
}
$js = JobSet::getByName('Default');
if (!is_object($js)) {
$js = JobSet::add('Default');
}
$js->clearJobs();
$jobs = Job::getList();
foreach($jobs as $j) {
if (!$j->supportsQueue()) {
$js->addJob($j);
}
}
// create the view page in sitemap permission
$rpk = PermissionKey::getByHandle('view_page');
$vpk = PermissionKey::getByHandle('view_page_in_sitemap');
if (!is_object($vpk)) {
$vpk = PermissionKey::add('page', 'view_page_in_sitemap', 'View Page in Sitemap', 'View Page in Sitemap and Intelligent Search.', false, false);
}
// now we have to get a list of all pages in the site that have their own permissions set.
$db = Loader::db();
$r = $db->Execute('select cID from Pages where cInheritPermissionsFrom = "OVERRIDE" order by cID asc');
while ($row = $r->Fetchrow()) {
$c = Page::getByID($row['cID']);
if (is_object($c) && !$c->isError()) {
$rpk->setPermissionObject($c);
$vpk->setPermissionObject($c);
$rpa = $rpk->getPermissionAccessObject();
if (is_object($rpa)) {
$pt = $vpk->getPermissionAssignmentObject();
if (is_object($pt)) {
$pt->clearPermissionAssignment();
$pt->assignPermissionAccess($rpa);
}
}
}
}
}
public function run()
{
$bt = BlockType::getByHandle('guestbook');
if (is_object($bt)) {
$bt->refresh();
}
// add user export users task permission
$pk = PermissionKey::getByHandle('access_user_search_export');
if (!$pk instanceof PermissionKey) {
$pk = PermissionKey::add('user', 'access_user_search_export', 'Export Site Users', 'Controls whether a user can export site users or not', false, false);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$adminGroup = Group::getByID(ADMIN_GROUP_ID);
//Make sure "Adminstrators" group still exists
if ($adminGroup) {
$adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($adminGroup);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
if (!Config::get('SECURITY_TOKEN_JOBS')) {
Config::save('SECURITY_TOKEN_JOBS', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_ENCRYPTION')) {
Config::save('SECURITY_TOKEN_ENCRYPTION', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_VALIDATION')) {
Config::save('SECURITY_TOKEN_VALIDATION', Loader::helper('validation/identifier')->getString(64));
}
$sp = Page::getByPath('/dashboard/system/mail/method/test_settings');
if (!is_object($sp) || $sp->isError()) {
$sp = SinglePage::add('/dashboard/system/mail/method/test_settings');
$sp->update(array('cName' => t('Test Mail Settings')));
$sp->setAttribute('meta_keywords', 'test smtp, test mail');
}
}
protected function installPermissionsAndWorkflow()
{
$sx = simplexml_load_file(DIR_BASE_CORE . '/config/install/base/permissions.xml');
foreach ($sx->permissioncategories->category as $pkc) {
$handle = (string) $pkc['handle'];
$pkca = PermissionKeyCategory::getByHandle($handle);
if (!is_object($pkca)) {
$pkx = PermissionKeyCategory::add((string) $pkc['handle']);
}
}
foreach ($sx->workflowprogresscategories->category as $pkc) {
$handle = (string) $pkc['handle'];
$pkca = WorkflowProgressCategory::getByHandle($handle);
if (!is_object($pkca)) {
$pkx = WorkflowProgressCategory::add((string) $pkc['handle']);
}
}
foreach ($sx->workflowtypes->workflowtype as $wt) {
$handle = (string) $wt['handle'];
$name = (string) $wt['name'];
$wtt = WorkflowType::getByHandle($handle);
if (!is_object($wtt)) {
$pkx = WorkflowType::add($handle, $name);
}
}
if (isset($sx->permissionaccessentitytypes)) {
foreach ($sx->permissionaccessentitytypes->permissionaccessentitytype as $pt) {
$name = $pt['name'];
if (!$name) {
$name = Loader::helper('text')->unhandle($pt['handle']);
}
$handle = (string) $pt['handle'];
$patt = PermissionAccessEntityType::getByHandle($handle);
if (!is_object($patt)) {
$type = PermissionAccessEntityType::add((string) $pt['handle'], $name);
if (isset($pt->categories)) {
foreach ($pt->categories->children() as $cat) {
$catobj = PermissionKeyCategory::getByHandle((string) $cat['handle']);
$catobj->associateAccessEntityType($type);
}
}
}
}
}
$txt = Loader::helper('text');
foreach ($sx->permissionkeys->permissionkey as $pk) {
$pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
$className = $txt->camelcase($pkc->getPermissionKeyCategoryHandle());
$c1 = $className . 'PermissionKey';
$handle = (string) $pk['handle'];
$pka = PermissionKey::getByHandle($handle);
if (!is_object($pka)) {
$pkx = call_user_func(array($c1, 'import'), $pk);
}
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
{
$db = Loader::db();
if ($this->fsID > 0) {
$db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
$this->fsOverrideGlobalPermissions = true;
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$form = Loader::helper('form');
$tp = new TaskPermission();
Loader::model('attribute/categories/user');
$attribs = UserAttributeKey::getEditableList();
$sk = PermissionKey::getByHandle('access_user_search');
$ek = PermissionKey::getByHandle('edit_user_properties');
$tp = new TaskPermission();
if (!$tp->canEditUserProperties()) {
die(t("Access Denied."));
}
$users = array();
if (is_array($_REQUEST['uID'])) {
foreach ($_REQUEST['uID'] as $uID) {
$ui = UserInfo::getByID($uID);
$users[] = $ui;
}
}
foreach ($users as $ui) {
if (!$sk->validate($ui)) {
die(t("Access Denied."));
}
}
if ($_POST['task'] == 'update_extended_attribute') {
$fakID = $_REQUEST['fakID'];
$value = '';
$ak = UserAttributeKey::get($fakID);
foreach ($users as $ui) {
if ($ek->validate($ak)) {
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$c = $b->getBlockCollectionObject();
$arHandle = $b->getAreaHandle();
use Concrete\Core\Permission\Duration as PermissionDuration;
$pk = PermissionKey::getByHandle('view_block');
$pk->setPermissionObject($b);
$list = $pk->getAccessListItems();
foreach ($list as $pa) {
$pae = $pa->getAccessEntityObject();
if ($pae->getAccessEntityTypeHandle() == 'group') {
if ($pae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$pd = $pa->getPermissionDurationObject();
if (!is_object($pd)) {
$pd = new PermissionDuration();
}
}
}
}
?>
<div class="ccm-ui" id="ccm-permissions-access-entity-wrapper">
<form id="ccm-permissions-timed-guest-access-form" class="form-stacked" method="post" action="<?php
echo REL_DIR_FILES_TOOLS_REQUIRED;
?>
/permissions/categories/block">
<input type="hidden" name="task" value="set_timed_guest_access" />
<?php
echo Loader::helper('validation/token')->output('set_timed_guest_access');
?>
<input type="hidden" name="cID" value="<?php
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$app = Concrete\Core\Support\Facade\Application::getFacadeApplication();
$form = $app->make('helper/form');
$ek = PermissionKey::getByHandle('edit_user_properties');
$ik = PermissionKey::getByHandle('activate_user');
$dk = PermissionKey::getByHandle('delete_user');
?>
<script type="text/template" data-template="search-results-table-body">
<% _.each(items, function (user) {%>
<tr>
<td><span class="ccm-search-results-checkbox"><input type="checkbox" class="ccm-flat-checkbox" data-user-id="<%-user.uID%>" data-user-name="<%-user.uName%>" data-user-email="<%-user.uEmail%>" data-search-checkbox="individual" value="<%-user.uID%>" /></span></td>
<% for (i = 0; i < user.columns.length; i++) {
var column = user.columns[i];
%>
<td><%= column.value %></td>
<% } %>
</tr>
<% }); %>
</script>
<div data-search-element="wrapper"></div>
<div data-search-element="results">
<table border="0" cellspacing="0" cellpadding="0" class="ccm-search-results-table">
<thead>
</thead>
<tbody>
">
<h5><?php
echo t('Version Comments');
?>
</h5>
<div class="ccm-panel-check-in-comments"><textarea name="comments" id="ccm-check-in-comments" /></textarea></div>
<?php
if ($cp->canApprovePageVersions()) {
if ($c->isPageDraft()) {
$publishTitle = t('Publish Page');
} else {
$publishTitle = t('Publish Changes');
$pk = PermissionKey::getByHandle('approve_page_versions');
$pk->setPermissionObject($c);
$pa = $pk->getPermissionAccessObject();
$workflows = array();
$canApproveWorkflow = true;
if (is_object($pa)) {
$workflows = $pa->getWorkflows();
}
foreach ($workflows as $wf) {
if (!$wf->canApproveWorkflow()) {
$canApproveWorkflow = false;
}
}
if (count($workflows) > 0 && !$canApproveWorkflow) {
$publishTitle = t('Submit to Workflow');
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$pk = PermissionKey::getByHandle('customize_themes');
?>
<section id="ccm-panel-page-design-customize">
<form data-form="panel-page-design-customize" target="ccm-page-preview-frame" method="post" action="<?php
echo $controller->action("preview", $theme->getThemeID());
?>
">
<header><a href="" data-panel-navigation="back" class="ccm-panel-back"><span class="fa fa-chevron-left"></span></a> <a href="" data-panel-navigation="back"><?php
echo t('Customize Theme');
?>
</a></header>
<?php
if (count($presets) > 1) {
?>
<div class="ccm-panel-content-inner">
<div class="list-group" data-panel-menu-id="page-design-presets" data-panel-menu="collapsible-list-group">
<div class="list-group-item list-group-item-header"><?php
echo t('Preset');
?>
</div>
<?php
$i = 0;
foreach ($presets as $preset) {
function getNode($cItem, $level = 0, $autoOpenNodes = true)
{
if (!is_object($cItem)) {
$cID = $cItem;
$c = Page::getByID($cID, 'RECENT');
} else {
$cID = $cItem->getCollectionID();
$c = $cItem;
}
$cp = new Permissions($c);
$canEditPageProperties = $cp->canEditPageProperties();
$canEditPageSpeedSettings = $cp->canEditPageSpeedSettings();
$canEditPagePermissions = $cp->canEditPagePermissions();
$canEditPageDesign = $cp->canEditPageTheme() || $cp->canEditPageType();
$canViewPageVersions = $cp->canViewPageVersions();
$canDeletePage = $cp->canDeletePage();
$canAddSubpages = $cp->canAddSubpage();
$canAddExternalLinks = $cp->canAddExternalLink();
$nodeOpen = false;
if (is_array($_SESSION['dsbSitemapNodes'])) {
if (in_array($cID, $_SESSION['dsbSitemapNodes'])) {
$nodeOpen = true;
}
}
$status = '';
$cls = $c->getNumChildren() > 0 ? "folder" : "file";
$leaf = $c->getNumChildren() > 0 ? false : true;
$numSubpages = $c->getNumChildren() > 0 ? $c->getNumChildren() : '';
$cvName = $c->getCollectionName() ? $c->getCollectionName() : '(No Title)';
$cvName = $c->isSystemPage() ? t($cvName) : $cvName;
$selected = ConcreteDashboardSitemapHelper::isOneTimeActiveNode($cID) ? true : false;
$ct = CollectionType::getByID($c->getCollectionTypeID());
$isInTrash = $c->isInTrash();
$canCompose = false;
if (is_object($ct)) {
if ($ct->isCollectionTypeIncludedInComposer()) {
$h = Loader::helper('concrete/dashboard');
if ($cp->canEditPageProperties() && $h->canAccessComposer()) {
$canCompose = true;
}
}
}
$isTrash = $c->getCollectionPath() == TRASH_PAGE_PATH;
if ($isTrash || $isInTrash) {
$pk = PermissionKey::getByHandle('empty_trash');
if (!$pk->validate()) {
return false;
}
}
$cIcon = $c->getCollectionIcon();
$cAlias = $c->isAlias();
$cPointerID = $c->getCollectionPointerID();
if ($cAlias) {
if ($cPointerID > 0) {
$cIcon = ASSETS_URL_IMAGES . '/icons/alias.png';
$cAlias = 'POINTER';
$cID = $c->getCollectionPointerOriginalID();
} else {
$cIcon = ASSETS_URL_IMAGES . '/icons/alias_external.png';
$cAlias = 'LINK';
}
}
$node = array('cvName' => $cvName, 'cIcon' => $cIcon, 'cAlias' => $cAlias, 'isInTrash' => $isInTrash, 'isTrash' => $isTrash, 'numSubpages' => $numSubpages, 'status' => $status, 'canEditPageProperties' => $canEditPageProperties, 'canEditPageSpeedSettings' => $canEditPageSpeedSettings, 'canEditPagePermissions' => $canEditPagePermissions, 'canEditPageDesign' => $canEditPageDesign, 'canViewPageVersions' => $canViewPageVersions, 'canDeletePage' => $canDeletePage, 'canAddSubpages' => $canAddSubpages, 'canAddExternalLinks' => $canAddExternalLinks, 'canCompose' => $canCompose, 'id' => $cID, 'selected' => $selected);
if ($cID == 1 || $nodeOpen && $autoOpenNodes) {
// We open another level
$node['subnodes'] = $this->getSubNodes($cID, $level, false, $autoOpenNodes);
}
return $node;
}
if ($cp->canEditPagePermissions()) {
$editAccess = array();
$viewAccess = array();
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($c);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$group = $ae->getGroupObject();
if (is_object($group)) {
$viewAccess[] = $group->getGroupID();
}
}
}
$pk = PermissionKey::getByHandle('edit_page_contents');
$pk->setPermissionObject($c);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$group = $ae->getGroupObject();
if (is_object($group)) {
$editAccess[] = $group->getGroupID();
}
}
}
Loader::model('search/group');
$gl = new GroupSearch();
$gl->sortBy('gID', 'asc');
$gIDs = $gl->get();
public function __construct()
{
$pk = PermissionKey::getByHandle('move_or_copy_page');
parent::__construct($pk);
}
public function view()
{
$assignment = PermissionKey::getByHandle('edit_user_properties')->getMyAssignment();
$vals = Loader::helper('validation/strings');
$valt = Loader::helper('validation/token');
$valc = Loader::helper('concrete/validation');
if ($_POST['create']) {
$username = trim($_POST['uName']);
$username = preg_replace("/\\s+/", " ", $username);
$_POST['uName'] = $username;
$password = $_POST['uPassword'];
if (!$vals->email($_POST['uEmail'])) {
$this->error->add(t('Invalid email address provided.'));
} else {
if (!$valc->isUniqueEmail($_POST['uEmail'])) {
$this->error->add(t("The email address '%s' is already in use. Please choose another.", $_POST['uEmail']));
}
}
if (strlen($username) < USER_USERNAME_MINIMUM) {
$this->error->add(t('A username must be between at least %s characters long.', USER_USERNAME_MINIMUM));
}
if (strlen($username) > USER_USERNAME_MAXIMUM) {
$this->error->add(t('A username cannot be more than %s characters long.', USER_USERNAME_MAXIMUM));
}
if (strlen($username) >= USER_USERNAME_MINIMUM && !$valc->username($username)) {
if (USER_USERNAME_ALLOW_SPACES) {
$this->error->add(t('A username may only contain letters, numbers and spaces.'));
} else {
$this->error->add(t('A username may only contain letters or numbers.'));
}
}
if (!$valc->isUniqueUsername($username)) {
$this->error->add(t("The username '%s' already exists. Please choose another", $username));
}
if ($username == USER_SUPER) {
$this->error->add(t('Invalid Username'));
}
if (strlen($password) < USER_PASSWORD_MINIMUM || strlen($password) > USER_PASSWORD_MAXIMUM) {
$this->error->add(t('A password must be between %s and %s characters', USER_PASSWORD_MINIMUM, USER_PASSWORD_MAXIMUM));
}
if (strlen($password) >= USER_PASSWORD_MINIMUM && !$valc->password($password)) {
$this->error->add(t('A password may not contain ", \', >, <, or any spaces.'));
}
if (!$valt->validate('create_account')) {
$this->error->add($valt->getErrorMessage());
}
Loader::model("attribute/categories/user");
$aks = UserAttributeKey::getRegistrationList();
foreach ($aks as $uak) {
if ($uak->isAttributeKeyRequiredOnRegister()) {
$e1 = $uak->validateAttributeForm();
if ($e1 == false) {
$this->error->add(t('The field "%s" is required', $uak->getAttributeKeyName()));
} else {
if ($e1 instanceof ValidationErrorHelper) {
$this->error->add($e1->getList());
}
}
}
}
if (!$this->error->has()) {
// do the registration
$data = array('uName' => $username, 'uPassword' => $password, 'uEmail' => $_POST['uEmail'], 'uDefaultLanguage' => $_POST['uDefaultLanguage']);
$uo = UserInfo::add($data);
if (is_object($uo)) {
$av = Loader::helper('concrete/avatar');
if ($assignment->allowEditAvatar()) {
if (is_uploaded_file($_FILES['uAvatar']['tmp_name'])) {
$uHasAvatar = $av->updateUserAvatar($_FILES['uAvatar']['tmp_name'], $uo->getUserID());
}
}
foreach ($aks as $uak) {
if (in_array($uak->getAttributeKeyID(), $assignment->getAttributesAllowedArray())) {
$uak->saveAttributeForm($uo);
}
}
$gak = PermissionKey::getByHandle('assign_user_groups');
$gIDs = array();
if (is_array($_POST['gID'])) {
foreach ($_POST['gID'] as $gID) {
if ($gak->validate($gID)) {
$gIDs[] = $gID;
}
}
}
$uo->updateGroups($gIDs);
$uID = $uo->getUserID();
$this->redirect('/dashboard/users/search?uID=' . $uID . '&user_created=1');
} else {
$this->error->add(t('An error occurred while trying to create the account.'));
$this->set('error', $this->error);
}
} else {
$this->set('error', $this->error);
}
}
}
public function __construct()
{
$pk = PermissionKey::getByHandle('edit_page_permissions');
parent::__construct($pk);
}
public function __construct() {
$pk = PermissionKey::getByHandle('delete_page');
parent::__construct($pk);
}
public function __construct()
{
$pk = PermissionKey::getByHandle('approve_page_versions');
parent::__construct($pk);
}
if (is_array($_REQUEST['uID'])) {
foreach ($_REQUEST['uID'] as $uID) {
$ui = UserInfo::getByID($uID);
$users[] = $ui;
}
}
foreach ($users as $ui) {
$up = new Permissions($ui);
if (!$up->canViewUser()) {
die(t("Access Denied."));
}
}
if ($_POST['task'] == 'activate') {
$workflowAttached = false;
// check if workflow is attached to this request
$pk = PermissionKey::getByHandle('activate_user');
$pa = $pk->getPermissionAccessObject();
$workflows = $pa->getWorkflows();
$workflowAttached = count($workflows);
if ($workflowAttached) {
// workflow is attached
$hudMessage = t('User Settings saved. You must complete the workflow before this change is active.');
} else {
// workflow is not attached
$hudMessage = t('User Settings saved.');
}
foreach ($users as $ui) {
$workflowRequestActions = array();
// Fetch triggered workflow request actions of current user when workflow is attached to this request
// so that same request action won't trigger twice.
if ($workflowAttached) {
" href="<?php
echo REL_DIR_FILES_TOOLS_REQUIRED;
?>
/edit_area_popup?cID=<?php
echo $c->getCollectionID();
?>
&arHandle=<?php
echo urlencode($a->getAreaHandle());
?>
&atask=groups"><?php
echo t("Permissions");
?>
</a></li><?php
}
if ($a instanceof SubArea) {
$pk = PermissionKey::getByHandle('manage_layout_presets');
$ax = $a->getSubAreaParentPermissionsObject();
$axp = new Permissions($ax);
if ($axp->canAddLayout()) {
$bx = $a->getSubAreaBlockObject();
if (is_object($bx) && !$bx->isError()) {
?>
<li class="divider"></li>
<li><a href="javascript:void(0)" data-container-layout-block-id="<?php
echo $bx->getBlockID();
?>
" data-menu-action="edit-container-layout" data-area-grid-maximum-columns="<?php
echo $a->getAreaGridMaximumColumns();
?>
"><?php
echo t("Edit Container Layout");
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="navbar-form">
<?php
if (PermissionKey::getByHandle('remove_topic_tree')->validate() && is_object($tree)) {
?>
<button type="button" data-dialog="delete-topic-tree" class="btn btn-danger btn-sm"><?php
echo t('Delete Topic Tree');
?>
</button>
<?php
}
?>
<?php
if (PermissionKey::getByHandle('add_topic_tree')->validate()) {
?>
<button onclick="window.location.href='<?php
echo $view->url('/dashboard/system/attributes/topics/add');
?>
'" class="btn btn-default btn-sm"><?php
echo t('Add Topic Tree');
?>
</button>
<?php
}
?>
</li>
</ul>
</div>
</nav>
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$searchInstance = Loader::helper('text')->entities($_REQUEST['searchInstance']);
if (!strlen($searchInstance)) {
$searchInstance = 'user';
}
$form = Loader::helper('form');
$ih = Loader::helper('concrete/interface');
$tp = new TaskPermission();
$token = Loader::helper('validation/token');
$sk = PermissionKey::getByHandle('access_user_search');
$gk = PermissionKey::getByHandle('assign_user_groups');
if (!$gk->validate()) {
die(t("Access Denied."));
}
$users = array();
if (is_array($_REQUEST['uID'])) {
foreach ($_REQUEST['uID'] as $uID) {
$ui = UserInfo::getByID($uID);
$users[] = $ui;
}
}
foreach ($users as $ui) {
if (!$sk->validate($ui)) {
die(t("Access Denied."));
}
}
Loader::model('search/group');
$gl = new GroupSearch();
$gl->setItemsPerPage(-1);
<? } ?>
</ul>
</div>
</div>
<div class="clearfix">
<label><?php
echo t('Additional Attributes');
?>
</label>
<div class="input">
<ul class="inputs-list">
<?
$pk = PermissionKey::getByHandle('view_user_attributes');
foreach($list as $ak) {
if ($pk->validate($ak)) { ?>
<li><label><?php
echo $form->checkbox('ak_' . $ak->getAttributeKeyHandle(), 1, $fldc->contains($ak));
?>
<span><?php
echo tc('AttributeKeyName', $ak->getAttributeKeyName());
?>
</span></label></li>
<? }
}?>
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$pk = PermissionKey::getByHandle('empty_trash');
if (!$pk->validate()) {
die(t("Access Denied."));
}
$trash = Page::getByPath(Config::get('concrete.paths.trash'));
$i = 0;
if (is_object($trash) && !$trash->isError()) {
$pl = new PageList();
$pl->filterByParentID($trash->getCollectionID());
$pl->includeInactivePages();
$pl->setPageVersionToRetrieve(\Concrete\Core\Page\PageList::PAGE_VERSION_RECENT);
$pages = $pl->getResults();
foreach ($pages as $pc) {
$cp = new Permissions($pc);
if ($cp->canDeletePage()) {
++$i;
$pc->delete();
}
}
}
$message = t2('%d page deleted.', '%d pages deleted.', $i, $i);
$obj = new stdClass();
$obj->message = $message;
echo Loader::helper('json')->encode($obj);
public function delete($delUserId, $token = null){
$u=new User();
try {
$delUI=UserInfo::getByID($delUserId);
if(!($delUI instanceof UserInfo)) {
throw new Exception(t('Invalid user ID.'));
}
if (!PermissionKey::getByHandle('access_user_search')->validate($delUI)) {
throw new Exception(t('Access Denied.'));
}
$tp = new TaskPermission();
if (!$tp->canDeleteUser()) {
throw new Exception(t('You do not have permission to perform this action.'));
}
if ($delUserId == USER_SUPER_ID) {
throw new Exception(t('You may not remove the super user account.'));
}
if($delUserId==$u->getUserID()) {
throw new Exception(t('You cannot delete your own user account.'));
}
$valt = Loader::helper('validation/token');
if (!$valt->validate('delete_account', $token)) {
throw new Exception($valt->getErrorMessage());
}
$delUI->delete();
$resultMsg=t('User deleted successfully.');
$_REQUEST=array();
$_GET=array();
$_POST=array();
$this->set('message', $resultMsg);
} catch (Exception $e) {
$this->set('error', $e);
}
$this->view();
}
