public function view() { $categories = array(); $c = Page::getCurrentPage(); $children = $c->getCollectionChildrenArray(true); foreach($children as $cID) { $nc = Page::getByID($cID, 'ACTIVE'); $ncp = new Permissions($nc); if ($ncp->canRead() && (!$nc->getAttribute('exclude_nav'))) { $categories[] = $nc; } } $this->set('categories', $categories); }
protected static function isValidStack($stack) { $parent = Page::getByPath(STACKS_PAGE_PATH); if ($stack->getCollectionParentID() != $parent->getCollectionID()) { return false; } $as = Area::get($stack, STACKS_AREA_NAME); $asp = new Permissions($as); if (!$asp->canRead()) { return false; } return true; }
public function view_inline($fID) { $file = File::getByID($fID); $fp = new Permissions($file); if (!$fp->canRead()) { return false; } $mimeType = $file->getMimeType(); $fc = Loader::helper('file'); $contents = $fc->getContents($file->getPath()); header("Content-type: {$mimeType}"); print $contents; exit; }
function loadFileSet(){ if (intval($this->fsID) < 1) { return false; } Loader::helper('concrete/file'); Loader::model('file_attributes'); Loader::library('file/types'); Loader::model('file_list'); Loader::model('file_set'); $ak = FileAttributeKey::getByHandle('height'); $fs = FileSet::getByID($this->fsID); $fileList = new FileList(); $fileList->filterBySet($fs); $fileList->filterByType(FileType::T_IMAGE); $fileList->sortByFileSetDisplayOrder(); $files = $fileList->get(1000,0); $image = array(); $image['duration'] = $this->duration; $image['fadeDuration'] = $this->fadeDuration; $image['groupSet'] = 0; $image['url'] = ''; $images = array(); $maxHeight = 0; foreach ($files as $f) { $fp = new Permissions($f); if(!$fp->canRead()) { continue; } $image['fID'] = $f->getFileID(); $image['fileName'] = $f->getFileName(); $image['fullFilePath'] = $f->getPath(); $image['url'] = $f->getRelativePath(); // find the max height of all the images so slideshow doesn't bounce around while rotating $vo = $f->getAttributeValueObject($ak); if (is_object($vo)) { $image['imgHeight'] = $vo->getValue('height'); } if ($maxHeight == 0 || $image['imgHeight'] > $maxHeight) { $maxHeight = $image['imgHeight']; } $images[] = $image; } $this->images = $images; }
public function view() { $this->enableNativeMobile(); $categories = array(); $c = Page::getCurrentPage(); $children = $c->getCollectionChildrenArray(true); foreach ($children as $cID) { $nc = Page::getByID($cID, 'ACTIVE'); $ncp = new Permissions($nc); if ($ncp->canRead()) { $categories[] = $nc; } } $this->set('categories', $categories); }
public static function getUnsortedPermittedFilesetImages($fsID) { Loader::model('file_set'); Loader::model('file_list'); $fsHasDisplayOrder = version_compare(APP_VERSION, '5.4.1', '>='); $fs = FileSet::getByID($fsID); $fl = new FileList(); $fl->filterBySet($fs); $fl->filterByType(FileType::T_IMAGE); if ($fsHasDisplayOrder) { $fl->sortByFileSetDisplayOrder(); } $all_files = $fl->get(); $permitted_files = array(); foreach ($all_files as $f) { $fp = new Permissions($f); if ($fp->canRead()) { $permitted_files[] = $f; } } return $permitted_files; }
public function on_page_view() { $stack = Stack::getByID($this->stID); $p = new Permissions($stack); if ($p->canRead()) { $blocks = $stack->getBlocks(); foreach($blocks as $b) { $bp = new Permissions($b); if ($bp->canRead()) { $btc = $b->getInstance(); if('Controller' != get_class($btc)){ $btc->outputAutoHeaderItems(); } $csr = $b->getBlockCustomStyleRule(); if (is_object($csr)) { $styleHeader = '#'.$csr->getCustomStyleRuleCSSID(1).' {'. $csr->getCustomStyleRuleText(). "} \r\n"; $btc->addHeaderItem("<style type=\"text/css\"> \r\n".$styleHeader.'</style>', 'VIEW'); } $btc->runTask('on_page_view', array($view)); } } } }
public function on_start() { $c = Page::getByPath('/dashboard/blocks/stacks'); $cp = new Permissions($c); if ($cp->canRead()) { $c = Page::getCurrentPage(); $pcp = new Permissions($c); if ((!$pcp->canReadVersions()) || ($_GET['vtask'] != 'view_versions' && $_GET['vtask'] != 'compare')) { $cID = $c->getCollectionID(); $this->redirect('/dashboard/blocks/stacks','view_details', $cID); } else { $this->theme = 'dashboard'; } } else { global $c; // ugh $v = View::getInstance(); $c = new Page(); $c->loadError(COLLECTION_NOT_FOUND); $v->setCollectionObject($c); $this->c = $c; $cont = Loader::controller("/page_not_found"); $v->setController($cont); $v->render('/page_not_found'); } }
$obj->arHandle = $a->getAreaHandle(); $obj->error = false; print Loader::helper('json')->encode($obj); exit; //header('Location: ' . BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '?cID=' . $redirectCID . '&mode=edit' . $step); //exit; } break; case 'passthru': if (isset($_GET['bID']) && isset($_GET['arHandle'])) { $a = Area::get($c, $_GET['arHandle']); $b = Block::getByID($_GET['bID'], $c, $a); // basically, we hand off the current request to the block // which handles permissions and everything $p = new Permissions($b); if ($p->canRead()) { $action = $b->passThruBlock($_REQUEST['method']); } } break; } } if ($_GET['atask'] && $valt->validate()) { switch ($_GET['atask']) { case 'update': if ($cp->canAdminPage()) { $area = Area::get($c, $_GET['arHandle']); if (is_object($area)) { if ($_POST['aRevertToPagePermissions']) { $area->revertToPagePermissions(); } else {
defined('C5_EXECUTE') or die("Access Denied."); $u = new User(); $form = Loader::helper('form'); $respw = array(); $fileIDs = array(); $files = array(); if (is_array($_REQUEST['fID'])) { $fileIDs = $_REQUEST['fID']; } else { $fileIDs[] = $_REQUEST['fID']; } foreach ($fileIDs as $fID) { $f = File::getByID($fID); $fp = new Permissions($f); if ($fp->canRead()) { $files[] = $f; } } if (count($files) == 0) { die(t("Access Denied.")); } $i = 0; foreach ($files as $f) { $ats = $f->getAttributeList(); $resp[$i]['error'] = false; $resp[$i]['filePathDirect'] = $f->getRelativePath(); $resp[$i]['filePathInline'] = View::url('/download_file', 'view_inline', $f->getFileID()); $resp[$i]['filePath'] = View::url('/download_file', 'view', $f->getFileID()); $resp[$i]['title'] = $f->getTitle(); $resp[$i]['fileName'] = $f->getFilename();
?> </form> </div> </div> <?php if (count($stacks) > 0) { ?> <ul id="ccm-stack-list" class="item-select-list item-select-list-groups"> <?php foreach ($stacks as $s) { $as = Area::get($s, STACKS_AREA_NAME); $asp = new Permissions($as); if ($asp->canRead() && $ap->canAddStackToArea($s)) { ?> <li class="ccm-stack-available"> <a onclick="ccmStackSearchResetKeys()" dialog-on-destroy="ccmStackSearchMapKeys()" class="dialog-launch ccm-block-type-inner" dialog-on-close="ccm_blockWindowAfterClose()" dialog-append-buttons="true" dialog-modal="false" dialog-width="620" dialog-height="400" dialog-title="<?php echo $s->getCollectionName(); ?> <?php echo t('Contents'); ?> " href="<?php echo REL_DIR_FILES_TOOLS_REQUIRED; ?> /edit_area_popup.php?atask=add_stack_contents&cID=<?php echo $c->getCollectionID(); ?>
switch ($_GET['atask']) { case 'add': $toolSection = "block_area_add_new"; $canViewPane = $ap->canAddBlocks(); break; case 'add_from_stack': $toolSection = "block_area_add_stack"; $canViewPane = $ap->canAddStacks(); break; case 'add_stack_contents': $toolSection = "block_area_add_stack_contents"; $stack = Stack::getByID($_REQUEST['stackID']); $canViewPane = false; if (is_object($stack)) { $stp = new Permissions($stack); $canViewPane = $stp->canRead() && $ap->canAddStacks(); } break; case 'paste': $toolSection = "block_area_add_scrapbook"; $canViewPane = $ap->canAddBlocks(); break; case 'layout': $originalLayoutId = intval($_REQUEST['originalLayoutID']) ? intval($_REQUEST['originalLayoutID']) : intval($_REQUEST['layoutID']); $args['refreshAction'] = REL_DIR_FILES_TOOLS_REQUIRED . '/edit_area_popup?atask=layout&cID=' . $c->getCollectionID() . '&arHandle=' . $a->getAreaHandle() . '&refresh=1&originalLayoutID=' . $originalLayoutId . '&cvalID=' . $_REQUEST['cvalID'] . '&areaNameNumber=' . intval($_REQUEST['areaNameNumber']); $toolSection = "block_area_layout"; $canViewPane = $ap->canAddLayoutToArea(); $args['action'] = $a->getAreaUpdateAction('layout') . '&originalLayoutID=' . $originalLayoutId . '&cvalID=' . intval($_REQUEST['cvalID']) . '&areaNameNumber=' . intval($_REQUEST['areaNameNumber']); break; case 'design': $toolSection = 'custom_style';
<? defined('C5_EXECUTE') or die("Access Denied."); $u = new User(); $form = Loader::helper('form'); $f = File::getByID($_REQUEST['fID']); if (isset($_REQUEST['fvID'])) { $fv = $f->getVersion($_REQUEST['fvID']); } else { $fv = $f->getApprovedVersion(); } $fp = new Permissions($f); if (!$fp->canRead()) { die(t("Access Denied.")); } ?> <div style="text-align: center"> <? $to = $fv->getTypeObject(); if ($to->getPackageHandle() != '') { Loader::packageElement('files/view/' . $to->getView(), $to->getPackageHandle(), array('fv' => $fv)); } else { Loader::element('files/view/' . $to->getView(), array('fv' => $fv)); } ?> </div> <div class="dialog-buttons"> <form method="post" action="<?php
?> </a> <small><?php echo $cat->getCollectionDescription(); ?> </small> </h3> </div> <?php $show = array(); $subcats = $cat->getCollectionChildrenArray(true); foreach ($subcats as $catID) { $subcat = Page::getByID($catID, 'ACTIVE'); $catp = new Permissions($subcat); if ($catp->canRead() && $subcat->getAttribute('exclude_nav') != 1) { $show[] = $subcat; } } if (count($show) > 0) { ?> <div class="clearfix"> <?php foreach ($show as $subcat) { ?> <div class="span4"> <a href="<?php echo Loader::helper('navigation')->getLinkToCollection($cat);
protected function finishLogin($loginData = array()) { $u = new User(); if ($this->post('uMaintainLogin')) { $u->setUserForeverCookie(); } if (count($this->locales) > 0) { if (Config::get('LANGUAGE_CHOOSE_ON_LOGIN') && $this->post('USER_LOCALE') != '') { $u->setUserDefaultLanguage($this->post('USER_LOCALE')); } } // Verify that the user has filled out all // required items that are required on register // That means users logging in after new user attributes // have been created and required will be prompted here to // finish their profile $this->set('invalidRegistrationFields', false); Loader::model('attribute/categories/user'); $ui = UserInfo::getByID($u->getUserID()); $aks = UserAttributeKey::getRegistrationList(); $unfilledAttributes = array(); foreach ($aks as $uak) { if ($uak->isAttributeKeyRequiredOnRegister()) { $av = $ui->getAttributeValueObject($uak); if (!is_object($av)) { $unfilledAttributes[] = $uak; } } } if ($this->post('completePartialProfile')) { foreach ($unfilledAttributes as $uak) { $e1 = $uak->validateAttributeForm(); if ($e1 == false) { $this->error->add(t('The field "%s" is required', $uak->getAttributeKeyName())); } else { if ($e1 instanceof ValidationErrorHelper) { $this->error->add($e1); } } } if (!$this->error->has()) { // the user has needed to complete a partial profile, and they have done so, // and they have no errors. So we save our profile data against the account. foreach ($unfilledAttributes as $uak) { $uak->saveAttributeForm($ui); $unfilledAttributes = array(); } } } if (count($unfilledAttributes) > 0) { $u->logout(); $this->set('invalidRegistrationFields', true); $this->set('unfilledAttributes', $unfilledAttributes); } $txt = Loader::helper('text'); $rcID = $this->post('rcID'); $nh = Loader::helper('validation/numbers'); //set redirect url if ($nh->integer($rcID)) { $nh = Loader::helper('navigation'); $rc = Page::getByID($rcID); $url = $nh->getLinkToCollection($rc, true); $loginData['redirectURL'] = $url; } elseif (strlen($rcID)) { $rcID = trim($rcID, '/'); $nc2 = Page::getByPath('/' . $rcID); if (is_object($nc2) && !$nc2->isError()) { $loginData['redirectURL'] = BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '/' . $rcID; } } /* //full page login redirect (non-ajax login) if( strlen($loginData['redirectURL']) && $_REQUEST['format']!='JSON' ){ header('Location: ' . $loginData['redirectURL']); exit; } */ $dash = Page::getByPath("/dashboard", "RECENT"); $dbp = new Permissions($dash); Events::fire('on_user_login', $this); //End JSON Login if ($_REQUEST['format'] == 'JSON') { return $loginData; } //should administrator be redirected to dashboard? defaults to yes if not set. $adminToDash = intval(Config::get('LOGIN_ADMIN_TO_DASHBOARD')); //Full page login, standard redirection $u = new User(); // added for the required registration attribute change above. We recalc the user and make sure they're still logged in if ($u->isRegistered()) { if ($u->config('NEWSFLOW_LAST_VIEWED') == 'FIRSTRUN') { $u->saveConfig('NEWSFLOW_LAST_VIEWED', 0); } if ($loginData['redirectURL']) { //make double secretly sure there's no caching going on header("Cache-Control: no-store, no-cache, must-revalidate"); header("Pragma: no-cache"); header('Expires: Fri, 30 Oct 1998 14:19:41 GMT'); //in the past $this->externalRedirect($loginData['redirectURL']); } else { if ($dbp->canRead() && $adminToDash) { $this->redirect('/dashboard'); } else { //options set in dashboard/users/registration $login_redirect_cid = intval(Config::get('LOGIN_REDIRECT_CID')); $login_redirect_mode = Config::get('LOGIN_REDIRECT'); //redirect to user profile if ($login_redirect_mode == 'PROFILE' && ENABLE_USER_PROFILES) { $this->redirect('/profile/', $u->uID); //redirect to custom page } elseif ($login_redirect_mode == 'CUSTOM' && $login_redirect_cid > 0) { $redirectTarget = Page::getByID($login_redirect_cid); if (intval($redirectTarget->cID) > 0) { $this->redirect($redirectTarget->getCollectionPath()); } else { $this->redirect('/'); } //redirect home } else { $this->redirect('/'); } } } } }
protected function displayPage($tc) { if ($tc->isSystemPage() && !$this->displaySystemPages) { return false; } $tcv = $tc->getVersionObject(); if (!is_object($tcv) || !$tcv->isApproved() && !$this->displayUnapproved) { return false; } if ($this->displayUnavailablePages == false) { $tcp = new Permissions($tc); if (!$tcp->canRead() && $tc->getCollectionPointerExternalLink() == null) { return false; } } return true; }
protected function displayPage($tc) { if ($tc->isSystemPage() && (!$this->displaySystemPages)) { if ($tc->getCollectionPath() == '/members' && Config::get('ENABLE_USER_PROFILES')) { return true; } return false; } $tcv = $tc->getVersionObject(); if ((!is_object($tcv)) || (!$tcv->isApproved() && !$this->displayUnapproved)) { return false; } if ($this->displayUnavailablePages == false) { $tcp = new Permissions($tc); if (!$tcp->canRead() && ($tc->getCollectionPointerExternalLink() == null)) { return false; } } return true; }
/** * render takes one argument - the item being rendered - and it can either be a path or a page object * @access public * @param string $view * @param array $args * @return void */ public function render($view, $args = null) { if (is_array($args)) { extract($args); } // strip off a slash if there is one at the end if (is_string($view)) { if (substr($view, strlen($view) - 1) == '/') { $view = substr($view, 0, strlen($view) - 1); } } $dsh = Loader::helper('concrete/dashboard'); $wrapTemplateInTheme = false; $this->checkMobileView(); if (defined('DB_DATABASE') && $view !== '/upgrade') { Events::fire('on_start', $this); } // Extract controller information from the view, and put it in the current context if (!isset($this->controller)) { $this->controller = Loader::controller($view); $this->controller->setupAndRun(); } if ($this->controller->getRenderOverride() != '') { $view = $this->controller->getRenderOverride(); } // Determine which inner item to load, load it, and stick it in $innerContent $content = false; ob_start(); if ($view instanceof Page) { $_pageBlocks = $view->getBlocks(); if (!$dsh->inDashboard()) { $_pageBlocksGlobal = $view->getGlobalBlocks(); $_pageBlocks = array_merge($_pageBlocks, $_pageBlocksGlobal); } // do we have any custom menu plugins? $cp = new Permissions($view); if ($cp->canViewToolbar()) { $ih = Loader::helper('concrete/interface/menu'); $_interfaceItems = $ih->getPageHeaderMenuItems(); foreach ($_interfaceItems as $_im) { $_controller = $_im->getController(); $_controller->outputAutoHeaderItems(); } unset($_interfaceItems); unset($_im); unset($_controller); } unset($_interfaceItems); unset($_im); unset($_controller); // now, we output all the custom style records for the design tab in blocks/areas on the page $c = $this->getCollectionObject(); $view->outputCustomStyleHeaderItems(); $viewPath = $view->getCollectionPath(); $this->viewPath = $viewPath; $cFilename = $view->getCollectionFilename(); $ctHandle = $view->getCollectionTypeHandle(); $editMode = $view->isEditMode(); $c = $view; $this->c = $c; $env = Environment::get(); // $view is a page. It can either be a SinglePage or just a Page, but we're not sure at this point, unfortunately if ($view->getCollectionTypeID() == 0 && $cFilename) { $wrapTemplateInTheme = true; $cFilename = trim($cFilename, '/'); $content = $env->getPath(DIRNAME_PAGES . '/' . $cFilename, $view->getPackageHandle()); $themeFilename = $c->getCollectionHandle() . '.php'; } else { $rec = $env->getRecord(DIRNAME_PAGE_TYPES . '/' . $ctHandle . '.php', $view->getPackageHandle()); if ($rec->exists()) { $wrapTemplateInTheme = true; $content = $rec->file; } $themeFilename = $ctHandle . '.php'; } } else { if (is_string($view)) { // if we're passing a view but our render override is not null, that means that we're passing // a new view from within a controller. If that's the case, then we DON'T override the viewPath, we want to keep it // In order to enable editable 404 pages, other editable pages that we render without actually visiting if (defined('DB_DATABASE') && $view == '/page_not_found') { $pp = Page::getByPath($view); if (!$pp->isError()) { $this->c = $pp; } } $viewPath = $view; if ($this->controller->getRenderOverride() != '' && $this->getCollectionObject() != null) { // we are INSIDE a collection renderring a view. Which means we want to keep the viewPath that of the collection $this->viewPath = $this->getCollectionObject()->getCollectionPath(); } // we're just passing something like "/login" or whatever. This will typically just be // internal Concrete stuff, but we also prepare for potentially having something in DIR_FILES_CONTENT (ie: the webroot) if (file_exists(DIR_FILES_CONTENT . "/{$view}/" . FILENAME_COLLECTION_VIEW)) { $content = DIR_FILES_CONTENT . "/{$view}/" . FILENAME_COLLECTION_VIEW; } else { if (file_exists(DIR_FILES_CONTENT . "/{$view}.php")) { $content = DIR_FILES_CONTENT . "/{$view}.php"; } else { if (file_exists(DIR_FILES_CONTENT_REQUIRED . "/{$view}/" . FILENAME_COLLECTION_VIEW)) { $content = DIR_FILES_CONTENT_REQUIRED . "/{$view}/" . FILENAME_COLLECTION_VIEW; } else { if (file_exists(DIR_FILES_CONTENT_REQUIRED . "/{$view}.php")) { $content = DIR_FILES_CONTENT_REQUIRED . "/{$view}.php"; } else { if ($this->getCollectionObject() != null && $this->getCollectionObject()->isGeneratedCollection() && $this->getCollectionObject()->getPackageID() > 0) { //This is a single_page associated with a package, so check the package views as well $pagePkgPath = Package::getByID($this->getCollectionObject()->getPackageID())->getPackagePath(); if (file_exists($pagePkgPath . "/single_pages/{$view}/" . FILENAME_COLLECTION_VIEW)) { $content = $pagePkgPath . "/single_pages/{$view}/" . FILENAME_COLLECTION_VIEW; } else { if (file_exists($pagePkgPath . "/single_pages/{$view}.php")) { $content = $pagePkgPath . "/single_pages/{$view}.php"; } } } } } } } $wrapTemplateInTheme = true; $themeFilename = $view . '.php'; } } if (is_object($this->c)) { $c = $this->c; if (defined('DB_DATABASE') && ($view == '/page_not_found' || $view == '/login')) { $view = $c; $req = Request::get(); $req->setCurrentPage($c); $_pageBlocks = $view->getBlocks(); $_pageBlocksGlobal = $view->getGlobalBlocks(); $_pageBlocks = array_merge($_pageBlocks, $_pageBlocksGlobal); } } if (is_array($_pageBlocks)) { foreach ($_pageBlocks as $b1) { $b1p = new Permissions($b1); if ($b1p->canRead()) { $btc = $b1->getInstance(); // now we inject any custom template CSS and JavaScript into the header if ('Controller' != get_class($btc)) { $btc->outputAutoHeaderItems(); } $btc->runTask('on_page_view', array($view)); } } } // Determine which outer item/theme to load // obtain theme information for this collection if (isset($this->themeOverride)) { $theme = $this->themeOverride; } else { if ($this->controller->theme != false) { $theme = $this->controller->theme; } else { if (($tmpTheme = $this->getThemeFromPath($viewPath)) != false) { $theme = $tmpTheme; } else { if (is_object($this->c) && ($tmpTheme = $this->c->getCollectionThemeObject()) != false) { $theme = $tmpTheme; } else { $theme = FILENAME_COLLECTION_DEFAULT_THEME; } } } } $this->setThemeForView($theme, $themeFilename, $wrapTemplateInTheme); // finally, we include the theme (which was set by setTheme and will automatically include innerContent) // disconnect from our db and exit $this->controller->on_before_render(); extract($this->controller->getSets()); extract($this->controller->getHelperObjects()); if ($content != false && !$this->disableContentInclude) { include $content; } $innerContent = ob_get_contents(); if (ob_get_level() > OB_INITIAL_LEVEL) { ob_end_clean(); } if (defined('DB_DATABASE') && $view !== '/upgrade') { Events::fire('on_before_render', $this); } if (defined('APP_CHARSET')) { header("Content-Type: text/html; charset=" . APP_CHARSET); } if (file_exists($this->theme)) { $cache = PageCache::getLibrary(); $shouldAddToCache = $cache->shouldAddToCache($this); if ($shouldAddToCache) { $cache->outputCacheHeaders($c); } ob_start(); include $this->theme; $pageContent = ob_get_contents(); ob_end_clean(); $ret = Events::fire('on_page_output', $pageContent); if ($ret != '') { print $ret; $pageContent = $ret; } else { print $pageContent; } $cache = PageCache::getLibrary(); if ($shouldAddToCache) { $cache->set($c, $pageContent); } } else { throw new Exception(t('File %s not found. All themes need default.php and view.php files in them. Consult concrete5 documentation on how to create these files.', $this->theme)); } if (defined('DB_DATABASE') && $view !== '/upgrade') { Events::fire('on_render_complete', $this); } if (ob_get_level() == OB_INITIAL_LEVEL) { require DIR_BASE_CORE . '/startup/jobs.php'; require DIR_BASE_CORE . '/startup/shutdown.php'; exit; } }
function display(&$c, $alternateBlockArray = null) { if(!intval($c->cID)){ //Invalid Collection return false; } $currentPage = Page::getCurrentPage(); $ourArea = Area::getOrCreate($c, $this->arHandle); if (count($this->customTemplateArray) > 0) { $ourArea->customTemplateArray = $this->customTemplateArray; } if (count($this->attributes) > 0) { $ourArea->attributes = $this->attributes; } if ($this->maximumBlocks > -1) { $ourArea->maximumBlocks = $this->maximumBlocks; } $ap = new Permissions($ourArea); $blocksToDisplay = ($alternateBlockArray) ? $alternateBlockArray : $ourArea->getAreaBlocksArray($c, $ap); $this->totalBlocks = $ourArea->getTotalBlocksInArea(); $u = new User(); $bv = new BlockView(); // now, we iterate through these block groups (which are actually arrays of block objects), and display them on the page if (($this->showControls) && ($c->isEditMode() && ($ap->canAddBlocks() || $u->isSuperUser()))) { $bv->renderElement('block_area_header', array('a' => $ourArea)); } $bv->renderElement('block_area_header_view', array('a' => $ourArea)); //display layouts tied to this area //Might need to move this to a better position $areaLayouts = $this->getAreaLayouts($c); if(is_array($areaLayouts) && count($areaLayouts)){ foreach($areaLayouts as $layout){ $layout->display($c,$this); } if($this->showControls && ($c->isArrangeMode() || $c->isEditMode())) { echo '<div class="ccm-layouts-block-arrange-placeholder ccm-block-arrange"></div>'; } } foreach ($blocksToDisplay as $b) { $bv = new BlockView(); $bv->setAreaObject($ourArea); // this is useful for rendering areas from one page // onto the next and including interactive elements if ($currentPage->getCollectionID() != $c->getCollectionID()) { $b->setBlockActionCollectionID($c->getCollectionID()); } $p = new Permissions($b); if (($p->canWrite() || $p->canDeleteBlock()) && $c->isEditMode() && $this->showControls) { $includeEditStrip = true; } if ($p->canRead()) { if (!$c->isEditMode()) { echo $this->enclosingStart; } if ($includeEditStrip) { $bv->renderElement('block_controls', array( 'a' => $ourArea, 'b' => $b, 'p' => $p )); $bv->renderElement('block_header', array( 'a' => $ourArea, 'b' => $b, 'p' => $p )); } $bv->render($b); if ($includeEditStrip) { $bv->renderElement('block_footer'); } if (!$c->isEditMode()) { echo $this->enclosingEnd; } } } $bv->renderElement('block_area_footer_view', array('a' => $ourArea)); if (($this->showControls) && ($c->isEditMode() && ($ap->canAddBlocks() || $u->isSuperUser()))) { $bv->renderElement('block_area_footer', array('a' => $ourArea)); } }
} ?> <div style="display: none"> <div class="btn-group" id="ccm-account-menu"> <a class="btn btn-default" href="<?=Core::make('helper/navigation')->getLinkToCollection($account)?>"><i class="fa fa-user"></i> <?=t('My Account')?></a> <button class="btn btn-default dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"> <span class="caret"></span> </button> <ul class="dropdown-menu pull-right" role="menu"> <? $children = $account->getCollectionChildrenArray(true); foreach($children as $cID) { $nc = Page::getByID($cID, 'ACTIVE'); $ncp = new Permissions($nc); if ($ncp->canRead() && (!$nc->getAttribute('exclude_nav'))) { $categories[] = $nc; } } foreach($categories as $cc) { ?> <li><a href="<?=Core::make('helper/navigation')->getLinkToCollection($cc)?>"><?=h(t($cc->getCollectionName()))?></a></li><? } ?> <li class="divider"></li> <li><a href="<?=URL::to('/')?>"><i class="fa fa-home"></i> <?=t("Home")?></a></li> <li><a href="<?=URL::to('/login', 'logout', Loader::helper('validation/token')->generate('logout'))?>"><i class="fa fa-sign-out"></i> <?=t("Sign Out")?></a></li> </ul> </div> </div>
public static function getPermittedFilesetImages($fsID, $use_file_props_for_title_and_caption = false) { Loader::model('file_set'); Loader::model('file_list'); $fsHasDisplayOrder = version_compare(APP_VERSION, '5.4.1', '>='); $fs = FileSet::getByID($fsID); $fl = new FileList(); $fl->filterBySet($fs); $fl->filterByType(FileType::T_IMAGE); if ($fsHasDisplayOrder) { $fl->sortByFileSetDisplayOrder(); } $all_files = $fl->get(); $permitted_files = array(); foreach ($all_files as $f) { $fp = new Permissions($f); if ($fp->canRead()) { $fv = $f->getRecentVersion(); $permitted_files[$f->fID] = array('file' => $f, 'fID' => $f->fID, 'position' => $fsHasDisplayOrder ? $f->fsDisplayOrder : 0, 'title' => $use_file_props_for_title_and_caption ? $fv->getTitle() : '', 'caption' => $use_file_props_for_title_and_caption ? $fv->getDescription() : ''); } } return $permitted_files; }
//Permissions Check $nh = Loader::helper('validation/numbers'); if($_GET['bID'] && $_GET['cID'] && $nh->integer($_GET['bID']) && $nh->integer($_GET['cID'])) { $c = Page::getByID($_GET['cID']); if (is_object($c) && !$c->isError()) { $a = Area::get($c, $_GET['arHandle']); //edit survey mode $b = Block::getByID($_GET['bID'],$c, $a); $controller = new PageListBlockController($b); $rssUrl = $controller->getRssUrl($b); $bp = new Permissions($b); if( $bp->canRead() && $controller->rss && ($b->getBlockFilename() == 'blog_index.php' || $b->getBlockFilename() == 'blog_index')) { $cArray = $controller->getPages(); $nh = Loader::helper('navigation'); header('Content-type: text/xml'); echo "<" . "?" . "xml version=\"1.0\"?>\n"; ?> <rss version="2.0"> <channel> <title><?php echo $controller->rssTitle?></title> <link><?php echo BASE_URL.$rssUrl?></link> <description><?php echo $controller->rssDescription?></description> <?php for ($i = 0; $i < count($cArray); $i++ ) {
} if (isset($_REQUEST['destCID'] ) && is_numeric($_REQUEST['destCID'])) { $dc = Page::getByID($_REQUEST['destCID']); } $valt = Loader::helper('validation/token'); $json = array(); $json['error'] = false; $json['message'] = false; if (is_object($oc) && is_object($dc)) { $ocp = new Permissions($oc); $dcp = new Permissions($dc); $ct = CollectionType::getByID($dc->getCollectionTypeID()); if (!$ocp->canRead()) { $error = t("You cannot view the source page."); } else if (!$dcp->canAddSubContent($ct)) { $error = t("You do not have sufficient privileges to add this type of page to this destination."); } else if (!$oc->canMoveCopyTo($dc)) { $error = t("You may not move/copy/alias the chosen page to that location."); } else { $error = false; } } if (!$error) { if ($_REQUEST['ctask']) { if ($valt->validate()) { switch($_REQUEST['ctask']) { case "ALIAS":
<?php defined('C5_EXECUTE') or die("Access Denied."); $canRead = false; $ch = Page::getByPath('/dashboard/blocks/types'); $cp = new Permissions($ch); if ($cp->canRead()) { $canRead = true; } if (!$canRead) { die(t("Access Denied.")); } $btID = intval($_REQUEST['btID']); $btDisplayOrder = intval($_REQUEST['btDisplayOrder']); if ($btID && $btDisplayOrder) { $bt = BlockType::getByID($btID); $bt->setBlockTypeDisplayOrder($btDisplayOrder); }
<h2><?php echo t($cat->getCollectionName()); ?> </h2> <?php $show = array(); $subcats = $cat->getCollectionChildrenArray(true); foreach ($subcats as $catID) { $subcat = Page::getByID($catID, 'ACTIVE'); if ($subcat->getAttribute('exclude_nav')) { continue; } $catp = new Permissions($subcat); if ($catp->canRead()) { $show[] = $subcat; } } ?> <ul class="list-unstyled"> <?php if (count($show) > 0) { ?> <?php foreach ($show as $subcat) { ?>
$action = $b->getBlockUpdateCssAction(); if ($_REQUEST['subtask'] == 'delete_custom_style_preset') { $styleToDelete = CustomStylePreset::getByID($_REQUEST['deleteCspID']); $styleToDelete->delete(); } $refreshAction = REL_DIR_FILES_TOOLS_REQUIRED . '/edit_block_popup?btask=block_css&cID=' . $c->getCollectionID() . '&arHandle=' . $a->getAreaHandle() . '&bID=' . $b->getBlockID() . '&isGlobal=' . $_REQUEST['isGlobal'] . '&refresh=1'; $bv->renderElement('custom_style', array('b' => $b, 'rcID' => $rcID, 'c' => $c, 'a' => $a, 'style' => $style, 'action' => $action, 'refreshAction' => $refreshAction)); } break; case 'template': if ($bp->canWrite()) { $bv->renderElement('block_custom_template', array('b' => $b, 'rcID' => $rcID)); } break; case 'view': if ($bp->canRead()) { $bv->render($b, 'view', array('c' => $c, 'a' => $a)); } break; case 'view_edit_mode': if ($bp->canWrite() || $c->canWrite() && $b->isGlobalBlock() && $b->canRead()) { $btc = $b->getInstance(); // now we inject any custom template CSS and JavaScript into the header if ('Controller' != get_class($btc)) { $btc->outputAutoHeaderItems(); } $btc->runTask('on_page_view', array($bv)); $v = View::getInstance(); $items = $v->getHeaderItems(); if (count($items) > 0) { ?>
function getPreviousCollection() { $page = false; $db = Loader::db(); $cID = 1; $currentPage = Page::getCurrentPage(); while ($cID > 0) { if ($this->orderBy == 'display_asc') { $cID = $db->GetOne('select cID from Pages where cDisplayOrder < ? and cParentID = ? order by cDisplayOrder desc', array($currentPage->getCollectionDisplayOrder(), $currentPage->getCollectionParentID())); } else { $cID = $db->GetOne('select Pages.cID from Pages inner join CollectionVersions cv on Pages.cID = cv.cID where cvIsApproved = 1 and cvDatePublic < ? and cParentID = ? order by cvDatePublic desc', array($currentPage->getCollectionDatePublic(), $currentPage->getCollectionParentID())); } if ($cID > 0) { $page = Page::getByID($cID, 'RECENT'); $currentPage = $page; $cp = new Permissions($page); if ($cp->canRead() && $page->getAttribute('exclude_nav') != 1) { break; } } } if (!is_object($page) && $this->loopSequence) { $c = Page::getCurrentPage(); $parent = Page::getByID($c->getCollectionParentID(), 'ACTIVE'); if ($this->orderBy == 'display_asc') { return $parent->getFirstChild('cDisplayOrder desc'); } else { return $parent->getFirstChild('cvDatePublic desc'); } } return $page; }
$p = Pile::get($_REQUEST['pID']); if (is_object($p)) { if (!$p->isMyPile()) { unset($p); } } } if (!is_object($p)) { $p = Pile::getDefault(); } $a = Area::get($c, $_REQUEST['arHandle']); $ap = new Permissions($a); $aBlocks = $a->getAreaBlocksArray($c, $ap); foreach ($aBlocks as $ab) { $abp = new Permissions($ab); if ($abp->canRead()) { $p->add($ab); } } break; case 'add_prepare': $c = Page::getByID($_REQUEST['cID']); $cp = new Permissions($c); if (!$cp->canViewPage()) { exit; } $a = Area::get($c, $_REQUEST['arHandle']); $ap = new Permissions($a); if (!$ap->canViewArea() || !$ap->canAddBlocks()) { exit; }
<?php defined('C5_EXECUTE') or die("Access Denied."); $scrapbookC = Page::getByPath("/dashboard/scrapbook"); $scrapbookPermissions = new Permissions($scrapbookC); if (!$scrapbookPermissions->canRead()) { die(t("Access Denied.")); } $db = Loader::db(); // update order of collections Loader::model('user_attributes'); if ($_REQUEST['mode'] == 'reorder') { if (is_array($_REQUEST['ccm-scrapbook-list-item'])) { $arHandle = $_REQUEST['arHandle']; $displayOrderCounter = 0; foreach ($_REQUEST['ccm-scrapbook-list-item'] as $bID) { if (intval($bID) == 0) { continue; } $v = array($displayOrderCounter, $scrapbookC->getCollectionId(), $bID, $arHandle); $db->Execute('update CollectionVersionBlocks set cbDisplayOrder = ? where cID = ? and bID = ? AND arHandle=?', $v); $displayOrderCounter++; } } elseif (is_array($_REQUEST['ccm-pc'])) { $displayOrderCounter = 0; $u = new User(); foreach ($_REQUEST['ccm-pc'] as $pcID) { if (intval($pcID) == 0) { continue; } $v = array($displayOrderCounter, $pcID, intval($u->uID));
<?php defined('C5_EXECUTE') or die('Access Denied.'); $c = Page::getCurrentPage(); $cp = new Permissions($c); if ($cp->canViewPageVersions()) { $stack = Stack::getByID($stID); } else { $stack = Stack::getByID($stID, 'ACTIVE'); } if ($stack) { $ax = Area::get($stack, STACKS_AREA_NAME); $axp = new Permissions($ax); if ($axp->canRead()) { $ax->disableControls(); $ax->display($stack); } }