/**
* Merges sources specified with any specified "restrict_to_sources"/"restrictToSources" option, user access settings and sources configured in app.conf
* into a single list of source_ids suitable for enforcing source restrictions.
*
* @param BaseModel $t_instance A model instance for the table to which the sources apply
* @param array $pa_options An array of options containing, if specified, a list of sources for either the "restrict_to_sources" or "restrictToSources" keys
*
* @return array List of numeric source_ids for which the user has access
*/
function caMergeSourceRestrictionLists($t_instance, $pa_options)
{
$va_restrict_to_source_ids = null;
if (is_array($pa_options['restrict_to_sources']) && sizeof($pa_options['restrict_to_sources'])) {
$pa_options['restrictToSources'] = $pa_options['restrict_to_sources'];
}
if (is_array($pa_options['restrictToSources']) && sizeof($pa_options['restrictToSources'])) {
$va_restrict_to_source_ids = caMakeSourceIDList($t_instance->tableName(), $pa_options['restrictToSources'], array('noChildren' => true));
}
$va_sources = null;
$o_config = Configuration::load();
if ((bool) $o_config->get('perform_source_access_checking') && method_exists($t_instance, 'getSourceFieldName') && ($vs_source_field_name = $t_instance->getSourceFieldName())) {
$va_sources = caGetSourceRestrictionsForUser($t_instance->tableName());
}
if (is_array($va_sources) && sizeof($va_sources) && is_array($va_restrict_to_source_ids) && sizeof($va_restrict_to_source_ids)) {
if (sizeof($va_tmp = array_intersect($va_restrict_to_source_ids, $va_sources))) {
$va_sources = $va_tmp;
}
} else {
if (!is_array($va_sources) || !sizeof($va_sources)) {
$va_sources = $va_restrict_to_source_ids;
}
}
return $va_sources;
}
/**
* Returns list of source_id values to restrict search to. Return values are always numeric sources,
* never codes, and will include all source_ids to filter on, including children of hierarchical sources.
*
* @return array List of source_id values to restrict search to.
*/
public function getSourceRestrictionList()
{
if (function_exists("caGetSourceRestrictionsForUser")) {
$va_pervasive_sources = caGetSourceRestrictionsForUser($this->ops_tablename);
// restrictions set in app.conf or by associated user role
if (!is_array($va_pervasive_sources)) {
return $this->opa_search_source_ids;
}
if (is_array($this->opa_search_source_ids) && sizeof($this->opa_search_source_ids)) {
$va_filtered_sources = array();
foreach ($this->opa_search_source_ids as $vn_id) {
if (in_array($vn_id, $va_pervasive_sources)) {
$va_filtered_sources[] = $vn_id;
}
}
return $va_filtered_sources;
} else {
return $va_pervasive_sources;
}
}
return $this->opa_search_source_ids;
}
/**
* Called just after record is deleted. Individual editor controllers can override this to implement their
* own post-deletion cleanup logic.
*
* @param BaseModel $pt_subject Model instance of row that was deleted
* @return bool True if post-deletion cleanup was successful, false if not
*/
protected function _checkAccess($pt_subject, $pa_options = null)
{
//
// Is record deleted?
//
if ($pt_subject->hasField('deleted') && $pt_subject->get('deleted')) {
if (!caGetOption('dontRedirectOnDelete', $pa_options, false)) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2550?r=' . urlencode($this->request->getFullUrlPath()));
}
return false;
}
//
// Is record of correct type?
//
$va_restrict_to_types = null;
if ($pt_subject->getAppConfig()->get('perform_type_access_checking')) {
$va_restrict_to_types = caGetTypeRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_READONLY__));
}
if (is_array($va_restrict_to_types) && ($pt_subject->get('type_id') && ($pt_subject->getPrimaryKey() && !in_array($pt_subject->get('type_id'), $va_restrict_to_types)))) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2560?r=' . urlencode($this->request->getFullUrlPath()));
return false;
}
//
// Is record from correct source?
//
$va_restrict_to_sources = null;
if ($pt_subject->getAppConfig()->get('perform_source_access_checking') && $pt_subject->hasField('source_id')) {
if (is_array($va_restrict_to_sources = caGetSourceRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_READONLY__)))) {
if (!$pt_subject->get('source_id') || $pt_subject->get('source_id') && !in_array($pt_subject->get('source_id'), $va_restrict_to_sources) || strlen($vn_source_id = $this->request->getParameter('source_id', pInteger)) && !in_array($vn_source_id, $va_restrict_to_sources)) {
$pt_subject->set('source_id', $pt_subject->getDefaultSourceID(array('request' => $this->request)));
}
if (is_array($va_restrict_to_sources) && !in_array($pt_subject->get('source_id'), $va_restrict_to_sources)) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2562?r=' . urlencode($this->request->getFullUrlPath()));
return;
}
}
}
//
// Does user have access to row?
//
if ($pt_subject->getAppConfig()->get('perform_item_level_access_checking') && $vn_subject_id) {
if ($pt_subject->checkACLAccessForUser($this->request->user) < __CA_BUNDLE_ACCESS_READONLY__) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2580?r=' . urlencode($this->request->getFullUrlPath()));
return false;
}
}
return true;
}
/**
*
*/
public function htmlFormElement($ps_field, $ps_format = null, $pa_options = null)
{
if ($vs_source_id_fld_name = $this->getSourceFieldName()) {
switch ($ps_field) {
case $vs_source_id_fld_name:
if ((bool) $this->getAppConfig()->get('perform_source_access_checking')) {
$pa_options['value'] = $this->get($ps_field);
$pa_options['disableItemsWithID'] = caGetSourceRestrictionsForUser($this->tableName(), array('access' => __CA_BUNDLE_ACCESS_READONLY__, 'exactAccess' => true));
return $this->getSourceListAsHTMLFormElement($ps_field, array(), $pa_options);
}
break;
}
}
return parent::htmlFormElement($ps_field, $ps_format, $pa_options);
}
/**
* Saves the content of a form editing new or existing records. It returns the same form + status messages rendered into the current view, inherited from ActionController
*
* @param array $pa_options Array of options passed through to _initView and saveBundlesForScreen()
*/
public function Save($pa_options = null)
{
list($t_subject, $t_ui, $vn_parent_id, $vn_above_id) = $this->_initView($pa_options);
if (!is_array($pa_options)) {
$pa_options = array();
}
// Is user allowed to quickadd?
if (!(is_array($pa_options) && isset($pa_options['dontCheckQuickAddAction']) && (bool) $pa_options['dontCheckQuickAddAction']) && !$this->request->user->canDoAction('can_quickadd_' . $t_subject->tableName())) {
$va_response = array('status' => 30, 'id' => null, 'table' => $t_subject->tableName(), 'type_id' => null, 'display' => null, 'errors' => array(_t("You are not allowed to quickadd %1", $t_subject->getProperty('NAME_PLURAL')) => _t("You are not allowed to quickadd %1", $t_subject->getProperty('NAME_PLURAL'))));
$this->view->setVar('response', $va_response);
$this->render('quickadd_result_json.php');
return;
}
//
// Is record of correct type?
//
$va_restrict_to_types = null;
if ($t_subject->getAppConfig()->get('perform_type_access_checking')) {
$va_restrict_to_types = caGetTypeRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_EDIT__));
}
if (is_array($va_restrict_to_types) && !in_array($t_subject->get('type_id'), $va_restrict_to_types)) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2560?r=' . urlencode($this->request->getFullUrlPath()));
return;
}
//
// Is record from correct source?
//
$va_restrict_to_sources = null;
if ($t_subject->getAppConfig()->get('perform_source_access_checking')) {
if (is_array($va_restrict_to_sources = caGetSourceRestrictionsForUser($this->ops_table_name, array('access' => __CA_BUNDLE_ACCESS_EDIT__)))) {
if (!$t_subject->get('source_id') || $t_subject->get('source_id') && !in_array($t_subject->get('source_id'), $va_restrict_to_sources) || strlen($vn_source_id = $this->request->getParameter('source_id', pInteger)) && !in_array($vn_source_id, $va_restrict_to_sources)) {
$t_subject->set('source_id', $t_subject->getDefaultSourceID(array('request' => $this->request)));
}
if (is_array($va_restrict_to_sources) && !in_array($t_subject->get('source_id'), $va_restrict_to_sources)) {
$this->response->setRedirect($this->request->config->get('error_display_url') . '/n/2562?r=' . urlencode($this->request->getFullUrlPath()));
return;
}
}
}
// Make sure request isn't empty
if (!sizeof($_POST)) {
$va_response = array('status' => 20, 'id' => null, 'table' => $t_subject->tableName(), 'type_id' => null, 'display' => null, 'errors' => array(_t("Cannot save using empty request. Are you using a bookmark?") => _t("Cannot save using empty request. Are you using a bookmark?")));
$this->view->setVar('response', $va_response);
$this->render('quickadd_result_json.php');
return;
}
// Set "context" id from those editors that need to restrict idno lookups to within the context of another field value (eg. idno's for ca_list_items are only unique within a given list_id)
$vn_context_id = null;
if ($vs_idno_context_field = $t_subject->getProperty('ID_NUMBERING_CONTEXT_FIELD')) {
if ($t_subject->getPrimaryKey() > 0) {
$this->view->setVar('_context_id', $vn_context_id = $t_subject->get($vs_idno_context_field));
} else {
if ($vn_parent_id > 0) {
$t_parent = $this->opo_datamodel->getInstanceByTableName($this->ops_table_name);
if ($t_parent->load($vn_parent_id)) {
$this->view->setVar('_context_id', $vn_context_id = $t_parent->get($vs_idno_context_field));
}
}
}
if ($vn_context_id) {
$t_subject->set($vs_idno_context_field, $vn_context_id);
}
}
// Set type name for display
if (!($vs_type_name = $t_subject->getTypeName())) {
$vs_type_name = $t_subject->getProperty('NAME_SINGULAR');
}
# trigger "BeforeSaveItem" hook
$this->opo_app_plugin_manager->hookBeforeSaveItem(array('id' => null, 'table_num' => $t_subject->tableNum(), 'table_name' => $t_subject->tableName(), 'instance' => $t_subject, 'is_insert' => true));
$vn_parent_id = $this->request->getParameter('parent_id', pInteger);
$t_subject->set('parent_id', $vn_parent_id);
$this->opo_result_context->setParameter($t_subject->tableName() . '_last_parent_id', $vn_parent_id);
$va_opts = array_merge($pa_options, array('ui_instance' => $t_ui));
$vb_save_rc = $t_subject->saveBundlesForScreen($this->request->getParameter('screen', pString), $this->request, $va_opts);
$this->view->setVar('t_ui', $t_ui);
if (!$t_subject->getPrimaryKey()) {
$vn_subject_id = $t_subject->getPrimaryKey();
if (!$vb_save_rc) {
$vs_message = _t("Could not save %1", $vs_type_name);
} else {
$vs_message = _t("Added %1", $vs_type_name);
$this->request->setParameter($t_subject->primaryKey(), $vn_subject_id, 'GET');
$this->view->setVar($t_subject->primaryKey(), $vn_subject_id);
$this->view->setVar('subject_id', $vn_subject_id);
$this->request->session->setVar($this->ops_table_name . '_browse_last_id', $vn_subject_id);
// set last edited
// Set ACL for newly created record
if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
$t_subject->setACLUsers(array($this->request->getUserID() => __CA_ACL_EDIT_DELETE_ACCESS__));
$t_subject->setACLWorldAccess($t_subject->getAppConfig()->get('default_item_access_level'));
}
}
} else {
$vs_message = _t("Saved changes to %1", $vs_type_name);
}
$va_errors = $this->request->getActionErrors();
// all errors from all sources
$va_general_errors = $this->request->getActionErrors('general');
// just "general" errors - ones that are not attached to a specific part of the form
if (sizeof($va_errors) - sizeof($va_general_errors) > 0) {
$va_error_list = array();
$vb_no_save_error = false;
foreach ($va_errors as $o_e) {
$va_error_list[$o_e->getErrorDescription()] = $o_e->getErrorDescription() . "\n";
switch ($o_e->getErrorNumber()) {
case 1100:
// duplicate/invalid idno
if (!$vn_subject_id) {
// can't save new record if idno is not valid (when updating everything but idno is saved if it is invalid)
$vb_no_save_error = true;
}
break;
}
}
} else {
$this->opo_result_context->invalidateCache();
}
$this->opo_result_context->saveContext();
# trigger "SaveItem" hook
$this->opo_app_plugin_manager->hookSaveItem(array('id' => $vn_subject_id, 'table_num' => $t_subject->tableNum(), 'table_name' => $t_subject->tableName(), 'instance' => $t_subject, 'is_insert' => true));
$vn_id = $t_subject->getPrimaryKey();
$vn_relation_id = null;
if ($vn_id) {
$va_tmp = caProcessRelationshipLookupLabel($t_subject->makeSearchResult($t_subject->tableName(), array($vn_id)), $t_subject);
$va_name = array_pop($va_tmp);
// Add relationship to added item here?
$pn_related_id = $this->request->getParameter('relatedID', pInteger);
$ps_related_table = $this->request->getParameter('relatedTable', pString);
$ps_relationship_type = $this->request->getParameter('relationshipType', pString);
if ($pn_related_id && $ps_related_table && $ps_relationship_type) {
if ($t_rel = $t_subject->addRelationship($ps_related_table, $pn_related_id, $ps_relationship_type)) {
$vn_relation_id = $t_rel->getPrimaryKey();
}
}
} else {
$va_name = array();
}
$va_response = array('status' => sizeof($va_error_list) ? 10 : 0, 'id' => $vn_id, 'table' => $t_subject->tableName(), 'type_id' => method_exists($t_subject, "getTypeID") ? $t_subject->getTypeID() : null, 'relation_id' => $vn_relation_id, 'display' => $va_name['label'], 'errors' => $va_error_list);
$this->view->setVar('response', $va_response);
$this->render('quickadd_result_json.php');
}
