function community_module_permissions_check($proxy_id, $module, $module_section, $record_id) { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $PAGE_ID; switch ($module) { case "discussions": require_once COMMUNITY_ABSOLUTE . "/modules/discussions.inc.php"; return discussion_module_access($record_id, "view-post"); break; case "galleries": require_once COMMUNITY_ABSOLUTE . "/modules/galleries.inc.php"; return galleries_module_access($record_id, "view-photo"); break; case "shares": require_once COMMUNITY_ABSOLUTE . "/modules/shares.inc.php"; return shares_module_access($record_id, "view-file"); break; case "polls": require_once COMMUNITY_ABSOLUTE . "/modules/polls.inc.php"; return polls_module_access($record_id, "view-poll"); break; default: return true; break; } }
* @author Organisation: Queen's University * @author Unit: School of Medicine * @author Developer: Andrew Dos-Santos <*****@*****.**> * @copyright Copyright 2010 Queen's University. All Rights Reserved. * */ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_POLLS")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } if ($RECORD_ID) { $query = "SELECT * FROM `community_polls_questions` WHERE `cpquestion_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID) . " AND `question_active` = '1'"; $question_record = $db->GetRow($query); if ($question_record) { $poll_id = $db->GetOne("SELECT `cpolls_id` FROM `community_polls_questions` WHERE `cpquestion_id` = " . $db->qstr($RECORD_ID)); if (polls_module_access($RECORD_ID, "delete-question")) { if (!$db->AutoExecute("community_polls_questions", array("question_active" => 0, "question_order" => 0, "updated_date" => time(), "updated_by" => $ENTRADA_USER->getID()), "UPDATE", "`cpquestion_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `cpolls_id` = " . $db->qstr($poll_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID))) { application_log("error", "Failed to remove [" . $RECORD_ID . "] question from poll. Database said: " . $db->ErrorMsg()); } else { add_statistic("community_polling", "question_delete", "cpquestion_id", $RECORD_ID); } } } else { application_log("error", "The provided question id [" . $RECORD_ID . "] was invalid."); } } else { application_log("error", "No question id was provided for deactivation."); } header("Location: " . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=edit-poll&id=" . $poll_id); exit;
* @author Unit: School of Medicine * @author Developer: Andrew Dos-Santos <*****@*****.**> * @copyright Copyright 2010 Queen's University. All Rights Reserved. * */ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_POLLS")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } if ($RECORD_ID) { $query = "SELECT * FROM `community_polls` WHERE `cpolls_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $poll_record = $db->GetRow($query); if ($poll_record) { if ((int) $poll_record["poll_active"]) { if (polls_module_access($RECORD_ID, "delete-poll")) { if ($db->AutoExecute("community_polls", array("poll_active" => 0, "updated_date" => time(), "updated_by" => $ENTRADA_USER->getID()), "UPDATE", "`cpolls_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID))) { communities_deactivate_history($COMMUNITY_ID, $PAGE_ID, $RECORD_ID); add_statistic("community_polling", "poll_delete", "cpolls_id", $RECORD_ID); $db->AutoExecute("community_history", array("history_display" => 0), "UPDATE", "`community_id` = " . $db->qstr($COMMUNITY_ID) . " AND `module_id` = " . $db->qstr($MODULE_ID)); if ($poll_record[poll_notifications]) { // Delete pending notifications delete_notifications('polls:' . $poll_record["cpolls_id"]); } } else { application_log("error", "Failed to deactivate [" . $RECORD_ID . "] poll from community. Database said: " . $db->ErrorMsg()); } } } else { application_log("error", "The provided poll id [" . $RECORD_ID . "] is already deactivated."); }
/** * This function handles granular permissions levels (where as communities_module_access handles higer level permissions) * for the actual polls. * * @param int $cpresults_id * @param string $section * @return bool */ function results_module_access($cpresults_id = 0, $section = "") { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER; $allow_to_load = false; if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) { $allow_to_load = true; } else { if ($cpresults_id = (int) $cpresults_id) { $query = "SELECT * FROM `community_polls_results` WHERE `cpresults_id` = " . $db->qstr($cpresults_id); $result = $db->CacheGetRow(CACHE_TIMEOUT, $query); if ($result) { if ($allow_to_load = polls_module_access($result["cpolls_id"], $section)) { switch ($section) { case "delete-post": case "edit-post": if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { $allow_to_load = false; } break; default: continue; break; } } } } if ($allow_to_load) { if ((int) $result["poll_active"]) { /** * Don't worry about checking the release dates if the person viewing * the post is the post author. */ if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { if (!($release_date = (int) $result["release_date"]) || $release_date <= time()) { if (!($release_until = (int) $result["release_until"]) || $release_until > time()) { /** * You're good to go, no further checks at this time. * If you need to add more checks, this is there they would go. */ } else { $NOTICE++; $NOTICESTR[] = "These results are only accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_until) . "</strong>.<br /><br />Please contact your community administrators for further assistance."; $allow_to_load = false; } } else { $NOTICE++; $NOTICESTR[] = "These results will not be accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_date) . "</strong>.<br /><br />Please check back at this time, thank-you."; $allow_to_load = false; } } } else { $NOTICE++; $NOTICESTR[] = "These results were deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly."; $allow_to_load = false; } } else { if (!$ERROR) { $ERROR++; $ERRORSTR[] = "You do not have access to view these results.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance."; } } } return $allow_to_load; }