/**
* Find out if a given username has access to edit a given site
*
* Note that an additional check against reason_user_has_privs() should be done before granting privileges,
* as the user may not have the specific privileges needed despite having access.
*
* @param string $username
* @param integer $site_id
* @param boolean $force_refresh Set this to false if the same script has previously changed site privs (this should be a very rare case)
* @return boolean true if the user has access to edit the site; false if the user does not
*/
function reason_username_has_access_to_site($username, $site_id, $force_refresh = false)
{
static $has_access_to_site;
if (empty($username)) return false;
if (!isset($has_access_to_site[$username][$site_id]) || $force_refresh)
{
$id = get_user_id($username);
$has_access_to_site[$username][$site_id] = (!empty($id)) ? user_can_edit_site($id, $site_id, $force_refresh) : false;
}
return $has_access_to_site[$username][$site_id];
}
function reason_iframe_get_media_work()
{
static $media_work;
if (isset($media_work)) {
return $media_work;
}
if (!empty($_REQUEST['media_work_id'])) {
$id = (int) $_REQUEST['media_work_id'];
if ($id) {
$media_work = new entity($id);
if ($media_work->get_value('type') == id_of('av') && ($media_work->get_value('state') == 'Live' || user_can_edit_site(get_user_id(reason_check_authentication()), get_owner_site_id($id)))) {
return $media_work;
}
}
}
$media_work = false;
return $media_work;
}
/**
* Lists the users who currently have access to the site
*
* @return void
*/
function run()
{
if (empty($this->users)) {
echo '<p>No users currently have access to ' . $this->site->get_value('name') . '</p>' . "\n";
} else {
echo '<p>The following users have access to ' . $this->site->get_value('name') . ':</p>' . "\n";
echo '<ul>' . "\n";
foreach ($this->users as $user) {
echo '<li>' . $user->get_value('name') . '</li>' . "\n";
}
echo '</ul>' . "\n";
if (user_can_edit_site($this->admin_page->user_id, id_of('master_admin'))) {
echo '<p><a href="';
echo $this->admin_page->make_link(array('site_id' => id_of('master_admin'), 'type_id' => id_of('site'), 'id' => $this->site->id(), 'cur_module' => 'Associator', 'rel_id' => relationship_id_of('site_to_user')));
echo '">Add or remove individuals from this list</a></p>' . "\n";
} else {
echo '<p>Please contact ' . REASON_CONTACT_INFO_FOR_CHANGING_USER_PERMISSIONS . ' to add or remove users from this list.</p>' . "\n";
}
}
}
function init()
{
$this->request = carl_get_request();
// If obtained via post we need to manually decode the URL - all current uses of this pass it via get.
if (isset($_POST['requested_url'])) {
$this->request['requested_url'] = urldecode($this->request['requested_url']);
}
$this->admin_page->title = 'Access Denied';
if ($requested_site_id = $this->get_requested_site_id()) {
// lets double check whether the user has access
if (user_can_edit_site($this->admin_page->user_id, $requested_site_id)) {
header('Location: ' . $this->get_destination_url_with_user_id($this->admin_page->user_id));
exit;
} else {
$this->can_pose_as_other_user = reason_user_has_privs($this->admin_page->user_id, 'pose_as_other_user');
$this->has_master_admin_edit_access = user_can_edit_site($this->admin_page->user_id, id_of('master_admin'));
}
} else {
$redirect = carl_make_redirect(array('cur_module' => '', 'requested_url' => '', 'site_id' => ''));
header('Location: ' . $redirect);
exit;
}
}
/**
* @return void
*/
function run()
{
echo '<div class="deleteSlotDataModule">' . "\n";
if (!user_can_edit_site($this->admin_page->user_id, id_of('master_admin'))) {
echo '<p>You need to have master admin access to use this tool.</p>';
} elseif (empty($this->admin_page->site_id)) {
echo '<p>You need to have a site selected to use this module.</p>';
} elseif (!$this->site_has_slot_type()) {
echo '<p>This site doesn\'t have the registration slot type.</p>';
} elseif ($slots_with_data = $this->get_site_slots_with_data()) {
$d = new Disco();
$d->add_element('comment', 'comment', array('text' => '<p>Registrant data will be erased from all checked slots immediately upon submit.</p>'));
$d->add_element('slots_with_data', 'checkboxgroup', array('options' => $slots_with_data));
$d->add_callback(array($this, 'delete_slot_data_process'), 'process');
$d->add_callback(array($this, 'delete_slot_data_where_to'), 'where_to');
$d->actions = array('Delete registrant data from checked slots');
$d->set_value('slots_with_data', array_keys($slots_with_data));
$d->run();
} else {
echo '<p>The site doesn\'t have any registration slots with registrant data to delete.</p>';
}
echo '</div>' . "\n";
}
function verify_user($user)
{
return user_can_edit_site($user->id(), $this->site_id);
}
function _relationship_check($relationship, $user = null, $direction, $entity_on_other_side = null, $context_site = null)
{
if (null === $user) {
$user = $this->_get_current_user();
}
if (empty($user)) {
return false;
}
$this_entity_state = $this->_entity->get_value('state');
$other_entity_state = $entity_on_other_side ? $entity_on_other_side->get_value('state') : null;
// If one of the entities is deleted or archived, return false
if ('Deleted' == $this_entity_state || 'Deleted' == $other_entity_state || 'Archived' == $this_entity_state || 'Archived' == $other_entity_state) {
// relationships not changeable on archived or deleted entities
return false;
} elseif ('Live' == $this_entity_state && (empty($other_entity_state) || 'Live' == $other_entity_state)) {
if (!reason_user_has_privs($user->id(), 'edit_live')) {
return false;
}
} elseif ('Pending' == $this_entity_state || 'Pending' == $other_entity_state) {
if (!reason_user_has_privs($user->id(), 'edit_pending')) {
return false;
}
} else {
trigger_error('Uncaught state combination: ' . $this_entity_state . ' and ' . $other_entity_state . '. Check logic.');
return false;
}
if (!$context_site) {
$context_site_given = false;
$context_site = $this->_find_context_site($entity_a, $entity_b, $user);
$context_site_valid = !empty($context_site);
} else {
$context_site_given = true;
$context_site_valid = $entity_a->is_owned_or_borrowed_by($context_site->id()) && $entity_b->is_owned_or_borrowed_by($context_site->id());
}
// if context site that the user has admin rights to that contains both entities
if ($context_site_valid) {
// if rel is bidirectional or user is admin of A side owner site return true
$alrel = reason_get_allowable_relationship_info($alrel_id);
if ('bidirectional' == $alrel['directionality']) {
return true;
} else {
if ('right' == $direction) {
$a_side_owner_site = $this->_entity->get_owner();
} elseif ($entity_on_other_side) {
$a_side_owner_site = $entity_on_other_side->get_owner();
} else {
return false;
}
return user_can_edit_site($user->id(), $a_side_owner_site->id());
}
} else {
if ($context_site_given) {
$context_sites = array($context_site->id() => $context_site);
} else {
$context_sites = reason_user_sites($user);
}
$rels = $this->_get_rels_between_entities($entity_a, $entity_b, $allowable_relationship_id, $context_sites);
if (!empty($rels)) {
return true;
}
}
return false;
}
/**
* Get a link to the preview module for a given item
* @param object $item reason entity
* @return string html encoded link
*/
function _get_preview_link($item)
{
$owner = $item->get_owner();
$link_parts = array('site_id' => $owner->id(), 'type_id' => $item->get_value('type'), 'id' => $item->id(), 'cur_module' => 'Preview');
if (reason_user_has_privs($this->admin_page->user_id, 'pose_as_other_user') && !user_can_edit_site($this->admin_page->user_id, $owner->id())) {
$link_parts['user_id'] = $this->_get_id_of_user_who_can_edit_site($owner->id());
}
return $this->admin_page->make_link($link_parts);
}
function run()
{
echo '<div id="siteIntro">' . "\n";
$e = new entity($this->admin_page->site_id);
echo '<div id="siteNotices">' . "\n";
if ($e->get_value('site_state') == "Not Live" && $e->get_value('unique_name') != 'master_admin') {
echo '<div class="notLiveNotice"><h4>This site is not live.</h4><p>Among other things, that means that it\'s excluded from search engines (so people won\'t stumble upon a site that isn\'t ready for public consumption).</p>' . "\n";
if (user_can_edit_site($this->admin_page->user_id, id_of('master_admin'))) {
echo '<p><a href="' . $this->admin_page->make_link(array('site_id' => id_of('master_admin'), 'type_id' => id_of('site'), 'id' => $e->id(), 'cur_module' => 'Editor')) . '">Edit this site</a></p>' . "\n";
} else {
echo '<p>Please contact ' . REASON_CONTACT_INFO_FOR_CHANGING_USER_PERMISSIONS . ' when you are ready to make this site live.</p>' . "\n";
}
echo '</div>' . "\n";
}
if ($e->get_value('description')) {
echo '<div id="siteDesc">' . "\n";
if (strip_tags($e->get_value('description')) == $e->get_value('description')) {
echo nl2br($e->get_value('description'));
} else {
echo $e->get_value('description');
}
echo '</div>' . "\n";
}
$sites = $this->admin_page->get_sites();
if (count($sites) == 1) {
parent::run();
}
echo '</div>' . "\n";
echo '<div id="guide">' . "\n";
$es = new entity_selector();
$es->add_type(id_of('type'));
$es->add_right_relationship($e->id(), relationship_id_of('site_to_type'));
$es->limit_tables();
$es->limit_fields();
$non_editable_es = carl_clone($es);
$non_editable_es->add_right_relationship($e->id(), relationship_id_of('site_cannot_edit_type'));
$noneditable_types = $non_editable_es->run_one();
if (!empty($noneditable_types)) {
$es->add_relation('entity.id NOT IN (' . implode(',', array_keys($noneditable_types)) . ')');
}
$es->set_order('entity.name ASC');
$types = $es->run_one();
if (array_key_exists(id_of('minisite_page'), $types)) {
$page_type_array[id_of('minisite_page')] = $types[id_of('minisite_page')];
unset($types[id_of('minisite_page')]);
$types = array_merge($page_type_array, $types);
}
echo '<ul>' . "\n";
foreach ($types as $type) {
$es = new entity_selector($e->id());
$es->set_sharing('owns');
$es->add_type($type->id());
$es->limit_tables();
$es->limit_fields();
$es->set_order('entity.last_modified DESC');
if (reason_user_has_privs($this->admin_page->user_id, 'edit')) {
$state = 'Live';
$state_link_val = 'live';
} else {
$state = 'Pending';
$state_link_val = 'pending';
}
$ents = $es->run_one($type->id(), $state);
$ents_count = count($ents);
$name = $type->get_value('plural_name') ? $type->get_value('plural_name') : $type->get_value('name');
echo '<li class="' . $type->get_value('unique_name') . '" style="list-style-image:url(' . reason_get_type_icon_url($type) . ')">';
echo '<h4><a href="' . $this->admin_page->make_link(array('type_id' => $type->id(), 'cur_module' => 'Lister', 'state' => $state_link_val)) . '">' . $name . '</a> <span class="count">(' . $ents_count . ')</span></h4>' . "\n";
if (!empty($ents)) {
echo '<div class="recent">' . "\n";
echo 'Recently edited:' . "\n";
echo '<ul>' . "\n";
$i = 1;
foreach ($ents as $ent_id => $ent) {
if ($i > 3) {
break;
}
$name = strip_tags($ent->get_display_name());
if (empty($name)) {
$name = '[unnamed]';
}
echo '<li class="item' . $i . '"><a href="' . $this->admin_page->make_link(array('type_id' => $type->id(), 'id' => $ent_id, 'cur_module' => 'Editor')) . '">' . $name . '</a></li>' . "\n";
$i++;
}
echo '</ul>' . "\n";
echo '</div>' . "\n";
}
echo '</li>' . "\n";
}
echo '</ul>' . "\n";
echo '</div>' . "\n";
echo '</div>' . "\n";
}