/**
* add a search condition to a given CMS_object_search object
*
* @param CMS_object_search $search : the reference search object which need the condition
* @param array &tagAttributes : represent atm-search-param attributes
* @return boolean true on success, false on failure
* @access private
* @static
*/
static function addSearchCondition(&$search, $tagAttributes)
{
global $cms_language;
if (!isset($tagAttributes['type'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'type' attribute");
return false;
}
if (!isset($tagAttributes['value'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'value' attribute");
return false;
}
if (!isset($tagAttributes['mandatory'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'mandatory' attribute");
return false;
}
if (isset($tagAttributes['value'])) {
$searchConditionValue = $tagAttributes['value'];
} else {
CMS_grandFather::raiseError("Unknown value type : " . $tagAttributes['value']);
return false;
}
//if no value for condition and condition is mandatory : return false
if (!$searchConditionValue && (!isset($tagAttributes['operator']) || !$tagAttributes['operator'])) {
return $tagAttributes['mandatory'] == 'true' ? false : true;
}
if (is_scalar($tagAttributes['type']) && in_array($tagAttributes['type'], CMS_object_search::getStaticSearchConditionTypes()) || $tagAttributes['type'] == 'category') {
if ($tagAttributes['type'] == 'publication date after' || $tagAttributes['type'] == 'publication date before') {
//replace search condition value by corresponding cms_date object
$date = new CMS_date();
$date->setFormat($cms_language->getDateFormat());
$date->setLocalizedDate($searchConditionValue);
$searchConditionValue = $date;
}
$search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
} else {
if (!sensitiveIO::isPositiveInteger($tagAttributes['type'])) {
CMS_grandFather::raiseError("Malformed atm-search-param tag : attribute 'type' does not represent a valid object " . $tagAttributes['type']);
return false;
} else {
$search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false);
}
}
return true;
}
//create search object for current object
$search = new CMS_object_search($object);
//if object is a primary resource
if ($object->isPrimaryResource()) {
//Order
$search->setAttribute('orderBy', 'publicationDateStart_rs desc,publicationDateEnd_rs desc, id_moo desc');
// Param : Around publication date
$dt_today = new CMS_date();
$dt_today->setDebug(false);
$dt_today->setNow();
$dt_today->setFormat($dateFormat);
$dt_from = new CMS_date();
$dt_from->setDebug(false);
$dt_from->setFormat($dateFormat);
if ($dt_from->setLocalizedDate(CMS_session::getSessionVar("items_dtfrm"), true)) {
$search->addWhereCondition("publication date after", $dt_from);
}
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($dateFormat);
if ($dt_end->setLocalizedDate(CMS_session::getSessionVar("items_dtnd"), true)) {
// Check this date isn't greater than start date given
if (!CMS_date::compare($dt_from, $dt_end, ">=")) {
$search->addWhereCondition("publication date before", $dt_end);
}
}
if ($status) {
$search->addWhereCondition("status", $status);
}
}
// Do not apply sessions filters if limitToOrderedItems or limitToItems otherwise it could hide objects that should be displayed
/**
* load all subobjects values from DB
*
* @return boolean true on success, false on failure
* @access private
*/
protected function _loadSubObjectsValues()
{
//get all subobjects ids
$subObjectsIds = array();
foreach (array_keys($this->_subfieldValues) as $subFieldID) {
if (is_object($this->_subfieldValues[$subFieldID])) {
//load poly object
$subObjectsIds[] = $this->_subfieldValues[$subFieldID]->getValue();
}
}
if (is_array($subObjectsIds) && $subObjectsIds) {
//get object definition
$objectDef = $this->getObjectDefinition();
//create new search to get all DB values for this object and all subobjects
$search = new CMS_object_search($objectDef, $this->_public);
//limit to this object
$search->addWhereCondition('items', $subObjectsIds);
//launch search
$datas = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_DATAS);
unset($search);
//then populate object(s) values
$this->populateSubObjectsValues($datas);
}
return true;
}
/**
* Does given user have the requested clearance for this object ?
* This method is pretty heavy, so if it must be used on a lots of objects, prefer usage of a search on those objects, it is much faster.
*
* @param cms_profile_user $user : the user to check clearance
* @param constant $clearance : the requested clearance to check (default : CLEARANCE_MODULE_VIEW)
* @param boolean $checkParent : if no categories fields found, check the parent object (if any) to see if it as some (beware this is heavy). Default : false
* @return boolean
* @access public
*/
function userHasClearance($user, $clearance = CLEARANCE_MODULE_VIEW, $checkParent = false)
{
if (!$this->_public || APPLICATION_ENFORCES_ACCESS_CONTROL === true) {
//user is an administrator?
if ($user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
return true;
}
//get Object definition
$objectDef = $this->getObjectDefinition();
//get module codename
$polyModuleCodename = $objectDef->getValue('module');
//check user right on module (check only minimum needed : VIEW, proper right is checked after on category)
if (!$user->hasModuleClearance($polyModuleCodename, CLEARANCE_MODULE_VIEW)) {
return false;
}
//object has categories fields ?
$categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->getObjectID());
$allCategories = array();
if (!$categoriesFields && !$checkParent) {
//no categories on object so user has rights
return true;
} elseif (!$categoriesFields && $checkParent) {
//check for module Categories usage
if (!CMS_poly_object_catalog::moduleHasCategories($polyModuleCodename)) {
//no categories used on module : item is viewvable
return true;
}
//check for a parent for the given object
if ($objectParentsIDs = CMS_poly_object_catalog::getParentsObject($this->getObjectID())) {
$found = false;
//check object for each parent objects found
foreach ($objectParentsIDs as $objectParentID => $objectParentFields) {
$categoriesFields = CMS_poly_object_catalog::objectHasCategories($objectParentID);
if (is_array($categoriesFields) && $categoriesFields) {
//load current object definition
$object = CMS_poly_object_catalog::getObjectDefinition($objectParentID);
foreach ($objectParentFields as $fieldID) {
$search = new CMS_object_search($object, $this->_public);
$search->addWhereCondition($fieldID, $this->getID());
$ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS);
$found = $ids ? true : $found;
}
}
}
//if one parent was found then object is visible
return $found;
} else {
//no parent object for this object, item is viewvable
return true;
}
} elseif (is_array($categoriesFields) && $categoriesFields) {
$search = new CMS_object_search($objectDef, $clearance == CLEARANCE_MODULE_VIEW);
$search->addWhereCondition('item', $this->getID());
$search->addWhereCondition("profile", $user);
$ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS);
return $ids ? true : false;
}
}
//user has clearance
return true;
}
/**
* Get search results objects for module by Id
*
* @param array : the results score ids
* @return array : results elements (cms_page)
* @access public
*/
function getSearchResults($resultsIds, &$user)
{
if (!$resultsIds || !is_array($resultsIds)) {
return array();
}
$cms_language = $user->getLanguage();
//get results object types
$sql = "\n\t\t\tselect\n\t\t\t\tobject_type_id_moo as type, id_moo as id\n\t\t\tfrom\n\t\t\t\tmod_object_polyobjects\n\t\t\twhere\n\t\t\t\tid_moo in (" . sensitiveIO::sanitizeSQLString(implode(',', $resultsIds)) . ")\n\t\t";
$q = new CMS_query($sql);
$resultsType = array();
while ($r = $q->getArray()) {
$resultsType[$r['type']][] = $r['id'];
}
$results = array();
foreach ($resultsType as $type => $ids) {
//load current object definition
$object = CMS_poly_object_catalog::getObjectDefinition($type);
//create search object for current object
$search = new CMS_object_search($object);
$search->addWhereCondition("items", $ids);
$search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
//launch search
$objectLabel = $object->getLabel($cms_language);
// Check if need to use a specific display for search results
$resultsDefinition = $object->getValue('resultsDefinition');
if ($resultsDefinition) {
$definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE);
$itemsResourcesFiles = '';
// Add specific css and js files we use the resultsDefinition
if (file_exists(PATH_CSS_FS . '/modules/' . $this->getCodename() . '.css')) {
$itemsResourcesFiles .= '<link rel="stylesheet" type="text/css" href="' . PATH_CSS_WR . '/modules/' . $this->getCodename() . '.css" />';
}
$jsFiles = $this->getJSFiles();
if ($jsFiles) {
foreach ($jsFiles as $jsfile) {
$itemsResourcesFiles .= '<script type="text/javascript" src="' . $jsfile . '"></script>' . "\n";
}
}
} else {
//load fields objects for object
$objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID());
}
//loop on results items
while ($item = $search->getNextResult()) {
//Resource related informations
$htmlStatus = $pubRange = '';
$lock = $deleted = $primaryResource = false;
if ($object->isPrimaryResource()) {
$status = $item->getStatus();
if (is_object($status)) {
$htmlStatus = $status->getHTML(false, $user, $this->getCodename(), $item->getID());
$pubRange = $status->getPublicationRange($cms_language);
$lock = $item->getLock();
$deleted = $item->getProposedLocation() == RESOURCE_LOCATION_DELETED;
}
$primaryResource = true;
}
//Edit
$edit = false;
if (!$deleted && (!$lock || $lock == $user->getUserId())) {
$edit = array('url' => PATH_ADMIN_MODULES_WR . '/' . MOD_POLYMOD_CODENAME . '/item.php', 'type' => 'window', 'params' => array('module' => $this->getCodename(), 'type' => $type, 'item' => $item->getID()));
}
//Previz
$view = false;
if ($object->getValue("previewURL")) {
$view = array('url' => $item->getPrevizPageURL(), 'type' => 'frame');
}
//HTML description
$description = POLYMOD_DEBUG ? '<span class="atm-text-alert"> (ID : ' . $item->getID() . ')</span>' : '';
if ($resultsDefinition) {
//set execution parameters
$parameters = array();
$parameters['module'] = $this->getCodename();
$parameters['objectID'] = $object->getID();
$parameters['public'] = false;
$parameters['item'] = $item;
$description .= $definitionParsing->getContent(CMS_polymod_definition_parsing::OUTPUT_RESULT, $parameters);
if ($itemsResourcesFiles) {
$description = $itemsResourcesFiles . $description;
}
} else {
$itemFieldsObjects = $item->getFieldsObjects();
//Add all needed fields to description
foreach ($itemFieldsObjects as $fieldID => $itemField) {
//if field is a poly object
if ($objectFields[$fieldID]->getValue('searchlist')) {
$description .= $objectFields[$fieldID]->getLabel($cms_language) . ' : <strong>' . $itemField->getHTMLDescription() . '</strong><br />';
}
}
}
$results[$item->getID()] = array('id' => $item->getID(), 'type' => $objectLabel, 'status' => $htmlStatus, 'pubrange' => $pubRange, 'label' => $item->getLabel(), 'description' => $description, 'resource' => $primaryResource ? array('module' => $this->getCodename(), 'resource' => $item->getID(), 'action' => 'unlock') : false, 'edit' => $edit, 'view' => $view);
}
}
return $results;
}
/**
* Return a list of all objects names of given type
*
* @param mixed $objectID the object ID to get names (integer or 'multi|objectID')
* @param boolean $public are the needed datas public ? (default false)
* @param array $searchConditions, search conditions to add. Format : array(conditionType => conditionValue)
* @return array(integer objectID => string objectName)
* @access public
* @static
*/
static function getListOfNamesForObject($objectID, $public = false, $searchConditions = array(), $loadSubObjects = false)
{
static $listNames;
$paramsHash = md5(serialize(func_get_args()));
if (isset($listNames[$paramsHash])) {
return $listNames[$paramsHash];
}
$listNames[$paramsHash] = array();
//load current object definition
$object = CMS_poly_object_catalog::getObjectDefinition($objectID);
//create search
$search = new CMS_object_search($object, $public);
//add conditions
if (is_array($searchConditions) && $searchConditions) {
foreach ($searchConditions as $conditionType => $conditionValue) {
$search->addWhereCondition($conditionType, $conditionValue);
}
}
//launch search
$search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS);
//set result mode
$mode = $loadSubObjects ? CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTS : CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTSLIGHT_EDITED;
//fetch results
while ($item = $search->getNextResult($mode)) {
$listNames[$paramsHash][$item->getID()] = $item->getLabel();
}
//natsort objects by name case insensitive
uasort($listNames[$paramsHash], array('CMS_poly_object_catalog', '_natecasecomp'));
return $listNames[$paramsHash];
}
/**
* This function is called to catch and launch all FE forms actions
*
* @param array $formIDs : the forms ids to check for actions
* @param integer $pageID : the current page id
* @param boolean $public : the data status
* @param string $languageCode : the language code used
* @param reference array $polymodFormsError : the forms error status to return
* @param reference array $polymodFormsItem : reference to the forms item
* @return boolean : true on success, false on failure
* @access public
* @static
*/
static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems)
{
global $cms_language, $cms_user;
if (!is_array($formIDs)) {
return false;
}
foreach ($formIDs as $formID) {
if (io::request('formID') && io::request('formID') == $formID) {
if (!isset($cms_language) || $cms_language->getCode() != $languageCode) {
$cms_language = new CMS_language($languageCode);
}
//instanciate item
$item = '';
if (io::request('object', 'io::isPositiveInteger', '')) {
//check user rights on module
$module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object'));
//Check user rights
//here assume than user should only need the view right on module, because admin right allow Automne administration access
if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) {
CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module);
return false;
}
//instanciate object
$object = CMS_poly_object_catalog::getObjectDefinition(io::request('object'));
if ($object && io::request('item', 'io::isPositiveInteger', '')) {
$search = new CMS_object_search($object, false);
$search->addWhereCondition('item', io::request('item'));
$items = $search->search();
if (isset($items[io::request('item')])) {
$item = $items[io::request('item')];
} else {
$item = new CMS_poly_object($object->getID());
}
} else {
$item = new CMS_poly_object($object->getID());
}
}
if (is_object($item) && !$item->hasError()) {
//get item fieldsObjects
$fieldsObjects =& $item->getFieldsObjects();
//checks and assignments
$item->setDebug(false);
//first, check mandatory values
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
if (!$item->checkMandatory($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['required'][$fieldID] = $fieldID;
}
}
}
//second, set values for all fields
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID . '_' . $fieldID;
if (!$item->setValues($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
} elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
}
}
}
//set publication dates if needed
if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) {
if ($object->isPrimaryResource()) {
// Dates management
$dt_beg = new CMS_date();
$dt_beg->setDebug(false);
$dt_beg->setFormat($cms_language->getDateFormat());
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($cms_language->getDateFormat());
if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
}
if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
}
//if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end
if (!$dt_beg->isNull() && !$dt_end->isNull()) {
if (CMS_date::compare($dt_beg, $dt_end, '>')) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
$dt_set_1 = $dt_set_2 = false;
}
}
if ($dt_set_1 && $dt_set_2) {
$item->setPublicationDates($dt_beg, $dt_end);
}
}
}
//Check form token
if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) {
$polymodFormsError[$formID]['error'][] = 'form-token';
return false;
} else {
//Token is used so expire it
CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID);
}
if (!$polymodFormsError[$formID]) {
//save the data
if (!$item->writeToPersistence()) {
$polymodFormsError[$formID]['error'][] = 'write';
$polymodFormsError[$formID]['filled'] = 0;
} else {
$polymodFormsError[$formID]['filled'] = 1;
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID;
if (function_exists('form_' . $formID) && !$funcName($formID, $item)) {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'callback';
}
}
//if item is a primary resource, unlock it
if ($object->isPrimaryResource()) {
$item->unlock();
}
} else {
$polymodFormsError[$formID]['filled'] = 0;
}
//save item for later use
$polymodFormsItems[$formID] = $item;
} else {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'right';
CMS_grandFather::raiseError('No item found or user has no administration rights on item... ');
return false;
}
}
}
return true;
}
