/** * add a search condition to a given CMS_object_search object * * @param CMS_object_search $search : the reference search object which need the condition * @param array &tagAttributes : represent atm-search-param attributes * @return boolean true on success, false on failure * @access private * @static */ static function addSearchCondition(&$search, $tagAttributes) { global $cms_language; if (!isset($tagAttributes['type'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'type' attribute"); return false; } if (!isset($tagAttributes['value'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'value' attribute"); return false; } if (!isset($tagAttributes['mandatory'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'mandatory' attribute"); return false; } if (isset($tagAttributes['value'])) { $searchConditionValue = $tagAttributes['value']; } else { CMS_grandFather::raiseError("Unknown value type : " . $tagAttributes['value']); return false; } //if no value for condition and condition is mandatory : return false if (!$searchConditionValue && (!isset($tagAttributes['operator']) || !$tagAttributes['operator'])) { return $tagAttributes['mandatory'] == 'true' ? false : true; } if (is_scalar($tagAttributes['type']) && in_array($tagAttributes['type'], CMS_object_search::getStaticSearchConditionTypes()) || $tagAttributes['type'] == 'category') { if ($tagAttributes['type'] == 'publication date after' || $tagAttributes['type'] == 'publication date before') { //replace search condition value by corresponding cms_date object $date = new CMS_date(); $date->setFormat($cms_language->getDateFormat()); $date->setLocalizedDate($searchConditionValue); $searchConditionValue = $date; } $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false); } else { if (!sensitiveIO::isPositiveInteger($tagAttributes['type'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : attribute 'type' does not represent a valid object " . $tagAttributes['type']); return false; } else { $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false); } } return true; }
//create search object for current object $search = new CMS_object_search($object); //if object is a primary resource if ($object->isPrimaryResource()) { //Order $search->setAttribute('orderBy', 'publicationDateStart_rs desc,publicationDateEnd_rs desc, id_moo desc'); // Param : Around publication date $dt_today = new CMS_date(); $dt_today->setDebug(false); $dt_today->setNow(); $dt_today->setFormat($dateFormat); $dt_from = new CMS_date(); $dt_from->setDebug(false); $dt_from->setFormat($dateFormat); if ($dt_from->setLocalizedDate(CMS_session::getSessionVar("items_dtfrm"), true)) { $search->addWhereCondition("publication date after", $dt_from); } $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($dateFormat); if ($dt_end->setLocalizedDate(CMS_session::getSessionVar("items_dtnd"), true)) { // Check this date isn't greater than start date given if (!CMS_date::compare($dt_from, $dt_end, ">=")) { $search->addWhereCondition("publication date before", $dt_end); } } if ($status) { $search->addWhereCondition("status", $status); } } // Do not apply sessions filters if limitToOrderedItems or limitToItems otherwise it could hide objects that should be displayed
/** * load all subobjects values from DB * * @return boolean true on success, false on failure * @access private */ protected function _loadSubObjectsValues() { //get all subobjects ids $subObjectsIds = array(); foreach (array_keys($this->_subfieldValues) as $subFieldID) { if (is_object($this->_subfieldValues[$subFieldID])) { //load poly object $subObjectsIds[] = $this->_subfieldValues[$subFieldID]->getValue(); } } if (is_array($subObjectsIds) && $subObjectsIds) { //get object definition $objectDef = $this->getObjectDefinition(); //create new search to get all DB values for this object and all subobjects $search = new CMS_object_search($objectDef, $this->_public); //limit to this object $search->addWhereCondition('items', $subObjectsIds); //launch search $datas = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_DATAS); unset($search); //then populate object(s) values $this->populateSubObjectsValues($datas); } return true; }
/** * Does given user have the requested clearance for this object ? * This method is pretty heavy, so if it must be used on a lots of objects, prefer usage of a search on those objects, it is much faster. * * @param cms_profile_user $user : the user to check clearance * @param constant $clearance : the requested clearance to check (default : CLEARANCE_MODULE_VIEW) * @param boolean $checkParent : if no categories fields found, check the parent object (if any) to see if it as some (beware this is heavy). Default : false * @return boolean * @access public */ function userHasClearance($user, $clearance = CLEARANCE_MODULE_VIEW, $checkParent = false) { if (!$this->_public || APPLICATION_ENFORCES_ACCESS_CONTROL === true) { //user is an administrator? if ($user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { return true; } //get Object definition $objectDef = $this->getObjectDefinition(); //get module codename $polyModuleCodename = $objectDef->getValue('module'); //check user right on module (check only minimum needed : VIEW, proper right is checked after on category) if (!$user->hasModuleClearance($polyModuleCodename, CLEARANCE_MODULE_VIEW)) { return false; } //object has categories fields ? $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->getObjectID()); $allCategories = array(); if (!$categoriesFields && !$checkParent) { //no categories on object so user has rights return true; } elseif (!$categoriesFields && $checkParent) { //check for module Categories usage if (!CMS_poly_object_catalog::moduleHasCategories($polyModuleCodename)) { //no categories used on module : item is viewvable return true; } //check for a parent for the given object if ($objectParentsIDs = CMS_poly_object_catalog::getParentsObject($this->getObjectID())) { $found = false; //check object for each parent objects found foreach ($objectParentsIDs as $objectParentID => $objectParentFields) { $categoriesFields = CMS_poly_object_catalog::objectHasCategories($objectParentID); if (is_array($categoriesFields) && $categoriesFields) { //load current object definition $object = CMS_poly_object_catalog::getObjectDefinition($objectParentID); foreach ($objectParentFields as $fieldID) { $search = new CMS_object_search($object, $this->_public); $search->addWhereCondition($fieldID, $this->getID()); $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS); $found = $ids ? true : $found; } } } //if one parent was found then object is visible return $found; } else { //no parent object for this object, item is viewvable return true; } } elseif (is_array($categoriesFields) && $categoriesFields) { $search = new CMS_object_search($objectDef, $clearance == CLEARANCE_MODULE_VIEW); $search->addWhereCondition('item', $this->getID()); $search->addWhereCondition("profile", $user); $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS); return $ids ? true : false; } } //user has clearance return true; }
/** * Get search results objects for module by Id * * @param array : the results score ids * @return array : results elements (cms_page) * @access public */ function getSearchResults($resultsIds, &$user) { if (!$resultsIds || !is_array($resultsIds)) { return array(); } $cms_language = $user->getLanguage(); //get results object types $sql = "\n\t\t\tselect\n\t\t\t\tobject_type_id_moo as type, id_moo as id\n\t\t\tfrom\n\t\t\t\tmod_object_polyobjects\n\t\t\twhere\n\t\t\t\tid_moo in (" . sensitiveIO::sanitizeSQLString(implode(',', $resultsIds)) . ")\n\t\t"; $q = new CMS_query($sql); $resultsType = array(); while ($r = $q->getArray()) { $resultsType[$r['type']][] = $r['id']; } $results = array(); foreach ($resultsType as $type => $ids) { //load current object definition $object = CMS_poly_object_catalog::getObjectDefinition($type); //create search object for current object $search = new CMS_object_search($object); $search->addWhereCondition("items", $ids); $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS); //launch search $objectLabel = $object->getLabel($cms_language); // Check if need to use a specific display for search results $resultsDefinition = $object->getValue('resultsDefinition'); if ($resultsDefinition) { $definitionParsing = new CMS_polymod_definition_parsing($resultsDefinition, true, CMS_polymod_definition_parsing::PARSE_MODE); $itemsResourcesFiles = ''; // Add specific css and js files we use the resultsDefinition if (file_exists(PATH_CSS_FS . '/modules/' . $this->getCodename() . '.css')) { $itemsResourcesFiles .= '<link rel="stylesheet" type="text/css" href="' . PATH_CSS_WR . '/modules/' . $this->getCodename() . '.css" />'; } $jsFiles = $this->getJSFiles(); if ($jsFiles) { foreach ($jsFiles as $jsfile) { $itemsResourcesFiles .= '<script type="text/javascript" src="' . $jsfile . '"></script>' . "\n"; } } } else { //load fields objects for object $objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID()); } //loop on results items while ($item = $search->getNextResult()) { //Resource related informations $htmlStatus = $pubRange = ''; $lock = $deleted = $primaryResource = false; if ($object->isPrimaryResource()) { $status = $item->getStatus(); if (is_object($status)) { $htmlStatus = $status->getHTML(false, $user, $this->getCodename(), $item->getID()); $pubRange = $status->getPublicationRange($cms_language); $lock = $item->getLock(); $deleted = $item->getProposedLocation() == RESOURCE_LOCATION_DELETED; } $primaryResource = true; } //Edit $edit = false; if (!$deleted && (!$lock || $lock == $user->getUserId())) { $edit = array('url' => PATH_ADMIN_MODULES_WR . '/' . MOD_POLYMOD_CODENAME . '/item.php', 'type' => 'window', 'params' => array('module' => $this->getCodename(), 'type' => $type, 'item' => $item->getID())); } //Previz $view = false; if ($object->getValue("previewURL")) { $view = array('url' => $item->getPrevizPageURL(), 'type' => 'frame'); } //HTML description $description = POLYMOD_DEBUG ? '<span class="atm-text-alert"> (ID : ' . $item->getID() . ')</span>' : ''; if ($resultsDefinition) { //set execution parameters $parameters = array(); $parameters['module'] = $this->getCodename(); $parameters['objectID'] = $object->getID(); $parameters['public'] = false; $parameters['item'] = $item; $description .= $definitionParsing->getContent(CMS_polymod_definition_parsing::OUTPUT_RESULT, $parameters); if ($itemsResourcesFiles) { $description = $itemsResourcesFiles . $description; } } else { $itemFieldsObjects = $item->getFieldsObjects(); //Add all needed fields to description foreach ($itemFieldsObjects as $fieldID => $itemField) { //if field is a poly object if ($objectFields[$fieldID]->getValue('searchlist')) { $description .= $objectFields[$fieldID]->getLabel($cms_language) . ' : <strong>' . $itemField->getHTMLDescription() . '</strong><br />'; } } } $results[$item->getID()] = array('id' => $item->getID(), 'type' => $objectLabel, 'status' => $htmlStatus, 'pubrange' => $pubRange, 'label' => $item->getLabel(), 'description' => $description, 'resource' => $primaryResource ? array('module' => $this->getCodename(), 'resource' => $item->getID(), 'action' => 'unlock') : false, 'edit' => $edit, 'view' => $view); } } return $results; }
/** * Return a list of all objects names of given type * * @param mixed $objectID the object ID to get names (integer or 'multi|objectID') * @param boolean $public are the needed datas public ? (default false) * @param array $searchConditions, search conditions to add. Format : array(conditionType => conditionValue) * @return array(integer objectID => string objectName) * @access public * @static */ static function getListOfNamesForObject($objectID, $public = false, $searchConditions = array(), $loadSubObjects = false) { static $listNames; $paramsHash = md5(serialize(func_get_args())); if (isset($listNames[$paramsHash])) { return $listNames[$paramsHash]; } $listNames[$paramsHash] = array(); //load current object definition $object = CMS_poly_object_catalog::getObjectDefinition($objectID); //create search $search = new CMS_object_search($object, $public); //add conditions if (is_array($searchConditions) && $searchConditions) { foreach ($searchConditions as $conditionType => $conditionValue) { $search->addWhereCondition($conditionType, $conditionValue); } } //launch search $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_INDIVIDUALS_OBJECTS); //set result mode $mode = $loadSubObjects ? CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTS : CMS_object_search::POLYMOD_SEARCH_RETURN_OBJECTSLIGHT_EDITED; //fetch results while ($item = $search->getNextResult($mode)) { $listNames[$paramsHash][$item->getID()] = $item->getLabel(); } //natsort objects by name case insensitive uasort($listNames[$paramsHash], array('CMS_poly_object_catalog', '_natecasecomp')); return $listNames[$paramsHash]; }
/** * This function is called to catch and launch all FE forms actions * * @param array $formIDs : the forms ids to check for actions * @param integer $pageID : the current page id * @param boolean $public : the data status * @param string $languageCode : the language code used * @param reference array $polymodFormsError : the forms error status to return * @param reference array $polymodFormsItem : reference to the forms item * @return boolean : true on success, false on failure * @access public * @static */ static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems) { global $cms_language, $cms_user; if (!is_array($formIDs)) { return false; } foreach ($formIDs as $formID) { if (io::request('formID') && io::request('formID') == $formID) { if (!isset($cms_language) || $cms_language->getCode() != $languageCode) { $cms_language = new CMS_language($languageCode); } //instanciate item $item = ''; if (io::request('object', 'io::isPositiveInteger', '')) { //check user rights on module $module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object')); //Check user rights //here assume than user should only need the view right on module, because admin right allow Automne administration access if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) { CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module); return false; } //instanciate object $object = CMS_poly_object_catalog::getObjectDefinition(io::request('object')); if ($object && io::request('item', 'io::isPositiveInteger', '')) { $search = new CMS_object_search($object, false); $search->addWhereCondition('item', io::request('item')); $items = $search->search(); if (isset($items[io::request('item')])) { $item = $items[io::request('item')]; } else { $item = new CMS_poly_object($object->getID()); } } else { $item = new CMS_poly_object($object->getID()); } } if (is_object($item) && !$item->hasError()) { //get item fieldsObjects $fieldsObjects =& $item->getFieldsObjects(); //checks and assignments $item->setDebug(false); //first, check mandatory values foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { if (!$item->checkMandatory($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['required'][$fieldID] = $fieldID; } } } //second, set values for all fields foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID . '_' . $fieldID; if (!$item->setValues($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } } } //set publication dates if needed if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) { if ($object->isPrimaryResource()) { // Dates management $dt_beg = new CMS_date(); $dt_beg->setDebug(false); $dt_beg->setFormat($cms_language->getDateFormat()); $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($cms_language->getDateFormat()); if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; } if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_end'; } //if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end if (!$dt_beg->isNull() && !$dt_end->isNull()) { if (CMS_date::compare($dt_beg, $dt_end, '>')) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; $polymodFormsError[$formID]['malformed'][] = 'pub_end'; $dt_set_1 = $dt_set_2 = false; } } if ($dt_set_1 && $dt_set_2) { $item->setPublicationDates($dt_beg, $dt_end); } } } //Check form token if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) { $polymodFormsError[$formID]['error'][] = 'form-token'; return false; } else { //Token is used so expire it CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID); } if (!$polymodFormsError[$formID]) { //save the data if (!$item->writeToPersistence()) { $polymodFormsError[$formID]['error'][] = 'write'; $polymodFormsError[$formID]['filled'] = 0; } else { $polymodFormsError[$formID]['filled'] = 1; //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID; if (function_exists('form_' . $formID) && !$funcName($formID, $item)) { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'callback'; } } //if item is a primary resource, unlock it if ($object->isPrimaryResource()) { $item->unlock(); } } else { $polymodFormsError[$formID]['filled'] = 0; } //save item for later use $polymodFormsItems[$formID] = $item; } else { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'right'; CMS_grandFather::raiseError('No item found or user has no administration rights on item... '); return false; } } } return true; }