/** * edit category for a simple, non-recursive set of categories */ public function edit() { $docroot = FormUtil::getPassedValue('dr', 0); $cid = FormUtil::getPassedValue('cid', 0); $url = ModUtil::url('Categories', 'user', 'edit', array('dr' => $docroot)); if (!SecurityUtil::checkPermission('Categories::category', "ID::$docroot", ACCESS_EDIT)) { return LogUtil::registerPermissionError($url); } $referer = System::serverGetVar('HTTP_REFERER'); if (strpos($referer, 'module=Categories') === false) { SessionUtil::setVar('categories_referer', $referer); } $rootCat = array(); $allCats = array(); $editCat = array(); if (!$docroot) { return LogUtil::registerError($this->__("Error! The URL contains an invalid 'document root' parameter."), null, $url); } if ($docroot == 1) { return LogUtil::registerError($this->__("Error! The root directory cannot be modified in 'user' mode"), null, $url); } if (is_int((int)$docroot) && $docroot > 0) { $rootCat = CategoryUtil::getCategoryByID($docroot); } else { $rootCat = CategoryUtil::getCategoryByPath($docroot); if (!$rootCat) { $rootCat = CategoryUtil::getCategoryByPath($docroot, 'ipath'); } } // now check if someone is trying edit another user's categories $userRoot = $this->getVar('userrootcat', 0); if ($userRoot) { $userRootCat = CategoryUtil::getCategoryByPath($userRoot); if ($userRootCat) { $userRootCatIPath = $userRootCat['ipath']; $rootCatIPath = $rootCat['ipath']; if (strpos($rootCatIPath, $userRootCatIPath) !== false) { if (!SecurityUtil::checkPermission('Categories::category', "ID::$docroot", ACCESS_ADMIN)) { $thisUserRootCategoryName = ModUtil::apiFunc('Categories', 'user', 'getusercategoryname'); $thisUserRootCatPath = $userRootCat['path'] . '/' . $thisUserRootCategoryName; $userRootCatPath = $userRootCat['path']; $rootCatPath = $rootCat['path']; if (strpos($rootCatPath, $userRootCatPath) === false) { //! %s represents the root path (id), passed in the url return LogUtil::registerError($this->__f("Error! It looks like you are trying to edit another user's categories. Only site administrators can do that (%s).", $docroot), null, $url); } } } } } if ($cid) { $editCat = CategoryUtil::getCategoryByID($cid); if ($editCat['is_locked']) { //! %1$s is the id, %2$s is the name return LogUtil::registerError($this->__f('Notice: The administrator has locked the category \'%2$s\' (ID \'%$1s\'). You cannot edit or delete it.', array($cid, $editCat['name'])), null, $url); } } if (!$rootCat) { return LogUtil::registerError($this->__f("Error! Cannot access root directory (%s).", $docroot), null, $url); } if ($editCat && !$editCat['is_leaf']) { return LogUtil::registerError($this->__f('Error! The specified category is not a leaf-level category (%s).', $cid), null, $url); } if ($editCat && !CategoryUtil::isDirectSubCategory($rootCat, $editCat)) { return LogUtil::registerError($this->__f('Error! The specified category is not a child of the document root (%1$s; %2$s).', array($docroot, $cid)), null, $url); } $allCats = CategoryUtil::getSubCategoriesForCategory($rootCat, false, false, false, true, true); $attributes = isset($editCat['__ATTRIBUTES__']) ? $editCat['__ATTRIBUTES__'] : array(); $languages = ZLanguage::getInstalledLanguages(); $this->view->setCaching(Zikula_View::CACHE_DISABLED); return $this->view->assign('rootCat', $rootCat) ->assign('category', $editCat) ->assign('attributes', $attributes) ->assign('allCats', $allCats) ->assign('languages', $languages) ->assign('userlanguage', ZLanguage::getLanguageCode()) ->assign('referer', SessionUtil::getVar('categories_referer')) ->fetch('categories_user_edit.tpl'); }