/** * Returns the permissions that are currently available to the user in the current * context. If we are in browse mode then permissions are checked against the * current record. Otherwise, permissions are checked against the table. */ function getPermissions($params = array()) { $query =& $this->getQuery(); //switch ($query['-mode']){ // case 'browse': //print_r($_POST); $record = $this->getRecord(); if ($record and is_a($record, 'Dataface_Record')) { //$params = array(); return Dataface_PermissionsTool::getPermissions($record, $params); } else { $table = Dataface_Table::loadTable($query['-table']); //$params = array(); return Dataface_PermissionsTool::getPermissions($table, $params); } // break; //default: // // $table =& Dataface_Table::loadTable($query['-table']); // $params = array(); // return Dataface_PermissionsTool::getPermissions($table, $params); //} }
function toHtml() { $app =& Dataface_Application::getInstance(); $query =& $app->getQuery(); if (isset($query['-sort'])) { $sortcols = explode(',', trim($query['-sort'])); $sort_columns = array(); foreach ($sortcols as $sortcol) { $sortcol = trim($sortcol); if (strlen($sortcol) === 0) { continue; } $sortcol = explode(' ', $sortcol); if (count($sortcol) > 1) { $sort_columns[$sortcol[0]] = strtolower($sortcol[1]); } else { $sort_columns[$sortcol[0]] = 'asc'; } break; } unset($sortcols); // this was just a temp array so we get rid of it here } else { $sort_columns = array(); } // $sort_columns should now be of the form [ColumnName] -> [Direction] // where Direction is "asc" or "desc" if ($this->_resultSet->found() > 0) { if (@$app->prefs['use_old_resultlist_controller']) { ob_start(); df_display(array(), 'Dataface_ResultListController.html'); $controller = ob_get_contents(); ob_end_clean(); } ob_start(); //echo '<div style="clear: both"/>'; if (!defined('Dataface_ResultList_Javascript')) { define('Dataface_ResultList_Javascript', true); echo '<script language="javascript" type="text/javascript" src="' . DATAFACE_URL . '/js/Dataface/ResultList.js"></script>'; } if (!@$app->prefs['hide_result_filters'] and count($this->_filterCols) > 0) { echo $this->getResultFilters(); } unset($query); if (@$app->prefs['use_old_resultlist_controller']) { echo '<div class="resultlist-controller" id="resultlist-controller-top">'; echo $controller; echo "</div>"; } $canSelect = false; if (!@$app->prefs['disable_select_rows']) { $canSelect = Dataface_PermissionsTool::checkPermission('select_rows', Dataface_PermissionsTool::getPermissions($this->_table)); } echo '<table id="result_list" class="listing"> <thead> <tr>'; if ($canSelect) { echo '<th><input type="checkbox" onchange="toggleSelectedRows(this,\'result_list\');"></th>'; } if (!@$app->prefs['disable_ajax_record_details']) { echo ' <th><!-- Expand record column --></th> '; } $results =& $this->getResults(); $perms = array(); $numCols = 0; $rowHeaderHtml = $this->renderRowHeader(); if (isset($rowHeaderHtml)) { echo $rowHeaderHtml; } else { foreach ($this->_columns as $key) { if (in_array($key, $this->_columns)) { if (!($perms[$key] = Dataface_PermissionsTool::checkPermission('list', $this->_table, array('field' => $key)))) { continue; } if (isset($sort_columns[$key])) { $class = 'sorted-column-' . $sort_columns[$key]; $query = array(); $qs_columns = $sort_columns; unset($qs_columns[$key]); $sort_query = $key . ' ' . ($sort_columns[$key] == 'desc' ? 'asc' : 'desc'); foreach ($qs_columns as $qcolkey => $qcolvalue) { $sort_query .= ', ' . $qcolkey . ' ' . $qcolvalue; } } else { $class = 'unsorted-column'; $sort_query = $key . ' asc'; foreach ($sort_columns as $scolkey => $scolvalue) { $sort_query .= ', ' . $scolkey . ' ' . $scolvalue; } } $sq = array('-sort' => $sort_query); $link = Dataface_LinkTool::buildLink($sq); $numCols++; $label = $this->_table->getFieldProperty('column:label', $key); $legend = $this->_table->getFieldProperty('column:legend', $key); if ($legend) { $legend = '<span class="column-legend">' . htmlspecialchars($legend) . '</span>'; } if (!$label) { $label = $this->_table->getFieldProperty('widget:label', $key); } echo "<th class=\"{$class}\"><a href=\"{$link}\">" . htmlspecialchars($label) . "</a> {$legend}</th>"; } } } echo "</tr>\n\t\t\t\t</thead>\n\t\t\t\t<tbody>\n\t\t\t\t"; $cursor = $this->_resultSet->start(); $results->reset(); $baseQuery = array(); foreach ($_GET as $key => $value) { if (strpos($key, '-') !== 0) { $baseQuery[$key] = $value; } } $evenRow = false; while ($results->hasNext()) { $rowClass = $evenRow ? 'even' : 'odd'; $evenRow = !$evenRow; $record =& $results->next(); if (!$record->checkPermission('view')) { $cursor++; unset($record); continue; } $rowClass .= ' ' . $this->getRowClass($record); $query = array_merge($baseQuery, array("-action" => "browse", "-relationship" => null, "-cursor" => $cursor++)); if ($record->checkPermission('link')) { if (@$app->prefs['result_list_use_geturl']) { $link = $record->getURL('-action=view'); } else { $link = Dataface_LinkTool::buildLink($query) . '&-recordid=' . urlencode($record->getId()); } } else { $del =& $record->_table->getDelegate(); if ($del and method_exists($del, 'no_access_link')) { $link = $del->no_access_link($record); } else { $link = null; } } $recordid = $record->getId(); echo "<tr class=\"listing {$rowClass}\">"; if ($canSelect) { echo '<td><input class="rowSelectorCheckbox" id="rowSelectorCheckbox:' . $record->getId() . '" type="checkbox"></td>'; } if (!@$app->prefs['disable_ajax_record_details']) { echo '<td>'; echo '<script language="javascript" type="text/javascript"><!-- registerRecord(\'' . addslashes($recordid) . '\', ' . $record->toJS(array()) . '); //--></script> <img src="' . DATAFACE_URL . '/images/treeCollapsed.gif" onclick="resultList.showRecordDetails(this, \'' . addslashes($recordid) . '\')"/>'; $at =& Dataface_ActionTool::getInstance(); $actions = $at->getActions(array('category' => 'list_row_actions', 'record' => &$record)); //print_r($actions); if (count($actions) > 0) { echo ' <span class="row-actions">'; foreach ($actions as $action) { echo '<a href="' . htmlspecialchars($action['url']) . '" class="' . htmlspecialchars($action['class']) . ' ' . (@$action['icon'] ? 'with-icon' : '') . '" ' . (@$action['icon'] ? ' style="' . htmlspecialchars('background-image: url(' . $action['icon'] . ')') . '"' : '') . (@$action['target'] ? ' target="' . htmlspecialchars($action['target']) . '"' : '') . ' title="' . htmlspecialchars(@$action['description'] ? $action['description'] : $action['label']) . '"><span>' . htmlspecialchars($action['label']) . '</span></a> '; } echo '</span>'; } echo '</td>'; unset($at, $actions); } $rowContentHtml = $this->renderRow($record); if (isset($rowContentHtml)) { echo $rowContentHtml; } else { //$expandTree=false; // flag to indicate when we added the expandTree button //if ( @$app->prefs['enable_ajax_record_details'] === 0 ){ // $expandTree = true; //} foreach ($this->_columns as $key) { $thisField =& $record->_table->getField($key); if (!$perms[$key]) { continue; } $val = $this->renderCell($record, $key); if ($record->checkPermission('edit', array('field' => $key)) and !$record->_table->isMetaField($key)) { $editable_class = 'df__editable_wrapper'; } else { $editable_class = ''; } if (!@$thisField['noLinkFromListView'] and $link and $val) { $val = "<a href=\"{$link}\" class=\"unmarked_link\">" . $val . "</a>"; $editable_class = ''; } else { } if (@$thisField['noEditInListView']) { $editable_class = ''; } echo "<td id=\"td-" . rand() . "\" class=\"{$rowClass} {$editable_class}\"> {$val}</td>"; unset($thisField); } } echo "</tr>"; echo "<tr class=\"listing {$rowClass}\" style=\"display:none\" id=\"{$recordid}-row\">"; if ($canSelect) { echo "<td><!--placeholder for checkbox col --></td>"; } echo "<td colspan=\"" . ($numCols + 1) . "\" id=\"{$recordid}-cell\"></td>\n\t\t\t\t\t </tr>"; unset($record); } if (@$app->prefs['enable_resultlist_add_row']) { echo "<tr id=\"add-new-row\" df:table=\"" . htmlspecialchars($this->_table->tablename) . "\">"; if ($canSelect) { $colspan = 2; } else { $colspan = 1; } echo "<td colspan=\"{$colspan}\"><script language=\"javascript\">require(DATAFACE_URL+'/js/addable.js')</script><a href=\"#\" onclick=\"df_addNew('add-new-row');return false;\">" . df_translate('scripts.GLOBAL.LABEL_ADD_ROW', "Add Row") . "</a></td>"; foreach ($this->_columns as $key) { echo "<td><span df:field=\"" . htmlspecialchars($key) . "\"></span></td>"; } echo "</tr>"; } echo "</tbody>\n\t\t\t\t</table>"; if ($canSelect) { echo '<form id="result_list_selected_items_form" method="post" action="' . df_absolute_url(DATAFACE_SITE_HREF) . '">'; $app =& Dataface_Application::getInstance(); $q =& $app->getQuery(); foreach ($q as $key => $val) { if (strlen($key) > 1 and $key[0] == '-' and $key[1] == '-') { continue; } echo '<input type="hidden" name="' . urlencode($key) . '" value="' . htmlspecialchars($val) . '" />'; } echo '<input type="hidden" name="--selected-ids" id="--selected-ids" />'; echo '<input type="hidden" name="-from" id="-from" value="' . $q['-action'] . '" />'; echo '<input type="hidden" name="--redirect" value="' . base64_encode($app->url('')) . '" />'; echo '</form>'; import('Dataface/ActionTool.php'); $at =& Dataface_ActionTool::getInstance(); $actions = $at->getActions(array('category' => 'selected_result_actions')); if (count($actions) > 0) { echo '<div id="selected-actions">' . df_translate('scripts.Dataface_ResultList.MESSAGE_WITH_SELECTED', "With Selected") . ': <ul class="selectedActionsMenu" id="result_list-selectedActionsMenu">'; foreach ($actions as $action) { $img = ''; if (@$action['icon']) { $img = '<img src="' . $action['icon'] . '"/>'; } if (!@$action['onclick'] and !$action['url']) { $action['onclick'] = "return actOnSelected('result_list', '" . @$action['name'] . "'" . (@$action['confirm'] ? ", function(){return confirm('" . addslashes($action['confirm']) . "');}" : "") . ")"; } echo <<<END \t\t\t\t\t\t<li id="action-{$action['id']}"><a href="{$action['url']}" onclick="{$action['onclick']}" title="{$action['description']}">{$img}{$action['label']}</a></li> END; } echo '</ul></div>'; } } if (@$app->prefs['use_old_resultlist_controller']) { echo '<div class="resultlist-controller" id="resultlist-controller-bottom">'; echo $controller; echo '</div>'; } $out = ob_get_contents(); ob_end_clean(); } else { if (@$app->prefs['use_old_resultlist_controller']) { ob_start(); df_display(array(), 'Dataface_ResultListController.html'); $out = ob_get_contents(); ob_end_clean(); } else { $out = ''; } $out .= "<p style=\"clear:both\">" . df_translate('scripts.GLOBAL.MESSAGE_NO_MATCH', "No records matched your request.") . "</p>"; } return $out; }
/** * @brief Returns the permissions that are currently available to the user in the current * context. If we are in browse mode then permissions are checked against the * current record. Otherwise, permissions are checked against the table. * * This will first try to get the permissions on the current record (as retrieved via * getRecord()), and if no record is currently selected, it will get the permissions * on the current table. * * @param array $params Parameters that can be passed to getPermissions to specify * a particular field or relationship. * @returns array Array of permissions / permissions matrix. * * @see Dataface_Record::getPermissions() * @see Dataface_Table::getPermissions() * @see checkPermission() */ function getPermissions($params = array()) { $query =& $this->getQuery(); $record = $this->getRecord(); if (@$query['-relationship']) { $params['relationship'] = $query['-relationship']; } if ($record and is_a($record, 'Dataface_Record')) { //$params = array(); return Dataface_PermissionsTool::getPermissions($record, $params); } else { $table = Dataface_Table::loadTable($query['-table']); //$params = array(); return Dataface_PermissionsTool::getPermissions($table, $params); } }