function buildPermissionsArray($force = 0, $down = 0) { if (!$force && $this->builtPermissions) { return; } $scope = get_class($this); $site = $this->owning_site; $id = $this->id; // the SQL queries for obtaining the permissions vary with the scope type. Thus, we have 4 cases, 1 for each scope type. // editors can be either institute, everyone, a username or a ugroup name // we need two queries for any one scope // CASE 1: scope is SITE if ($scope == 'site') { $query = "\nSELECT\n\tuser_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\tMAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\nFROM\n\tsite\n\t\tINNER JOIN\n\tsite_editors ON\n\t\tsite_id = " . $this->id . "\n\t\t\tAND\n\t\tsite_id = FK_site\n\t\tLEFT JOIN\n\tuser ON\n\t\tsite_editors.FK_editor = user_id\n\t\tLEFT JOIN\n\tugroup ON\n\t\tsite_editors.FK_editor = ugroup_id\n\t\tLEFT JOIN\n\tpermission ON\n\t\tsite_id = FK_scope_id\n\t\t\tAND\n\t\tpermission_scope_type = 'site'\n\t\t\tAND\n\t\tpermission.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tpermission_editor_type = site_editors_type\n"; } else { if ($scope == 'section') { $query = "\nSELECT\n\tuser_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\tMAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\nFROM\n\tsite\n\t\tINNER JOIN\n\tsection\n\t\tON site_id = section.FK_site\n\t\t\tAND\n\t\tsection_id = " . $this->id . "\n\t\tINNER JOIN\n\tsite_editors ON\n\t\tsite_id = site_editors.FK_site\n\t\tLEFT JOIN\n\tuser ON\n\t\tsite_editors.FK_editor = user_id\n\t\tLEFT JOIN\n\tugroup ON\n\t\tsite_editors.FK_editor = ugroup_id\n\t\tLEFT JOIN\n\tpermission as p1 ON\n\t\tsite_id = p1.FK_scope_id\n\t\t\tAND\n\t\tp1.permission_scope_type = 'site'\n\t\t\tAND\n\t\tp1.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tp1.permission_editor_type = site_editors_type\n\t\tLEFT JOIN \n\tpermission as p2 ON\n\t\tsection_id = p2.FK_scope_id\n\t\t\tAND\n\t\tp2.permission_scope_type = 'section'\n\t\t\tAND\n\t\tp2.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tp2.permission_editor_type = site_editors_type\n"; } else { if ($scope == 'page') { $query = "\nSELECT\n\tuser_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\tMAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0) | IFNULL((p3.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\nFROM\n\tsite\n\t\tINNER JOIN\n\tsection\n\t\tON site_id = section.FK_site\n\t\tINNER JOIN\n\tpage\n\t\tON section_id = page.FK_section\n\t\t\tAND\n\t\tpage_id = " . $this->id . "\n\t\tINNER JOIN\n\tsite_editors ON\n\t\tsite_id = site_editors.FK_site\n\t\tLEFT JOIN\n\tuser ON\n\t\tsite_editors.FK_editor = user_id\n\t\tLEFT JOIN\n\tugroup ON\n\t\tsite_editors.FK_editor = ugroup_id\n\t\tLEFT JOIN\n\tpermission as p1 ON\n\t\tsite_id = p1.FK_scope_id\n\t\t\tAND\n\t\tp1.permission_scope_type = 'site'\n\t\t\tAND\n\t\tp1.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tp1.permission_editor_type = site_editors_type\n\t\tLEFT JOIN \n\tpermission as p2 ON\n\t\tsection_id = p2.FK_scope_id\n\t\t\tAND\n\t\tp2.permission_scope_type = 'section'\n\t\t\tAND\n\t\tp2.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tp2.permission_editor_type = site_editors_type\n\t\tLEFT JOIN\n\tpermission as p3 ON\n\t\tpage_id = p3.FK_scope_id\n\t\t\tAND\n\t\tp3.permission_scope_type = 'page'\n\t\t\tAND\n\t\tp3.FK_editor <=> site_editors.FK_editor\n\t\t\tAND\n\t\tp3.permission_editor_type = site_editors_type\n"; } else { if ($scope == 'story') { $query = "\n\t\t\t\tSELECT\n\t\t\t\t\tuser_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\t\t\t\t\tMAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0) | IFNULL((p3.permission_value+0),0) | IFNULL((p4.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\n\t\t\t\tFROM\n\t\t\t\t\tsite\n\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\tsection\n\t\t\t\t\t\tON site_id = section.FK_site\n\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\tpage\n\t\t\t\t\t\tON section_id = page.FK_section\n\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\tstory\n\t\t\t\t\t\tON page_id = story.FK_page\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tstory_id = '" . addslashes($this->id) . "'\n\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\tsite_editors ON\n\t\t\t\t\t\tsite_id = site_editors.FK_site\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\tuser ON\n\t\t\t\t\t\tsite_editors.FK_editor = user_id\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\tugroup ON\n\t\t\t\t\t\tsite_editors.FK_editor = ugroup_id\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\tpermission as p1 ON\n\t\t\t\t\t\tsite_id = p1.FK_scope_id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp1.permission_scope_type = 'site'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp1.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp1.permission_editor_type = site_editors_type\n\t\t\t\t\t\tLEFT JOIN \n\t\t\t\t\tpermission as p2 ON\n\t\t\t\t\t\tsection_id = p2.FK_scope_id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp2.permission_scope_type = 'section'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp2.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp2.permission_editor_type = site_editors_type\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\tpermission as p3 ON\n\t\t\t\t\t\tpage_id = p3.FK_scope_id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp3.permission_scope_type = 'page'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp3.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp3.permission_editor_type = site_editors_type\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\tpermission as p4 ON\n\t\t\t\t\t\tstory_id = p4.FK_scope_id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp4.permission_scope_type = 'story'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp4.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\tp4.permission_editor_type = site_editors_type\n\t\t\t\t"; } } } } // execute the query // echo $query; $r = db_query($query); //echo "Query result: ".$r."<br />"; // reset the editor array if ($r) { $this->editors = array(); $this->permissions = array(); } // for every permisson entry, add it to the permissions array while ($row = db_fetch_assoc($r)) { // decode 'final_permissions'; // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc. $a = array(); $dbPerms = explode(",", $row[permissions]); $a[v] = in_array('v', $dbPerms); $a[a] = in_array('a', $dbPerms); $a[e] = in_array('e', $dbPerms); $a[d] = in_array('d', $dbPerms); $a[di] = in_array('di', $dbPerms); // Trash the db perms variable. $dbPerms = NULL; unset($dbPerms); // if the editor is a user then the editor's name is just the user name // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly if ($row[editor_type] == 'user') { $t_editor = $row[editor]; } else { if ($row[editor_type] == 'ugroup') { $t_editor = $row[editor2]; } else { $t_editor = $row[editor_type]; } } // Everyone and institute can't have add, edit, or delete permissions. // Somehow, these were added sometimes. If this is the case, prevent // these from being set and reset those for the site. if ($t_editor == 'everyone' || $t_editor == 'institute') { // If we have a bad permission, do cleanup. if ($a[a] || $a[e] || $a[d]) { // Make sure that zeros get passed on. $a[a] = 0; $a[e] = 0; $a[d] = 0; // Clean up the permissions $this->owningSiteObj->setUserPermissionDown('add', $t_editor, 0); $this->owningSiteObj->setUserPermissionDown('edit', $t_editor, 0); $this->owningSiteObj->setUserPermissionDown('delete', $t_editor, 0); $this->owningSiteObj->updatePermissionsDB(TRUE); } } // echo "<br /><br />Editor: $t_editor; Add: $a[a]; Edit: $a[e]; Delete: $a[d]; View: $a[v]; Discuss: $a[di];"; // set the permissions for this editor // $this->permissions[strtolower($t_editor)] = array( $this->permissions[$t_editor] = array(permissions::ADD() => $a[a] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::ADD()], permissions::EDIT() => $a[e] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::EDIT()], permissions::DELETE() => $a[d] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::DELETE()], permissions::VIEW() => $a[v] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::VIEW()], permissions::DISCUSS() => $a[di] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::DISCUSS()]); // now add the editor to the editor array // $this->editors[]=strtolower($t_editor); if ($t_editor) { $this->editors[] = $t_editor; } } // print_r($this->permissions); $this->builtPermissions = 1; if ($down) { $ar = $this->_object_arrays[$scope]; if ($ar) { $a =& $this->{$ar}; if ($a) { foreach ($a as $i => $o) { $a[$i]->buildPermissionsArray($force, $down); } } } } }
function fetchSiteAtOnceForeverAndEverAndDontForgetThePermissionsAsWell_Amen($_section_id = 0, $_page_id = 0, $quick = false) { if ($this->site_does_not_exist) { return false; } if ($this->fetched_forever_and_ever) { return $this->id; } // no $full or $force here, always fetch everything, be strong and stubborn damnit! // connect to db and initialize data array global $dbuser, $dbpass, $dbdb, $dbhost; db_connect($dbhost, $dbuser, $dbpass, $dbdb); // delete temporary tables if they already exist $query = "DROP TABLE IF EXISTS t_sites"; db_query($query); $query = "DROP TABLE IF EXISTS t_sections"; db_query($query); $query = "DROP TABLE IF EXISTS t_pages"; db_query($query); $query = "DROP TABLE IF EXISTS t_stories"; db_query($query); // now, create the temporary tables. each table stores all siteunit ids for this site. // all stories for this site $query = "\n\t\t\tCREATE TEMPORARY TABLE t_stories(\n\t\t\t\tUNIQUE uniq (site_id,section_id,page_id,story_id),\n\t\t\t\tKEY site_id (site_id),\n\t\t\t\tKEY section_id (section_id),\n\t\t\t\tKEY page_id (page_id),\n\t\t\t\tKEY story_id (story_id)\n\t\t\t) TYPE=MyISAM\n\t\t\tSELECT\n\t\t\t\tsite_id, section_id, page_id, story_id, section_order, page_order, story_order\n\t\t\tFROM\n\t\t\t\tsite\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tsection ON FK_site = site_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tpage ON FK_section = section_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tstory ON FK_page = page_id\n\t\t\tWHERE\n\t\t\t\tsite_id = '" . addslashes($this->id) . "' \n\t\t"; db_query($query); // all pages for this site $query = "\n\t\t\tCREATE TEMPORARY TABLE t_pages (\n\t\t\t\tUNIQUE uniq (site_id, section_id, page_id),\n\t\t\t\tKEY site_id (site_id),\n\t\t\t\tKEY section_id (section_id),\n\t\t\t\tKEY page_id (page_id)\n\t\t\t)\n\t\t\tSELECT\n\t\t\t\tDISTINCT site_id, section_id, page_id, section_order, page_order\n\t\t\tFROM\n\t\t\t\tt_stories\n\t\t"; db_query($query); // all sections for this site $query = "\n\t\t\tCREATE TEMPORARY TABLE t_sections (\n\t\t\t\tUNIQUE uniq (site_id, section_id),\n\t\t\t\tKEY site_id (site_id),\n\t\t\t\tKEY section_id (section_id)\n\t\t\t)\n\t\t\tSELECT\n\t\t\t\tDISTINCT site_id, section_id, section_order\n\t\t\tFROM\n\t\t\t\tt_pages\n\t\t"; db_query($query); // all sites for this site, i.e. just this site $query = "\n\t\t\tCREATE TEMPORARY TABLE t_sites (\n\t\t\t\tUNIQUE uniq (site_id),\n\t\t\t\tKEY site_id (site_id)\n\t\t\t)\n\t\t\tSELECT\n\t\t\t\tDISTINCT site_id\n\t\t\tFROM\n\t\t\t\tt_sections\n\t\t"; db_query($query); // create the object hierarchy $this->data = array(); $query = "SELECT site_id, section_id FROM t_sections ORDER BY section_order"; $r = db_query($query); while ($a = db_fetch_assoc($r)) { if ($a[section_id] != null) { $section =& new section($this->name, $a[section_id], $this); $this->sections[$a[section_id]] =& $section; $this->data[sections][] = $a[section_id]; $this->fetched[sections] = 1; } } $query = "SELECT site_id, section_id, page_id FROM t_pages ORDER BY\tpage_order"; $r = db_query($query); while ($a = db_fetch_assoc($r)) { if ($a[section_id] != null && $a[page_id] != null) { $section =& $this->sections[$a[section_id]]; $page =& new page($this->name, $a[section_id], $a[page_id], $section); $section->pages[$a[page_id]] =& $page; $section->data[pages][] = $a[page_id]; $section->fetched[pages] = 1; } } $query = "SELECT site_id, section_id, page_id, story_id FROM t_stories ORDER BY\tstory_order"; $r = db_query($query); while ($a = db_fetch_assoc($r)) { if ($a[section_id] != null && $a[page_id] != null && $a[story_id] != null) { $section =& $this->sections[$a[section_id]]; $page =& $section->pages[$a[page_id]]; $story =& new story($this->name, $a[section_id], $a[page_id], $a[story_id], $page); $page->stories[$a[story_id]] =& $story; $page->data[stories][] = $a[story_id]; $page->fetched[stories] = 1; } } // first, fetch the site $query = "\n\t\t\tSELECT site_title AS title, DATE_FORMAT(site_activate_tstamp, '%Y-%m-%d') AS activatedate, DATE_FORMAT(site_deactivate_tstamp, '%Y-%m-%d') AS deactivatedate,\n\t\t\t\t\tsite_active AS active, site_listed AS listed, " . ($quick ? "" : "site_theme AS theme, site_themesettings AS themesettings, site_header AS header, site_footer AS footer, ") . "site_updated_tstamp AS editedtimestamp, site_created_tstamp AS addedtimestamp,\n\t\t\t\t\tuser_createdby.user_uname AS addedby, user_updatedby.user_uname AS editedby, slot_name as name, slot_type AS type\n\t\t\tFROM \n\t\t\t\tt_sites\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsite\n\t\t\t\t\tON t_sites.site_id = site.site_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_createdby\n\t\t\t\t\tON FK_createdby = user_createdby.user_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_updatedby\n\t\t\t\t\tON FK_updatedby = user_updatedby.user_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tslot\n\t\t\t\t\tON site.site_id = slot.FK_site\n\t\t"; $r = db_query($query); $a = db_fetch_assoc($r); array_change_key_case($a); // make all keys lower case // for each field returned by the query foreach ($a as $field => $value) { // make sure we have defined this field in the _allfields array if (in_array($field, $this->_allfields)) { // decode if necessary if (in_array($field, $this->_encode)) { $value = stripslashes(urldecode($value)); } $this->data[$field] = $value; $this->fetched[$field] = 1; } else { echo "ERROR: field {$field} not in _allfields!!!<br />"; } } $this->fetcheddown = 1; $this->fetched_forever_and_ever = 1; // now, create section objects and fetch them $query = "\n\t\t\tSELECT \n\t\t\t\tsection.section_id AS section_id" . ($quick ? " " : ", section_display_type AS type, section_title AS title, DATE_FORMAT(section_activate_tstamp, '%Y-%m-%d') AS activatedate, DATE_FORMAT(section_deactivate_tstamp, '%Y-%m-%d') AS deactivatedate,\n\t\t\t\tsection_active AS active, section_locked AS locked, section_updated_tstamp AS editedtimestamp,\n\t\t\t\tsection_created_tstamp AS addedtimestamp,\n\t\t\t\tuser_createdby.user_uname AS addedby, user_updatedby.user_uname AS editedby, '" . addslashes($this->name) . "' as site_id,\n\t\t\t\tmedia_tag AS url ") . "FROM \n\t\t\t\tt_sections\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsection\n\t\t\t\t\tON t_sections.section_id = section.section_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_createdby\n\t\t\t\t\tON section.FK_createdby = user_createdby.user_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_updatedby\n\t\t\t\t\tON section.FK_updatedby = user_updatedby.user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tmedia\n\t\t\t\t\tON FK_media = media_id\n\t\t"; $r = db_query($query); while ($a = db_fetch_assoc($r)) { $section =& $this->sections[$a[section_id]]; foreach ($a as $field => $value) { // make sure we have defined this field in the _allfields array if ($field == 'section_id' || in_array($field, $section->_allfields)) { // decode if necessary if (in_array($field, $section->_encode)) { $value = stripslashes(urldecode($value)); } $section->data[$field] = $value; $section->fetched[$field] = 1; } else { echo "ERROR: field {$field} not in _allfields!!!<br />"; } } $section->fetcheddown = 1; $section->fetched_forever_and_ever = 1; } // now, create page objects and fetch them $query = "\n\t\t\tSELECT\n\t\t\t\tt_pages.section_id AS section_id, page.page_id AS page_id" . ($quick ? " " : ", \n\t\t\t\tpage_display_type AS type, \n\t\t\t\tpage_title AS title, \n\t\t\t\tpage_text AS text, \n\t\t\t\tDATE_FORMAT(page_activate_tstamp, '%Y-%m-%d') AS activatedate, \n\t\t\t\tDATE_FORMAT(page_deactivate_tstamp, '%Y-%m-%d') AS deactivatedate,\n\t\t\t\tpage_active AS active, \n\t\t\t\tpage_story_order AS storyorder, \n\t\t\t\tpage_show_creator AS showcreator, \n\t\t\t\tpage_show_date AS showdate, \n\t\t\t\tpage_show_hr AS showhr,\t\n\t\t\t\tpage_archiveby AS archiveby, \n\t\t\t\tpage_locked AS locked,\n\t\t\t\tpage_updated_tstamp AS editedtimestamp, \n\t\t\t\tpage_created_tstamp AS addedtimestamp,\n\t\t\t\tpage_ediscussion AS ediscussion,\n\t\t\t\tuser_createdby.user_uname AS addedby, \n\t\t\t\tuser_updatedby.user_uname AS editedby, \n\t\t\t\t'" . addslashes($this->name) . "' as site_id, \n\t\t\t\tmedia_tag AS url, \n\t\t\t\tpage_location AS location,\n\t\t\t\tpage_show_editor AS showeditor") . "\n\t\t\tFROM \n\t\t\t\tt_pages\n\t\t\t\t\tINNER JOIN \n\t\t\t\tpage\n\t\t\t\t\tON t_pages.page_id = page.page_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_createdby\n\t\t\t\t\tON page.FK_createdby = user_createdby.user_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_updatedby\n\t\t\t\t\tON page.FK_updatedby = user_updatedby.user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tmedia\n\t\t\t\t\tON page.FK_media = media_id\n\t\t"; if ($_section_id) { $query = $query . " WHERE section_id = '" . addslashes($_section_id) . "'"; } $r = db_query($query); while ($a = db_fetch_assoc($r)) { array_change_key_case($a); // make all keys lower case $page =& $this->sections[$a[section_id]]->pages[$a[page_id]]; foreach ($a as $field => $value) { // make sure we have defined this field in the _allfields array if ($field == 'page_id' || in_array($field, $page->_allfields)) { // decode if necessary if (in_array($field, $page->_encode)) { $value = stripslashes(urldecode($value)); } $page->data[$field] = $value; $page->fetched[$field] = 1; } else { echo "ERROR: field {$field} not in _allfields!!!<br />"; } } $page->fetcheddown = 1; $page->fetched_forever_and_ever = 1; } // now, create story objects and fetch them $query = "\n\t\t\tSELECT\n\t\t\t\tt_stories.section_id AS section_id, \n\t\t\t\tt_stories.page_id AS page_id, \n\t\t\t\tstory.story_id AS story_id" . ($quick ? " " : ", story_display_type AS type, \n\t\t\t\tstory_title AS title, \n\t\t\t\tDATE_FORMAT(story_activate_tstamp, '%Y-%m-%d') AS activatedate, \n\t\t\t\tDATE_FORMAT(story_deactivate_tstamp, '%Y-%m-%d') AS deactivatedate,\n\t\t\t\tstory_active AS active, \n\t\t\t\tstory_locked AS locked, \n\t\t\t\tstory_updated_tstamp AS editedtimestamp, \n\t\t\t\tstory_created_tstamp AS addedtimestamp,\n\t\t\t\tstory_discussable AS discuss, \n\t\t\t\tstory_discussemail AS discussemail,\n\t\t\t\tstory_discusslabel AS discusslabel,\n\t\t\t\tstory_discussdisplay AS discussdisplay, \n\t\t\t\tstory_discussauthor AS discussauthor, \n\t\t\t\tstory_category AS category, \n\t\t\t\tstory_text_type AS texttype, \n\t\t\t\tstory_text_short AS shorttext,\n\t\t\t\tstory_text_long AS longertext,\n\t\t\t\tmedia_tag AS url,\n\t\t\t\tuser_createdby.user_uname AS addedby, \n\t\t\t\tuser_updatedby.user_uname AS editedby, \n\t\t\t\t'" . $this->name . "' as site_id ") . "FROM\n\t\t\t\tt_stories\n\t\t\t\t\tINNER JOIN\n\t\t\t\tstory\n\t\t\t\t\tON t_stories.story_id = story.story_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_createdby\n\t\t\t\t\tON story.FK_createdby = user_createdby.user_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tuser AS user_updatedby\n\t\t\t\t\tON story.FK_updatedby = user_updatedby.user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tmedia\n\t\t\t\t\tON story.FK_media = media_id\t\t\n\t\t"; if ($_section_id) { $query = $query . " WHERE section_id = '" . addslashes($_section_id) . "'"; if ($_page_id) { $query = $query . " AND page_id = '" . addslashes($_page_id) . "'"; } } $r = db_query($query); while ($a = db_fetch_assoc($r)) { array_change_key_case($a); // make all keys lower case $story =& $this->sections[$a[section_id]]->pages[$a[page_id]]->stories[$a[story_id]]; foreach ($a as $field => $value) { // make sure we have defined this field in the _allfields array if ($field == 'story_id' || in_array($field, $story->_allfields)) { // decode if necessary if (in_array($field, $story->_encode)) { $value = stripslashes(urldecode($value)); } $story->data[$field] = $value; $story->fetched[$field] = 1; } else { echo "ERROR: field {$field} not in _allfields!!!<br />"; } } $story->fetcheddown = 1; $story->fetched_forever_and_ever = 1; } $query = "\n\t\t\tSELECT\n\t\t\t\tuser_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\t\t\t\tMAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\n\t\t\tFROM\n\t\t\t\tt_sites\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsite_editors ON\n\t\t\t\t\tsite_id = FK_site\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tuser\n\t\t\t\t\tON site_editors.FK_editor = user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tugroup\n\t\t\t\t\tON site_editors.FK_editor = ugroup_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tpermission ON\n\t\t\t\t\tsite_id = FK_scope_id\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_scope_type = 'site'\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_editor_type = site_editors_type\n\t\t"; $r = db_query($query); $this->editors = array(); $this->permissions = array(); $this->cachedPermissions = array(); // for every permisson entry, add it to the permissions array while ($row = db_fetch_assoc($r)) { // decode 'final_permissions'; // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc. $a = array(); $a[a] = strpos($row[permissions], 'a') !== false ? 1 : 0; // look for 'a' in 'final_permissions' $a[e] = strpos($row[permissions], 'e') !== false ? 1 : 0; // !== is very important here, because a position 0 is interpreted by != as FALSE $a[d] = strpos($row[permissions], 'd') !== false && strpos($row[permissions], 'd') !== strpos($row[permissions], 'di') ? 1 : 0; $a[v] = strpos($row[permissions], 'v') !== false ? 1 : 0; $a[di] = strpos($row[permissions], 'di') !== false ? 1 : 0; // if the editor is a user then the editor's name is just the user name // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly if ($row[editor_type] == 'user') { $t_editor = $row[editor]; } else { if ($row[editor_type] == 'ugroup') { $t_editor = $row[editor2]; } else { $t_editor = $row[editor_type]; } } // echo "<br /><br />Editor: $t_editor; Add: $a[a]; Edit: $a[e]; Delete: $a[d]; View: $a[v]; Discuss: $a[di]; On the Site"; // set the permissions for this editor $this->permissions[$t_editor] = array(permissions::ADD() => $a[a] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::ADD()], permissions::EDIT() => $a[e] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::EDIT()], permissions::DELETE() => $a[d] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::DELETE()], permissions::VIEW() => $a[v] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::VIEW()], permissions::DISCUSS() => $a[di] || $this->permissions[$t_editor] && $this->permissions[$t_editor][permissions::DISCUSS()]); if ($a[v]) { $this->canview[$t_editor] = 1; } /* $this->cachedPermissions = array( $t_editor."ADD"=>$a[a], $t_editor."EDIT"=>$a[e], $t_editor."DELETE"=>$a[d], $t_editor."VIEW"=>$a[v], $t_editor."DISCUSS"=>$a[di] );*/ // now add the editor to the editor array $this->editors[] = $t_editor; } // now, inherit the permissions to the children foreach (array_keys($this->sections) as $key => $section_id) { $this->sections[$section_id]->editors = $this->editors; $this->sections[$section_id]->permissions = $this->permissions; } $this->builtPermissions = 1; $query = "\n\t\t\tSELECT\n\t\t\t\tsection_id, user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\t\t\t\tMAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\n\t\t\tFROM\n\t\t\t\tt_sections\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsite_editors ON\n\t\t\t\t\tsite_id = site_editors.FK_site\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tuser ON\n\t\t\t\t\tsite_editors.FK_editor = user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tugroup ON\n\t\t\t\t\tsite_editors.FK_editor = ugroup_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tpermission ON\n\t\t\t\t\tsection_id = FK_scope_id\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_scope_type = 'section'\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_editor_type = site_editors_type\n\t\t"; $r = db_query($query); // for every permisson entry, add it to the permissions array while ($row = db_fetch_assoc($r)) { // decode 'final_permissions'; // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc. $a = array(); if (strpos($row[permissions], 'a') !== false) { $a[permissions::ADD()] = 1; } // look for 'a' in 'final_permissions' if (strpos($row[permissions], 'e') !== false) { $a[permissions::EDIT()] = 1; } // !== is very important here, because a position 0 is interpreted by != as FALSE if (strpos($row[permissions], 'd') !== false && strpos($row[permissions], 'd') !== strpos($row[permissions], 'di')) { $a[permissions::DELETE()] = 1; } if (strpos($row[permissions], 'v') !== false) { $a[permissions::VIEW()] = 1; } if (strpos($row[permissions], 'di') !== false) { $a[permissions::DISCUSS()] = 1; } // if the editor is a user then the editor's name is just the user name // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly if ($row[editor_type] == 'user') { $t_editor = $row[editor]; } else { if ($row[editor_type] == 'ugroup') { $t_editor = $row[editor2]; } else { $t_editor = $row[editor_type]; } } // echo "<br /><br />Editor: $t_editor; Add: $a[a]; Edit: $a[e]; Delete: $a[d]; View: $a[v]; Discuss: $a[di]; on Section ".$row[section_id]; foreach ($a as $key => $value) { $this->sections[$row[section_id]]->permissions[$t_editor][$key] = 1; } if ($a[permissions::VIEW()] && !$this->canview[$t_editor]) { $this->canview[$t_editor] = 1; } } // now, inherit the permissions to the children foreach (array_keys($this->sections) as $key1 => $section_id) { foreach (array_keys($this->sections[$section_id]->pages) as $key2 => $page_id) { $this->sections[$section_id]->pages[$page_id]->editors = $this->sections[$section_id]->editors; $this->sections[$section_id]->pages[$page_id]->permissions = $this->sections[$section_id]->permissions; } $this->sections[$section_id]->builtPermissions = 1; } $query = "\n\t\t\tSELECT\n\t\t\t\tsection_id, page_id, user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,\n\t\t\t\tMAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\n\t\t\tFROM\n\t\t\t\tt_pages\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsite_editors ON\n\t\t\t\t\tsite_id = site_editors.FK_site\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tuser ON\n\t\t\t\t\tsite_editors.FK_editor = user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tugroup ON\n\t\t\t\t\tsite_editors.FK_editor = ugroup_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tpermission ON\n\t\t\t\t\tpage_id = FK_scope_id\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_scope_type = 'page'\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_editor_type = site_editors_type\n\t\t"; $r = db_query($query); // for every permisson entry, add it to the permissions array while ($row = db_fetch_assoc($r)) { // decode 'final_permissions'; // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc. $a = array(); if (strpos($row[permissions], 'a') !== false) { $a[permissions::ADD()] = 1; } // look for 'a' in 'final_permissions' if (strpos($row[permissions], 'e') !== false) { $a[permissions::EDIT()] = 1; } // !== is very important here, because a position 0 is interpreted by != as FALSE if (strpos($row[permissions], 'd') !== false && strpos($row[permissions], 'd') !== strpos($row[permissions], 'di')) { $a[permissions::DELETE()] = 1; } if (strpos($row[permissions], 'v') !== false) { $a[permissions::VIEW()] = 1; } if (strpos($row[permissions], 'di') !== false) { $a[permissions::DISCUSS()] = 1; } // if the editor is a user then the editor's name is just the user name // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly if ($row[editor_type] == 'user') { $t_editor = $row[editor]; } else { if ($row[editor_type] == 'ugroup') { $t_editor = $row[editor2]; } else { $t_editor = $row[editor_type]; } } // echo "<br /><br />Editor: $t_editor; Add: $a[a]; Edit: $a[e]; Delete: $a[d]; View: $a[v]; Discuss: $a[di];"; foreach ($a as $key => $value) { $this->sections[$row[section_id]]->pages[$row[page_id]]->permissions[$t_editor][$key] = 1; } if ($a[permissions::VIEW()] && !$this->canview[$t_editor]) { $this->canview[$t_editor] = 1; } } // now, inherit the permissions to the children foreach (array_keys($this->sections) as $key1 => $section_id) { foreach (array_keys($this->sections[$section_id]->pages) as $key2 => $page_id) { foreach (array_keys($this->sections[$section_id]->pages[$page_id]->stories) as $key3 => $story_id) { $this->sections[$section_id]->pages[$page_id]->stories[$story_id]->editors = $this->sections[$section_id]->pages[$page_id]->editors; $this->sections[$section_id]->pages[$page_id]->stories[$story_id]->permissions = $this->sections[$section_id]->pages[$page_id]->permissions; $this->sections[$section_id]->pages[$page_id]->stories[$story_id]->builtPermissions = 1; } $this->sections[$section_id]->pages[$page_id]->builtPermissions = 1; } } $query = "\n\t\t\tSELECT\n\t\t\t\tsection_id, page_id, story_id, user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type, permission_id,\n\t\t\t\tMAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions\n\t\t\tFROM\n\t\t\t\tt_stories\n\t\t\t\t\tINNER JOIN\n\t\t\t\tsite_editors ON\n\t\t\t\t\tsite_id = site_editors.FK_site\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tuser ON\n\t\t\t\t\tsite_editors.FK_editor = user_id\n\t\t\t\t\tLEFT JOIN\n\t\t\t\tugroup ON\n\t\t\t\t\tsite_editors.FK_editor = ugroup_id\n\t\t\t\t\tINNER JOIN\n\t\t\t\tpermission ON\n\t\t\t\t\tstory_id = FK_scope_id\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_scope_type = 'story'\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission.FK_editor <=> site_editors.FK_editor\n\t\t\t\t\t\tAND\n\t\t\t\t\tpermission_editor_type = site_editors_type\n\t\t"; $r = db_query($query); // for every permisson entry, add it to the permissions array while ($row = db_fetch_assoc($r)) { // decode 'final_permissions'; // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc. $a = array(); // printpre($row); // if the editor is a user then the editor's name is just the user name // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly if ($row[editor_type] == 'user') { $t_editor = $row[editor]; } else { if ($row[editor_type] == 'ugroup') { $t_editor = $row[editor2]; } else { $t_editor = $row[editor_type]; } } // Everyone and institute can't have add, edit, or delete permissions. // Somehow, these were added sometimes. If this is the case, prevent // these from being set and reset those for the site. if ($t_editor == 'everyone' || $t_editor == 'institute') { // If we have a bad permission, do cleanup. if (strpos($row[permissions], 'a') !== false || strpos($row[permissions], 'e') !== false || strpos($row[permissions], 'd') !== false && strpos($row[permissions], 'd') !== strpos($row[permissions], 'di')) { printError("Invalid add, edit, or delete permissions for {$t_editor}: permissionId - " . $row[permission_id] . "; permission - " . $row[permissions] . "\n<br />Cleaning up Database."); // Clean up the permissions $this->owningSiteObj->setUserPermissionDown('add', $t_editor, 0); $this->owningSiteObj->setUserPermissionDown('edit', $t_editor, 0); $this->owningSiteObj->setUserPermissionDown('delete', $t_editor, 0); $this->owningSiteObj->updatePermissionsDB(TRUE); if (is_numeric($row[permission_id])) { if ($row[permissions] != 'd') { $cleanupQuery = "UPDATE permission SET permission_value='di' WHERE permission_id='" . addslashes($row[permission_id]) . "'"; } else { $cleanupQuery = "DELETE FROM permission WHERE permission_id='" . addslashes($row[permission_id]) . "'"; } $cleanupResult = db_query($cleanupQuery); } } } else { if (strpos($row[permissions], 'a') !== false) { $a[permissions::ADD()] = 1; } // look for 'a' in 'final_permissions' if (strpos($row[permissions], 'e') !== false) { $a[permissions::EDIT()] = 1; } // !== is very important here, because a position 0 is interpreted by != as FALSE if (strpos($row[permissions], 'd') !== false && strpos($row[permissions], 'd') !== strpos($row[permissions], 'di')) { $a[permissions::DELETE()] = 1; } } if (strpos($row[permissions], 'v') !== false) { $a[permissions::VIEW()] = 1; } if (strpos($row[permissions], 'di') !== false) { $a[permissions::DISCUSS()] = 1; } // print_r($a); //debug // echo "<br /><br />Editor: $t_editor; Add: $a[a]; Edit: $a[e]; Delete: $a[d]; View: $a[v]; Discuss: $a[di]; On story id ".$row[story_id]; foreach ($a as $key => $value) { $this->sections[$row[section_id]]->pages[$row[page_id]]->stories[$row[story_id]]->permissions[$t_editor][$key] = 1; } if ($a[permissions::VIEW()] && !$this->canview[$t_editor]) { $this->canview[$t_editor] = 1; } } return $this->id; }