public function filterByKeywords($keywords) { $db = Loader::db(); $qkeywords = $db->quote('%' . $keywords . '%'); $keys = UserAttributeKey::getSearchableIndexedList(); $emailSearchStr = ' OR u.uEmail like ' . $qkeywords . ' '; $attribsStr = ''; foreach ($keys as $ak) { $cnt = $ak->getController(); $attribsStr .= ' OR ' . $cnt->searchKeywords($keywords); } $this->filter(false, '( u.uName like ' . $qkeywords . $emailSearchStr . $attribsStr . ')'); }
protected function setBaseQuery($additionalFields = '') { if ($this->isIndexedSearch()) { $db = Loader::db(); $ik = ', match(psi.cName, psi.cDescription, psi.content) against (' . $db->quote($this->indexedKeywords) . ') as cIndexScore '; } if (!$this->includeAliases) { $this->filter(false, '(p1.cPointerID < 1 or p1.cPointerID is null)'); } $cvID = '(select max(cvID) from CollectionVersions where cID = cv.cID)'; if ($this->displayOnlyApprovedPages) { $cvID = '(select cvID from CollectionVersions where cvIsApproved = 1 and cID = cv.cID)'; $this->filter('cvIsApproved', 1); } if ($this->includeAliases) { $this->setQuery('select p1.cID, pt.ptHandle ' . $ik . $additionalFields . ' from Pages p1 left join Pages p2 on (p1.cPointerID = p2.cID) left join PagePaths on (PagePaths.cID = p1.cID and PagePaths.ppIsCanonical = 1) left join PageSearchIndex psi on (psi.cID = if(p2.cID is null, p1.cID, p2.cID)) inner join CollectionVersions cv on (cv.cID = if(p2.cID is null, p1.cID, p2.cID) and cvID = ' . $cvID . ') left join PageTypes pt on (pt.ptID = if(p2.cID is null, p1.ptID, p2.ptID)) inner join Collections c on (c.cID = if(p2.cID is null, p1.cID, p2.cID))'); } else { $this->setQuery('select p1.cID, pt.ptHandle ' . $ik . $additionalFields . ' from Pages p1 left join PagePaths on (PagePaths.cID = p1.cID and PagePaths.ppIsCanonical = 1) left join PageSearchIndex psi on (psi.cID = p1.cID) inner join CollectionVersions cv on (cv.cID = p1.cID and cvID = ' . $cvID . ') left join PageTypes pt on (pt.ptID = p1.ptID) inner join Collections c on (c.cID = p1.cID)'); } if ($this->includeAliases) { $this->filter(false, "(p1.cIsTemplate = 0 or p2.cIsTemplate = 0)"); } else { $this->filter('p1.cIsTemplate', 0); } $this->setupPermissions(); if ($this->includeAliases) { $this->setupAttributeFilters("left join CollectionSearchIndexAttributes on (CollectionSearchIndexAttributes.cID = if (p2.cID is null, p1.cID, p2.cID))"); } else { $this->setupAttributeFilters("left join CollectionSearchIndexAttributes on (CollectionSearchIndexAttributes.cID = p1.cID)"); } if ($this->displayOnlyActivePages) { $this->filter('p1.cIsActive', 1); } $this->setupSystemPagesToExclude(); }
protected function setupFilePermissions() { $u = new User(); if ($this->permissionLevel == false || $u->isSuperUser()) { return false; } $accessEntities = $u->getUserAccessEntityObjects(); foreach ($accessEntities as $pae) { $peIDs[] = $pae->getAccessEntityID(); } $db = Loader::db(); // figure out which sets can read files in, not read files in, and read only my files in. $fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1'); $viewableSets = array(-1); $nonviewableSets = array(-1); $myviewableSets = array(-1); $owpae = FileUploaderPermissionAccessEntity::getOrCreate(); if (count($fsIDs) > 0) { $pk = PermissionKey::getByHandle($this->permissionLevel); foreach ($fsIDs as $fsID) { $fs = FileSet::getByID($fsID); $pk->setPermissionObject($fs); $list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); if (count($list) > 0) { foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $myviewableSets[] = $fs->getFileSetID(); } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $viewableSets[] = $fs->getFileSetID(); } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $nonviewableSets[] = $fs->getFileSetID(); } } } } else { $nonviewableSets[] = $fs->getFileSetID(); } } } $fs = FileSet::getGlobal(); $fk = PermissionKey::getByHandle('search_file_set'); $fk->setPermissionObject($fs); $accessEntities[] = $owpae; $list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $valid = 'mine'; } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $valid = PermissionKey::ACCESS_TYPE_INCLUDE; } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $valid = PermissionKey::ACCESS_TYPE_EXCLUDE; } } } $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); if ($valid == 'mine') { // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets) $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)'); } // this excludes all file that are found in sets that I can't find $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)'); $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); $db = Loader::db(); $vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\''); if ($this->permissionLevel == 'search_file_set') { $vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\''); } else { $vpPKID = $vpvPKID; } $pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID)); $activePDIDs = array(); if (count($pdIDs) > 0) { // then we iterate through all of them and find any that are active RIGHT NOW foreach ($pdIDs as $pdID) { $pd = PermissionDuration::getByID($pdID); if ($pd->isActive()) { $activePDIDs[] = $pd->getPermissionDurationID(); } } } $activePDIDs[] = 0; // exclude files where its overridden but I don't have the ability to read $this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)"); // exclude detail files where read is excluded $this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))"); }
/** * Filters by tag. * * @param string $tag */ public function filterByTag($tag = '') { $db = Loader::db(); $this->filter(false, "( fv.fvTags like " . $db->qstr("%\n" . $tag . "\n%") . " )"); }