/objects/segue.inc.php
PHP | 2187 lines | 1464 code | 256 blank | 467 comment | 344 complexity | a4c4c3a5b28c5715a67afafd0551fbe1 MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <? /* $Id$ */
- /******************************************************************************
- * Segue object - basis for all other section, page, and story objects
- ******************************************************************************/
- class segue {
- // var $permissions = array("everyone"=>array(3=>1),"institute"=>array(3=>1));
- var $permissions = array();
- // var $editors = array("everyone","institute");
- var $editors = array();
- var $editorsToDelete = array();
- var $editorsToDeleteInScope = array();
- var $changedpermissions = 0;
- var $cachedPermissions = array();
- var $builtPermissions=0;
-
- var $id = 0;
- var $data = array();
- var $changed = array();
-
- var $fetched = array();
- var $fetcheddown = 0;
- var $fetchedup = 0;
- var $tobefetched = 0;
-
- var $owning_site; var $owningSiteObj; // used by all types (including site for compatibility)
- var $owning_section; var $owningSectionObj; // only used for pages and stories
- var $owning_page; var $owningPageObj; // only used for stories
-
- var $_object_arrays = array("site"=>"sections","section"=>"pages","page"=>"stories"); // used for automatic functions like setFieldDown and setVarDown
- var $_tables = array("site"=>"sites","section"=>"sections","page"=>"pages","story"=>"stories"); // used for getField
- var $_encode = array("title","header","footer","shorttext","longertext","discussions","url");
- var $_parse = array("header","footer","shorttext","longertext");
- /******************************************************************************
- * siteExists - checks if the site/slot already exists with a certain name $name
- ******************************************************************************/
-
- function siteExists($site) {
- $query = "
- SELECT site_id
- FROM slot INNER JOIN site
- ON FK_site = site_id AND slot_name='".addslashes($site)."'
- ";
- // echo $query."<br />";
- if (db_num_rows(db_query($query))) return 1;
- return 0;
- }
- /******************************************************************************
- * siteNameValid - checks if a user is allowed to create a site of name $name
- ******************************************************************************/
-
- function siteNameValid($user,$name) {
- return 1;
- }
- /******************************************************************************
- * buildObjArrayFromSites($sites) - builds an array of objects from site names
- ******************************************************************************/
- function buildObjArrayFromSites($sites) {
- if (!is_array($sites)) return array();
- $a = array();
- foreach ($sites as $s) {
- $a[$s] =& new site($s);
- $a[$s]->fetchSiteAtOnceForeverAndEverAndDontForgetThePermissionsAsWell_Amen(0,0,true);
- }
- return $a;
- }
- /******************************************************************************
- * getAllSites - returns a list of all sites owned by $user
- ******************************************************************************/
- function getAllSites($user) {
- $sites = array();
- $query = "
- SELECT
- slot_name
- FROM
- slot
- INNER JOIN
- user
- ON FK_owner = user_id
- AND
- user_uname = '".addslashes($user)."'
- ";
- if (db_num_rows($r = db_query($query)))
- while ($a = db_fetch_assoc($r)) {
- $sites[] = $a[slot_name];
- }
- return $sites;
- }
- /******************************************************************************
- * getAllSitesWhereUserIsEditor - gets all sites where $user is an editor
- ******************************************************************************/
- function getAllSitesWhereUserIsEditor($user='') {
- global $dbhost, $dbuser, $dbpass, $dbdb;
- if ($user == '') $user = $_SESSION[auser];
- // first, get all sites for which the user is an editor
- $query = "
- SELECT
- slot_name
- FROM
- slot
- INNER JOIN
- site
- ON slot.FK_site = site_id
- INNER JOIN
- site_editors ON (
- site_id = site_editors.FK_site
- AND
- site_editors_type = 'user'
- )
- INNER JOIN
- user ON FK_editor = user_id AND user_uname='".addslashes($user)."'
- WHERE
- slot.FK_owner != user_id
- ";
- db_connect($dbhost, $dbuser, $dbpass, $dbdb);
- $r = db_query($query);
- $ar = array();
- if (db_num_rows($r))
- while ($a = db_fetch_assoc($r)) {
- $ar[] = $a[slot_name];
- }
- // now, if a user is a member of any groups, get all sites for which those groups are editors
- $query = "
- SELECT
- slot_name
- FROM
- slot
- INNER JOIN
- site
- ON slot.FK_site = site_id
- INNER JOIN
- site_editors ON (
- site_id = site_editors.FK_site
- AND
- site_editors_type = 'ugroup'
- )
- INNER JOIN
- ugroup ON FK_editor = ugroup_id
- INNER JOIN
- ugroup_user ON ugroup_id = FK_ugroup
- INNER JOIN
- user ON FK_user = user_id AND user_uname='".addslashes($user)."'
- ";
-
- $r = db_query($query);
- if (db_num_rows($r))
- while ($a = db_fetch_assoc($r)) {
- $ar[] = $a[slot_name];
- }
-
- // the two queries will return unique values, but their union could have non-unique entries.
- // therefore, uniquize it.
- return array_unique($ar);
- }
- /******************************************************************************
- * getAllSitesWhereUserIsSiteLevelEditor - gets all sites where $user is an editor
- * Like the previous function, but selects only the sites/slots
- * where the user has add, edit, and delete permission on the site level
- ******************************************************************************/
- function getSiteInfoWhereUserIsSiteLevelEditor($user='') {
- global $dbhost, $dbuser, $dbpass, $dbdb;
- if ($user == '') $user = $_SESSION[auser];
-
- $userId = db_get_value("user","user_id","user_uname='".addslashes($user)."'");
-
- $query = "
- SELECT
- slot_name,
- (site_id IS NOT NULL) AS site_exists,
- slot_owner.user_uname AS owner_uname,
- (site_id IS NOT NULL) AS site_exists,
- site_title,
- (classgroup_id IS NOT NULL) AS is_classgroup,
- createdby.user_uname AS site_addedby,
- site_created_tstamp,
- editedby.user_uname AS site_editedby,
- site_updated_tstamp,
- site_activate_tstamp,
- site_deactivate_tstamp,
- ( site_active = '1'
- AND (site_activate_tstamp = '00000000000000'
- OR site_activate_tstamp < CURRENT_TIMESTAMP())
- AND (site_deactivate_tstamp = '00000000000000'
- OR site_deactivate_tstamp > CURRENT_TIMESTAMP())
- ) AS is_active,
- permission_scope_type,
- permission_value
- FROM
- slot
- INNER JOIN
- site ON slot.FK_site = site_id
- INNER JOIN
- user AS slot_owner ON (
- slot.FK_owner != '".addslashes($userId)."'
- AND slot.FK_owner = slot_owner.user_id
- )
- INNER JOIN
- site_editors ON (
- site_id = site_editors.FK_site
- AND ((site_editors_type = 'ugroup')
- OR (site_editors_type = 'user'
- AND site_editors.FK_editor = '".addslashes($userId)."'))
- )
- LEFT JOIN
- ugroup_user ON (
- site_editors_type = 'ugroup'
- AND site_editors.FK_editor = FK_ugroup)
- INNER JOIN
- permission ON (
- permission_scope_type = 'site'
- AND permission.FK_scope_id = site_id
- AND FIND_IN_SET('a', permission_value) > 0
- AND FIND_IN_SET('e', permission_value) > 0
- AND FIND_IN_SET('d', permission_value) > 0
- AND (permission.FK_editor = FK_ugroup
- OR (permission.FK_editor = site_editors.FK_editor
- AND permission.FK_editor = '".addslashes($userId)."'))
- )
- LEFT JOIN
- classgroup ON slot_name = classgroup_name
- INNER JOIN
- user AS createdby ON site.FK_createdby = createdby.user_id
- INNER JOIN
- user AS editedby ON site.FK_updatedby = editedby.user_id
- WHERE
- (site_editors_type = 'ugroup'
- AND ugroup_user.FK_user = '".addslashes($userId)."')
- OR (site_editors_type = 'user'
- AND site_editors.FK_editor = '".addslashes($userId)."')
- ";
-
- $r = db_query($query);
- if (db_num_rows($r))
- while ($a = db_fetch_assoc($r))
- segue::addRowToSiteInfoArray($ar, $a);
-
- return $ar;
- }
-
- /******************************************************************************
- * getSiteInfoWhereUserIsEditor
- * Answers an array of site information for sites where $user is an editor
- *
- * The process is as follows:
- * - For every site where the user or one of their groups is listed as an editor...
- * - Get a list of all nodes in the site.
- * - For every node (site, section, page, story) get the permissions that apply
- * to the user or one of their groups.
- * - Return any site-level permissions found and the site info if the user
- * has more than just view and discuss permissions on any node in the site.
- *
- * Note (2006-12-19, Adam Franco):
- * This new query using sub-selects is about 12-times faster
- * than the previous query. Attempts were made to reformat the query by loading the
- * list of appropriate permissions, then finding the site id from there, but that
- * proved to be slower than the query below.
- *
- *
- ******************************************************************************/
- function getSiteInfoWhereUserIsEditor($user='') {
- global $dbhost, $dbuser, $dbpass, $dbdb;
- if ($user == '')
- $user = $_SESSION[auser];
-
- $userId = db_get_value("user","user_id","user_uname='".addslashes($user)."'");
- $query = "
- SELECT
- slot_name,
- slot_type,
- owner_uname,
- site_exists,
- site_title,
- is_classgroup,
- site_addedby,
- site_created_tstamp,
- site_editedby,
- site_updated_tstamp,
- site_activate_tstamp,
- site_deactivate_tstamp,
- ( site_active = '1'
- AND (site_activate_tstamp = '0000-00-00 00:00:00'
- OR site_activate_tstamp < CURRENT_TIMESTAMP())
- AND (site_deactivate_tstamp = '0000-00-00 00:00:00'
- OR site_deactivate_tstamp > CURRENT_TIMESTAMP())
- ) AS is_active,
- editor_id,
- permission_scope_type,
- permission_value
- FROM
- (SELECT
- slot_name,
- slot_type,
- slot_owner.user_uname AS owner_uname,
- (site_id IS NOT NULL) AS site_exists,
- site_title,
- (classgroup_id IS NOT NULL) AS is_classgroup,
- createdby.user_uname AS site_addedby,
- site_created_tstamp,
- editedby.user_uname AS site_editedby,
- site_updated_tstamp,
- site_activate_tstamp,
- site_deactivate_tstamp,
- site_active,
- site_id,
- section_id,
- page_id,
- story_id,
- site_editors.FK_editor AS editor_id
-
- FROM
- slot
- INNER JOIN
- site ON slot.FK_site = site_id
- INNER JOIN
- user AS slot_owner ON (
- slot.FK_owner = slot_owner.user_id
- AND slot.FK_owner != '".addslashes($userId)."'
- )
- INNER JOIN
- site_editors ON (
- site_id = site_editors.FK_site
- AND ((site_editors_type = 'ugroup')
- OR (site_editors_type = 'user'
- AND site_editors.FK_editor = '".addslashes($userId)."'))
- )
- LEFT JOIN
- ugroup_user ON (
- site_editors_type = 'ugroup'
- AND site_editors.FK_editor = FK_ugroup)
- LEFT JOIN
- section ON section.FK_site = site_id
- LEFT JOIN
- page ON page.FK_section = section_id
- LEFT JOIN
- story ON story.FK_page = page_id
- LEFT JOIN
- classgroup ON slot_name = classgroup_name
- LEFT JOIN
- user AS createdby ON site.FK_createdby = createdby.user_id
- LEFT JOIN
- user AS editedby ON site.FK_updatedby = editedby.user_id
- WHERE
- (site_editors_type = 'ugroup'
- AND ugroup_user.FK_user = '".addslashes($userId)."')
- OR (site_editors_type = 'user'
- AND site_editors.FK_editor = '".addslashes($userId)."')
- ) AS tmp_sites
- INNER JOIN
- permission ON (
- (permission.FK_editor = editor_id)
- AND ((permission_scope_type = 'site'
- AND permission.FK_scope_id = site_id)
- OR (permission_scope_type = 'section'
- AND permission.FK_scope_id = section_id)
- OR (permission_scope_type = 'page'
- AND permission.FK_scope_id = page_id)
- OR (permission_scope_type = 'story'
- AND permission.FK_scope_id = story_id))
- AND (FIND_IN_SET('a', permission_value) > 0
- OR FIND_IN_SET('e', permission_value) > 0
- OR FIND_IN_SET('d', permission_value) > 0)
- )
- GROUP BY
- slot_name,
- permission_value
- ORDER BY
- slot_name
- ";
-
- $r = db_query($query);
- if (db_num_rows($r)) {
- while ($a = db_fetch_assoc($r))
- segue::addRowToSiteInfoArray($ar, $a);
- }
-
- return $ar;
- }
- /******************************************************************************
- * getSiteInfoWhereUserIsEditor
- * Answers an array of site information for sites where $user is an editor
- *
- ******************************************************************************/
- function getSiteInfoWhereUserOwner($user='') {
- global $dbhost, $dbuser, $dbpass, $dbdb;
- if ($user == '') $user = $_SESSION[auser];
- $query = "
- SELECT
- slot_name,
- slot_type,
- slot_owner.user_uname AS owner_uname,
- (site_id IS NOT NULL) AS site_exists,
- site_title,
- (classgroup_id IS NOT NULL) AS is_classgroup,
- createdby.user_uname AS site_addedby,
- site_created_tstamp,
- editedby.user_uname AS site_editedby,
- site_updated_tstamp,
- site_activate_tstamp,
- site_deactivate_tstamp,
- ( site_active = '1'
- AND (site_activate_tstamp = '00000000000000'
- OR site_activate_tstamp < CURRENT_TIMESTAMP())
- AND (site_deactivate_tstamp = '00000000000000'
- OR site_deactivate_tstamp > CURRENT_TIMESTAMP())
- ) AS is_active
- FROM
- slot
- INNER JOIN
- user AS slot_owner ON (
- slot.FK_owner = slot_owner.user_id
- AND
- slot_owner.user_uname = '".addslashes($user)."'
- )
- INNER JOIN
- site ON slot.FK_site = site_id
- INNER JOIN
- user AS createdby ON site.FK_createdby = createdby.user_id
- INNER JOIN
- user AS editedby ON site.FK_updatedby = editedby.user_id
- LEFT JOIN
- classgroup ON slot_name = classgroup_name
- GROUP BY
- slot_name
- ";
-
- $r = db_query($query);
- if (db_num_rows($r)) {
- while ($a = db_fetch_assoc($r))
- segue::addRowToSiteInfoArray($ar, $a);
- }
-
- return $ar;
- }
- function addRowToSiteInfoArray( &$infoArray, &$a ) {
-
- if (!isset($infoArray[$a['slot_name']])) {
- $infoArray[$a['slot_name']] = array();
- $infoArray[$a['slot_name']]['slot_name'] = $a['slot_name'];
- $infoArray[$a['slot_name']]['slot_type'] = $a['slot_type'];
- $infoArray[$a['slot_name']]['slot_owner'] = $a['owner_uname'];
- $infoArray[$a['slot_name']]['site_exists'] = ($a['site_exists'] == '1')?true:false;
- $infoArray[$a['slot_name']]['site_title'] = stripslashes($a['site_title']);
- $infoArray[$a['slot_name']]['is_classgroup'] = ($a['is_classgroup'] == '1')?true:false;
- $infoArray[$a['slot_name']]['site_addedby'] = $a['site_addedby'];
- $infoArray[$a['slot_name']]['site_added_timestamp'] = $a['site_created_tstamp'];
- $infoArray[$a['slot_name']]['site_editedby'] = $a['site_editedby'];
- $infoArray[$a['slot_name']]['site_edited_timestamp'] = $a['site_updated_tstamp'];
- $infoArray[$a['slot_name']]['activatedate'] = $a['site_activate_tstamp'];
- $infoArray[$a['slot_name']]['deactivatedate'] = $a['site_deactivate_tstamp'];
- $infoArray[$a['slot_name']]['site_active'] = ($a['is_active'] == '1')?true:false;
-
- $infoArray[$a['slot_name']]['hasSitePermissionV'] = false;
- $infoArray[$a['slot_name']]['hasSitePermissionA'] = false;
- $infoArray[$a['slot_name']]['hasSitePermissionE'] = false;
- $infoArray[$a['slot_name']]['hasSitePermissionD'] = false;
- $infoArray[$a['slot_name']]['hasSitePermissionDI'] = false;
-
- $infoArray[$a['slot_name']]['hasPermissionDownV'] = false;
- $infoArray[$a['slot_name']]['hasPermissionDownA'] = false;
- $infoArray[$a['slot_name']]['hasPermissionDownE'] = false;
- $infoArray[$a['slot_name']]['hasPermissionDownD'] = false;
- $infoArray[$a['slot_name']]['hasPermissionDownDI'] = false;
- }
-
- if (ereg('v', $a['permission_value']) !== FALSE) {
- $infoArray[$a['slot_name']]['hasPermissionDownV'] = true;
- if ($a['permission_scope_type'] == 'site')
- $infoArray[$a['slot_name']]['hasSitePermissionV'] = true;
- }
-
- if (ereg('a', $a['permission_value']) !== FALSE) {
- $infoArray[$a['slot_name']]['hasPermissionDownA'] = true;
- if ($a['permission_scope_type'] == 'site')
- $infoArray[$a['slot_name']]['hasSitePermissionA'] = true;
- }
-
- if (ereg('e', $a['permission_value']) !== FALSE) {
- $infoArray[$a['slot_name']]['hasPermissionDownE'] = true;
- if ($a['permission_scope_type'] == 'site')
- $infoArray[$a['slot_name']]['hasSitePermissionE'] = true;
- }
-
- if (ereg('d([^i]*)', $a['permission_value']) !== FALSE) {
- $infoArray[$a['slot_name']]['hasPermissionDownD'] = true;
- if ($a['permission_scope_type'] == 'site')
- $infoArray[$a['slot_name']]['hasSitePermissionD'] = true;
- }
-
- if (ereg('di', $a['permission_value']) !== FALSE) {
- $infoArray[$a['slot_name']]['hasPermissionDownDI'] = true;
- if ($a['permission_scope_type'] == 'site')
- $infoArray[$a['slot_name']]['hasSitePermissionDI'] = true;
- }
-
- }
- /******************************************************************************
- * getAllValues - returns all values of $name in $scope in the current tree
- ******************************************************************************/
- function getAllValues($scope,$name) {
- if (!$this->fetcheddown) $this->fetchDown();
- $class = get_class($this);
- $ar = $this->_object_arrays[$class];
- // print "getting all values for $name in $class ".$this->getField("title")." with scope $scope<br />";
- if ($class==$scope) {
- if (($n = $this->getField($name)) != "")
- return array($n);
- else return array();
- }
- if ($ar) {
- $a = array();
- $oa = &$this->$ar;
- if ($oa) {
- foreach ($oa as $i=>$o) {
- // print "doing $i in $ar...<br />";
- $a = array_merge($a,$oa[$i]->getAllValues($scope,$name));
- }
- }
- }
- return $a;
- }
-
- function fetchData() {
- if ($fetched) return $this->data;
- else return 0;
- }
-
- function setData($data) {
- error("::setData() -- this function should not be used!");
- if (is_array($data)) {
- $this->data = $data;
- $this->changed = 1;
- $this->parseMediaTextForEdit("header");
- $this->parseMediaTextForEdit("footer");
- $this->parseMediaTextForEdit("shorttext");
- $this->parseMediaTextForEdit("longertext");
- }
- }
- /******************************************************************************
- * getField - Will return the value of a field in the data array.
- * $field should be the name of the field in the object, not the database
- *
- * If the value of the field has not yet been fetched from the database,
- * it is fetched from the database, otherwise it is simply returned from
- * the data array.
- *
- * Each class that extends segue has the following properties:
- *
- * An associative array called _datafields that associates the object
- * field name to a database join syntax and a database field name or pair of names.
- *
- * An array called _encode that holds the names of fields that need to
- * have slashes added and urlencoding to save them into the database
- ******************************************************************************/
- function getField ($field) {
- global $dbuser, $dbpass, $dbdb, $dbhost;
- if (ereg("^l%",$field))
- return $this->data[$field];
- if ($this->tobefetched && !$this->fetched[$field] && $this->id) { // we haven't allready gotten this data
- // and this object is in the database.
- // print "<pre>".get_class($this)." --$field---\n";
- // print_r ($this->_datafields[$field][1]);
- // print_r($this);
- // print "</pre>";
- // echo "<br />HERE: ".$field."<br />";
- $query = "
- SELECT
- ".implode(",",$this->_datafields[$field][1])."
- FROM
- ".$this->_datafields[$field][0]."
- WHERE
- ".$this->_table."_id=".$this->id."
- ORDER BY
- ".$this->_datafields[$field][2]."
- ";
- /* print $query; */
-
- if ($debug)
- print "-----------beginning---------$field<br /><pre>".$query;
-
- db_connect($dbhost,$dbuser,$dbpass, $dbdb);
- $r = db_query($query);
-
- if ($debug) {
- print mysql_error()."<br />Numrows = ".db_num_rows($r);
- print "\n\nresult arrays:\n";
- }
-
- if (!db_num_rows($r)) { // if we get no results
- if (in_array($field,$this->_object_arrays)) {
- // return an empty array
- $this->data[$field] = array();
- } else {
- return false;
- }
- }
-
- $valarray = array();
- while($a = db_fetch_assoc($r)) {
- // print_r($a);
-
- if (count($this->_datafields[$field][1]) == 1) {
- // We just want a single value
- $val = $a[$this->_datafields[$field][1][0]];
- $key = 0;
- } else {
- // we want a pair of values
- $val = $a[$this->_datafields[$field][1][0]];
- $key = $a[$this->_datafields[$field][1][1]];
- }
- // Decode this value if it is a member of _encode
- if (in_array($field,$this->_encode))
- $val = stripslashes(urldecode($val));
- if (count($this->_datafields[$field][1]) == 1) {
- $valarray[] = $val;
- } else {
- $valarray[$key] = $val;
- }
- /* print "<br />key = $key \nval = $val \nvalarray =\n"; */
- // print_r($valarray);
- }
-
- // only object_arrays should really be returning arrays to the data array.
- if (count($valarray) == 1 && !in_array($field,$this->_object_arrays))
- $this->data[$field] = $valarray[0];
- else
- $this->data[$field] = $valarray;
- $this->fetched[$field] = 1;
-
- if ($debug) {
- print "Valarray: ";
- print_r($valarray);
- print "\nInArray: \n$field";
- print_r($_object_arrays);
- print "<br />Is object?: ".((in_array($field,$this->_object_arrays))?"TRUE":"FALSE");
- print "</pre>----------end------------$field<br />";
- }
- }
- return $this->data[$field];
- }
-
- function fetchAllFields() {
- foreach ($this->_datafields as $key => $val) {
- $this->getField($key);
- }
- }
-
- function setField($name,$value) {
- $this->data[$name] = $value;
- $this->changed[$name] = 1;
- if ($name == "footer" || $name == "header" || $name == "shorttext" || $name == "longertext") {
- $this->parseMediaTextForEdit($name);
- }
- }
-
- function setFieldDown($name,$value) {
- if (!$this->fetcheddown) $this->fetchDown();
- $class=get_class($this);
- $ar = $this->_object_arrays[$class];
- $this->setField($name,$value);
- if ($ar) {
- $a = &$this->$ar;
- if ($a) {
- foreach ($a as $i=>$o) {
- $a[$i]->setFieldDown($name,$value);
- }
- }
- }
- }
-
- /* function setSiteNameDown($name) { */
- /* // if (!$this->fetcheddown) $this->fetchDown(); */
- /* $class=get_class($this); */
- /* $ar = $this->_object_arrays[$class]; */
- /* $this->owning_site = $name; */
- /* if ($class == "site") { */
- /* $this->name = $name; */
- /* $this->setField("name",$name); */
- /* } else { */
- /* $this->setField("site_id",$name); */
- /* } */
- /* if ($ar) { */
- /* $a = &$this->$ar; */
- /* foreach ($a as $i=>$o) { */
- /* $a[$i]->setSiteNameDown($name); */
- /* } */
- /* } */
- /* } */
-
-
- /******************************************************************************
- * copyObj - Copies an object to a new parent
- ******************************************************************************/
- function copyObj(&$newParent,$removeOrigional=1,$keepaddedby=0, $copyDiscussions=TRUE) {
- $_a = array("site"=>3,"section"=>2,"page"=>1,"story"=>0);
- // check that the newParent can be a parent
- $thisClass = get_class($this);
- $parentClass = get_class($newParent);
- /* print $this->id."$thisClass - $parentClass<br />"; */
- if (!($_a[$parentClass]-1 == $_a[$thisClass])) return 0;
- $this->fetchDown(1);
- /* print "<br /><br />Copying $thisClass ".$this->getField("title")." <br />"; */
- if ($thisClass == 'section') {
- $owning_site = $newParent->name;
- $this->id = 0; // createSQLArray uses this to tell if we are inserting or updating
- $this->insertDB(1, $owning_site, $removeOrigional, $keepaddedby, $copyDiscussions);
- }
- if ($thisClass == 'page') {
- $owning_site = $newParent->owning_site;
- $owning_section = $newParent->id;
- $this->id = 0; // createSQLArray uses this to tell if we are inserting or updating
- $this->insertDB(1, $owning_site, $owning_section, $removeOrigional, $keepaddedby, $copyDiscussions);
- }
- if ($thisClass == 'story') {
- $record_tags = get_record_tags($this->id);
-
- $owning_site = $newParent->owning_site;
- $owning_section = $newParent->owning_section;
- $owning_page = $newParent->id;
- $this->id = 0; // createSQLArray uses this to tell if we are inserting or updating
- /* print "insertDB: 1,$owning_site,$owning_section,$owning_page,$keepaddedby<br />"; */
- $this->insertDB(1, $owning_site, $owning_section, $owning_page, $removeOrigional, $keepaddedby, $copyDiscussions, $record_tags);
- }
- /* print_r($newParent); */
- return 1;
- }
-
- /******************************************************************************
- * getMediaIDs - returns an array of media ids found in a string
- ******************************************************************************/
- function getMediaIDs($field) {
- $string = stripslashes($this->getField($field));
- $ids = array();
- $string = explode("####",$string);
- for ($i=1; $i<count($string); $i=$i+2) {
- $ids[] = $string[$i];
- }
- return $ids;
- }
-
- /******************************************************************************
- * replaceMediaIDs - searches for and replaces each id in the string
- ******************************************************************************/
- function replaceMediaIDs($ids,$field,$newsite) {
- $string = $this->getField($field);
- foreach ($ids as $origID) {
- $newID = copy_media($origID,$newsite);
- $string = str_replace("####$origID####","####$newID####",$string);
- }
- $this->setField($field,$string);
- }
-
- /******************************************************************************
- * ACTIVATE/DEACTIVATE FUNCTIONS
- *
- * these functions handle de/activate dates in forms
- * - initFormDates() must be called upon edit session initialization
- * - outputDateForm() must be called where the HTML form data should be printed
- * - handleFormDates() must be called where all POST/GET data is processed
- ******************************************************************************/
- /******************************************************************************
- * handleFormDates - checks form fields for new de/activate dates and subsequently
- * sets the correct $_SESSION[settings][] variables
- ******************************************************************************/
- function handleFormDates() {
- // initialize the session vars.. if needed
- if (!isset($_SESSION[settings][activateyear]) || !isset($_SESSION[settings][deactivateyear])) {
- $this->initFormDates();
- }
- if ($_REQUEST[activateyear] != "") $_SESSION[settings][activateyear] = $_REQUEST[activateyear];
- if ($_REQUEST[activatemonth] != "") $_SESSION[settings][activatemonth] = $_REQUEST[activatemonth];
- if ($_REQUEST[activateday] != "") $_SESSION[settings][activateday] = $_REQUEST[activateday];
- if ($_REQUEST[deactivateyear] != "") $_SESSION[settings][deactivateyear] = $_REQUEST[deactivateyear];
- if ($_REQUEST[deactivatemonth] != "") $_SESSION[settings][deactivatemonth] = $_REQUEST[deactivatemonth];
- if ($_REQUEST[deactivateday] != "") $_SESSION[settings][deactivateday] = $_REQUEST[deactivateday];
- if ($_REQUEST[setformdates]) {
- if (/* !$_REQUEST[link] && */$_REQUEST[activatedate]) {
- $_SESSION[settings][activatedate] = 1;
- $this->setActivateDate($_REQUEST[activateyear],$_REQUEST[activatemonth],$_REQUEST[activateday]);
- } else {
- $_SESSION[settings][activatedate] = 0;
- $this->setActivateDate(-1);
- }
- if (/* !$_REQUEST[link] && */$_REQUEST[deactivatedate]) {
- $_SESSION[settings][deactivatedate] = 1;
- $this->setDeactivateDate($_REQUEST[deactivateyear],$_REQUEST[deactivatemonth],$_REQUEST[deactivateday]);
- } else {
- $_SESSION[settings][deactivatedate] = 0;
- $this->setDeactivateDate(-1);
- }
- }
- }
-
- /******************************************************************************
- * outputDateForm - outputs the HTML de/activate date form to be handled by above
- ******************************************************************************/
- function outputDateForm() {
- global $months, $months_values;
- // print_r($_SESSION[settings][activatedate]);
- printc("<input type='hidden' name='setformdates' value='1' />");
- printc("<table>");
- printc("<tr><td align='right'>");
- printc("Activate date:</td><td><input type='checkbox' name='activatedate' value='1'".(($_SESSION[settings][activatedate])?" checked='checked'":"")." /> <select name='activateday'>");
- for ($i=1;$i<=31;$i++) {
- printc("<option" . (($_SESSION[settings][activateday] == $i)?" selected":"") . ">".$i."\n");
- }
-
- printc("</select>");
- printc("<select name='activatemonth'>");
- for ($i=1; $i<13; $i++) {
- printc("<option value='$i'" . (($_SESSION[settings][activatemonth] == $i)?" selected":"") . ">".$months[$i-1]."\n");
- }
- printc("</select>\n<select name='activateyear'>");
- $curryear = date("Y");
- for ($i=$curryear; $i <= ($curryear+5); $i++) {
- printc("<option" . (($_SESSION[settings][activateyear] == $i)?" selected":"") . ">$i\n");
- }
- printc("</select>");
-
- printc("</td></tr>");
-
- printc("<tr><td align='right'>");
- printc("Deactivate date:</td><td><input type='checkbox' name='deactivatedate' value='1'".(($_SESSION[settings][deactivatedate])?" checked='checked'":"")." /> <select name='deactivateday'>");
- for ($i=1;$i<=31;$i++) {
- printc("<option" . (($_SESSION[settings][deactivateday] == $i)?" selected":"") . ">".$i."\n");
- }
- printc("</select>\n");
- printc("<select name='deactivatemonth'>");
- for ($i=1; $i<13; $i++) {
- printc("<option value='$i'" . (($_SESSION[settings][deactivatemonth] == $i)?" selected":"") . ">".$months[$i-1]."\n");
- }
- printc("</select>\n<select name='deactivateyear'>");
- for ($i=$curryear; $i <= ($curryear+5); $i++) {
- printc("<option" . (($_SESSION[settings][deactivateyear] == $i)?" selected":"") . ">$i\n");
- }
- printc("</select>");
-
- printc("</td></tr></table>");
- }
-
- /******************************************************************************
- * initFormDates - initializes necessary session vars for form date handling
- ******************************************************************************/
- function initFormDates() {
- $_SESSION[settings][activateyear] = "0000";
- $_SESSION[settings][activatemonth] = "00";
- $_SESSION[settings][activateday] = "00";
- $_SESSION[settings][activatedate] = 0;
- $_SESSION[settings][deactivateyear] = "0000";
- $_SESSION[settings][deactivatemonth] = "00";
- $_SESSION[settings][deactivateday] = "00";
- $_SESSION[settings][deactivatedate] = 0;
- list($_SESSION[settings][activateyear],$_SESSION[settings][activatemonth],$_SESSION[settings][activateday]) = explode("-",$this->getField("activatedate"));
- list($_SESSION[settings][deactivateyear],$_SESSION[settings][deactivatemonth],$_SESSION[settings][deactivateday]) = explode("-",$this->getField("deactivatedate"));
- // $_SESSION[settings][activatemonth]-=1;
- // $_SESSION[settings][deactivatemonth]-=1;
- /* echo $this->getField("activatedate")."<br />"; */
- $_SESSION[settings][activatedate]=($this->getField("activatedate")=='0000-00-00')?0:1;
- $_SESSION[settings][deactivatedate]=($this->getField("deactivatedate")=='0000-00-00')?0:1;
- }
- function setActivateDate($year,$month=0,$day=0) {
- // test to see if it's a valid date
- if ($year == -1) { // unset field
- $this->setField("activatedate","0000-00-00");
- return true;
- }
- if (!checkdate($month,$day,$year)) {
- error("The activate date you entered is invalid. It has not been set.");
- return false;
- }
-
- if ($month < 10) {
- $month = "0".$month;
- }
- if ($day < 10) {
- $day = "0".$day;
- }
-
- $this->setField("activatedate",$year."-".$month."-".$day);
- return true;
- }
-
- function setDeactivateDate($year,$month=0,$day=0) {
- // test to see if it's a valid date
- if ($year == -1) { // unset field
- $this->setField("deactivatedate","0000-00-00");
- return true;
- }
- if (!checkdate($month,$day,$year)) {
- error("The deactivate date you entered is invalid. It has not been set.");
- return false;
- }
- if ($month < 10) {
- $month = "0".$month;
- }
- if ($day < 10) {
- $day = "0".$day;
- }
-
- $this->setField("deactivatedate",$year."-".$month."-".$day);
- return true;
- }
-
- /******************************************************************************
- * cropString - crops a string to an appropriate length and adds elipses if
- * nessisary.
- ******************************************************************************/
- function cropString ($string, $maxChars) {
- $length = strlen($string);
- if ($length > $maxChars) {
- $length = $maxChars-3;
- $string = substr($string,0,$length)."...";
- }
- return $string;
- }
-
- /******************************************************************************
- * parseMediaTextForEdit - replaces ####<id>#### with appropriate filename info
- * -> used for inline images from the media library in text
- ******************************************************************************/
- function parseMediaTextForEdit($field) {
- if (!$this->getField("$field")) return false;
-
- $this->data[$field] = ereg_replace("src=('{0,1})####('{0,1})","####",$this->getField($field));
- $textarray1 = explode("####", $this->getField($field));
- if (count($textarray1) > 1) {
- for ($i=1; $i < count($textarray1); $i+=2) {
- $id = $textarray1[$i];
- $filename = db_get_value("media","media_tag","media_id='".addslashes($id)."'");
- $query = "
- SELECT
- slot_name
- FROM
- media
- INNER JOIN
- site ON media.FK_site = site_id
- INNER JOIN
- slot ON site_id = slot.FK_site
- WHERE
- media_id = '".addslashes($id)."'
- ";
- $a = db_fetch_assoc(db_query($query));
- $dir = $a[slot_name];
- $filepath = $uploadurl."/".$dir."/".$filename;
- $textarray1[$i] = "&&&& src='".$filepath."' @@@@".$id."@@@@ &&&&";
- }
- $this->data[$field] = implode("",$textarray1);
- }
- }
- /******************************************************************************
- * parseMediaTextForDB - does the exact opposite of above
- ******************************************************************************/
- function parseMediaTextForDB($field) {
- if (!$this->getField($field)) return false;
- $textarray1 = explode("&&&&", $this->getField($field));
- if (count($textarray1) > 1) {
- for ($i=1; $i<count($textarray1); $i=$i+2) {
- $textarray2 = explode("@@@@", $textarray1[$i]);
- $id = $textarray2[1];
- $textarray1[$i] = "src='####".$id."####'";
- }
- $this->data[$field] = implode("",$textarray1);
- }
- }
-
- /******************************************************************************
- * PERMISSIONS FUNCTIONS
- *
- * these functions handle part-specific permissions
- * isEditor($user) checks if $user is an editor for this part
- * addEditor($e) adds $e as an editor with default permissions (view only)
- * delEditor($e) removes all of $e's site permissions (ALL OF THEM)
- * getEditors() returns an array of editors for the site
- * setPermissions($p) set permissions to $p (a permission-formatted array)
- * getPermissions() returns a permission-formatted array of permissions
- * clearPermissions() flags all editor's scope-specific permissions to be removed
- * setUserPermissions($user,$add,$edit,$del,$view,$discuss)
- * sets $user's permissions to values of parameters (0 or 1)
- * setUserPermissionsFromArray($user,$p)
- * sets $user's permissions from permission-formatted array $p
- * buildPermissionsArray()
- * builds a permission-formatted array from the database
- * updatePermissionsDB()
- * updates the permissions database to reflect changes made above
- * canview($user) returns true/false depending on whether $user can view
- * this part of the site. takes into account de/activate dates
- * and active flag
- * hasPermission($perms,$user)
- * takes a formatted string $perms (ex, 'add and (edit or delete)')
- * and returns true/false if $user has those permissions
- * hasPermissionDown($perms,$user)
- * checks if someone has $perms anywhere down the line
- ******************************************************************************/
- function isEditor($user='') {
- if ($user=='')
- $user=$_SESSION[auser];
-
- if ($user == 'everyone' || $user == 'institute')
- return FALSE;
-
- if (!$this->builtPermissions && $this->id) $this->buildPermissionsArray();
- $this->fetchUp();
- $owner = $this->owningSiteObj->owner;
- /* print "owner: $owner"; */
- if (strtolower($user) == strtolower($owner)) return 1;
- $toCheck = array(strtolower($user));
- $toCheck = array_merge($toCheck,$this->returnEditorOverlap(getuserclasses($user,"all")));
- $toCheck = array_merge($toCheck, getusergroups($user,"all"));
-
- $toCheck = array_unique($toCheck);
-
- // printpre("-----------------------------\nDebugging:");
- // printpre(__FILE__.": ".__LINE__);
- // printpre($toCheck);
- // printpre($this->editors);
- // printpre("-----------------------------");
- foreach ($this->editors as $e) {
- if (in_array($e,$toCheck)) return 1;
- }
- return 0;
- }
- function addEditor($e) {
- /* print "<br />Adding editor $e<br />"; */
- // if ($e == 'institute' || $e == 'everyone') return false; // With the new permissions structure, this may be unwanted.
- if ($_SESSION[auser] == $e) { error("You do not need to add yourself as an editor."); return false; }
- if ($e && !in_array($e,$this->editors)) {
- $this->editors[]=$e;
- $this->setUserPermissions($e);
- $this->changedpermissions = 1;
- }
- }
- function delEditor($e) {
- $class=get_class($this);
- if ($e == 'institute' || $e == 'everyone') return false;
- if (!$e) return false;
- if (in_array($e,$this->editors)) {
- $n = array();
- foreach($this->editors as $v) {
- if ($v != $e) $n[]=$v;
- }
- $this->editors = $n;
- $this->setFieldDown("l%$e%add",0);
- $this->setFieldDown("l%$e%edit",0);
- $this->setFieldDown("l%$e%delete",0);
- $this->setFieldDown("l%$e%view",0);
- $this->setFieldDown("l%$e%discuss",0);
- $this->setUserPermissionDown("ADD",$e,0);
- $this->setUserPermissionDown("VIEW",$e,0);
- $this->setUserPermissionDown("EDIT",$e,0);
- $this->setUserPermissionDown("DELETE",$e,0);
- $this->setUserPermissionDown("DISCUSS",$e,0);
- $this->editorsToDelete[] = $e;
- }
- }
-
- function getEditors() {
- if (!$this->builtPermissions && $this->id)
- $this->buildPermissionsArray(0,0);
- return array_unique($this->editors);
- }
-
- /**
- * Answer the users who have add, edit, and delete permission at the site
- * level
- * retun array The editor ids
- */
- function getSiteLevelEditors () {
- if (!isset($this->_siteLevelEditors)) {
- $this->_siteLevelEditors = array();
- foreach ($this->getEditors() as $editor) {
- if ($this->owningSiteObj->hasPermission('add && edit && delete', $editor)) {
- $this->_siteLevelEditors[] = $editor;
- }
- }
- }
-
- return $this->_siteLevelEditors;
- }
-
- function setPermissions($p) {
- if (is_array($p)) {
- $this->permissions = $p;
- $this->editors = array_unique(array_merge(array_keys($p),$this->editors)); // add new editors from new permissions array
- $this->changedpermissions = 1;
- }
- }
-
- /* function setPermissionsDown($p) { */
- /* if (!$this->fetcheddown) $this->fetchDown(); */
- /* $class=get_class($this); */
- /* $ar = $this->_object_arrays[$class]; */
- /* $this->setPermissions($p); */
- /* if ($ar) { */
- /* $a = &$this->$ar; */
- /* if ($a) { */
- /* foreach ($a as $i=>$o) { */
- /* $a[$i]->setPermissionsDown($p); */
- /* } */
- /* } */
- /* } */
- /* } */
-
- function clearPermissions($editor = '') {
- /* print "Editors: <pre>"; print_r($this->getEditors()); print "</pre>"; */
- /* print "To Delete: <pre>"; print_r($this->editorsToDeleteInScope); print "</pre>"; */
- $this->editors = array();
- $this->permissions = array();
- $this->changedpermissions = 1;
- }
-
- function setUserPermissions($user,$add=0,$edit=0,$del=0,$view=0,$discuss=0) {
- $this->setUserPermissionsFromArray($user,array(ADD=>$add,EDIT=>$edit,DELETE=>$del,VIEW=>$view,DISCUSS=>$discuss));
- }
-
- function setUserPermissionsFromArray($user,$p) {
- $this->permissions[$user] = $p;
- $this->changedpermissions = 1;
- }
-
- function setUserPermissionDown($perm,$user,$val=1) {
- $class=get_class($this);
- $ar = $this->_object_arrays[$class];
- $p = strtoupper($perm);
- $c = permissions::$p();
- if ($this->permissions[$user][$c] != $val) {
- $this->permissions[$user][$c] = $val;
- $this->cachedPermissions["onlyuser".$user.$perm] = $val; // Update the cached permissions array so that
- // hasPermission doesn't get a fscked up
- $this->cachedPermissions[$user.$perm] = $val; // Update the cached permissions array so that
- // hasPermission doesn't get a fscked up
- $this->changedpermissions=1;
- }
-
- /* if ($class == "site") $n = 0; */
- /* else if ($class == "section")$n =4; */
- /* else if ($class == "page")$n = 8; */
- /* else $n=12; */
- /* $i = 0; */
- /* while($i <= $n) { */
- /* print " "; */
- /* $i++; */
- /* } */
- /* print $this->permissions[$user][$c]; */
- /* print $class.": set -- has permission= -- should be: $val<br />"; */
- /* print $this->permissions[$user][$c]; */
- /* print "<pre>"; print_r($this->permissions[$user]); print "</pre>"; */
-
- if ($ar) {
- $a = &$this->$ar;
- if ($a) {
- foreach (array_keys($a) as $k=>$i) {
- $a[$i]->setUserPermissionDown($perm,$user,$val);
- $a[$i]->cachedPermissions["onlyuser".$user.$perm] = $val; // Update the cached permissions array so that
- // hasPermission doesn't get a fscked up
- $a[$i]->cachedPermissions[$user.$perm] = $val; // Update the cached permissions array so that
- // hasPermission doesn't get a fscked up
- }
- }
- }
- }
-
- function getPermissions() {
- // returns an html-formable permissions array based on the permissions table
- return $this->permissions;
- }
-
- function movePermission($action, $user, $origSite, $moveLevel) {
- // determines whether user can move an object here
- if ($this->getField("type") != get_class($this)) return 0;
- if ($this->owning_site == $origSite) {
- if ($action == "COPY") {
- if ($this->hasPermission("add",$user)) return 1;
- if ($moveLevel != get_class($this) && $this->hasPermissionDown("add",$user)) return 1;
- } else {
- if ($this->hasPermission("add or edit",$user)) return 1;
- if ($moveLevel != get_class($this) && $this->hasPermissionDown("add or edit",$user)) return 1;
- }
- } else {
- if ($this->hasPermission("add",$user)) return 1;
- if ($moveLevel != get_class($this) && $this->hasPermissionDown("add",$user)) return 1;
- }
- return 0;
- }
-
- /******************************************************************************
- * buildPermissionsArray - builds the permissions array for current obj from DB
- ******************************************************************************/
- function buildPermissionsArray($force=0,$down=0) {
- if (!$force && $this->builtPermissions) return;
-
- $scope = get_class($this);
- $site = $this->owning_site;
- $id = $this->id;
- // the SQL queries for obtaining the permissions vary with the scope type. Thus, we have 4 cases, 1 for each scope type.
-
- // editors can be either institute, everyone, a username or a ugroup name
- // we need two queries for any one scope
-
-
- // CASE 1: scope is SITE
- if ($scope == 'site') {
- $query = "
- SELECT
- user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,
- MAKE_SET(IFNULL((permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions
- FROM
- site
- INNER JOIN
- site_editors ON
- site_id = ".$this->id."
- AND
- site_id = FK_site
- LEFT JOIN
- user ON
- site_editors.FK_editor = user_id
- LEFT JOIN
- ugroup ON
- site_editors.FK_editor = ugroup_id
- LEFT JOIN
- permission ON
- site_id = FK_scope_id
- AND
- permission_scope_type = 'site'
- AND
- permission.FK_editor <=> site_editors.FK_editor
- AND
- permission_editor_type = site_editors_type
- ";
- }
- // CASE 2: scope is SECTION
- else if ($scope == 'section') {
- $query = "
- SELECT
- user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,
- MAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions
- FROM
- site
- INNER JOIN
- section
- ON site_id = section.FK_site
- AND
- section_id = ".$this->id."
- INNER JOIN
- site_editors ON
- site_id = site_editors.FK_site
- LEFT JOIN
- user ON
- site_editors.FK_editor = user_id
- LEFT JOIN
- ugroup ON
- site_editors.FK_editor = ugroup_id
- LEFT JOIN
- permission as p1 ON
- site_id = p1.FK_scope_id
- AND
- p1.permission_scope_type = 'site'
- AND
- p1.FK_editor <=> site_editors.FK_editor
- AND
- p1.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p2 ON
- section_id = p2.FK_scope_id
- AND
- p2.permission_scope_type = 'section'
- AND
- p2.FK_editor <=> site_editors.FK_editor
- AND
- p2.permission_editor_type = site_editors_type
- ";
- }
- // CASE 3: scope is PAGE
- else if ($scope == 'page') {
- $query = "
- SELECT
- user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,
- MAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0) | IFNULL((p3.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions
- FROM
- site
- INNER JOIN
- section
- ON site_id = section.FK_site
- INNER JOIN
- page
- ON section_id = page.FK_section
- AND
- page_id = ".$this->id."
- INNER JOIN
- site_editors ON
- site_id = site_editors.FK_site
- LEFT JOIN
- user ON
- site_editors.FK_editor = user_id
- LEFT JOIN
- ugroup ON
- site_editors.FK_editor = ugroup_id
- LEFT JOIN
- permission as p1 ON
- site_id = p1.FK_scope_id
- AND
- p1.permission_scope_type = 'site'
- AND
- p1.FK_editor <=> site_editors.FK_editor
- AND
- p1.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p2 ON
- section_id = p2.FK_scope_id
- AND
- p2.permission_scope_type = 'section'
- AND
- p2.FK_editor <=> site_editors.FK_editor
- AND
- p2.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p3 ON
- page_id = p3.FK_scope_id
- AND
- p3.permission_scope_type = 'page'
- AND
- p3.FK_editor <=> site_editors.FK_editor
- AND
- p3.permission_editor_type = site_editors_type
- ";
- }
- // CASE 4: scope is PAGE
- else if ($scope == 'story') {
- $query = "
- SELECT
- user_uname as editor, ugroup_name as editor2, site_editors_type as editor_type,
- MAKE_SET(IFNULL((p1.permission_value+0),0) | IFNULL((p2.permission_value+0),0) | IFNULL((p3.permission_value+0),0) | IFNULL((p4.permission_value+0),0), 'v', 'a', 'e', 'd', 'di') as permissions
- FROM
- site
- INNER JOIN
- section
- ON site_id = section.FK_site
- INNER JOIN
- page
- ON section_id = page.FK_section
- INNER JOIN
- story
- ON page_id = story.FK_page
- AND
- story_id = '".addslashes($this->id)."'
- INNER JOIN
- site_editors ON
- site_id = site_editors.FK_site
- LEFT JOIN
- user ON
- site_editors.FK_editor = user_id
- LEFT JOIN
- ugroup ON
- site_editors.FK_editor = ugroup_id
- LEFT JOIN
- permission as p1 ON
- site_id = p1.FK_scope_id
- AND
- p1.permission_scope_type = 'site'
- AND
- p1.FK_editor <=> site_editors.FK_editor
- AND
- p1.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p2 ON
- section_id = p2.FK_scope_id
- AND
- p2.permission_scope_type = 'section'
- AND
- p2.FK_editor <=> site_editors.FK_editor
- AND
- p2.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p3 ON
- page_id = p3.FK_scope_id
- AND
- p3.permission_scope_type = 'page'
- AND
- p3.FK_editor <=> site_editors.FK_editor
- AND
- p3.permission_editor_type = site_editors_type
- LEFT JOIN
- permission as p4 ON
- story_id = p4.FK_scope_id
- AND
- p4.permission_scope_type = 'story'
- AND
- p4.FK_editor <=> site_editors.FK_editor
- AND
- p4.permission_editor_type = site_editors_type
- ";
- }
- // execute the query
- // echo $query;
- $r = db_query($query);
- //echo "Query result: ".$r."<br />";
-
-
- // reset the editor array
- if ($r) {
- $this->editors = array();
- $this->permissions = array();
- }
-
- // for every permisson entry, add it to the permissions array
- while ($row=db_fetch_assoc($r)) {
- // decode 'final_permissions';
- // 'final_permissions' is a field returned by the query and contains a string of the form "'a','vi','e'" etc.
- $a = array();
- $dbPerms = explode(",", $row[permissions]);
-
- $a[v] = in_array('v', $dbPerms);
- $a[a] = in_array('a', $dbPerms);
- $a[e] = in_array('e', $dbPerms);
- $a[d] = in_array('d', $dbPerms);
- $a[di] = in_array('di', $dbPerms);
-
- // Trash the db perms variable.
- $dbPerms = NULL;
- unset ($dbPerms);
-
- // if the editor is a user then the editor's name is just the user name
- // if the editor is 'institute' or 'everyone' then set the editor's name correspondingly
- if ($row[editor_type]=='user')
- $t_editor = $row[editor];
- else if ($row[editor_type]=='ugroup')
- $t_editor = $row[editor2];
- else
- $t_editor = $row[editor_type];
-
- // Everyone and institute can't have add, edit, or delete permissions.
- // Somehow, these were added sometimes. If this is the case, prevent
- // these from being set and reset those for the site.
- if ($t_editor == 'everyone' || $t_editor == 'institute') {
- // If we have a bad permission, do cleanup.
- if ($a[a] || $a[e] || $a[d]) {
-
-
- // Make sure that zeros get passed on.
- $a[a] = 0;
- $a[e] = 0;
- $a[d] = 0;
-
- // Clean up the permissions
- $this->owningSiteObj->setUserPermissionDown('add', $t_editor, 0);
- $this->owningSiteObj->s…
Large files files are truncated, but you can click here to view the full file