PageRenderTime 59ms CodeModel.GetById 30ms RepoModel.GetById 0ms app.codeStats 0ms

/s3db3.5.10/s3dbcore/S3QLaction.php

https://code.google.com/p/s3db/
PHP | 1620 lines | 996 code | 393 blank | 231 comment | 235 complexity | 225f697ac6023f0b6003bfefacff959f MD5 | raw file

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. function S3QLaction($s3ql, $timer = array())
  3. {
  4. extract($s3ql);
  5. #echo '<pre>';print_r($s3ql);
  6. #grab a few relevant varuales
  7. $regexp = $GLOBALS['regexp'];
  8. $dbstruct = $GLOBALS['dbstruct'];
  9. #map a few vairables
  10. $s3map = $GLOBALS['s3map'];
  11. $format = $s3ql['format'];
  12. $model = 'nsy'; #this tells us the allowed permission states and the order in which they will make sense
  13. #Error messages
  14. extract($GLOBALS['messages']);
  15. #database and user identification
  16. if(!is_object($db))
  17. {$db = $_SESSION['db'];
  18. }
  19. $key=($_REQUEST['key'])?$_REQUEST['key']:$s3ql['key'];
  20. $user_id = ($user_id)?$user_id:$_SESSION['user']['account_id'];
  21. $user_info = s3info('users', $user_id, $db);
  22. if (!$user_id || !$db) {
  23. #if (!$key)
  24. {
  25. return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'Please specify user_id and db or a key', $format,''));
  26. }
  27. #re-chekc if user provided is the same for key provided
  28. }
  29. $s3ql = array_diff_key($s3ql, array('db'=>'', 'user_id'=>'')); #take out from the array what needed to be included for wihitn S3DB queries
  30. if ($s3ql['update']!='') {
  31. $s3ql['edit'] = $s3ql['update'];#update is closer to SQL, although original was edit. Must keep edit to be backward compatible
  32. $s3ql=array_filter(array_diff_key($s3ql, array('update'=>1)));
  33. }
  34. ##Discover if the user is trying to retrieve data from the dictionary as well
  35. if(eregi('on|^t|true',$s3ql['graph'])){
  36. $complete = true; #complete will tell s3ql that dictionary terms should be added to the output
  37. $s3ql = array_delete($s3ql,'graph');
  38. }
  39. #identify the action
  40. $possible_actions = array('insert', 'edit', 'delete', 'select', 'update', 'grant');
  41. foreach ($possible_actions as $someaction) {
  42. if ($s3ql[$someaction]!='') {
  43. $action = $someaction;
  44. }
  45. }
  46. if($s3ql['options']!=''){
  47. $opts = str_replace(" ","", $s3ql['options']);
  48. $opts = explode(',' ,$opts);
  49. $s3ql['options'] = $opts;
  50. }
  51. #if there is nothing as action, assume a select
  52. if ($action=='') {
  53. $action = 'select';
  54. }
  55. #identify the target
  56. if (ereg('(insert|edit|update|delete|grant)', $action)) {
  57. $s3ql['from'] = ($s3ql[$action]=='')?$_REQUEST[$action]:$s3ql[$action];
  58. }
  59. elseif (ereg('(select)', $action)) {
  60. $s3ql['from'] = ($s3ql['from']=='')?$_REQUEST['from']:$s3ql['from'];
  61. }
  62. #if there is no target, assume projects
  63. if ($s3ql['from']=='') {
  64. $s3ql['from'] = 'projects';
  65. }
  66. if($s3ql['from']=='class')
  67. $s3ql['from']= 'collection';
  68. if($s3ql['from'] =='instance')
  69. $s3ql['from'] = 'item';
  70. #these are targets ONLY for insert/edit/delete. Select takes plurals... was a bad idea, I know :-( but is much more intuitive :-)
  71. $possible_targets = array('permission', 'user', 'group', 'key', 'project', 'collection', 'item', 'rule', 'statement', 'filekey');
  72. #start taking action
  73. switch ($action) {
  74. case 'select':
  75. {
  76. if($timer) $timer->setMarker('queryStart');
  77. $data = selectQuery(compact('s3ql', 'db','user_id', 'format','complete','model'));
  78. #echo 'data<pre>';print_r($data);exit;
  79. return ($data);
  80. break;
  81. } #Close select queries
  82. case 'insert':
  83. {
  84. #echo '<pre>';print_r($s3ql);exit;
  85. #map s3ql input to s3db structure requirements
  86. if($s3ql['insert']=='class')
  87. $s3ql['insert']='collection';
  88. if($s3ql['insert']=='instance')
  89. $s3ql['insert']='item';
  90. if($s3ql['where']['notes']!='')
  91. $s3ql['where']['notes'] = $s3ql['where']['notes'];
  92. if($s3ql['where']['value']!='')
  93. $s3ql['where']['value'] = $s3ql['where']['value'];
  94. if($s3ql['where']['file_id']!=''){
  95. $s3ql['where']['statement_id'] = $s3ql['where']['file_id'];
  96. }
  97. ##build inputs and oldvalues for validation and insert functions
  98. $tranformed = S3QLselectTransform(compact('s3ql', 'db', 'user_id'));
  99. $s3ql= $tranformed['s3ql'];$element = $s3ql['insert'];
  100. $element_id = $s3ql['where'][$element.'_id'];
  101. $letter = strtoupper(substr($element,0,1));
  102. $uid = $letter.$element_id;
  103. $required = array(
  104. 'key'=>array(),
  105. 'project'=>array('project_name'),
  106. 'collection'=>array('project_id', 'entity'),
  107. 'rule'=>array('project_id', 'subject_id', 'verb', 'object'),
  108. 'item'=>array('collection_id'),
  109. 'statement'=>array('item_id', 'rule_id', 'value'),
  110. 'file' => array('item_id', 'rule_id', 'filekey'),
  111. 'user' => array('account_lid', 'account_email'),
  112. 'group'=>array('account_lid'));
  113. if(!in_array($element, array_keys($required)))
  114. {
  115. return (formatReturn($GLOBALS['error_codes']['wrong_input'], $element.' is not a valid S3DB element. Valid elements: key, project, collection, rule, item, statement, file',$format,''));
  116. }
  117. #if a subject is provided instead of a subject id in rule, dont break because of that. Find the subject
  118. #THIS PART NEEDS TO B HERE BECAUSE IT THE MANDATORY FIELDS ARE 'OR'
  119. if($element=='rule')
  120. {
  121. $s3ql=ruleInputsInfer($s3ql, $db, $user_id);
  122. }
  123. elseif($element=='file'){
  124. //for file, both filekey and value are accepted. If filekey is provided, a file must have been previously uploaded;
  125. if($s3ql['where']['filekey']=='' && $s3ql['where']['value']!=''){
  126. //take the value, make a text file, give it a filekey and insert the file
  127. $s3ql=fileUploadFromValue($s3ql, $db, $user_id);
  128. if(is_array($s3ql) && $s3ql['statement_id']!='') {
  129. #if(is_bool($s3ql) && $s3ql==true)
  130. #{
  131. return (formatReturn($GLOBALS['error_codes']['success'], 'Fragment inserted in file '.$s3ql['file_name'].'.',$format,array('file_id'=>$s3ql['statement_id'])));
  132. #}
  133. }
  134. elseif(!is_array($s3ql)){
  135. if(is_bool($s3ql) && $s3ql==true)
  136. {
  137. return (formatReturn($GLOBALS['error_codes']['success'], 'Fragment inserted in file '.$s3ql['where']['file_name'].'.',$format,''));
  138. }
  139. elseif(is_string($s3ql)){
  140. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], $s3ql,$format,''));
  141. }
  142. else {
  143. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'File could not be created. You can try to encode the data in the file such that is is compatible with txt.',$format,''));
  144. }
  145. }
  146. }
  147. }
  148. #translate some s3ql inputs into s3db names:
  149. #IS there anythi ng still missing? There are 2 types fo required inputs: thsoe from the user and those into the table. The firstare verified here, the rest are verified in "validation"
  150. $diff = array();
  151. foreach ($s3ql['where'] as $where_field=>$where_value) {
  152. if($where_value=="" && in_array($where_field, $required[$element])){
  153. array_push($diff, $where_field);
  154. }
  155. }
  156. #$diff=array_diff($required[$element],array_keys($s3ql['where']));
  157. if($element_id=='' && !empty($diff)){
  158. return formatReturn($GLOBALS['error_codes']['something_missing'],'Please provide all the necessary fields: '.rtrim(array_reduce($required[$element], "comma_split"), ", ").'. '.$syntax_message, $s3ql['format'], '');
  159. }
  160. #echo '<pre>';print_r($required[$element]);eit;
  161. #if there is any sort of id, check if user has permissions on that. In case of statement, permission must be checked on both rule and instance
  162. $inserteable = array(
  163. #'deployment'=>'deployment_id',
  164. 'group'=>'group_id',
  165. 'user'=>'user_id',
  166. 'project'=>'project_id',
  167. 'rule'=>'rule_id',
  168. 'collection'=>'collection_id',
  169. 'item'=>'item_id',
  170. 'statement'=>'statement_id',
  171. );
  172. #insert overal view
  173. #element_id is not empty
  174. #upstream resource provided
  175. #if all permissions clear up, grant permission to upper on loewer score;
  176. #upstream resource not provided
  177. #infer deployment if user, group or project, else nothing to do
  178. #element_id is empty
  179. #upstream resources provided
  180. #all permissions clear up, create new entry.
  181. #scoreTable will allow us to score the elements according to their position in the inheritance model. To nisert an "inserteable" A into an "inserteable" B,
  182. $scoreTable=array_reverse($inserteable, 0);
  183. $scoreTable = array_combine(array_keys($scoreTable), range(1,count($inserteable)));
  184. $elementScore = $scoreTable[$element];#check the score of target. All other score will be chacked against this one
  185. #for user, group and project, inserts occur in deployment (local). Except when there is indication on group or any other Id.
  186. $input_ids = array_intersect($inserteable, array_keys($s3ql['where']));
  187. if(ereg('^(U|G|P)$', $letter) && (count($input_ids)<=1 || count(array_filter(array_diff_key($s3ql['where'], array($element.'_id'=>''))))==0))
  188. {
  189. $GLOBALS['Did'] = ereg_replace('^D','',$GLOBALS['Did']);
  190. $s3ql['where']['deployment_id']=($s3ql['where']['deployment_id']!='')?$s3ql['where']['deployment_id']:substr($GLOBALS['Did'], 1, strlen($GLOBALS['Did']));
  191. $info['D'.$GLOBALS['Did']]=URI('D'.$GLOBALS['Did'], $user_id, $db);
  192. $permission2add['D'.$GLOBALS['Did']] = $info['D'.$GLOBALS['Did']]['add_data'];
  193. $core_score['D'.$GLOBALS['Did']] = 8;
  194. }
  195. #echo '<pre>';print_r($input_ids);exit;
  196. #echo '<pre>';print_r($inserteable);
  197. #echo '<pre>';print_r($s3ql);exit;
  198. ############################
  199. #this next segment finds all the s3ids in the query, and checks permission of user/session on it (user/session beause user ccna be using a group)
  200. #echo '<pre>';print_r($s3ql);
  201. if (ereg('^(U|G|P|C|R|I|S|F)$', strtoupper(substr($element, 0,1)))) {
  202. foreach ($inserteable as $s3element=>$id) {
  203. if ($s3ql['where'][$id]!='') {
  204. $element_name = $s3element;
  205. $id_name = $id;
  206. $uid_info=uid(letter($id).$s3ql['where'][$id_name]);
  207. $Z = compact('s3element', 'diff', 'id', 'scoreTable', 's3ql', 'letter', 'input_ids', 'user_id', 'db', 'format', 'element');
  208. $element_info = retrieveUIDInfo($Z);
  209. $info[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $element_info;
  210. $permission2add[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $element_info['add_data'];
  211. $core_score[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $scoreTable[$element_name];
  212. #when element id is present (customized elemnt-id, and is the only ID, and id already exists, user cannot recreat it. To update it, he must go through update. That is the only ID that can "Not" exist
  213. if ($id==$GLOBALS['s3ids'][$element] && !is_array($element_info)){
  214. #if a particular id was not found and user is trying to customize a new element_id, then user will have permission to add to it.
  215. $permission2add[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = '1';
  216. }
  217. else
  218. {
  219. if(!is_array($element_info) && $uid_info['Did']==$GLOBALS['Did'])#for remote resources, allow insert withour requiring validation.. for now. For inserting projects witha specific uid,
  220. {
  221. if($id_name!=$GLOBALS['COREletterInv'][$letter]) #allow the user to create the id in case the required fields are filled
  222. return (formatReturn($GLOBALS['error_codes']['no_results'], 'Resource '.strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name].' was not found', $format,''));
  223. elseif(!empty($diff))
  224. $info[$letter.$s3ql['where'][$id]]['to_create']=1;
  225. }
  226. }
  227. }
  228. }
  229. ##array that will have all inputs that are not ids
  230. $input_literals = array();
  231. if(is_array($s3ql['where']) && is_array($input_ids))
  232. {
  233. $input_literals = array_diff(array_keys($s3ql['where']), $input_ids);
  234. if(in_array('permission_level',$input_literals))
  235. {$input_literals = array_diff($input_literals,array('permission_level'));}
  236. }
  237. ##If there ar any input literals lets, then it is an uid to create
  238. if(!empty($input_literals)){
  239. $info[$uid]['to_create']='1';
  240. }
  241. #echo '<pre>';print_r($permission2add);
  242. #echo '<pre>';print_r($core_score);
  243. #exit;
  244. #echo '<pre>';print_r($info);exit;
  245. if(is_array($core_score))
  246. $result = array_combine($core_score, $permission2add);#score as index and permissions as values
  247. #a group and a user can be inserted in any one resource... as long as user does have permission on the resource
  248. if(ereg('^(U|G|P)$', $letter) && is_array($result))
  249. {
  250. if(($result[min(array_keys($result))] || ($user_info['account_type']=='a') && max(array_keys($result))==8) || $user_info['account_id']=='1')
  251. $result[max(array_keys($result))]='1';
  252. }
  253. $has_permission2add = $result[max(array_keys($result))];#this means the highest scored element does NOT have permission to add
  254. #how many IDS?Min ID is 1; if two, then it can be inserting a statement or adding remote resource on local resource
  255. #print $info
  256. ####If any s3ids were found, Variable $info was created, and variable $permission2add was created from the first.
  257. #now,interpret what was found.
  258. #Permissions need to be checek if any ID is supplied that already exists.
  259. #if (ereg('(group|user|project|collection|rule|item|statement|file)', $element)) {
  260. if (ereg('(G|U|P|C|R|I|S|F)', strtoupper(substr($element, 0,1)))) {
  261. #if (count($info)=='1' || (count($info)=='2' && $info['D'.$GLOBALS['Did']]!='') || (count($info)=='2' && ereg('^(statement|file)$', $element)) || (count($info)=='2' && !empty($input_literals))) {
  262. if (count($info)=='1' || (count($info)=='2' && $info['D'.$GLOBALS['Did']]!='') || (count($info)=='2' && ereg('^(statement|file)$', $element)) || (count($info)==2 && !empty($input_literals)) || (count($info)==3 && ereg('^(statement|file)$', $element) && !empty($input_literals))) {
  263. #is this ID from the element we are trying to insert?
  264. #does it exist?
  265. if($s3ql['where'][$GLOBALS['COREids'][$element]]!='' && isLocal($uid, $db) && !$info[$uid]['is_remote']) {#cannot recreate id. Do nothing.
  266. return(formatReturn($GLOBALS['error_codes']['wrong_input'], $uid.' already exists. Could not recreate it.', $format,''));
  267. }
  268. elseif (count($info)=='1' && $element_id!='') {
  269. return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide the uid where this '.$element.' should be inserted.', $format,''));
  270. }
  271. else {
  272. #take inputs, validate them, check permission on ONE id, create resource. Do the switch cases here.
  273. if($has_permission2add) {
  274. #this means the highest value on permission2asd is 1.
  275. if($info[$uid]['to_create']=='1' || $element_id=='') {
  276. $create_info = $s3ql['where'];
  277. $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
  278. $info=$inputs;
  279. #echo 'inputs<pre>';print_r($inputs);exit;
  280. if(!is_array($inputs))
  281. {
  282. return (formatReturn('3', $inputs, $format,''));
  283. }
  284. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key','user_id','format'));
  285. #echo 'validity<pre>';print_r($validity);exit;
  286. if($validity[0])
  287. {
  288. $key=$s3ql['key'];
  289. $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key','s3ql'));
  290. #echo '<pre>';print_r($inserted);exit;
  291. $msg_return = array('error_code'=>0, 'message'=>$inserted[4], $element.'_id'=>$inserted[$element.'_id']);
  292. //when user requests information, return it as well
  293. if(is_array($s3ql['options']) && in_array('select',$s3ql['options']) && ereg('json|xml',$format)){
  294. $finalInfo = URIinfo(letter($element).$inserted[$element.'_id'], $user_id, $key, $db);
  295. $msg_return['select'] = $finalInfo;
  296. $data = array(0=>$msg_return);
  297. $cols = array_keys($msg_return);
  298. $z = compact('data','cols', 'format');
  299. return outputFormat($z);
  300. }
  301. return (formatReturn('0',$inserted[4], $format, array($element.'_id'=>$inserted[$element.'_id'])));
  302. exit;
  303. }
  304. else {
  305. #echo '<pre>';print_r($validity);
  306. return (formatReturn($validity['error_code'],$validity['message'], $format,''));
  307. }
  308. }
  309. elseif($info[$uid]['is_remote']=='1') {#insert the permission on local
  310. #remote users an dgroups are inserted ON TABLE
  311. if(ereg('user|group|project', $element))
  312. {
  313. if($info[$uid]['error_code']=='1')
  314. {
  315. return (formatReturn("5", "User does not have permission on ".$uid.". If this is a remote resource, ask the administrator of the remote deployment to add your user ID (".$GLOBALS['URI'].'/U'.$user_id.") to his list of users", $s3ql['format'],''));
  316. #return (formatReturn("User does not have permission on ".$uid.". If this is a remote resource, ask the administrator of the remo deployment to add your user ID (".$GLOBALS['URI'].'/U'.$user_id.") to his list of users", $s3ql['format'],''));
  317. }
  318. $create_info = $info[$uid];
  319. $create_info['account_email']=($info[$uid]['account_email']=='')?'s3db@s3db.org':$info[$uid]['account_email'];
  320. $create_info['account_lid']=($info[$uid]['account_lid']!='')?$info[$uid]['account_lid']:$info[$uid]['account_id'];
  321. $create_info['user_id'] =$create_info['account_id'];
  322. $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
  323. #echo '<pre>';print_r($inputs);exit;
  324. if(!is_array($inputs))
  325. {return ($inputs);}
  326. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
  327. #echo '<pre>';print_r($validity);exit;
  328. if($validity[0])
  329. { $key=$s3ql['key'];
  330. $inserted =insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
  331. #echo '<pre>';print_r($inserted);
  332. return (formatReturn('0', $element.' inserted.', $s3ql['format'], array($element.'_id'=>$inserted[$element.'_id'])));
  333. }
  334. else {
  335. return (formatReturn($validity['error_code'], $validity['message'], $s3ql['format'],''));
  336. }
  337. }
  338. $permission_info = array('uid'=>$uid,'shared_with'=>'U'.$user_id,'permission_level'=>$info[$uid]['acl']);
  339. $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
  340. if(!$permission_added)
  341. $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  342. if($permission_added){
  343. return (formatReturn($GLOBALS['error_codes']['success'], $uid." shared_with in ".$permission_info['shared_with'], $format,''));
  344. #return $GLOBALS['messages']['success']."<message> ".$uid." shared_with in ".$permission_info['shared_with']."</message>";
  345. }
  346. else {
  347. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$uid." with ".$permission_info['shared_with'], $format,''));
  348. #return $GLOBALS['messages']['something_went_wrong']."<message>Could not share ".$uid." with ".$permission_info['shared_with']."</message>";
  349. }
  350. }
  351. }
  352. else {
  353. $no_permission_id = array_search('0', $permission2add);
  354. return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to insert in '.$no_permission_id, $format,''));
  355. exit;
  356. #return ($GLOBALS['messages']['no_permission_message'].' Reason: <message>User does not have permission to insert in '.$no_permission_id.'</message>');
  357. }
  358. }
  359. }
  360. elseif(count($info)>=2) #NOT a physical insert, but a virtual insert in an existing resource
  361. {
  362. #2 or + ids in info.
  363. #these IDS can be entity_id OR membership
  364. if($element_id!='' && !$info[$uid]['to_create']) #this automatically means that the second id refers to membership.
  365. {
  366. #grant permissions
  367. $shared_with = array_diff(array_keys($permission2add), array($uid));#take uid from the keys of permission2add, that point to the uid we are sharing with
  368. $shared_with = array_values($shared_with);$shared_with = $shared_with[0];
  369. $add_resource_on_resource = substr(has_permission(compact('uid', 'shared_with'), $db,$user_id), 2,1);
  370. if(!$has_permission2add){#statement has rule_id and instance_id, user must have permission on both.
  371. return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to insert in resource '.key($permission2add), $format,''));
  372. #return ($GLOBALS['messages']['no_permission_message'].'<message>User does not have permission to insert in resource '.key($permission2add).'</message>');
  373. }
  374. if($result[max(array_keys($result))]=='0' && $result[min(array_keys($result))]=='1' && $add_resource_on_resource!='1' && $element!='user') {
  375. return (formatReturn($GLOBALS['error_codes']['something_missing'], 'To share '.$uid.' owner of '.$shared_with.' must insert first '.$uid.' in '.$shared_with.'.', $s3ql['format'], ''));
  376. }
  377. else {
  378. #if is remote and user cna insert in resource, must be inserted first
  379. if($info[$uid]['to_create'])
  380. {
  381. $create_info = $s3ql['where'];
  382. #echo '<pre>';print_r($create_info); exit;
  383. $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'format'=>$format));
  384. if(!is_array($inputs))
  385. return ($inputs);
  386. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
  387. if($validity[0])
  388. {
  389. $key=$s3ql['key'];
  390. $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
  391. return (formatReturn('0', $element.' inserted.', array($element.'_id'=>$inserted[$element.'_id'], $s3ql['format'])));
  392. }
  393. else {
  394. return ($validity[1]);
  395. }
  396. }
  397. if($info[$uid]['is_remote'])
  398. {
  399. #the other iD, non element id, should be the upper ID, where user shoulsd already have intert permission
  400. $uid_info = uid_resolve(ereg_replace('^U','',$uid));
  401. if(letter($uid_info['uid'])=='U'){
  402. $shared_with = 'U'.$uid_info['condensed'];
  403. $diff=array_values(array_diff(array_keys($info), array($uid)));
  404. $uid = $diff[0];
  405. $permission_level = ($s3ql['where']['permission_level']!="")?$s3ql['where']['permission_level']:'ynn';
  406. $message = $uid." shared with ".$uid_info['condensed'].' with permission_level '.$permission_level;
  407. }
  408. else {
  409. $diff=array_values(array_diff(array_keys($permission2add), array($uid)));
  410. $shared_with = $diff[0];
  411. $message = $uid." inserted in ".$shared_with;
  412. $permission_level = $info[$uid]['acl'];
  413. }
  414. $permission_info = array('uid'=>$uid,'shared_with'=>$shared_with,'permission_level'=>$permission_level);
  415. $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
  416. if(!$permission_added)
  417. $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  418. if($permission_added){
  419. return formatReturn($GLOBALS['error_codes']['success'], $message , $s3ql['format'], '');
  420. }
  421. else {
  422. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$uid." with ".$permission_info['shared_with'], $format,''));
  423. #return $GLOBALS['messages']['something_went_wrong']."<message>Could not share ".$uid." with ".$permission_info['shared_with']."</message>";
  424. }
  425. }
  426. if(!$info[$uid]['to_create'] && $s3ql['where']['permission_level']=='')
  427. {
  428. #does it exist already in upper resource?
  429. $diff=array_diff(array_keys($permission2add), array($uid));
  430. $shared_with = $diff[0];
  431. if(!ereg('U',$letter)) #user and groups have a different treatment than the rest
  432. {
  433. $sql = "select * from s3db_permission where uid = '".$uid."' and shared_with = '".$shared_with."'";
  434. #$sql = str_replace($GLOBALS['regexp'], '=', select(compact('uid', 'shared_with')));
  435. }
  436. else {
  437. $sql = "select * from s3db_permission where uid = '".$uid."' and shared_with = '".$shared_with."'";
  438. }
  439. $db->query($sql, __LINE__, __FILE__);
  440. if($db->next_record()) {
  441. return (formatReturn($GLOBALS['error_codes']['repeating_action'], $uid.' already shared with '.$shared_with.'. You can change its level of permission by indicating permission_level.', $s3ql['format'],''));
  442. }
  443. }
  444. }
  445. #share according to permissions
  446. $uid2share = array_search(min($core_score), $core_score);
  447. $shared_with = array_search(max($core_score), $core_score);
  448. $uid_info = uid($uid2share);
  449. if(($result[max(array_keys($result))]=='1') || ($add_resource_on_resource && $result[min(array_keys($result))]=='1')) #permission to add on upstream resource
  450. {
  451. #echo 'ola';exit;
  452. $case ='2';
  453. $uid_info = uid($uid2share);
  454. if($uid_info['Did']==$GLOBALS['Did'])
  455. $uid2share = $uid_info['uid'];
  456. #$uid2share = strtoupper(substr($uid_info['uid'],0,1)).$GLOBALS['Did'].'/'.$uid_info['uid'];
  457. $permission_info = array('uid'=>$uid2share,
  458. 'shared_with'=>$shared_with,
  459. 'permission_level'=>($s3ql['where']['permission_level']!='')?$s3ql['where']['permission_level']:$info[$uid2share]['permission_level'],
  460. );
  461. #echo '<pre>';print_r($permission_info);exit;
  462. $validity = validate_permission(compact('permission_info', 'user_id', 'db', 'info'));#grant project_id permission on rule_id
  463. #echo $validity;exit;
  464. if($validity=='0') {
  465. $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));#grant rule_id permission on project_id
  466. }
  467. elseif($validity=='2')
  468. $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  469. elseif($validity=='6' && ereg('^G', $shared_with) && ereg('^U', $uid))
  470. {
  471. $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));#grant rule_id permission on project_id
  472. $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  473. }
  474. #can insert, special case, quick fix
  475. elseif($validity=='6')
  476. return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User must have permission '.$permission_info['permission_level'].' or greater to grant permission '.$permission_info['permission_level'].' on '.$permission_info['shared_with'], $format,''));
  477. elseif($validity=='1'){
  478. return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'Invalid permission format. Please use the n-s-y or the 0-1-2 model (n/0 - no permission; s/1 - permission on entities created by the user; y/2 - permission. See http://s3db.org/documentation/permissions for more information on permission. ', $format,''));
  479. }
  480. #return ($GLOBALS['messages']['no_permission_message'].'<message>User must have permission '.$permission_info['permission_level'].' or greater to grant permission '.$permission_info['permission_level'].' on '.$permission_info['shared_with'].'.</message>');
  481. }
  482. elseif($result[max(array_keys($result))]=='1' && $result[min(array_keys($result))]=='0') #permission to add on upstream resource
  483. {
  484. $case ='1';
  485. if($uid_info['Did']==$GLOBALS['Did'])
  486. $uid2share= strtoupper(substr($uid_info['uid'],0,1)).$GLOBALS['Did'].'/'.$uid_info['uid'];
  487. $permission_info = array('shared_with'=>$shared_with,
  488. 'uid'=>$uid2share,
  489. 'permission_level'=>'001');
  490. $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
  491. if(!$permission_added)
  492. $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  493. #This step will leave rule insert pending until owner of the rule comes by and inserts it in project
  494. }
  495. if($permission_added)
  496. {
  497. #Missing: Create an entry in access_rules with "Pending" statuss
  498. if($case =='1')
  499. return (formatReturn($GLOBALS['error_codes']['success'], "Permission on ".$permission_info['uid']." requested and pending.", $format,''));
  500. #return $GLOBALS['messages']['success']."<message> Permission on ".$permission_info['uid']." requested and pending.</message>";
  501. else {
  502. return (formatReturn('0',$permission_info['uid']." inserted in ".$permission_info['shared_with'], $s3ql['format'], ''));
  503. }
  504. }
  505. else {
  506. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$permission_info['uid']." with ".$permission_info['shared_with'], $s3ql['format'],''));
  507. }
  508. }
  509. elseif($info[$uid]['to_create'] || $info[$uid]['is_remote']) {#insert IF is remote or was asserted to be inserted
  510. if(is_array($info[$uid]) && $info[$uid]['is_remote'])
  511. $create_info = $info[$uid];
  512. else
  513. $create_info = $s3ql['where'];
  514. $inputs = gatherInputs(array('element'=>$element, 'to_create'=>$create_info, 'user_id'=>$user_id, 'info'=>$info, 'format'=>$format));
  515. #echo '<pre>';print_r($inputs);exit;
  516. if(!is_array($inputs))
  517. return ($inputs);
  518. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
  519. #echo '<pre>';print_r($validity);exit;
  520. if($validity[0])
  521. { $key=$s3ql['key'];
  522. $inserted =insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
  523. #echo '<pre>';print_r($inserted);
  524. return (formatReturn('0', $element.' inserted.', $format, array($element.'_id'=>$inserted[$element.'_id'])));
  525. }
  526. else {
  527. return (formatReturn($validity['error_code'], $validity['message'], $format,''));
  528. }
  529. }
  530. }
  531. }
  532. }
  533. #permissions to add are stored in $permission2add, but when we are inserting an existing idA on an existing idB, we do not need permission to add_data on A, only on B. So the users does not need insert permission on idA, if idA is further down the graph then idB.
  534. #if there is only 1 id, and there is no insert permission, it can break
  535. #start some special cases
  536. switch ($element) {
  537. case 'key':
  538. {##INSERT KEY
  539. #when no key is given, generate a random one
  540. if ($s3ql['where']['key_id']=='')
  541. $s3ql['where']['key_id'] = random_string('15');
  542. if($s3ql['where']['expires']=='')
  543. $s3ql['where']['expires']=date('Y-m-d H:i:s',time() + (1 * 24 * 60 * 60));#expires in 24h
  544. if ($s3ql['where']['user_id']=='')
  545. $s3ql['where']['user_id'] = $user_id;
  546. #user can chose to insert a key for a specific ID, be it group, project, rule or statement (anywhere where permissions can be defined)
  547. $I['inputs'] = $s3ql['where'];
  548. $I['inputs']['account_id'] = $s3ql['where']['user_id'];
  549. $I['inputs']=array_delete($I['inputs'],'user_id');
  550. #$I['inputs'] = array_merge($s3ql['where'], array('account_id'=>$user_id));
  551. $validate = validate_access_key_inputs(array('inputs'=>$I['inputs'], 'db'=>$db, 'user_id'=>$user_id));
  552. switch ($validate)
  553. {
  554. case 0:
  555. {
  556. return (formatReturn($GLOBALS['error_codes']['something_missing'],'Expiration date is missing', $s3ql['format'], ''));
  557. break;
  558. }
  559. case 1:
  560. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Key is too short. Please input a key longer than 10 char', $s3ql['format'], ''));
  561. break;
  562. }
  563. case 2:
  564. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Invalid date format', $s3ql['format'], ''));
  565. break;
  566. }
  567. case 3:
  568. {return (formatReturn($GLOBALS['error_codes']['repeating_action'],'Key '.$s3ql['where']['key_id'].' is not valid. Please chose another key', $s3ql['format'], ''));
  569. break;
  570. }
  571. case 4:
  572. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Expiration date must be bigger than present date.', $s3ql['format'], ''));
  573. break;
  574. }
  575. case 6:
  576. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'UID '.$s3ql['where']['UID'].' does not exist', $s3ql['format'], ''));
  577. break;
  578. }
  579. case 7:
  580. {return (formatReturn($GLOBALS['error_codes']['no_permission_message'],'UID '.$s3ql['where']['UID'].' does not belong to user.', $s3ql['format'], ''));
  581. break;
  582. }
  583. case 8:
  584. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Please use only numbers and letter in your keys.', $s3ql['format'], ''));
  585. break;
  586. }
  587. case 9:
  588. {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'You cannot create a key for this user.', $s3ql['format'], ''));
  589. break;
  590. }
  591. case 5:
  592. {
  593. add_entry ('access_keys', $I['inputs'], $db);
  594. $output = formatReturn($GLOBALS['error_codes']['success'], 'Key created.',$s3ql['format'], array('key_id'=>$s3ql['where']['key_id'], 'user_id'=>$s3ql['where']['user_id']));
  595. return ($output);
  596. }
  597. }
  598. break;
  599. }
  600. case 'file':
  601. {
  602. $resource_id = ($s3ql['where']['item_id']!='')?$s3ql['where']['item_id']:$s3ql['where']['instance_id'];
  603. $rule_id = $s3ql['where']['rule_id'];
  604. $filekey = $s3ql['where']['filekey'];
  605. $notes = $s3ql['where']['notes'];
  606. if($resource_id=='' ||$rule_id=='' ||$filekey=='')
  607. {
  608. return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide all the necessary inputs: rule_id, item_id, filekey', $format,''));
  609. #return ($GLOBALS['messages']['something_missing'].'<message>Please provide all the necessary inputs: rule_id, item_id, filekey</message>');
  610. }
  611. #Check permission on inserting statements for specific projects
  612. #Check permission on inserting statements for specific projects
  613. $rule_info = $info['R'.$rule_id];
  614. $instance_info = $info['I'.$resource_id];
  615. #$instance_info = URIinfo('I'.$resource_id, $user_id, $key, $db);
  616. if($rule_info['object']=='UID')
  617. {
  618. return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please use this query only for rules that do NOT enumerate classes. For inserting on other rules, use the query for insert instance', $format, ''));
  619. #return $wrong_input."<message>Please use this query only for rules that do NOT enumerate classes. For inserting on other rules, use the query for insert instance</message>";
  620. }
  621. elseif (!is_array($instance_info)) {
  622. return (formatReturn($GLOBALS['error_codes']['no_results'], 'Item '.$resource_id.' was not found', $format,''));
  623. #return ($something_does_not_exist.'<message>Instance '.$resource_id.' was not found</message>');
  624. }
  625. elseif ($instance_info['resource_class_id']!=$rule_info['subject_id']) {
  626. return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Subject of rule does match Class of instance',$format,''));
  627. #return $wrong_input."<message>Subject of rule does match Class of instance</message>";
  628. }
  629. elseif($filekey=='')
  630. return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please indicate a filekey for this file',$format,''));
  631. #return $wrong_input."<message>Please indicate a filekey for this file</message>";
  632. #Find out if the file already exists in the tmp directory
  633. $fileFinalName = get_entry('file_transfer', 'filename', 'filekey', $filekey, $db);
  634. $file_id = get_entry('file_transfer', 'file_id', 'filekey', $filekey, $db);
  635. ereg('([A-Za-z0-9]+)\.*([A-Za-z0-9]*)$',$fileFinalName, $tokens);
  636. $name = $tokens[1];
  637. $extension= $tokens[2];
  638. #list($name, $extension) = explode('.', $fileFinalName);
  639. $maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'].$GLOBALS['s3db_info']['server']['db']['uploads_file'].'/tmps3db';
  640. $old_file = $maindir.'/'.$file_id.'.'.$extension;
  641. if(!is_file($old_file))
  642. return (formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'File not found, please upload file first.', $format,''));
  643. #return $something_does_not_exist."<message>File not found, please upload file first.</message>";
  644. else
  645. {
  646. #project_id will be that of the rule, except if user does not have permission on it.
  647. $project_info = URI('P'.$rule_info['project_id'], $user_id, $db);
  648. $project_id = ($s3ql['where']['project_id']!='')?$s3ql['where']['project_id']:(($project_info['add_data'])?$class_info['project_id']:'');
  649. if($project_id =='')
  650. #find which of the user projects can insert instances in this class.
  651. {
  652. $project_id = $rule_info['project_id'];
  653. #$user_projects = findUserProjects($user_id, $db);
  654. // $user_projects = array_map('grab_project_id', $user_projects);
  655. //
  656. //
  657. // #find the projects that can access the rule
  658. // $allowed_projects = array_filter(explode('_', $rule_info['permission']));
  659. //
  660. // $both = array_intersect($allowed_projects, $user_projects);
  661. //
  662. // if (is_array($both)) {
  663. // foreach ($both as $key=>$allowed_project_id) {
  664. // if(substr(has_permission(array('uid'=>'R'.$rule_id, 'shared_with'=>'P'.$allowed_project_id), $db), 2,1))
  665. // $project_id = $allowed_project_id;
  666. // }
  667. // }
  668. }
  669. if($project_id=='')
  670. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'Failed to find a project_in for this intance', '', $s3ql['format']));
  671. $value = project_folder_name ($project_id, $db);
  672. $created_by = $user_id;
  673. $filesize = filesize($old_file);
  674. $filename = $fileFinalName;
  675. ##Create the row in the statements table
  676. $create_info = $s3ql['where'];
  677. #echo '<pre>';print_r($s3ql);
  678. $inputs = gatherInputs(array('element'=>'file', 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
  679. $info=$inputs;
  680. if(!is_array($inputs))
  681. {
  682. return(formatReturn('3', $inputs, $s3ql['format'],''));
  683. }
  684. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key','user_id'));
  685. #echo '<pre>';print_r($validity);exit;
  686. if($validity[0])
  687. {
  688. $key=$s3ql['key'];
  689. $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
  690. ##Move the file
  691. $S = compact('user_id', 'project_id', 'resource_id', 'rule_id', 'value', 'notes', 'created_by', 'filename', 'filesize', 'extension', 'db');
  692. $S['statement_id']=$inserted['file_id'];
  693. $S['file_id']=$inserted['file_id'];
  694. $S['uploadedfile'] = $old_file;
  695. $fileRelocated = movefile2folder($S);
  696. if(!$fileRelocated)#delete the statement
  697. {$sql = "delete from s3db_statement where statement_id = '".$S['statement_id']."'";
  698. $db->query($sql, __FILE__, __LINE__);
  699. #echo $sql;
  700. return (formatReturn('2', 'File could not be imported. Please try again.', '', $s3ql['format']));
  701. #unlink($old_file);
  702. }
  703. else{
  704. return (formatReturn($GLOBALS['error_codes']['success'], 'File inserted.', $s3ql['format'], array('file_id'=>$inserted['file_id'])));
  705. #if($s3ql['format']=='')
  706. # return ('<TABLE><TR><TD>error_code</TD><TD>message</TD><TD>'.$element.'_id</TD></TR><TR><TD>'.ereg_replace('[^(0-9)]', '', $inserted[3]).'</TD><TD>'.$inserted[4].'</TD><TD>'.$inserted[$element.'_id'].'</TD></TR></TABLE>');
  707. #else
  708. # return ($inserted[1]);
  709. }
  710. }
  711. else {
  712. #echo '<pre>';print_r($validity);
  713. return (formatReturn(ereg_replace('[^(0-9)]', '', $inserted[3]), $validity[1], $format,''));
  714. #if($s3ql['format']=='')
  715. # return ('<TABLE><TR><TD>error_code</TD><TD>message</TD></TR><TR><TD>'.ereg_replace('[^(0-9)]', '', $inserted[3]).'</TD><TD>'.$validity[1].'</TD></TR></TABLE>');
  716. #else
  717. #return ($validity[1]);
  718. }
  719. ##Move the file
  720. if($statement_inserted)
  721. {
  722. $S['statement_id']=find_latest_UID('statement', $db);
  723. $S['uploadedfile'] = $old_file;
  724. $fileRelocated = movefile2folder($S);
  725. if ($fileRelocated)
  726. {
  727. return (formatReturn($GLOBALS['error_codes']['success'], "File inserted", array('file_id'=>$S['file_id']), $s3ql['format']));
  728. }
  729. else {
  730. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'Failed to move file', $format,''));
  731. }
  732. #else return $something_went_wrong."<message>Failed to move file</message>";
  733. }
  734. }
  735. #This ends "is not a file"
  736. }#This ends insert file
  737. break;
  738. }#finish element switch
  739. break;
  740. } #Finish insert
  741. case 'edit':
  742. {
  743. if($s3ql['edit']=='class')
  744. $s3ql['edit']='collection';
  745. if($s3ql['edit']=='instance')
  746. $s3ql['edit']='item';
  747. if($s3ql['set']['notes']!='')
  748. $s3ql['set']['notes'] = utf8_encode($s3ql['set']['notes']);
  749. if($s3ql['set']['value']!='')
  750. $s3ql['set']['value'] = utf8_encode($s3ql['set']['value']);
  751. #$element = $s3ql[$action];
  752. $element = $s3ql['edit'];
  753. #echo 'ola<pre>';print_r($s3ql);exit;
  754. $set = array('project'=>array('project_name', 'project_description', 'project_owner', 'permission_level'),
  755. 'collection'=>array('project_id', 'entity', 'notes'),
  756. 'rule'=>array('project_id', 'subject', 'verb', 'object', 'subject_id', 'verb_id', 'object_id', 'notes', 'validation'),
  757. 'item'=>array('project_id', 'collection_id', 'notes'),
  758. 'statement'=>array('project_id', 'item_id', 'rule_id', 'value', 'notes'),
  759. 'user'=>array('account_lid','account_pwd', 'account_uname', 'account_email', 'account_phone', 'addr1', 'addr2', 'account_type', 'city', 'postal_code', 'state', 'country', 'account_status'),
  760. 'group'=>array('account_lid'));
  761. $E = compact('db', 'user_id', 's3ql');
  762. #first of all, is this a valid target?
  763. if(!in_array($s3ql['edit'], array_keys($set)))
  764. {
  765. return formatReturn($GLOBALS['error_codes']['wrong_input'], $s3ql['edit']." is not a valid S3DB element. Valid elements: project, collection, rule, item, statement", $s3ql['format'],'');
  766. }
  767. #is there an ID to locate the appropriate resource?
  768. if($s3ql['where'][$element.'_id'] == '')
  769. {
  770. return formatReturn($GLOBALS['error_codes']['something_missing'], 'ID of '.$element.' to edit is missing', $s3ql['format'],'');
  771. }
  772. if($s3ql['set']=='')
  773. {
  774. #is it in where?
  775. $s3ql['set']=array_diff_key($s3ql['where'], array($element.'_id'=>''));
  776. if($s3ql['set']=='')
  777. return formatReturn($GLOBALS['error_codes']['something_missing'], 'Please specify what you want to update.'.$syntax_message, $s3ql['format'],'');
  778. }
  779. #interpret input
  780. $s3map=$GLOBALS['s3map'];
  781. foreach ($s3map[$GLOBALS['plurals'][$element]] as $alter_name=>$name) {
  782. if($s3ql['set'][$alter_name]!='')
  783. {$s3ql['set'][$name]=$s3ql['set'][$alter_name];
  784. $s3ql['set']=array_delete($s3ql['set'],$alter_name);
  785. }
  786. }
  787. $s3ql['set'] = array_diff_key($s3ql['set'], $s3map[$GLOBALS['plurals'][$element]]);
  788. //$s3ql['set'] = array_filter($s3ql['set']);
  789. #detect is something that is something in set that cannot be updated
  790. $test_set = array_intersect($set[$element], array_keys($s3ql['set']));
  791. $extra_fields = array_diff(array_keys($s3ql['set']), $test_set);
  792. if(count($s3ql['set'])>count($test_set))#this means that there are fields that don't exist
  793. foreach ($extra_fields as $field_name) {
  794. $output .= 'Warning: '.$field_name.' is not a valid property of '.$element.'. '.$field_name.' will not be updated. Valid properties: '.rtrim(array_reduce($set[$element], 'comma_split'), ', ').'';
  795. }
  796. #retrieve information about resource
  797. $element_id = $s3ql['where'][$element.'_id'];
  798. $uid = strtoupper(substr($element,0,1)).$element_id;
  799. $e_info=URIinfo($uid, $user_id, $key, $db);
  800. #echo '<pre>';print_r($e_info);
  801. #If user is editing itself, she can do so.
  802. if($element=='user' && $element_id==$user_id && $e_info['account_type']!='p')#User can edit his own data
  803. {$e_info['change']=1;
  804. }
  805. if(!is_array($e_info))
  806. return (formatReturn($GLOBALS['error_codes']['something_does_not_exist'], ''.$element.' '.$element_id.' was not found.'));
  807. elseif(!$e_info['change'])
  808. return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to change this '.$element, $s3ql['format'],''));
  809. foreach ($e_info as $field=>$data) {
  810. if(in_array($field, array_keys($s3ql['set'])))
  811. if(in_array($field, $set[$element]))
  812. {
  813. $oldvalues[$field] = $e_info[$field];
  814. $e_info[$field] = $s3ql['set'][$field];
  815. $inputs[$field] = $s3ql['set'][$field];
  816. }
  817. }
  818. #echo '<pre>';print_r($inputs);
  819. switch ($element) {
  820. case 'user':{##EDIT USER
  821. $user_to_change_info = get_info('user', $element_id, $db);#this is necessary because password will not come in the $e_info var.
  822. #permission was checked before the switch
  823. #map values
  824. $s3map = array('login'=>'account_lid',
  825. 'password'=>'account_pwd',
  826. 'username'=>'account_uname',
  827. 'email'=>'account_email',
  828. 'phone'=>'account_phone',
  829. 'address'=>'addr1',
  830. 'address2'=>'addr2',
  831. 'city'=>'city',
  832. 'state'=>'state',
  833. 'postal_code'=>'postal_code',
  834. 'country'=>'country',
  835. 'account_type'=>'account_type',
  836. 'permission_level'=>'permission_level',
  837. 'created_by'=>'created_by');
  838. #encript the password
  839. #echo '<pre>';print_r($s3ql);exit;
  840. if ($s3ql['set']['password']!='' || $s3ql['set']['account_pwd']) {
  841. $s3ql['set']['password'] = ($s3ql['set']['account_pwd']!='')?md5($s3ql['set']['account_pwd']):md5($s3ql['set']['password']);
  842. }
  843. else {
  844. $s3ql['set']['password']=$user_to_change_info['account_pwd'];
  845. }
  846. #echo '<pre>';print_r($s3ql);
  847. #login, password and email cannot be deleted so if they come empty, fill them out with the old values
  848. $non_erasable = array('login', 'email', 'username', 'password');
  849. foreach ($non_erasable as $fieldname) {
  850. if (in_array($fieldname, array_keys($s3ql['set']))) {
  851. if ($s3ql['set'][$fieldname]=='') {
  852. return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'login, email, username and password cannot be deleted', $s3ql['format'],''));
  853. }
  854. }
  855. elseif (!in_array($fieldname, array_keys($s3ql['set']))) {
  856. #then start filling out input with the old values
  857. $inputs[$s3map[$fieldname]] = $e_info[$s3map[$fieldname]];
  858. }
  859. }
  860. #now map the valid values
  861. foreach (array_keys($s3ql['set']) as $set) {
  862. if (in_array($set, array_keys($s3map))) {
  863. if($s3ql['set'][$set]!='') {
  864. $inputs[$s3map[$set]] =$s3ql['set'][$set];
  865. }
  866. }
  867. }
  868. #echo '<pre>';print_r($e_info);
  869. $inputs['account_type'] = ($s3ql['set']['account_type']!='')?$s3ql['set']['account_type']:$user_to_change_info['account_type'];
  870. $inputs['account_status'] = ($s3ql['set']['account_status']!='')?$s3ql['set']['account_status']:$user_to_change_info['account_status'];
  871. $inputs['account_group'] = $inputs['account_type'];
  872. #replace in $e_info the values with the inputs. First clean the existing one, then merge with the new one
  873. $user_info = array_diff_key($e_info, $inputs);
  874. $user_info = array_merge($user_info, $inputs);
  875. #$validity = validate_user_inputs(array('inputs'=>$inputs, 'imp_user_id'=>$e_info['account_id'], 'db'=>$db, 'action'=>'update'));
  876. #$validity = validate_user_inputs(array('inputs'=>$inputs, 'imp_user_id'=>$e_info['account_id'], 'db'=>$db, 'action'=>'update'));
  877. $info=$e_info;
  878. $inputs['user_id']=$s3ql['where']['user_id'];
  879. #echo '<pre>';print_r($inputs);
  880. if(!$model) $model = 'nsy';
  881. $action = 'edit';
  882. $validity = validateInputs(compact('element','info', 'inputs', 'oldvalues', 'user_id', 'db','model','action'));
  883. #echo '<pre>';print_r($validity);
  884. switch($validity['error_code'])
  885. {
  886. case 0:
  887. #echo '<pre>';print_r($user_info); exit;
  888. if(!update_user(compact('user_info', 'db', 'user_id')))
  889. {
  890. #$output .= $something_went_wrong;
  891. return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'User could not be updated. Undetermined reasons.', $s3ql['format'], ''));
  892. }
  893. else {
  894. if($inputs['permission_level']!=""){
  895. $permission_info = array('uid'=>'U'.$user_id,'shared_with'=>'U'.$info['user_id'],'permission_level'=>$inputs['permission_level']);
  896. update_permission(compact('permission_info', 'db', 'user_id', 'info'));
  897. }
  898. return (formatReturn($GLOBALS['error_codes']['success'],'User updated', $s3ql['format'],''));
  899. }
  900. break;
  901. default :
  902. return (formatReturn($validity['error_code'],$validity['message'], $s3ql['format'],''));
  903. break;
  904. }
  905. break;
  906. }
  907. case 'group':{##EDIT GROUP
  908. $info = $e_info;
  909. $group_id = $info['group_id'];
  910. $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
  911. if($validity[0

Large files files are truncated, but you can click here to view the full file