PageRenderTime 52ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/web/concrete/core/models/permission/keys/custom/edit_page_properties.php

https://github.com/glockops/concrete5
PHP | 143 lines | 123 code | 20 blank | 0 comment | 57 complexity | 4c2d62999b3325e57ed83d535d9b2461 MD5 | raw file
Possible License(s): MIT, LGPL-2.1, BSD-3-Clause 
    

  1. <?

    2. 

  2. defined('C5_EXECUTE') or die("Access Denied.");

    3. 

  3. 

    4. 

  4. class Concrete5_Model_EditPagePropertiesPagePermissionKey extends PagePermissionKey  {

    5. 

  5. 

    6. 

  6. 

    7. 

  7. 	protected function getAllAttributeKeyIDs() {

    8. 

  8. 		$db = Loader::db();

    9. 

  9. 		$allAKIDs = $db->GetCol('select akID from AttributeKeys inner join AttributeKeyCategories on AttributeKeys.akCategoryID = AttributeKeyCategories.akCategoryID where akCategoryHandle = \'collection\'');

    10. 

  10. 		return $allAKIDs;

    11. 

  11. 	}

    12. 

  12. 

    13. 

  13. 	public function getMyAssignment() {

    14. 

  14. 		$u = new User();

    15. 

  15. 		$asl = new EditPagePropertiesPagePermissionAccessListItem();

    16. 

  16. 		

    17. 

  17. 

    18. 

  18. 		if ($u->isSuperUser()) {

    19. 

  19. 			$asl->setAllowEditName(1);

    20. 

  20. 			$asl->setAllowEditDateTime(1);

    21. 

  21. 			$asl->setAllowEditUserID(1);

    22. 

  22. 			$asl->setAllowEditDescription(1);

    23. 

  23. 			$asl->setAllowEditPaths(1);

    24. 

  24. 			$asl->setAttributesAllowedArray($this->getAllAttributeKeyIDs());

    25. 

  25. 			$asl->setAttributesAllowedPermission('A');

    26. 

  26. 			return $asl;

    27. 

  27. 		}

    28. 

  28. 		

    29. 

  29. 		$pae = $this->getPermissionAccessObject();

    30. 

  30. 		if (!is_object($pae)) {

    31. 

  31. 			return $asl;

    32. 

  32. 		}

    33. 

  33. 

    34. 

  34. 		$accessEntities = $u->getUserAccessEntityObjects();

    35. 

  35. 		$accessEntities = $pae->validateAndFilterAccessEntities($accessEntities);

    36. 

  36. 		$list = $pae->getAccessListItems(PagePermissionKey::ACCESS_TYPE_ALL, $accessEntities);

    37. 

  37. 		$list = PermissionDuration::filterByActive($list);

    38. 

  38. 		$properties = array();

    39. 

  39. 		

    40. 

  40. 		$excluded = array();

    41. 

  41. 		$akIDs = array();

    42. 

  42. 		$u = new User();

    43. 

  43. 		if (count($list) > 0) {

    44. 

  44. 			$allAKIDs = $this->getAllAttributeKeyIDs();

    45. 

  45. 		}

    46. 

  46. 		foreach($list as $l) {

    47. 

  47. 

    48. 

  48. 			if ($l->allowEditName() && (!in_array('name', $excluded))) {

    49. 

  49. 				$asl->setAllowEditName(1);

    50. 

  50. 			}

    51. 

  51. 			if ($l->allowEditDateTime() && (!in_array('date', $excluded))) {

    52. 

  52. 				$asl->setAllowEditDateTime(1);

    53. 

  53. 			}

    54. 

  54. 			if ($l->allowEditUserID() && (!in_array('uID', $excluded))) {

    55. 

  55. 				$asl->setAllowEditUserID(1);

    56. 

  56. 			}

    57. 

  57. 			if ($l->allowEditDescription() && (!in_array('description', $excluded))) {

    58. 

  58. 				$asl->setAllowEditDescription(1);

    59. 

  59. 			}

    60. 

  60. 			if ($l->allowEditPaths() && (!in_array('paths', $excluded))) {

    61. 

  61. 				$asl->setAllowEditPaths(1);

    62. 

  62. 			}		

    63. 

  63. 			

    64. 

  64. 			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditName()) {

    65. 

  65. 				$asl->setAllowEditName(0);

    66. 

  66. 				$excluded[] = 'name';

    67. 

  67. 			}

    68. 

  68. 			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditDateTime()) {

    69. 

  69. 				$asl->setAllowEditDateTime(0);

    70. 

  70. 				$excluded[] = 'date';

    71. 

  71. 			}

    72. 

  72. 			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditUserID()) {

    73. 

  73. 				$asl->setAllowEditUserID(0);

    74. 

  74. 				$excluded[] = 'uID';

    75. 

  75. 			}

    76. 

  76. 			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditDescription()) {

    77. 

  77. 				$asl->setAllowEditDescription(0);

    78. 

  78. 				$excluded[] = 'description';

    79. 

  79. 			}

    80. 

  80. 			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditPaths()) {

    81. 

  81. 				$asl->setAllowEditPaths(0);

    82. 

  82. 				$excluded[] = 'paths';

    83. 

  83. 			}

    84. 

  84. 

    85. 

  85. 			if ($l->getAttributesAllowedPermission() == 'N') {

    86. 

  86. 				$akIDs = array();

    87. 

  87. 				$asl->setAttributesAllowedPermission('N');

    88. 

  88. 			}

    89. 

  89. 

    90. 

  90. 			if ($l->getAttributesAllowedPermission() == 'C') {

    91. 

  91. 				$asl->setAttributesAllowedPermission('C');

    92. 

  92. 				if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE) {

    93. 

  93. 					$akIDs = array_values(array_diff($akIDs, $l->getAttributesAllowedArray()));

    94. 

  94. 				} else { 

    95. 

  95. 					$akIDs = array_unique(array_merge($akIDs, $l->getAttributesAllowedArray()));

    96. 

  96. 				}

    97. 

  97. 			}

    98. 

  98. 

    99. 

  99. 			if ($l->getAttributesAllowedPermission() == 'A') {

    100. 

  100. 				$akIDs = $allAKIDs;

    101. 

  101. 				$asl->setAttributesAllowedPermission('A');

    102. 

  102. 			}

    103. 

  103. 		}	

    104. 

  104. 		

    105. 

  105. 		$asl->setAttributesAllowedArray($akIDs);

    106. 

  106. 		return $asl;

    107. 

  107. 	}

    108. 

  108. 

    109. 

  109. 

    110. 

  110. 	public function validate($obj = false) {

    111. 

  111. 		$u = new User();

    112. 

  112. 		if ($u->isSuperUser()) {

    113. 

  113. 			return true;

    114. 

  114. 		}

    115. 

  115. 		$asl = $this->getMyAssignment();

    116. 

  116. 		if (is_object($obj)) {

    117. 

  117. 			if ($obj instanceof CollectionAttributeKey) {

    118. 

  118. 				if ($asl->getAttributesAllowedPermission() == 'A') {

    119. 

  119. 					return true;

    120. 

  120. 				}

    121. 

  121. 				if ($asl->getAttributesAllowedPermission() == 'C' && in_array($obj->getAttributeKeyID(), $asl->getAttributesAllowedArray())) {

    122. 

  122. 					return true;

    123. 

  123. 				} else {

    124. 

  124. 					return false;

    125. 

  125. 				}				

    126. 

  126. 			}

    127. 

  127. 		}

    128. 

  128. 

    129. 

  129. 		if (

    130. 

  130. 			$asl->allowEditName() || 

    131. 

  131. 			$asl->allowEditDescription() || 

    132. 

  132. 			$asl->allowEditDateTime() || 

    133. 

  133. 			$asl->allowEditUserID() || 

    134. 

  134. 			$asl->allowEditPaths() || 

    135. 

  135. 			($asl->getAttributesAllowedPermission() == 'A' || ($asl->getAttributesAllowedPermission() == 'C' && count($asl->getAttributesAllowedArray() > 0)))) {

    136. 

  136. 				return true;

    137. 

  137. 		} else {

    138. 

  138. 			return false;

    139. 

  139. 		}

    140. 

  140. 	}

    141. 

  141. 	

    142. 

  142. 	

    143. 

  143. }

    144. 

  144.