PageRenderTime 31ms CodeModel.GetById 20ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 0ms

/web/concrete/core/models/permission/keys/custom/edit_page_properties.php

https://github.com/glockops/concrete5
PHP | 143 lines | 123 code | 20 blank | 0 comment | 57 complexity | 4c2d62999b3325e57ed83d535d9b2461 MD5 | raw file
  1<?
  2defined('C5_EXECUTE') or die("Access Denied.");
  3
  4class Concrete5_Model_EditPagePropertiesPagePermissionKey extends PagePermissionKey  {
  5
  6
  7	protected function getAllAttributeKeyIDs() {
  8		$db = Loader::db();
  9		$allAKIDs = $db->GetCol('select akID from AttributeKeys inner join AttributeKeyCategories on AttributeKeys.akCategoryID = AttributeKeyCategories.akCategoryID where akCategoryHandle = \'collection\'');
 10		return $allAKIDs;
 11	}
 12
 13	public function getMyAssignment() {
 14		$u = new User();
 15		$asl = new EditPagePropertiesPagePermissionAccessListItem();
 16		
 17
 18		if ($u->isSuperUser()) {
 19			$asl->setAllowEditName(1);
 20			$asl->setAllowEditDateTime(1);
 21			$asl->setAllowEditUserID(1);
 22			$asl->setAllowEditDescription(1);
 23			$asl->setAllowEditPaths(1);
 24			$asl->setAttributesAllowedArray($this->getAllAttributeKeyIDs());
 25			$asl->setAttributesAllowedPermission('A');
 26			return $asl;
 27		}
 28		
 29		$pae = $this->getPermissionAccessObject();
 30		if (!is_object($pae)) {
 31			return $asl;
 32		}
 33
 34		$accessEntities = $u->getUserAccessEntityObjects();
 35		$accessEntities = $pae->validateAndFilterAccessEntities($accessEntities);
 36		$list = $pae->getAccessListItems(PagePermissionKey::ACCESS_TYPE_ALL, $accessEntities);
 37		$list = PermissionDuration::filterByActive($list);
 38		$properties = array();
 39		
 40		$excluded = array();
 41		$akIDs = array();
 42		$u = new User();
 43		if (count($list) > 0) {
 44			$allAKIDs = $this->getAllAttributeKeyIDs();
 45		}
 46		foreach($list as $l) {
 47
 48			if ($l->allowEditName() && (!in_array('name', $excluded))) {
 49				$asl->setAllowEditName(1);
 50			}
 51			if ($l->allowEditDateTime() && (!in_array('date', $excluded))) {
 52				$asl->setAllowEditDateTime(1);
 53			}
 54			if ($l->allowEditUserID() && (!in_array('uID', $excluded))) {
 55				$asl->setAllowEditUserID(1);
 56			}
 57			if ($l->allowEditDescription() && (!in_array('description', $excluded))) {
 58				$asl->setAllowEditDescription(1);
 59			}
 60			if ($l->allowEditPaths() && (!in_array('paths', $excluded))) {
 61				$asl->setAllowEditPaths(1);
 62			}		
 63			
 64			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditName()) {
 65				$asl->setAllowEditName(0);
 66				$excluded[] = 'name';
 67			}
 68			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditDateTime()) {
 69				$asl->setAllowEditDateTime(0);
 70				$excluded[] = 'date';
 71			}
 72			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditUserID()) {
 73				$asl->setAllowEditUserID(0);
 74				$excluded[] = 'uID';
 75			}
 76			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditDescription()) {
 77				$asl->setAllowEditDescription(0);
 78				$excluded[] = 'description';
 79			}
 80			if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE && !$l->allowEditPaths()) {
 81				$asl->setAllowEditPaths(0);
 82				$excluded[] = 'paths';
 83			}
 84
 85			if ($l->getAttributesAllowedPermission() == 'N') {
 86				$akIDs = array();
 87				$asl->setAttributesAllowedPermission('N');
 88			}
 89
 90			if ($l->getAttributesAllowedPermission() == 'C') {
 91				$asl->setAttributesAllowedPermission('C');
 92				if ($l->getAccessType() == PagePermissionKey::ACCESS_TYPE_EXCLUDE) {
 93					$akIDs = array_values(array_diff($akIDs, $l->getAttributesAllowedArray()));
 94				} else { 
 95					$akIDs = array_unique(array_merge($akIDs, $l->getAttributesAllowedArray()));
 96				}
 97			}
 98
 99			if ($l->getAttributesAllowedPermission() == 'A') {
100				$akIDs = $allAKIDs;
101				$asl->setAttributesAllowedPermission('A');
102			}
103		}	
104		
105		$asl->setAttributesAllowedArray($akIDs);
106		return $asl;
107	}
108
109
110	public function validate($obj = false) {
111		$u = new User();
112		if ($u->isSuperUser()) {
113			return true;
114		}
115		$asl = $this->getMyAssignment();
116		if (is_object($obj)) {
117			if ($obj instanceof CollectionAttributeKey) {
118				if ($asl->getAttributesAllowedPermission() == 'A') {
119					return true;
120				}
121				if ($asl->getAttributesAllowedPermission() == 'C' && in_array($obj->getAttributeKeyID(), $asl->getAttributesAllowedArray())) {
122					return true;
123				} else {
124					return false;
125				}				
126			}
127		}
128
129		if (
130			$asl->allowEditName() || 
131			$asl->allowEditDescription() || 
132			$asl->allowEditDateTime() || 
133			$asl->allowEditUserID() || 
134			$asl->allowEditPaths() || 
135			($asl->getAttributesAllowedPermission() == 'A' || ($asl->getAttributesAllowedPermission() == 'C' && count($asl->getAttributesAllowedArray() > 0)))) {
136				return true;
137		} else {
138			return false;
139		}
140	}
141	
142	
143}