concrete5 /web/concrete/core/models/permission/keys/custom/add_block_to_area.php

Language PHP Lines 107
MD5 Hash 50e184abbebc9131e583187dfad68e3b Estimated Cost $2,206 (why?)
Repository https://github.com/glockops/concrete5.git View Raw File
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
<?
defined('C5_EXECUTE') or die("Access Denied.");

class Concrete5_Model_AddBlockToAreaAreaPermissionKey extends AreaPermissionKey  {

	public function copyFromPageToArea() {
		$db = Loader::db();
		$inheritedPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = ?', array('add_block'));
		$r = $db->Execute('select peID, pa.paID from PermissionAssignments pa inner join PermissionAccessList pal on pa.paID = pal.paID where pkID = ?', array(
			$inheritedPKID
		));
		if ($r) { 
			while ($row = $r->FetchRow()) {
				$db->Replace('AreaPermissionAssignments', array(
					'cID' => $this->permissionObject->getCollectionID(), 
					'arHandle' => $this->permissionObject->getAreaHandle(), 
					'pkID' => $this->getPermissionKeyID(),
					'paID' => $row['paID']
				), array('cID', 'arHandle', 'pkID'), true);
					
				$rx = $db->Execute('select permission from BlockTypePermissionBlockTypeAccessList where paID = ? and peID = ?', array(
						$row['paID'], $row['peID']
					));
				while ($rowx = $rx->FetchRow()) {
					$db->Replace('AreaPermissionBlockTypeAccessList', array(
						'peID' => $row['peID'],
						'permission' => $rowx['permission'],
						'paID' => $row['paID']
					), array('paID', 'peID'), true);				
				}
				$db->Execute('delete from AreaPermissionBlockTypeAccessListCustom where paID = ?', array(
					$row['paID']
				));
				$rx = $db->Execute('select btID from BlockTypePermissionBlockTypeAccessListCustom where paID = ? and peID = ?', array(
						$row['paID'], $row['peID']
					));
				while ($rowx = $rx->FetchRow()) {
					$db->Replace('AreaPermissionBlockTypeAccessListCustom', array(
						'paID' => $row['paID'],
						'btID' => $rowx['btID'],
						'peID' => $row['peID']
					), array('paID', 'peID', 'btID'), true);				
				}
			}
		}
	}
	

	protected function getAllowedBlockTypeIDs() {

		$u = new User();
		$pae = $this->getPermissionAccessObject();
		if (!is_object($pae)) {
			return array();
		}
		
		$accessEntities = $u->getUserAccessEntityObjects();
		$accessEntities = $pae->validateAndFilterAccessEntities($accessEntities);
		$list = $this->getAccessListItems(AreaPermissionKey::ACCESS_TYPE_ALL, $accessEntities);
		$list = PermissionDuration::filterByActive($list);
		
		$db = Loader::db();
		$btIDs = array();		
		if (count($list) > 0) {
			$dsh = Loader::helper('concrete/dashboard');
			if ($dsh->inDashboard()) {
				$allBTIDs = $db->GetCol('select btID from BlockTypes');
			} else { 
				$allBTIDs = $db->GetCol('select btID from BlockTypes where btIsInternal = 0');
			}
			foreach($list as $l) {
				if ($l->getBlockTypesAllowedPermission() == 'N') {
					$btIDs = array();
				}
				if ($l->getBlockTypesAllowedPermission() == 'C') {
					if ($l->getAccessType() == AreaPermissionKey::ACCESS_TYPE_EXCLUDE) {
						$btIDs = array_values(array_diff($btIDs, $l->getBlockTypesAllowedArray()));
					} else { 
						$btIDs = array_unique(array_merge($btIDs, $l->getBlockTypesAllowedArray()));
					}
				}
				if ($l->getBlockTypesAllowedPermission() == 'A') {
					$btIDs = $allBTIDs;
				}
			}
		}

		return $btIDs;
	}
	
	public function validate($bt = false) {
		$u = new User();
		if ($u->isSuperUser()) {
			return true;
		}

		$types = $this->getAllowedBlockTypeIDs();
		if ($bt != false) {
			return in_array($bt->getBlockTypeID(), $types);
		} else {
			return count($types) > 0;
		}
	}	

	
}
Back to Top