ps_function.php | searchcode

/administrator/components/com_virtuemart/classes/ps_function.php

https://github.com/Shigaru/shigaru
PHP | 342 lines | 212 code | 36 blank | 94 comment | 35 complexity | 0a852f892ee0a29bbc333c07ddecd286 MD5 | raw file

<?php
if( !defined( '_VALID_MOS' ) && !defined( '_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' );
/**
*
* @version $Id: ps_function.php 1674 2009-03-04 02:07:57Z tkahl $
* @package VirtueMart
* @subpackage classes
* @copyright Copyright (C) 2004-2007 soeren - All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
* VirtueMart is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/


/**
 * This class is is used to manage the function register.
 *
 */
class vm_ps_function extends vmAbstractObject {
	
	var $_table_name = "#__{vm}_function";
	var $_key = 'function_id';

	function vm_ps_function() {
		$this->addRequiredField( array('function_name', 'module_id', 'function_class', 'function_method', 'function_perms') );
		$this->addUniqueField( 'function_name' );
	}
	/**
    * Validates adding a function to a module.
    *
    * @param array $d
    * @return boolean
    */
	function validate_add( &$d ) {

		return $this->validate( $d );
	}

	/**
	 * Validates updating a module function
	 *
	 * @param array $d
	 * @return boolean
	 */
	function validate_update($d) {

		return $this->validate( $d );
	}
	
	/**
	 * Validates deleting a function record
	 *
	 * @param array $d
	 * @return boolean
	 */
	function validate_delete($d) {
		global $perm, $vmLogger, $VM_LANG;
		
		if (empty($d["function_id"])) {
			$vmLogger->err( $VM_LANG->_('VM_FUNCTION_ERR_DELETE_SELECT') );
			return False;
		}
		else {
			$db = new ps_DB();
			if( is_array( $d["function_id"] )) {
				foreach( $d["function_id"] as $function ) {
					$db->query( 'SELECT module_perms, function_perms FROM `#__{vm}_function` f, `#__{vm}_module` m 
							WHERE `function_id` = '.(int)$function
							. ' AND `f`.`module_id` = `m`.`module_id`' );
					$db->next_record();
				
					$module_perms = explode(',', $db->f('module_perms') );
					$function_perms = explode(',', $db->f('function_perms') );
					foreach( $module_perms as $permisson ) {
						if( !$perm->hashigherPerms( $permisson )) {
							$err_msg = $VM_LANG->_('VM_FUNCTION_ERR_DELETE_NOTALLOWED_MOD');
							$err_msg = str_replace('{module_perms}',$db->f('module_perms'),$err_msg);
							$err_msg = str_replace('{perms}',$_SESSION['auth']['perms'],$err_msg);
							$vmLogger->err( $err_msg );
							return false;
						}
					}
					foreach( $function_perms as $permisson ) {
						if( !$perm->hashigherPerms( $permisson )) {
							$err_msg = $VM_LANG->_('VM_FUNCTION_ERR_DELETE_NOTALLOWED_FUNC');
							$err_msg = str_replace('{function_perms}',$db->f('function_perms'),$err_msg);
							$err_msg = str_replace('{perms}',$_SESSION['auth']['perms'],$err_msg);
							$vmLogger->err( $err_msg );
							return false;
						}
					}
				}
			} else {
				$db->query( 'SELECT module_perms, function_perms FROM `#__{vm}_function` f, `#__{vm}_module` m 
							WHERE `function_id` = '.(int)$d["function_id"]
							. ' AND `f`.`module_id` = `m`.`module_id`' );
							
				$db->next_record();
				$module_perms = explode(',', $db->f('module_perms') );
				$function_perms = explode(',', $db->f('function_perms') );
				foreach( $module_perms as $permisson ) {
					if( !$perm->hashigherPerms( $permisson )) {
						$err_msg = $VM_LANG->_('VM_FUNCTION_ERR_DELETE_NOTALLOWED_MOD');
						$err_msg = str_replace('{module_perms}',$db->f('module_perms'),$err_msg);
						$err_msg = str_replace('{perms}',$_SESSION['auth']['perms'],$err_msg);
						$vmLogger->err( $err_msg );
						return false;
					}
				}
				foreach( $function_perms as $permisson ) {
					if( !$perm->hashigherPerms( $permisson )) {
						$err_msg = $VM_LANG->_('VM_FUNCTION_ERR_DELETE_NOTALLOWED_FUNC');
						$err_msg = str_replace('{function_perms}',$db->f('function_perms'),$err_msg);
						$err_msg = str_replace('{perms}',$_SESSION['auth']['perms'],$err_msg);
						$vmLogger->err( $err_msg );
						return false;
					}
				}
			}
		}
		return true;
	}


	/**
	 * Creates a new function record
	 * @author pablo, soeren
	 *
	 * @param array $d
	 * @return boolean
	 */
	function add(&$d) {
			
		$db = new ps_DB;
		$timestamp = time();

		if (!$this->validate_add($d)) {
			return False;
		}
		if( is_array( $d[ 'function_perms' ] )) {			
			$d[ 'function_perms' ] = implode( ',', $d[ 'function_perms' ] );
		}
		$fields = array( 'function_name' => vmGet( $d, 'function_name' ),
						'function_class'=> vmGet( $d, 'function_class' ),
						'function_method' => vmGet( $d, 'function_method' ),
						'function_perms' => vmGet( $d, 'function_perms' ),
						'module_id' => vmRequest::getInt('module_id'),
						'function_description'=> vmGet( $d, 'function_description' ) );
		$db->buildQuery( 'INSERT', '#__{vm}_function', $fields );
		
		$db->query();
		
		$_REQUEST['function_id'] = $db->last_insert_id();
		return True;

	}

	/**
	 * updates function information
	 * @author pablo, soeren
	 * 
	 * @param array $d
	 * @return boolean
	 */
	function update(&$d) {
		
		$db = new ps_DB;
		$timestamp = time();

		if (!$this->validate_update($d)) {
			return False;
		}
		if( is_array( $d[ 'function_perms' ] )) {			
			$d[ 'function_perms' ] = implode( ',', $d[ 'function_perms' ] );
		}
		$fields = array( 'function_name' => vmGet( $d, 'function_name' ),
						'function_class'=> vmGet( $d, 'function_class' ),
						'function_method' => vmGet( $d, 'function_method' ),
						'function_perms' => vmGet( $d, 'function_perms' ),
						'function_description'=> vmGet( $d, 'function_description' ) );
		$db->buildQuery( 'UPDATE', '#__{vm}_function', $fields, 'WHERE function_id='.(int)$d["function_id"] );
		$db->query();
		
		return True;
	}

	/**
	 * Delete a function, but check permissions before
	 *
	 * @param array $d
	 * @return boolean
	 */
	function delete(&$d) {
		$db = new ps_DB;

		if (!$this->validate_delete($d)) {
			return False;
		}

		$record_id = $d["function_id"];

		if( is_array( $record_id)) {
			foreach( $record_id as $record) {
				if( !$this->delete_record( (int)$record, $d ))
				return false;
			}
			return true;
		}
		else {
			return $this->delete_record( (int)$record_id, $d );
		}
	}
	/**
	* Deletes one Record.
	*/
	function delete_record( $record_id, &$d ) {
		global $db;
		$q = 'DELETE from #__{vm}_function where function_id='.(int)$record_id;
		return $db->query($q);
	}

	/**
	 * Returns an information array about the function $func
	 *
	 * @param string $func
	 * @return mixed
	 */
	function get_function($func) {
		$db = new ps_DB;
		$result = array();

		$q = "SELECT `function_perms`, `function_class`, `function_method` 
				FROM `#__{vm}_function` 
				WHERE LOWER(`function_name`)='".$db->getEscaped(strtolower($func))."'";
		
		$db->query( $q );
		
		if ($db->next_record()) {
			$result["perms"] = $db->f("function_perms");
			$result["class"] = $db->f("function_class");
			$result["method"] = $db->f("function_method");
			return $result;
		}
		else {
			return False;
		}
	}

	/**
	 * Check Function Permissions
	 * returns true if the function $func is registered
	 * and user has permission to run it
	 * Displays error if function is not registered
	 *
	 * @param string $func the function name
	 * @return mixed
	 */
	function getFuncPermissions( $func ) {

		global $page, $perm, $VM_LANG, $vmLogger;

		if (!empty($func)) {

			$funcParams = $this->get_function($func);
			if ($funcParams) {
				if ($perm->check($funcParams["perms"])) {
					return $funcParams;
				}
				else {
					$error = $VM_LANG->_('PHPSHOP_PAGE_403').'. ';
					$error .= $VM_LANG->_('PHPSHOP_FUNC_NO_EXEC') . $func;
					$vmLogger->err( $error );
					return false;
				}
			}
			else {
				$error = $VM_LANG->_('PHPSHOP_FUNC_NOT_REG').'. ';
				$error .= $func . $VM_LANG->_('PHPSHOP_FUNC_ISNO_REG') ;
				$vmLogger->err( $error );
				return false;
			}
		}
		
		return true;
		
	}
	/**
	 * Checks if the currently logged in user is allowed to execute the function specified by $func
	 *
	 * @param string $func
	 * @return boolean
	 */
	function userCanExecuteFunc($func) {
		global $perm;
		if (!empty($func)) {
			// Retrieve the function attributes
			$funcParams = $this->get_function($func);
			if (is_array($funcParams) && $perm->check($funcParams["perms"])) {
				return true;
			}
		}
		return false;
	}
	/**
	 * Updates the function permissions for all functions given
	 *
	 * @param array $d
	 * @return boolean
	 */
	function update_permissions( &$d ) {
		$db = new ps_DB;
		$i = 0;
		foreach( $d['function_perms'] as $function ) {
			$functions = implode(',', array_keys($function) );
			$function_id=(int)$d['function_id'][$i];
			$db->buildQuery('UPDATE', '#__{vm}_function', array('function_perms' => $functions ), 'WHERE function_id='.$function_id );
			$db->query();
			$i++;
		}
		return true;
	}
}
// Check if there is an extended class in the Themes and if it is allowed to use them
// If the class is called outside Virtuemart, we have to make sure to load the settings
// Thomas Kahl - Feb. 2009
if (!defined('VM_ALLOW_EXTENDED_CLASSES') && file_exists(dirname(__FILE__).'/../virtuemart.cfg.php')) {
	include_once(dirname(__FILE__).'/../virtuemart.cfg.php');
}
// If settings are loaded, extended Classes are allowed and the class exisits...
if (defined('VM_ALLOW_EXTENDED_CLASSES') && defined('VM_THEMEPATH') && VM_ALLOW_EXTENDED_CLASSES && file_exists(VM_THEMEPATH.'user_class/'.basename(__FILE__))) {
	// Load the theme-user_class as extended
	include_once(VM_THEMEPATH.'user_class/'.basename(__FILE__));
} else {
	// Otherwise we have to use the original classname to extend the core-class
	class ps_function extends vm_ps_function {}
}
?>