1: <?php
  2: 
  3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14: 
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32: 
 33: function checkLangInClients($aClients, $iLang, $aCfg, $oDb) {
 34:     $oClientLanguageCollection = new cApiClientLanguageCollection();
 35:     return $oClientLanguageCollection->hasLanguageInClients($iLang, $aClients);
 36: }
 37: 
 38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52: 
 53: function copyRightsForElement($area, $iditem, $newiditem, $idlang = false) {
 54:     global $perm, $auth, $area_tree;
 55: 
 56:     if (!is_object($perm)) {
 57:         return false;
 58:     }
 59:     if (!is_object($auth)) {
 60:         return false;
 61:     }
 62: 
 63:     $oDestRightCol = new cApiRightCollection();
 64:     $oSourceRighsColl = new cApiRightCollection();
 65:     $whereUsers = array();
 66:     $whereAreaActions = array();
 67: 
 68:     
 69:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); 
 70:     
 71:     
 72:     $userIDContainer[] = $auth->auth['uid']; 
 73:     foreach ($userIDContainer as $key) {
 74:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
 75:     }
 76:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; 
 77:     
 78:     
 79:     
 80:     $areaContainer = $area_tree[$perm->showareas($area)];
 81: 
 82:     
 83:     $oActionColl = new cApiActionCollection();
 84:     $oActionColl->select('idarea IN (' . implode(',', $areaContainer) . ')');
 85:     while (($oItem = $oActionColl->next()) !== false) {
 86:         $whereAreaActions[] = '(idarea = ' . (int) $oItem->get('idarea') . ' AND idaction = ' . (int) $oItem->get('idaction') . ')';
 87:     }
 88:     $whereAreaActions = '(' . implode(' OR ', $whereAreaActions) . ')'; 
 89:     
 90:     
 91:     
 92:     
 93:     
 94:     
 95:     $sWhere = "{$whereAreaActions} AND {$whereUsers} AND idcat = {$iditem}";
 96:     if ($idlang) {
 97:         $sWhere .= ' AND idlang=' . (int) $idlang;
 98:     }
 99: 
100:     $oSourceRighsColl->select($sWhere);
101:     while (($oItem = $oSourceRighsColl->next()) !== false) {
102:         $rs = $oItem->toObject();
103:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $newiditem, $rs->idclient, $rs->idlang, $rs->type);
104:     }
105: 
106:     
107:     $perm->load_permissions(true);
108: 
109:     return true;
110: }
111: 
112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 
125: function createRightsForElement($area, $iditem, $idlang = false) {
126:     global $perm, $auth, $area_tree, $client;
127: 
128:     if (!is_object($perm)) {
129:         return false;
130:     }
131:     if (!is_object($auth)) {
132:         return false;
133:     }
134: 
135:     $oDestRightCol = new cApiRightCollection();
136:     $oSourceRighsColl = new cApiRightCollection();
137:     $whereUsers = array();
138:     $rightsCache = array();
139: 
140:     
141:     $userIDContainer = $perm->getGroupsForUser($auth->auth['uid']); 
142:     
143:     
144:     $userIDContainer[] = $auth->auth['uid']; 
145:     foreach ($userIDContainer as $key) {
146:         $whereUsers[] = "user_id = '" . $oDestRightCol->escape($key) . "'";
147:     }
148:     $whereUsers = '(' . implode(' OR ', $whereUsers) . ')'; 
149:     
150:     
151:     
152:     $areaContainer = $area_tree[$perm->showareas($area)];
153: 
154:     
155:     
156:     $sWhere = 'idclient=' . (int) $client . ' AND idarea IN (' . implode(',', $areaContainer) . ')' . ' AND idcat != 0 AND idaction != 0 AND ' . $whereUsers;
157:     if ($idlang) {
158:         $sWhere .= ' AND idlang=' . (int) $idlang;
159:     }
160: 
161:     $oSourceRighsColl->select($sWhere);
162:     while (($oItem = $oSourceRighsColl->next()) !== false) {
163:         $rs = $oItem->toObject();
164: 
165:         
166:         $key = $rs->user_id . '-' . $rs->idarea . '-' . $rs->idaction . '-' . $iditem . '-' . $rs->idclient . '-' . $rs->idlang . '-' . $rs->type;
167:         if (isset($rightsCache[$key])) {
168:             continue;
169:         }
170: 
171:         
172:         $oDestRightCol->create($rs->user_id, $rs->idarea, $rs->idaction, $iditem, $rs->idclient, $rs->idlang, $rs->type);
173: 
174:         $rightsCache[$key] = true;
175:     }
176: 
177:     
178:     $perm->load_permissions(true);
179: 
180:     return true;
181: }
182: 
183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 
193: function deleteRightsForElement($area, $iditem, $idlang = false) {
194:     global $perm, $area_tree, $client;
195: 
196:     
197:     $areaContainer = $area_tree[$perm->showareas($area)];
198: 
199:     $sWhere = "idcat=" . (int) $iditem . " AND idclient=" . (int) $client . " AND idarea IN (" . implode(',', $areaContainer) . ")";
200:     if ($idlang) {
201:         $sWhere .= " AND idlang=" . (int) $idlang;
202:     }
203: 
204:     $oRightColl = new cApiRightCollection();
205:     $oRightColl->deleteByWhereClause($sWhere);
206: 
207:     
208:     $perm->load_permissions(true);
209: }
210: 
211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 
222: function buildUserOrGroupPermsFromRequest($bAddUserToClient = false) {
223:     global $cfg, $msysadmin, $madmin, $mclient, $mlang, $auth, $client;
224: 
225:     $aPerms = array();
226: 
227:     
228: 
229:     $bSysadmin = (isset($msysadmin) && $msysadmin);
230: 
231:     $aAdmin = (isset($madmin) && is_array($madmin)) ? $madmin : array();
232:     foreach ($aAdmin as $p => $value) {
233:         if (!is_numeric($value)) {
234:             unset($aAdmin[$p]);
235:         }
236:     }
237: 
238:     $aClient = (isset($mclient) && is_array($mclient)) ? $mclient : array();
239:     foreach ($aClient as $p => $value) {
240:         if (!is_numeric($value)) {
241:             unset($aClient[$p]);
242:         }
243:     }
244: 
245:     $aLang = (isset($mlang) && is_array($mlang)) ? $mlang : array();
246:     foreach ($aLang as $p => $value) {
247:         if (!is_numeric($value)) {
248:             unset($aLang[$p]);
249:         }
250:     }
251: 
252:     
253: 
254:     if ($bSysadmin) {
255:         $aPerms[] = 'sysadmin';
256:     }
257: 
258:     foreach ($aAdmin as $value) {
259:         $aPerms[] = sprintf('admin[%s]', $value);
260:     }
261: 
262:     foreach ($aClient as $value) {
263:         $aPerms[] = sprintf('client[%s]', $value);
264:     }
265: 
266:     if (count($aClient) == 0 && $bAddUserToClient) {
267:         
268:         
269:         
270:         
271:         $aUserPerm = explode(',', $auth->auth['perm']);
272:         if (!in_array('sysadmin', $aUserPerm)) {
273:             $aPerms[] = sprintf('client[%s]', $client);
274:         }
275:     }
276: 
277:     if (count($aLang) > 0 && count($aClient) > 0) {
278:         
279:         
280:         $db = cRegistry::getDb();
281:         foreach ($aLang as $value) {
282:             if (checkLangInClients($aClient, $value, $cfg, $db)) {
283:                 $aPerms[] = sprintf('lang[%s]', $value);
284:             }
285:         }
286:     }
287: 
288:     return $aPerms;
289: }
290: 
291: 292: 293: 294: 
295: function saveRights() {
296:     global $perm, $notification, $db, $userid;
297:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
298:     global $aArticleRights, $aCategoryRights, $aTemplateRights;
299: 
300:     
301:     if (!is_array($rights_list)) {
302:         $rights_list = array();
303:     }
304: 
305:     
306:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
307: 
308:     
309:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
310:     $oAreaColl = new cApiAreaCollection();
311: 
312:     if (is_array($arraydel)) {
313:         foreach ($arraydel as $value) {
314: 
315:             $data = explode('|', $value);
316: 
317:             
318:             if (!empty($_REQUEST['filter_rights'])) {
319:                 if (($_REQUEST['filter_rights'] != 'article' && in_array($data[1], $aArticleRights)) ||
320:                     ($_REQUEST['filter_rights'] != 'category' && in_array($data[1], $aCategoryRights)) ||
321:                     ($_REQUEST['filter_rights'] != 'template' && in_array($data[1], $aTemplateRights))) {
322:                     continue;
323:                 }
324: 
325:                 if ($_REQUEST['filter_rights'] != 'other' && !in_array($data[1], array_merge($aArticleRights, $aCategoryRights, $aTemplateRights))) {
326:                     continue;
327:                 }
328:             }
329: 
330:             $data[0] = $oAreaColl->getAreaID($data[0]);
331:             $data[1] = $perm->getIDForAction($data[1]);
332: 
333:             $where = "user_id = '" . $db->escape($userid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 0";
334:             $oRightColl = new cApiRightCollection();
335:             $oRightColl->deleteByWhereClause($where);
336:         }
337:     }
338: 
339:     unset($data);
340: 
341:     
342:     if (is_array($arraysave)) {
343:         foreach ($arraysave as $value) {
344:             
345:             $data = explode('|', $value);
346: 
347:             
348:             
349:             
350:             $data[0] = $oAreaColl->getAreaID($data[0]);
351:             $data[1] = $perm->getIDForAction($data[1]);
352: 
353:             if (!isset($data[1])) {
354:                 $data[1] = 0;
355:             }
356: 
357:             
358:             $oRightColl = new cApiRightCollection();
359:             $oRightColl->create($userid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 0);
360:         }
361:     }
362: 
363:     $rights_list_old = $rights_list;
364: 
365:     return true;
366: 
367: }
368: 
369: 370: 371: 372: 
373: function saveGroupRights() {
374:     global $perm, $notification, $db, $groupid;
375:     global $rights_list, $rights_list_old, $rights_client, $rights_lang;
376:     global $aArticleRights, $aCategoryRights, $aTemplateRights;
377: 
378:     
379:     if (!is_array($rights_list)) {
380:         $rights_list = array();
381:     }
382: 
383:     
384:     $arraydel = array_diff(array_keys($rights_list_old), array_keys($rights_list));
385: 
386:     
387:     $arraysave = array_diff(array_keys($rights_list), array_keys($rights_list_old));
388: 
389:     $oAreaColl = new cApiAreaCollection();
390: 
391:     if (is_array($arraydel)) {
392:         foreach ($arraydel as $value) {
393:             $data = explode('|', $value);
394: 
395:             
396:             if (!empty($_REQUEST['filter_rights'])) {
397:                 if (($_REQUEST['filter_rights'] != 'article' && in_array($data[1], $aArticleRights)) ||
398:                     ($_REQUEST['filter_rights'] != 'category' && in_array($data[1], $aCategoryRights)) ||
399:                     ($_REQUEST['filter_rights'] != 'template' && in_array($data[1], $aTemplateRights))) {
400:                     continue;
401:                 }
402: 
403:                 if ($_REQUEST['filter_rights'] != 'other' && !in_array($data[1], array_merge($aArticleRights, $aCategoryRights, $aTemplateRights))) {
404:                     continue;
405:                 }
406:             }
407: 
408:             $data[0] = $oAreaColl->getAreaID($data[0]);
409:             $data[1] = $perm->getIDForAction($data[1]);
410: 
411:             $where = "user_id = '" . $db->escape($groupid) . "' AND idclient = " . (int) $rights_client . " AND idlang = " . (int) $rights_lang . " AND idarea = " . (int) $data[0] . " AND idcat = " . (int) $data[2] . " AND idaction = " . (int) $data[1] . " AND type = 1";
412:             $oRightColl = new cApiRightCollection();
413:             $oRightColl->deleteByWhereClause($where);
414:         }
415:     }
416: 
417:     unset($data);
418: 
419:     
420:     if (is_array($arraysave)) {
421:         foreach ($arraysave as $value) {
422:             
423:             $data = explode('|', $value);
424: 
425:             
426:             
427:             
428:             $data[0] = $oAreaColl->getAreaID($data[0]);
429:             $data[1] = $perm->getIDForAction($data[1]);
430: 
431:             if (!isset($data[1])) {
432:                 $data[1] = 0;
433:             }
434: 
435:             
436:             $oRightColl = new cApiRightCollection();
437:             $oRightColl->create($groupid, $data[0], $data[1], $data[2], $rights_client, $rights_lang, 1);
438:         }
439:     }
440: 
441:     $rights_list_old = $rights_list;
442:     return true;
443: }
444: