00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00030 function renderArray($array) {
00031 $ret = '';
00032 foreach($array as $val)
00033 $ret .= "'{$val}', ";
00034 $ret = rtrim($ret, ", ");
00035 return $ret;
00036 }
00037
00038 function inner($smallobj) {
00039 $ret = '';
00040 foreach($smallobj as $key => $val) {
00041 $temp = renderArray($val);
00042 $ret .= "'{$key}' : [{$temp}], ";
00043 }
00044 $ret = rtrim($ret, ", ");
00045 return $ret;
00046 }
00047
00048 function customjson($objDesc) {
00049 return "{'Y' : {" . inner($objDesc['Y']) . "}, 'N' : {" . inner($objDesc['N']) . "}}";
00050 }
00051
00058 function getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions) {
00065
00067 $groupIds = array(0, 1);
00068 $groupNames = array('0' => 'Everyone', '1' => 'Logged In Users');
00069 $groupCount = 2;
00070 $groupsQuery = 'SELECT `group_id`, `group_name` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
00071 $groupsResult = mysql_query($groupsQuery);
00072 while($groupsRow = mysql_fetch_row($groupsResult)) {
00073 $groupIds[] = $groupsRow[0];
00074 $groupNames[$groupsRow[0]] = $groupsRow[1];
00075 $groupCount++;
00076 }
00077 mysql_free_result($groupsResult);
00078
00080 $userIds = array(0);
00081 $userNames = array('0' => 'Anonymous');
00082 $userCount = 1;
00083 $usersQuery = 'SELECT `user_id`, `user_name` FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
00084 $usersResult = mysql_query($usersQuery);
00085 while($usersRow = mysql_fetch_row($usersResult)) {
00086 $userNames[$usersRow[0]] = $usersRow[1];
00087 $userIds[] = $usersRow[0];
00088 $userCount++;
00089 }
00090 mysql_free_result($usersResult);
00091
00094 $permIds = array();
00095 $permCount = 0;
00096 $permList = array();
00097 foreach($grantableActions as $moduleName => $actionData) {
00098 if(is_array($actionData) && ($actionCount = count($actionData)) > 0) {
00099 for($i = 0; $i < $actionCount; $i++) {
00100 $permList[$actionData[$i][0]] = array($moduleName, $actionData[$i][1], $actionData[$i][2]);
00101 $permIds[] = $actionData[$i][0];
00102 $permCount++;
00103 }
00104 }
00105 }
00106
00107 if(count($permList) <= 0 || count($pagepath) <= 0) {
00108 displayerror('Fatal Error: Missing arguments to function.');
00109 return;
00110 }
00111
00116 $groupSetPermissions = array();
00117 $userSetPermissions = array();
00118
00119 $userPermTable = '`' . MYSQL_DATABASE_PREFIX . 'userpageperm`';
00120 $permListTable = '`' . MYSQL_DATABASE_PREFIX . 'permissionlist`';
00121 $permQuery = "SELECT `perm_type`, $userPermTable.`perm_id` AS `perm_id`, `page_id`, `usergroup_id`, `perm_permission` " .
00122 "FROM $userPermTable, $permListTable WHERE `page_id` IN (" . join($pagepath, ', ') . ") AND " .
00123 "$userPermTable.`perm_id` IN (" . join($permIds, ', ') .
00124 ") AND $userPermTable.`perm_id` = $permListTable.`perm_id`";
00125 $permResult = mysql_query($permQuery);
00126
00127 while($permRow = mysql_fetch_assoc($permResult)) {
00128 $pageId = $permRow['page_id'];
00129 $permId = $permRow['perm_id'];
00130 $usergroupId = $permRow['usergroup_id'];
00131
00132 $setPermissions = &$groupSetPermissions;
00133 if($permRow['perm_type'] == 'user') {
00134 $setPermissions = &$userSetPermissions;
00135 }
00136
00137 if(!isset($setPermissions[$pageId])) {
00138 $setPermissions[$pageId] = array();
00139 }
00140 if(!isset($setPermissions[$pageId][$usergroupId])) {
00141 $setPermissions[$pageId][$usergroupId] = array();
00142 }
00143 $setPermissions[$pageId][$usergroupId][$permId] = $permRow['perm_permission'] == 'Y' ? true : false;
00144 }
00145
00148 $groupEffectivePermissions = array();
00164 for($i = count($pagepath) - 1; $i >= 0; $i--) {
00165 if(!isset($groupSetPermissions[$pagepath[$i]])) continue;
00166 $pSP = &$groupSetPermissions[$pagepath[$i]];
00167
00168 for($j = 0; $j < $groupCount; $j++) {
00169 if(!isset($pSP[$groupIds[$j]])) continue;
00170 $gSP = &$pSP[$groupIds[$j]];
00171 if(!isset($groupEffectivePermissions[$groupIds[$j]]))
00172 $groupEffectivePermissions[$groupIds[$j]] = array();
00173 $gEP = &$groupEffectivePermissions[$groupIds[$j]];
00174
00175 for($k = 0; $k < $permCount; $k++) {
00176 if(isset($gSP[$permIds[$k]])) {
00177 if(!isset($gEP[$permIds[$k]]) || $gEP[$permIds[$k]] !== false) {
00178 $gEP[$permIds[$k]] = $gSP[$permIds[$k]];
00179 }
00180 }
00181 }
00182 }
00183 }
00184
00186 $userEffectivePermissions = array();
00187
00188 for($i = count($pagepath) - 1; $i >= 0; $i--) {
00189 if(!isset($userSetPermissions[$pagepath[$i]])) continue;
00190 $pSP = &$userSetPermissions[$pagepath[$i]];
00191
00192 for($j = 0; $j < $userCount; $j++) {
00193 if(!isset($pSP[$userIds[$j]])) continue;
00194 $uSP = &$pSP[$userIds[$j]];
00195 if(!isset($userEffectivePermissions[$userIds[$j]]))
00196 $userEffectivePermissions[$userIds[$j]] = array();
00197 $uEP = &$userEffectivePermissions[$userIds[$j]];
00198
00199 for($k = 0; $k < $permCount; $k++) {
00200 if(isset($uSP[$permIds[$k]])) {
00201 if(!isset($uEP[$permIds[$k]]) || $uEP[$permIds[$k]] !== false) {
00202 $uEP[$permIds[$k]] = $uSP[$permIds[$k]];
00203 }
00204 }
00205 }
00206 }
00207 }
00208
00210 $userGroups = array();
00211 $groupsQuery = 'SELECT `user_id`, `group_id` FROM `'.MYSQL_DATABASE_PREFIX.'usergroup` ' .
00212 'ORDER BY `user_id`';
00213 $groupsResult = mysql_query($groupsQuery);
00214 while($groupsRow = mysql_fetch_row($groupsResult)) {
00215 if(!isset($userGroups[$groupsRow[0]])) $userGroups[$groupsRow[0]] = array();
00216 $userGroups[$groupsRow[0]][] = $groupsRow[1];
00217 }
00218 mysql_free_result($groupsResult);
00219
00220
00222 for($i = 0; $i < $userCount; $i++) {
00223 if(!isset($userGroups[$userIds[$i]])) {
00224 if($userIds[$i] == 0)
00225 continue;
00226 else
00227 $userGroups[$userIds[$i]] = array(0, 1);
00228 }
00229 if(!isset($userEffectivePermissions[$userIds[$i]]))
00230 $userEffectivePermissions[$userIds[$i]] = array();
00231
00232 for($j = 0; $j < $permCount; $j++) {
00233 $userGroupCount = count($userGroups[$userIds[$i]]);
00234
00235 for($k = 0; $k < $userGroupCount; $k++) {
00236 if (
00237 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]]) &&
00238 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]])
00239 ) {
00240
00241 if(!isset($userEffectivePermissions[$userIds[$i]][$permIds[$j]]))
00242 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = false;
00243
00244 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] =
00245 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] ||
00246 $groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]];
00247
00248 }
00249 }
00250 }
00251 }
00252
00253 $sortedGroupPerms = array('Y' => array(), 'N' => array());
00254 $sortedUserPerms = array('Y' => array(), 'N' => array());
00255
00256 foreach($groupEffectivePermissions as $groupid => $data) {
00257 foreach($groupEffectivePermissions[$groupid] as $permid => $value) {
00258 if($value === true) {
00259 if(!isset($sortedGroupPerms['Y'][$groupid]))
00260 $sortedGroupPerms['Y'][$groupid] = array();
00261 $sortedGroupPerms['Y'][$groupid][] = $permid;
00262 } else {
00263 if(!isset($sortedGroupPerms['N'][$groupid]))
00264 $sortedGroupPerms['N'][$groupid] = array();
00265 $sortedGroupPerms['N'][$groupid][] = $permid;
00266 }
00267 }
00268 }
00269
00270 foreach($userEffectivePermissions as $userid => $data) {
00271 foreach($userEffectivePermissions[$userid] as $permid => $value) {
00272 if($value === true) {
00273 if(!isset($sortedUserPerms['Y'][$userid]))
00274 $sortedUserPerms['Y'][$userid] = array();
00275 $sortedUserPerms['Y'][$userid][] = $permid;
00276 } else {
00277 if(!isset($sortedUserPerms['N'][$userid]))
00278 $sortedUserPerms['N'][$userid] = array();
00279 $sortedUserPerms['N'][$userid][] = $permid;
00280 }
00281 }
00282 }
00283
00284 return array($sortedGroupPerms,$sortedUserPerms);
00285 }
00286
00287 function formattedPermissions($pagepath, $modifiableGroups, $grantableActions) {
00288
00289 list($sortedGroupPerms,$sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions);
00290
00291 $groupReturnText = customjson($sortedGroupPerms);
00292 $userReturnText = customjson($sortedUserPerms);
00293
00294 $ret = <<<RET
00295 permGroups = {$groupReturnText};
00296 permUsers = {$userReturnText};
00297 RET;
00298 return $ret;
00299 }
00300
00301 function getPermissionId($module, $action) {
00302 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00303 "`page_module` = '$module' AND `perm_action` = '$action'";
00304 $permResult = mysql_query($permQuery);
00305
00306 if($permResult && ($permResultRow = mysql_fetch_array($permResult))) {
00307 return $permResultRow[0];
00308 }
00309 else {
00310 return -1;
00311 }
00312 }
00313
00314
00315
00325 function getPagePermission(array $pagePath, $usergroupid, $action, $module, $permtype = 'group') {
00326 $userpermTable = MYSQL_DATABASE_PREFIX . "userpageperm";
00327 $permissionlistTable = MYSQL_DATABASE_PREFIX . "permissionlist";
00328
00329 $pageids = join($pagePath, ', ');
00330
00331 $permQuery = "SELECT $userpermTable.perm_permission, $userpermTable.page_id FROM $userpermTable, $permissionlistTable ";
00332 $permQuery .= "WHERE $userpermTable.perm_type = '$permtype' AND $userpermTable.page_id IN ($pageids) AND ";
00333 $permQuery .= "$userpermTable.usergroup_id = $usergroupid AND $permissionlistTable.page_module = '$module' AND ";
00334 $permQuery .= "$permissionlistTable.perm_action = '$action' AND $permissionlistTable.perm_id = $userpermTable.perm_id";
00335 $permissionsArray = array ();
00336 if ($permQueryResult = mysql_query($permQuery)) {
00337 while ($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00338 $permissionsArray[$permQueryResultRow['page_id']] = $permQueryResultRow['perm_permission'] == 'Y' ? true : false;
00339 }
00340 }
00341
00347 $permission = -1;
00348 for ($i = count($pagePath) - 1; $i >= 0; $i--) {
00349 if (isset ($permissionsArray[$pagePath[$i]])) {
00350 $permission = $permissionsArray[$pagePath[$i]];
00351 if($permission === false) break;
00352 }
00353 }
00354
00355 if($permission === -1) {
00356 $permission = false;
00357 }
00358 return $permission;
00359 }
00360
00361
00362
00371
00372 function getPermissions($userid, $pageid, $action, $module="") {
00373 if($action!="admin" && getPermissions($userid,0,"admin"))
00374 return true;
00375 if($module=="") {
00376 $query = "SELECT 1 FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE page_module=\"page\" AND perm_action=\"$action\"";
00377 $result = mysql_query($query);
00378 if(mysql_num_rows($result)>=1)
00379 $module = 'page';
00380 else
00381 $module = getEffectivePageModule($pageid);
00382 }
00383 $permission = false;
00384
00385 if($module=="menu" || $module=="external") return getPermissions($userid,getParentPage($pageid),$action);
00388
00389 $pagePath=array();
00390 parseUrlDereferenced($pageid, $pagePath);
00391 foreach(getGroupIds($userid) as $groupid) {
00392 if($permission === true) break;
00393 $permission = getPagePermission($pagePath, $groupid, $action, $module);
00394 }
00395
00396 if($permission === false) {
00397 $permission = getPagePermission($pagePath, $userid, $action, $module, 'user');
00398 }
00399 return $permission;
00400 }
00401
00402
00407 function determineGrantTargetId(&$targettype) {
00408 $targetId = -1;
00409 $targettype = 'group';
00410 $idQuery = '';
00411
00412 if($_POST['optusergroup'] == 'group') {
00413 if($_POST['optgroup012'] == 'group0') {
00414 $targetId = 0;
00415 }
00416 else if($_POST['optgroup012'] == 'group1') {
00417 $targetId = 1;
00418 }
00419 else if($_POST['optgroup012'] == 'group3') {
00420 $targettype = 'user';
00421 $targetId = 0;
00422 }
00423 else {
00424 $idQuery = "SELECT `group_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_name` = '".escape($_POST['modifiablegroups'])."'";
00425 }
00426 }
00427 else if($_POST['optusergroup'] == 'user') {
00428 $hyphenPos = strpos($_POST['useremail'], '-');
00429 if($hyphenPos >= 0) {
00430 $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00431 }
00432 else {
00433 $userEmail = escape($_POST['useremail']);
00434 }
00435
00436 $idQuery = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` = '$userEmail'";
00437 $targettype = 'user';
00438 }
00439
00440 if($targetId == -1 && $idQuery != '') {
00441 $idResult = mysql_query($idQuery);
00442
00443 if($idResult) {
00444 if($idResultRow = mysql_fetch_row($idResult)) {
00445 $targetId = $idResultRow[0];
00446 }
00447 }
00448 }
00449
00450 return $targetId;
00451 }
00452
00453
00454
00463 function grantPermissions($userid, $pageid) {
00464
00465 if(isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
00466 $permtype = escape($_GET['permtype']);
00467 $pageid = escape($_GET['pageid']);
00468 $usergroupid = escape($_GET['usergroupid']);
00469 $permid = escape($_GET['permid']);
00470 $perm = escape($_GET['perm']);
00471 $flag = true;
00472 if($perm == 'Y' || $perm == 'N') {
00473 if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00474 if($permission['perm_permission'] != $perm) {
00475 mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00476 if(mysql_affected_rows() == 0)
00477 $flag = false;
00478 }
00479 } else {
00480 mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('$permtype','$pageid','$usergroupid','$permid','$perm')");
00481 if(mysql_affected_rows() == 0)
00482 $flag = false;
00483 }
00484 } else {
00485 if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00486 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00487 if(mysql_affected_rows() == 0)
00488 $flag = false;
00489 }
00490 }
00491
00492 if($flag)
00493 echo "1";
00494 else
00495 echo "0";
00496 disconnect();
00497 exit();
00498 }
00499
00500 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
00501 global $cmsFolder,$urlRequestRoot, $templateFolder;
00502 $pageid = escape($_GET['pageid']);
00503 if(mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
00504 $pagepath = array();
00505 parseUrlDereferenced($pageid, $pagepath);
00506 $pageid = $pagepath[count($pagepath) - 1];
00507
00508 $groups = array_reverse(getGroupIds($userid));
00509 $virtue = '';
00510 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00511 if($maxPriorityGroup == -1) {
00512 return 'You do not have the required permissions to view this page.';
00513 }
00514
00515 if($virtue == 'user') {
00516 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00517 }
00518 else {
00519 $grantableActions = getGroupPermissions($groups, $pagepath);
00520 }
00521
00522 $actionCount = count($_POST['permission']);
00523 $checkedActions = array();
00524 for($i = 0; $i < $actionCount; $i++) {
00525 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00526
00527 if(isset($_POST[$modTemp.$actTemp])) {
00528 if(isset($grantableActions[$modTemp])) {
00529 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00530 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00531 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00532 break;
00533 }
00534 }
00535 }
00536 }
00537 }
00538 if(count($checkedActions) > 0) {
00539 $grantableActions = $checkedActions;
00540 }
00541
00542 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00543 $modifiableGroupIds = array(0, 1);
00544 for($i = 0; $i < count($modifiableGroups); $i++) {
00545 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00546 }
00547 $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
00548 $ret =<<<RET
00549 pageid = {$pageid};
00550 {$permissions}
00551 RET;
00552 echo $ret;
00553 } else {
00554 echo "Error: Invalid Pageid passed";
00555 }
00556 disconnect();
00557 exit();
00558 }
00559
00560 global $cmsFolder,$urlRequestRoot;
00561 $pagepath = array();
00562 parseUrlDereferenced($pageid, $pagepath);
00563 $pageid = $pagepath[count($pagepath) - 1];
00564
00565 $groups = array_reverse(getGroupIds($userid));
00566 $virtue = '';
00567 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00568 if($maxPriorityGroup == -1) {
00569 return 'You do not have the required permissions to view this page.';
00570 }
00571
00572 if($virtue == 'user') {
00573 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00574 }
00575 else {
00576 $grantableActions = getGroupPermissions($groups, $pagepath);
00577 }
00578 if(isset($_POST['permission']))
00579 $actionCount = count($_POST['permission']);
00580 else $actionCount="";
00581 $checkedActions = array();
00582 for($i = 0; $i < $actionCount; $i++) {
00583 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00584
00585 if(isset($_POST[$modTemp.$actTemp])) {
00586 if(isset($grantableActions[$modTemp])) {
00587 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00588 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00589 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00590 break;
00591 }
00592 }
00593 }
00594 }
00595 }
00596 if(count($checkedActions) > 0) {
00597 $grantableActions = $checkedActions;
00598 }
00599
00600 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00601 $modifiableGroupIds = array(0, 1);
00602 for($i = 0; $i < count($modifiableGroups); $i++) {
00603 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00604 }
00605 $perms = json_encode(formatPermissions($grantableActions));
00606 $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
00607 $groups = customGetGroups($maxPriorityGroup);
00608 $users = customGetAllUsers();
00609 global $templateFolder;
00610 $smarttableconfig = array (
00611 'permtable' => array(
00612 'sPaginationType' => 'two_button',
00613 'bAutoWidth' => 'false',
00614 'aoColumns' => '{ "sWidth": "100px" }'
00615 ),
00616 'permtable2' => array(
00617 'sPaginationType' => 'two_button',
00618 'bAutoWidth' => 'false',
00619 'aoColumns' => '{ "sWidth": "100px" }'
00620 )
00621 );
00622 $ret = smarttable::render(array('permtable','permtable2'),$smarttableconfig);
00623 $globals = getGlobalSettings();
00624 $baseURL = "./+grant&doaction=changePerm";
00625 if($globals['url_rewrite']=='false')
00626 $baseURL = prettyurl($baseURL);
00627 $selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};";
00628 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') {
00629 $get_selectedPerms = array();
00630 $get_selectedGroups = array();
00631 $get_selectedUsers = array();
00632 foreach($_POST as $key => $var)
00633 if(substr($key,0,12)=="permissions_")
00634 $get_selectedPerms[] = (int)substr($key,12);
00635 list($get_sortedGroupPerms,$get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00636 $save = 0;
00637 foreach($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
00638 $found = false;
00639 foreach($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
00640 foreach($get_selectedPerms as $selected_perm)
00641 if($selected_perm == $get_permId) {
00642 $get_selectedGroups[] = (int)$get_groupId;
00643 $found = true;
00644 }
00645 if($found)
00646 break;
00647 }
00648 if($get_groupId==0&&$found)
00649 $save += 1;
00650 if($get_groupId==1&&$found)
00651 $save += 2;
00652 }
00653 foreach($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
00654 $found = false;
00655 foreach($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
00656 foreach($get_selectedPerms as $selected_perm)
00657 if($selected_perm == $get_permId) {
00658 $get_selectedUsers[] = (int)$get_userId;
00659 $found = true;
00660 }
00661 if($found)
00662 break;
00663 }
00664 }
00665 $get_selectedGroups = filterByPriority($maxPriorityGroup,$get_selectedGroups);
00666 if($save%2==1)
00667 $get_selectedGroups[] = 0;
00668 if($save/2==1)
00669 $get_selectedGroups[] = 1;
00670 $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
00671 }
00672 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') {
00673
00674 $get_selectedPerms = array();
00675 $get_selectedGroups = array();
00676 $get_selectedUsers = array();
00677 foreach($_POST as $key => $var)
00678 if(substr($key,0,6)=="users_")
00679 $get_selectedUsers[] = (int)substr($key,6);
00680 else if(substr($key,0,7)=="groups_")
00681 $get_selectedGroups[] = (int)substr($key,7);
00682 list($get_sortedGroupPerms,$get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00683 $save = 0;
00684 foreach($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
00685 if(isPresent($get_groupId,$get_selectedGroups)) {
00686 foreach($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
00687 if(!isPresent($get_permId,$get_selectedPerms))
00688 $get_selectedPerms[] = $get_permId;
00689 }
00690 }
00691 }
00692 foreach($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
00693 if(isPresent($get_userId,$get_selectedUsers)) {
00694 foreach($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
00695 if(!isPresent($get_permId,$get_selectedPerms))
00696 $get_selectedPerms[] = $get_permId;
00697 }
00698 }
00699 }
00700 $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
00701 }
00702 $ret .= <<<RET
00703 <style type="text/css" title="currentStyle">
00704 div#permtable_filter input { width: 90px; }
00705 div#permtable2_filter input { width: 90px; }
00706 </style>
00707 <script type="text/javascript" language="javascript" src="$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts/permissionsTable.js"></script>
00708 <script type="text/javascript">
00709 var baseURL = "$baseURL";
00710 var pageid = {$pageid};
00711 var permissions = {$perms};
00712 var permGroups;
00713 var permUsers;
00714 var groups = {{$groups}};
00715 var users = {{$users}};
00716 {$permissions}
00717 {$selected}
00718 </script>
00719 <div id='info'></div>
00720 <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
00721 <div id='permTable'>
00722
00723 </div>
00724 <table width=100%>
00725 <tr>
00726 <td width=50%>
00727 <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br>
00728 <form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'>
00729 <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
00730
00731 </tbody></table>
00732 </form>
00733 </td>
00734 <td width=50%>
00735 <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br>
00736 <form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'>
00737 <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
00738
00739 </tbody></table>
00740 </form>
00741 </td>
00742 </tr>
00743 </table>
00744
00745 <a href='javascript:populateList()'>Click here if the lists are empty</a>
00746 RET;
00747 global $STARTSCRIPTS;
00748 $STARTSCRIPTS .= " populateList();";
00749 return $ret;
00750 }
00751
00752 function getPerms($pageId, $groupuser, $yesno) {
00753 $ret = "";
00754 $result = mysql_query("SELECT `usergroup_id`, `perm_id` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `page_id` = '{$pageId}' AND `perm_type` = '{$groupuser}' AND `perm_permission` = '{$yesno}'");
00755 while($row = mysql_fetch_array($result))
00756 $perms[$row['usergroup_id']][] = $row['perm_id'];
00757 if(isset($perms))
00758 foreach($perms as $group => $values) {
00759 $ret .= "'" . $group . "' : [";
00760 foreach($values as $value)
00761 $ret .= "'" . $value . "', ";
00762 $ret = rtrim($ret, ", ");
00763 $ret .= "], ";
00764 }
00765 $ret = rtrim($ret, ", ");
00766 return $ret;
00767 }
00768
00769 function customGetAllUsers() {
00770 $ret = "";
00771 $result = mysql_query("SELECT `user_email`, `user_name`, `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users`");
00772 while($row = mysql_fetch_array($result))
00773 $ret .= "'{$row['user_id']}' : '{$row['user_name']} <{$row['user_email']}>', ";
00774 $ret = rtrim($ret,", ");
00775 return $ret;
00776 }
00777
00778 function customGetGroups($priority) {
00779 $ret = "'0' : 'Everyone', '1' : 'Logged in Users', ";
00780 $result = mysql_query("SELECT `group_name`,`group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00781 while($row = mysql_fetch_array($result))
00782 $ret .= "'{$row['group_id']}' : '{$row['group_name']}', ";
00783 $ret = rtrim($ret,", ");
00784 return $ret;
00785 }
00786
00787 function filterByPriority($priority,$groups) {
00788 $return = array();
00789 $result = mysql_query("SELECT `group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00790 while($row = mysql_fetch_assoc($result))
00791 foreach($groups as $group)
00792 if($group == $row['group_id'])
00793 $return[] = $group;
00794 return $return;
00795 }
00796
00797 function getAllPermissions() {
00798 $ret = "";
00799 $result = mysql_query("SELECT `perm_id`,`page_module`,`perm_action` FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`");
00800 while($row = mysql_fetch_array($result))
00801 $ret .= "'{$row['perm_id']}' : '{$row['page_module']} - {$row['perm_action']}', ";
00802 $ret = rtrim($ret,", ");
00803 return $ret;
00804 }
00805
00806 function formatPermissions($perms) {
00807 $return = array();
00808 foreach($perms as $modulename => $array)
00809 foreach($array as $row)
00810 $return[$row[0]] = "{$modulename} - {$row[1]}";
00811 return $return;
00812 }
00813
00814
00824 function unsetPagePermission($usergroupid, $pageid, $action, $module, $permtype = 'group') {
00825 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00826 "`perm_action` = '$action' AND `page_module` = '$module'";
00827 $permQueryResult = mysql_query($permQuery);
00828
00829 if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00830 return false;
00831 }
00832
00833 $permid = $permQueryResultRow['perm_id'];
00834
00835 $removeQuery = "DELETE FROM `".MYSQL_DATABASE_PREFIX."userpageperm` " .
00836 "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00837 "`perm_type` = '$permtype' LIMIT 1";
00838 if(mysql_query($removeQuery)) {
00839 return true;
00840 }
00841 else {
00842 return false;
00843 }
00844 }
00845
00846
00847
00858 function setPagePermission($usergroupid, $pageid, $action, $module, $permission, $permtype = 'group') {
00859 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00860 "`perm_action` = '$action' AND `page_module` = '$module'";
00861 $permQueryResult = mysql_query($permQuery);
00862
00863 if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00864 return false;
00865 }
00866
00867 $permid = $permQueryResultRow['perm_id'];
00868
00869 $updateQuery = '';
00870 $permission = ($permission === true ? 'Y' : 'N');
00871 $permQuery = "SELECT `perm_permission` FROM `".MYSQL_DATABASE_PREFIX."userpageperm` WHERE " .
00872 "`usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00873 "`perm_type` = '$permtype'";
00874 $permQueryResult = mysql_query($permQuery);
00875
00876 if($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00877 if($permission != $permQueryResultRow['perm_permission']) {
00878 $updateQuery = "UPDATE `".MYSQL_DATABASE_PREFIX."userpageperm` SET `perm_permission` = '$permission' " .
00879 "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00880 "`perm_type` = '$permtype' LIMIT 1";
00881 }
00882 }
00883 else {
00884 $updateQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."userpageperm` (`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) " .
00885 "VALUES('$permtype', $pageid, $usergroupid, $permid, '$permission')";
00886 }
00887
00888 if($updateQuery != '') {
00889 $updateResult = mysql_query($updateQuery);
00890 if(!$updateResult) {
00891 return false;
00892 }
00893 }
00894
00895 return true;
00896 }
00897
00898
00907 function getMaxPriorityGroup(&$pagepath, $userid, &$groupids, &$virtue) {
00908 if(getPagePermission($pagepath, $userid, 'grant', 'page', 'user')) {
00909 $virtue = 'user';
00910 return $groupids[0];
00911 }
00912 else {
00913 $l = count($groupids);
00914 for($i = 0; $i < $l; $i++) {
00915 if(getPagePermission($pagepath, $groupids[$i], 'grant', 'page')) {
00916 $virtue = 'group';
00917 return $groupids[$i];
00918 }
00919 }
00920 }
00921
00922 return -1;
00923 }
00924
00925 function getModifiableGroups($userId, $maxPriorityGroup, $ordering = 'asc') {
00926 if($ordering != 'asc') $ordering = 'desc';
00927 $modifiableGroups = array(
00928
00929
00930 );
00931
00932 $groupsTable = MYSQL_DATABASE_PREFIX.'groups';
00933 $usergroupTable = MYSQL_DATABASE_PREFIX.'usergroup';
00934
00937
00938 $groupPriority = "(SELECT `group_priority` FROM `$groupsTable` WHERE `group_id` = $maxPriorityGroup)";
00939 if($maxPriorityGroup == 1) $groupPriority = 1;
00940 $groupsQuery = "SELECT `$groupsTable`.`group_id`, `$groupsTable`.`group_name`, `$groupsTable`.`group_description`, `$groupsTable`.`group_priority` " .
00941 "FROM `$groupsTable` WHERE `group_priority` <= $groupPriority ORDER BY `group_priority` $ordering";
00950 $groupsResult = mysql_query($groupsQuery) or die($groupsQuery . '<br />' . mysql_error());
00951
00952 while($groupsRow = mysql_fetch_assoc($groupsResult)) {
00953 $modifiableGroups[] = $groupsRow;
00954 }
00955
00956 return $modifiableGroups;
00957 }
00958
00965 function getGroupPermissions($groupids, $pagepath, $userid = -1) {
00966
00967 $permQuery = "SELECT `perm_id`, `perm_action`, `page_module`, `perm_description` FROM `".MYSQL_DATABASE_PREFIX."permissionlist`";
00968 $permResult = mysql_query($permQuery);
00969 if(!$permResult) {
00970 return '';
00971 }
00972
00973 $permList = array();
00974 $groupCount = count($groupids);
00975
00976 while($permResultRow = mysql_fetch_assoc($permResult)) {
00977 $moduleName = $permResultRow['page_module'];
00978 $actionName = $permResultRow['perm_action'];
00979 $actionDescription = $permResultRow['perm_description'];
00980 $permissionId = $permResultRow['perm_id'];
00981
00982 $permissionSet = false;
00983
00984 for($i = 0; $i < $groupCount; $i++) {
00985 if(getPagePermission($pagepath, $groupids[$i], $actionName, $moduleName)) {
00986 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00987 $permissionSet = true;
00988 break;
00989 }
00990 }
00991
00992 if(!$permissionSet && $userid > -1) {
00993 if(getPagePermission($pagepath, $userid, $actionName, $moduleName, 'user')) {
00994 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00995 }
00996 }
00997 }
00998
00999 return $permList;
01000 }
01001
01002 function isPresent($needle,$haystack) {
01003 foreach($haystack as $hay) {
01004 if($hay==$needle)
01005 return true;
01006 }
01007 return false;
01008 }
01009