2016-10-06 15:57:01 +00:00
< ? php
/**
* Project :
* Contenido Content Management System
*
* Description :
* Contenido Rights Area
*
* Requirements :
* @ con_php_req 5.0
*
*
* @ package Contenido Backend includes
* @ version 1.0 . 2
* @ author unknown
* @ copyright four for business AG < www . 4 fb . de >
* @ license http :// www . contenido . org / license / LIZENZ . txt
* @ link http :// www . 4 fb . de
* @ link http :// www . contenido . org
* @ since file available since contenido release <= 4.6
*
* { @ internal
* created unknown
* modified 2008 - 06 - 27 , Dominik Ziegler , add security fix
* modified 2008 - 07 - 03 , Timo Trautmann , moved inline html to template
* modified 2010 - 05 - 20 , Murat Purc , removed request check during processing ticket [ #CON-307]
*
2019-07-03 11:58:28 +00:00
* $Id $ :
2016-10-06 15:57:01 +00:00
* }}
*
*/
if ( ! defined ( 'CON_FRAMEWORK' )) {
die ( 'Illegal call' );
}
//notice $oTpl is filled and generated in file rights.inc.php this file renders $oTpl to browser
include_once ( $cfg [ 'path' ][ 'contenido' ] . 'includes/rights.inc.php' );
$debug = 0 ;
//set the areas which are in use for selecting these
$sql = " SELECT A.idarea, A.idaction, A.idcat, B.name, C.name FROM " . $cfg [ " tab " ][ " rights " ] . " AS A, " . $cfg [ " tab " ][ " area " ] . " AS B, " . $cfg [ " tab " ][ " actions " ] . " AS C WHERE user_id=' " . Contenido_Security :: escapeDB ( $userid , $db ) . " ' AND idclient=' " . Contenido_Security :: toInteger ( $rights_client ) . " ' AND idlang=' " . Contenido_Security :: toInteger ( $rights_lang ) . " ' AND idcat='0' AND A.idaction = C.idaction AND A.idarea = B.idarea " ;
$db -> query ( $sql );
$rights_list_old = array ();
while ( $db -> next_record ()) { //set a new rights list fore this user
$rights_list_old [ $db -> f ( 3 ) . " | " . $db -> f ( 4 ) . " | " . $db -> f ( " idcat " )] = " x " ;
}
if (( $perm -> have_perm_area_action ( $area , $action )) && ( $action == " user_edit " ))
{
saverights ();
} else {
if ( ! $perm -> have_perm_area_action ( $area , $action ))
{
$notification -> displayNotification ( " error " , i18n ( " Permission denied " ));
}
}
$sJsBefore = '' ;
$sJsAfter = '' ;
$sJsExternal = '' ;
$sTable = '' ;
$sJsBefore .= " var areatree=new Array(); \n " ;
if ( ! isset ( $rights_perms ) || $action == " " ||! isset ( $action )){
//search for the permissions of this user
$sql = " SELECT perms FROM " . $cfg [ " tab " ][ " phplib_auth_user_md5 " ] . " WHERE user_id=' $userid ' " ;
$db -> query ( $sql );
$db -> next_record ();
$rights_perms = $db -> f ( " perms " );
}
$table = new Table ( $cfg [ " color " ][ " table_border " ], " solid " , 0 , 2 , $cfg [ " color " ][ " table_header " ], $cfg [ " color " ][ " table_light " ], $cfg [ " color " ][ " table_dark " ], 0 , 0 );
$sTable .= $table -> start_table ();
$sTable .= $table -> header_row ();
$sTable .= $table -> header_cell ( " " , " left " );
$sTable .= $table -> header_cell ( " " , " left " );
$sTable .= $table -> header_cell ( i18n ( " Check all " ), " left " );
$sTable .= $table -> end_row ();
$sTable .= $table -> header_row ();
$sTable .= $table -> header_cell ( ' ' , " center " , '' , '' , 0 );
$sTable .= $table -> header_cell ( ' ' , " center " , '' , '' , 0 );
$sTable .= $table -> header_cell ( " <input type= \" checkbox \" name= \" checkall \" value= \" \" onClick= \" setRightsForAllAreas() \" > " , " center " , '' , '' , 0 );
$sTable .= $table -> end_row ();
$nav = new Contenido_Navigation ;
foreach ( $right_list as $key => $value ){
// look for possible actions in mainarea
foreach ( $value as $key2 => $value2 )
{
if ( $key == $key2 ){
//does the user have the right
if ( in_array ( $value2 [ " perm " ] . " |fake_permission_action|0 " , array_keys ( $rights_list_old )))
$checked = " checked= \" checked \" " ;
else
$checked = " " ;
$darkRow = ! $darkRow ;
if ( $darkRow ) {
$bgColor = $cfg [ " color " ][ " table_dark " ];
} else {
$bgColor = $cfg [ " color " ][ " table_light " ];
}
/* Extract names from the XML document. */
$main = $nav -> getName ( str_replace ( '/overview' , '/main' , $value2 [ 'location' ]));
if ( $debug )
{
$locationString = $value2 [ " location " ] . " " . $value2 [ " perm " ] . " --> " . $main ;
} else {
$locationString = $main ;
}
$sTable .= $table -> row ();
$sTable .= $table -> cell ( $locationString , " " , " " , " class= \" td_rights1 \" " , false );
$sTable .= $table -> cell ( " <input type= \" checkbox \" name= \" rights_list[ " . $value2 [ " perm " ] . " |fake_permission_action|0] \" value= \" x \" $checked > " , " " , " " , " class= \" td_rights2 \" " , false );
$sTable .= $table -> cell ( " <input type= \" checkbox \" name= \" checkall_ $key\ " value = \ " \" onClick= \" setRightsForArea(' $key ') \" > " , " " , " " , " class= \" td_rights2 \" " , false );
$sTable .= $table -> end_row ();
//set javscript array for areatree
$sJsBefore .= "
areatree [ \ " $key\ " ] = new Array ();
areatree [ \ " $key\ " ][ \ " " . $value2 [ " perm " ] . " 0 \" ]= \" rights_list[ " . $value2 [ " perm " ] . " |fake_permission_action|0] \" \n " ;
}
//if there area some
if ( is_array ( $value2 [ " action " ]))
foreach ( $value2 [ " action " ] as $key3 => $value3 )
{
$idaction = $value3 ;
//does the user have the right
if ( in_array ( $value2 [ " perm " ] . " | $idaction |0 " , array_keys ( $rights_list_old )))
$checked = " checked= \" checked \" " ;
else
$checked = " " ;
$darkRow = ! $darkRow ;
if ( $darkRow ) {
$bgColor = $cfg [ " color " ][ " table_dark " ];
} else {
$bgColor = $cfg [ " color " ][ " table_light " ];
}
//set the checkbox the name consits of areait+actionid+itemid
$sCellContent = '' ;
if ( $debug )
{
$sCellContent = " " . $value2 [ " perm " ] . " | " . $value3 . " --> " . $lngAct [ $value2 [ " perm " ]][ $value3 ] . " " ;
} else {
if ( $lngAct [ $value2 [ " perm " ]][ $value3 ] == " " )
{
$sCellContent = " " . $value2 [ " perm " ] . " | " . $value3 . " " ;
} else {
$sCellContent = " " . $lngAct [ $value2 [ " perm " ]][ $value3 ] . " " ;
}
}
$sTable .= $table -> row ();
$sTable .= $table -> cell ( $sCellContent , " left " , " " , " class= \" td_rights1 \" " , false );
$sTable .= $table -> cell ( " <input type= \" checkbox \" id= \" rights_list[ " . $value2 [ " perm " ] . " | $value3 |0] \" name= \" rights_list[ " . $value2 [ " perm " ] . " | $value3 |0] \" value= \" x \" $checked > " , false );
$sTable .= $table -> cell ( " " , false );
$sTable .= $table -> end_row ();
//set javscript array for areatree
$sJsBefore .= " areatree[ \" $key\ " ][ \ " " . $value2 [ " perm " ] . " $value3\ " ] = \ " rights_list[ " . $value2 [ " perm " ] . " | $value3 |0] \" \n " ;
}
}
//checkbox for checking all actions fore this itemid
}
$sTable .= $table -> row ();
$sTable .= $table -> sumcell ( " <a href=javascript:submitrightsform('','area')><img src= \" " . $cfg [ 'path' ][ 'images' ] . " but_cancel.gif \" border=0></a><img src= \" images/spacer.gif \" width= \" 20 \" ><a href=javascript:submitrightsform('user_edit','')><img src= \" " . $cfg [ 'path' ][ 'images' ] . " but_ok.gif \" border=0></a> " , " right " );
$sTable .= $table -> end_row ();
$sTable .= $table -> end_table ();
$oTpl -> set ( 's' , 'JS_SCRIPT_BEFORE' , $sJsBefore );
$oTpl -> set ( 's' , 'JS_SCRIPT_AFTER' , $sJsAfter );
$oTpl -> set ( 's' , 'RIGHTS_CONTENT' , $sTable );
$oTpl -> set ( 's' , 'EXTERNAL_SCRIPTS' , $sJsExternal );
$oTpl -> generate ( 'templates/standard/' . $cfg [ 'templates' ][ 'rights_inc' ]);
?>