ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität
ConLite/conlite/includes/include.grouprights_menu.php

212 Zeilen
6.3 KiB
PHP
Originalformat Permalink Blame Verlauf

<?php
/**
* Project:
* Contenido Content Management System
*
* Description:
* Contenido Groups Menu
*
* Requirements:
* @con_php_req 5.0
*
*
* @package Contenido Backend includes
* @version 1.1.2
* @author Timo A. Hummel
* @copyright four for business AG <www.4fb.de>
* @license http://www.contenido.org/license/LIZENZ.txt
* @link http://www.4fb.de
* @link http://www.contenido.org
* @since file available since contenido release <= 4.6
*
* {@internal
* created 2003-05-30
* modified 2008-06-27, Frederic Schneider, add security fix
* modified 2009-11-06, Murat Purc, replaced deprecated functions (PHP 5.3 ready)
*
* $Id$:
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
$tpl->reset();
$tpl->set('s', 'SID', $sess->id);
if (($action == "group_delete") && ($perm->have_perm_area_action($area, $action))) {
$sql = "DELETE FROM "
.$cfg["tab"]["groups"].
" WHERE
group_id = \"" .Contenido_Security::escapeDB($groupid, $db)."\"";
$db->query($sql);
$sql = "DELETE FROM ".
$cfg["tab"]["groupmembers"].
" WHERE group_id = \"" .Contenido_Security::escapeDB($groupid, $db)."\"";
$db->query($sql);
$sql = "DELETE FROM ".
$cfg["tab"]["rights"].
" WHERE user_id = \"" .Contenido_Security::escapeDB($groupid, $db)."\"";
$db->query($sql);
}
$sql = "SELECT
groupname, group_id, perms
FROM
".$cfg["tab"]["groups"]."
ORDER BY
groupname ASC";
if ($restriction == 1)
{
$sql = "SELECT
A.groupname AS groupname, A.group_id as group_id, A.perms as perms
FROM
".$cfg["tab"]["groups"]." AS A,
".$cfg["tab"]["rights"]." AS B,
".$cfg["tab"]["actions"]." AS C
WHERE
C.name = 'front_allow' AND
B.user_id = A.group_id AND
C.idaction = B.idaction AND
A.perms LIKE ''
GROUP BY
group_id
ORDER BY
groupname ASC";
}
if ($restriction == 3)
{
$sql = "SELECT
A.groupname AS groupname, A.group_id as group_id, A.perms as perms
FROM
".$cfg["tab"]["groups"]." AS A,
".$cfg["tab"]["rights"]." AS B,
".$cfg["tab"]["actions"]." AS C
WHERE
C.name NOT LIKE 'front_allow' AND
B.user_id = A.group_id AND
C.idaction = B.idaction AND
A.perms NOT LIKE ''
GROUP BY
group_id
ORDER BY
groupname ASC";
}
$db->query($sql);
// Empty Row
$bgcolor = '#FFFFFF';
$tpl->set('s', 'PADDING_LEFT', '10');
$thisperm = explode(',', $auth->auth['perm']);
$accessibleClients = $classclient->getAccessibleClients();
while ($db->next_record())
{
$groupperm = explode(',', $db->f('perms'));
$allow = false;
// Sysadmin check
if (in_array("sysadmin", $thisperm))
{
$allow = true;
}
// Admin check
foreach ($accessibleClients as $key => $value)
{
if (in_array("client[".$key."]", $groupperm))
{
$allow = true;
}
}
// Group check
foreach ($groupperm as $localperm)
{
if (in_array($localperm, $thisperm))
{
$allow = true;
}
}
if ($allow == true)
{
$dark = !$dark;
if ($dark) {
$bgColor = $cfg["color"]["table_dark"];
} else {
$bgColor = $cfg["color"]["table_light"];
}
$groupid = $db->f("group_id");
$groupname = $db->f("groupname");
$groupname = substr($groupname, 4);
$tmp_mstr = '<a href="javascript:conMultiLink(\'%s\', \'%s\', \'%s\', \'%s\')">%s</a>';
$area = "groups";
$mstr = sprintf($tmp_mstr, 'right_top',
$sess->url("main.php?area=$area&frame=3&groupid=$groupid"),
'right_bottom',
$sess->url("main.php?area=groups_overview&frame=4&groupid=$groupid"),
$groupname);
$mstr2 = sprintf($tmp_mstr, 'right_top',
$sess->url("main.php?area=$area&frame=3&groupid=$groupid"),
'right_bottom',
$sess->url("main.php?area=groups_overview&frame=4&groupid=$groupid"),
'<img src="images/spacer.gif" border="0" width="15">');
if ($perm->have_perm_area_action('groups',"groups_delete") ) {
$message = sprintf(i18n("Do you really want to delete the group %s?"),clHtmlSpecialChars($groupname));
$deletebutton = "<a onClick=\"event.cancelBubble=true;check=confirm('".$message."'); if (check==true) { location.href='".$sess->url("main.php?area=groups&action=group_delete&frame=$frame&groupid=$groupid&del=")."#deletethis'};\" href=\"#\"><img src=\"".$cfg['path']['images']."delete.gif\" border=\"0\" width=\"13\" height=\"13\" alt=\"".$lngUpl["delfolder"]."\" title=\"".$lngUpl["delgroup"]."\"></a>";
} else {
$deletebutton = "";
}
if ($_GET['groupid'] == $groupid) {
$bgColor = $cfg['color']['table_light_active'];
$tpl->set('d', 'ID_MARKED', 'marked');
} else {
$tpl->set('d', 'ID_MARKED', '');
}
$tpl->set('d', 'BGCOLOR', $bgColor);
$tpl->set('d', 'TEXT', $mstr);
$tpl->set('d', 'ICON', $mstr2);
if ($perm->have_perm_area_action('groups',"groups_delete") ) {
$delTitle = i18n("Delete group");
$delDescr = sprintf(i18n("Do you really want to delete the following group:<br><br>%s<br>"),clHtmlSpecialChars($groupname));
$tpl->set('d', 'DELETE', '<a title="'.$delTitle.'" href="javascript://" onclick="box.confirm(\''.$delTitle.'\', \''.$delDescr.'\', \'deleteGroup(\\\''.$groupid.'\\\')\')"><img src="'.$cfg['path']['images'].'delete.gif" border="0" title="'.$delTitle.'" alt="'.$delTitle.'"></a>');
} else {
$tpl->set('d', 'DELETE', '&nbsp;');
}
$tpl->next();
}
}
# Generate template
$tpl->generate($cfg['path']['templates'] . $cfg['templates']['grouprights_menu']);
?>
In neuem Issue referenzieren Git Blame ansehen Permalink kopieren