* @license http://www.contenido.org/license/LIZENZ.txt * @link http://www.4fb.de * @link http://www.contenido.org * @since file available since contenido release <= 4.6 * * {@internal * created unknown * modified 2008-06-26, Dominik Ziegler, add security fix * modified 2008-07-29, Bilal Arslan, moved inline html to template * * $Id$: * }} * */ if(!defined('CON_FRAMEWORK')) { die('Illegal call'); } //notice $oTpl is filled and generated in file rights.inc.php this file renders $oTpl to browser include_once($cfg['path']['contenido'].'includes/grouprights.inc.php'); //set the areas which are in use fore selecting these $possible_area = "'".implode("','", $area_tree[$perm->showareas("str")])."'"; $sql = "SELECT A.idarea, A.idaction, A.idcat, B.name, C.name FROM ".$cfg["tab"]["rights"]." AS A, ".$cfg["tab"]["area"]." AS B, ".$cfg["tab"]["actions"]." AS C WHERE user_id='".Contenido_Security::escapeDB($groupid, $db)."' AND idclient='".Contenido_Security::toInteger($rights_client)."' AND A.type = 1 AND idlang='".Contenido_Security::toInteger($rights_lang)."' AND B.idarea IN ($possible_area) AND idcat!='0' AND A.idaction = C.idaction AND A.idarea = C.idarea AND A.idarea = B.idarea"; $db->query($sql); $rights_list_old = array (); while ($db->next_record()) { //set a new rights list fore this user $rights_list_old[$db->f(3)."|".$db->f(4)."|".$db->f("idcat")] = "x"; } if (($perm->have_perm_area_action($area, $action)) && ($action == "group_edit")) { saverights(); }else { if (!$perm->have_perm_area_action($area, $action)) { $notification->displayNotification("error", i18n("Permission denied")); } } // Init the temp variables $sJsBefore = ''; $sJsAfter = ''; $sJsExternal = ''; $sTable = ''; $sJsExternal = ''; $sJsExternal .= ''; // declare new javascript variables; $sJsBefore = " var itemids=new Array(); var actareaids=new Array();"; $colspan=0; $table = new Table($cfg["color"]["table_border"], "solid", 0, 2, $cfg["color"]["table_header"], $cfg["color"]["table_light"], $cfg["color"]["table_dark"], 0, 0); $sTable .= $table->start_table(); $sTable .= $table->header_row(); $sTable .= $table->header_cell(i18n("Category"),"left"); $sTable .= $table->header_cell(" ","left"); $possible_areas=array(); $aSecondHeaderRow = array(); // look for possible actions in mainarea [] in str and con foreach($right_list["str"] as $value2) { //if there are some actions if(is_array($value2["action"])) foreach($value2["action"] as $key3 => $value3) { //set the areas that are in use # HACK! if ($value3 != "str_newtree") { $possible_areas[$value2["perm"]]=""; $colspan++; //set the possible areas and actions for this areas $sJsBefore .= "actareaids[\"$value3|".$value2["perm"]."\"]=\"x\";"; $sTable .= $table->header_cell($lngAct[$value2["perm"]][$value3]); array_push($aSecondHeaderRow, ""); } } } //checkbox for all rights $sTable .= $table->header_cell(i18n("Check all")); array_push($aSecondHeaderRow, ""); $sTable .= $table->end_row(); $colspan++; $sTable .= $table->header_row(); $sTable .= $table->header_cell(' ',"center", '', '', 0); $sTable .= $table->header_cell(' ',"center", '', '', 0); foreach ($aSecondHeaderRow as $value) { $sTable .= $table->header_cell($value,"center", '', '', 0); } $sTable .= $table->end_row(); $sql = "SELECT A.idcat, level, name,parentid FROM ".$cfg["tab"]["cat_tree"]." AS A, ".$cfg["tab"]["cat"]." AS B, ".$cfg["tab"]["cat_lang"]." AS C WHERE A.idcat=B.idcat AND B.idcat=C.idcat AND C.idlang='".Contenido_Security::toInteger($rights_lang)."' AND B.idclient='".Contenido_Security::toInteger($rights_client)."' ORDER BY idtree"; $db->query($sql); $counter=array(); $parentid="leer"; $aRowname = array(); $iLevel = 0; while ($db->next_record()) { if ($db->f("level") == 0 && $db->f("preid") != 0) { echo "