includes/pageutils.php
changeset 218 e878bcf0227e
parent 214 a6ed8b6cdbe1
child 219 b1530b6a06d2
equal deleted inserted replaced
217:2b13497fe820 218:e878bcf0227e
  1908    */
  1908    */
  1909    
  1909    
  1910   function acl_editor($parms = Array())
  1910   function acl_editor($parms = Array())
  1911   {
  1911   {
  1912     global $db, $session, $paths, $template, $plugins; // Common objects
  1912     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1913     global $lang;
       
  1914     
  1913     if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
  1915     if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
  1914     {
  1916     {
  1915       return Array(
  1917       return Array(
  1916         'mode' => 'error',
  1918         'mode' => 'error',
  1917         'error' => 'You are not authorized to view or edit access control lists.'
  1919         'error' => $lang->get('acl_err_access_denied')
  1918         );
  1920         );
  1919     }
  1921     }
  1920     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
  1922     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
  1921     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
  1923     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
  1922     $page_id =& $parms['page_id'];
  1924     $page_id =& $parms['page_id'];
  1930     $return = Array();
  1932     $return = Array();
  1931     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
  1933     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
  1932     {
  1934     {
  1933       return Array(
  1935       return Array(
  1934         'mode' => 'error',
  1936         'mode' => 'error',
  1935         'error' => 'It seems that (a) the file acledit.tpl is missing from this theme, and (b) the JSON response is working.',
  1937         'error' => $lang->get('acl_err_missing_template'),
  1936       );
  1938       );
  1937     }
  1939     }
  1938     $return['template'] = $template->extract_vars('acledit.tpl');
  1940     $return['template'] = $template->extract_vars('acledit.tpl');
  1939     $return['page_id'] = $page_id;
  1941     $return['page_id'] = $page_id;
  1940     $return['namespace'] = $namespace;
  1942     $return['namespace'] = $namespace;
  1991                 $return['type'] = 'new';
  1993                 $return['type'] = 'new';
  1992                 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
  1994                 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
  1993                 if(!$q)
  1995                 if(!$q)
  1994                   return(Array('mode'=>'error','error'=>mysql_error()));
  1996                   return(Array('mode'=>'error','error'=>mysql_error()));
  1995                 if($db->numrows() < 1)
  1997                 if($db->numrows() < 1)
  1996                   return Array('mode'=>'error','error'=>'The username you entered was not found.');
  1998                   return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'));
  1997                 $row = $db->fetchrow();
  1999                 $row = $db->fetchrow();
  1998                 $return['target_name'] = $return['target_id'];
  2000                 $return['target_name'] = $return['target_id'];
  1999                 $return['target_id'] = intval($row['user_id']);
  2001                 $return['target_id'] = intval($row['user_id']);
  2000                 $return['current_perms'] = $session->acl_types;
  2002                 $return['current_perms'] = $session->acl_types;
  2001               }
  2003               }
  2038                 $return['type'] = 'new';
  2040                 $return['type'] = 'new';
  2039                 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
  2041                 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
  2040                 if(!$q)
  2042                 if(!$q)
  2041                   return(Array('mode'=>'error','error'=>mysql_error()));
  2043                   return(Array('mode'=>'error','error'=>mysql_error()));
  2042                 if($db->numrows() < 1)
  2044                 if($db->numrows() < 1)
  2043                   return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
  2045                   return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
  2044                 $row = $db->fetchrow();
  2046                 $row = $db->fetchrow();
  2045                 $return['target_name'] = $row['group_name'];
  2047                 $return['target_name'] = $row['group_name'];
  2046                 $return['target_id'] = intval($row['group_id']);
  2048                 $return['target_id'] = intval($row['group_id']);
  2047                 $return['current_perms'] = $session->acl_types;
  2049                 $return['current_perms'] = $session->acl_types;
  2048               }
  2050               }
  2080           break;
  2082           break;
  2081         case 'save_new':
  2083         case 'save_new':
  2082         case 'save_edit':
  2084         case 'save_edit':
  2083           if ( defined('ENANO_DEMO_MODE') )
  2085           if ( defined('ENANO_DEMO_MODE') )
  2084           {
  2086           {
  2085             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  2087             return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
  2086           }
  2088           }
  2087           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2089           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2088             ' . $page_where_clause_lite . ';');
  2090             ' . $page_where_clause_lite . ';');
  2089           if(!$q)
  2091           if(!$q)
  2090             return Array('mode'=>'error','error'=>mysql_error());
  2092             return Array('mode'=>'error','error'=>mysql_error());
  2091           $rules = $session->perm_to_string($parms['perms']);
  2093           $rules = $session->perm_to_string($parms['perms']);
  2092           if ( sizeof ( $rules ) < 1 )
  2094           if ( sizeof ( $rules ) < 1 )
  2093           {
  2095           {
  2094             return array(
  2096             return array(
  2095                 'mode' => 'error', 
  2097                 'mode' => 'error', 
  2096                 'error' => 'Supplied rule list has a length of zero'
  2098                 'error' => $lang->get('acl_err_zero_list')
  2097               );
  2099               );
  2098           }
  2100           }
  2099           $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
  2101           $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
  2100                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
  2102                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
  2101                                           'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
  2103                                           'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
  2111             );
  2113             );
  2112           break;
  2114           break;
  2113         case 'delete':
  2115         case 'delete':
  2114           if ( defined('ENANO_DEMO_MODE') )
  2116           if ( defined('ENANO_DEMO_MODE') )
  2115           {
  2117           {
  2116             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  2118             return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
  2117           }
  2119           }
  2118           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2120           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2119             ' . $page_where_clause_lite . ';');
  2121             ' . $page_where_clause_lite . ';');
  2120           if(!$q)
  2122           if(!$q)
  2121             return Array('mode'=>'error','error'=>mysql_error());
  2123             return Array('mode'=>'error','error'=>mysql_error());