Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/pageutils.php
changeset 218 e878bcf0227e
parent 214 a6ed8b6cdbe1
child 219 b1530b6a06d2
equal deleted inserted replaced
217:2b13497fe820 218:e878bcf0227e 
  1908    */
 
  1908    */
 
  1909    
  1909    
  1910   function acl_editor($parms = Array())
 
  1910   function acl_editor($parms = Array())
 
  1911   {
 
  1911   {
 
  1912     global $db, $session, $paths, $template, $plugins; // Common objects
 
  1912     global $db, $session, $paths, $template, $plugins; // Common objects
 
       
  1913     global $lang;
 
       
  1914     
  1913     if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
 
  1915     if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
 
  1914     {
 
  1916     {
 
  1915       return Array(
 
  1917       return Array(
 
  1916         'mode' => 'error',
 
  1918         'mode' => 'error',
 
  1917         'error' => 'You are not authorized to view or edit access control lists.'
 
  1919         'error' => $lang->get('acl_err_access_denied')
 
  1918         );
 
  1920         );
 
  1919     }
 
  1921     }
 
  1920     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
 
  1922     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
 
  1921     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
 
  1923     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
 
  1922     $page_id =& $parms['page_id'];
 
  1924     $page_id =& $parms['page_id'];
 
  1930     $return = Array();
 
  1932     $return = Array();
 
  1931     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
 
  1933     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
 
  1932     {
 
  1934     {
 
  1933       return Array(
 
  1935       return Array(
 
  1934         'mode' => 'error',
 
  1936         'mode' => 'error',
 
  1935         'error' => 'It seems that (a) the file acledit.tpl is missing from this theme, and (b) the JSON response is working.',
 
  1937         'error' => $lang->get('acl_err_missing_template'),
 
  1936       );
 
  1938       );
 
  1937     }
 
  1939     }
 
  1938     $return['template'] = $template->extract_vars('acledit.tpl');
 
  1940     $return['template'] = $template->extract_vars('acledit.tpl');
 
  1939     $return['page_id'] = $page_id;
 
  1941     $return['page_id'] = $page_id;
 
  1940     $return['namespace'] = $namespace;
 
  1942     $return['namespace'] = $namespace;
 
  1991                 $return['type'] = 'new';
 
  1993                 $return['type'] = 'new';
 
  1992                 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
 
  1994                 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
 
  1993                 if(!$q)
 
  1995                 if(!$q)
 
  1994                   return(Array('mode'=>'error','error'=>mysql_error()));
 
  1996                   return(Array('mode'=>'error','error'=>mysql_error()));
 
  1995                 if($db->numrows() < 1)
 
  1997                 if($db->numrows() < 1)
 
  1996                   return Array('mode'=>'error','error'=>'The username you entered was not found.');
 
  1998                   return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'));
 
  1997                 $row = $db->fetchrow();
 
  1999                 $row = $db->fetchrow();
 
  1998                 $return['target_name'] = $return['target_id'];
 
  2000                 $return['target_name'] = $return['target_id'];
 
  1999                 $return['target_id'] = intval($row['user_id']);
 
  2001                 $return['target_id'] = intval($row['user_id']);
 
  2000                 $return['current_perms'] = $session->acl_types;
 
  2002                 $return['current_perms'] = $session->acl_types;
 
  2001               }
 
  2003               }
 
  2038                 $return['type'] = 'new';
 
  2040                 $return['type'] = 'new';
 
  2039                 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
 
  2041                 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
 
  2040                 if(!$q)
 
  2042                 if(!$q)
 
  2041                   return(Array('mode'=>'error','error'=>mysql_error()));
 
  2043                   return(Array('mode'=>'error','error'=>mysql_error()));
 
  2042                 if($db->numrows() < 1)
 
  2044                 if($db->numrows() < 1)
 
  2043                   return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
 
  2045                   return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
 
  2044                 $row = $db->fetchrow();
 
  2046                 $row = $db->fetchrow();
 
  2045                 $return['target_name'] = $row['group_name'];
 
  2047                 $return['target_name'] = $row['group_name'];
 
  2046                 $return['target_id'] = intval($row['group_id']);
 
  2048                 $return['target_id'] = intval($row['group_id']);
 
  2047                 $return['current_perms'] = $session->acl_types;
 
  2049                 $return['current_perms'] = $session->acl_types;
 
  2048               }
 
  2050               }
 
  2080           break;
 
  2082           break;
 
  2081         case 'save_new':
 
  2083         case 'save_new':
 
  2082         case 'save_edit':
 
  2084         case 'save_edit':
 
  2083           if ( defined('ENANO_DEMO_MODE') )
 
  2085           if ( defined('ENANO_DEMO_MODE') )
 
  2084           {
 
  2086           {
 
  2085             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
 
  2087             return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
 
  2086           }
 
  2088           }
 
  2087           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
 
  2089           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
 
  2088             ' . $page_where_clause_lite . ';');
 
  2090             ' . $page_where_clause_lite . ';');
 
  2089           if(!$q)
 
  2091           if(!$q)
 
  2090             return Array('mode'=>'error','error'=>mysql_error());
 
  2092             return Array('mode'=>'error','error'=>mysql_error());
 
  2091           $rules = $session->perm_to_string($parms['perms']);
 
  2093           $rules = $session->perm_to_string($parms['perms']);
 
  2092           if ( sizeof ( $rules ) < 1 )
 
  2094           if ( sizeof ( $rules ) < 1 )
 
  2093           {
 
  2095           {
 
  2094             return array(
 
  2096             return array(
 
  2095                 'mode' => 'error', 
  2097                 'mode' => 'error', 
  2096                 'error' => 'Supplied rule list has a length of zero'
 
  2098                 'error' => $lang->get('acl_err_zero_list')
 
  2097               );
 
  2099               );
 
  2098           }
 
  2100           }
 
  2099           $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
 
  2101           $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
 
  2100                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
 
  2102                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
 
  2101                                           'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
 
  2103                                           'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
 
  2111             );
 
  2113             );
 
  2112           break;
 
  2114           break;
 
  2113         case 'delete':
 
  2115         case 'delete':
 
  2114           if ( defined('ENANO_DEMO_MODE') )
 
  2116           if ( defined('ENANO_DEMO_MODE') )
 
  2115           {
 
  2117           {
 
  2116             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
 
  2118             return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
 
  2117           }
 
  2119           }
 
  2118           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
 
  2120           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
 
  2119             ' . $page_where_clause_lite . ';');
 
  2121             ' . $page_where_clause_lite . ';');
 
  2120           if(!$q)
 
  2122           if(!$q)
 
  2121             return Array('mode'=>'error','error'=>mysql_error());
 
  2123             return Array('mode'=>'error','error'=>mysql_error());
Enano CMS (1.1.x)