tiki  21.2
About: Tiki Wiki is a Groupware/CMS (Content Management System) solution that has features like Wikis, Forums, Blogs, Articles, Image Gallery, Map Server, Link Directory, Multilingual Support, Bug Tracker, RSS Feeds etc. Latest release 21 with Long Term Support (LTS).
  Fossies Dox: tiki-21.2.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

tiki-objectpermissions.php
Go to the documentation of this file.
1 <?php
5 // (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6 //
7 // All Rights Reserved. See copyright.txt for details and a complete list of authors.
8 // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9 // $Id$
10 
11 include_once('tiki-setup.php');
12 if (! empty($_REQUEST['objectType']) && $_REQUEST['objectType'] != 'global') {
13  if (! isset($_REQUEST['objectName']) || empty($_REQUEST['objectId'])) {
14  $smarty->assign('msg', tra('Not enough information to display this page'));
15  $smarty->display('error.tpl');
16  die;
17  }
18 }
19 
20 if (empty($_REQUEST['objectType'])) {
21  $_REQUEST['objectType'] = 'global';
22  $_REQUEST['objectName'] = '';
23  $_REQUEST['objectId'] = '';
24 }
25 
27  'referer',
28  'reloff',
29  'objectName',
30  'objectType',
31  'permType',
32  'objectId',
33  'filegals_manager',
34  'insertion_syntax',
35  //'show_disabled_features', // this seems to cause issues - the $_GET version overrides the $_POST one...
36 ];
37 
38 $perm = 'tiki_p_assign_perm_' . preg_replace('/[ +]/', '_', $_REQUEST['objectType']);
39 if ($_REQUEST['objectType'] == 'wiki page') {
40  if ($tiki_p_admin_wiki == 'y') {
41  $special_perm = 'y';
42  } else {
43  $info = $tikilib->get_page_info($_REQUEST['objectName']);
44  $tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType'], $info);
45  }
46 } elseif ($_REQUEST['objectType'] == 'global') {
47  $access->check_permission('tiki_p_admin');
48 } else {
49  $tikilib->get_perm_object($_REQUEST['objectId'], $_REQUEST['objectType']);
50  if ($_REQUEST['objectType'] == 'tracker') {
52  if ($groupCreatorFieldId = $definition->getWriterGroupField()) {
53  $smarty->assign('group_tracker', 'y');
54  }
55  }
56 }
57 
58 if (! ($tiki_p_admin_objects == 'y' || (isset($$perm) && $$perm == 'y') || (isset($special_perm) && $special_perm == 'y'))) {
59  $smarty->assign('errortype', 401);
60  $smarty->assign('msg', tra('You do not have permission to assign permissions for this object'));
61  $smarty->display('error.tpl');
62  die;
63 }
64 
65 if (! isset($_REQUEST['referer'])) {
66  if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'tiki-objectpermissions.php') === false) {
67  $_REQUEST['referer'] = $_SERVER['HTTP_REFERER'];
68  } else {
69  unset($_REQUEST['referer']);
70  }
71 }
72 
73 if (isset($_REQUEST['referer'])) {
74  $smarty->assign('referer', $_REQUEST['referer']);
75 } else {
76  $smarty->assign('referer', '');
77 }
78 
79 $_REQUEST['objectId'] = urldecode($_REQUEST['objectId']);
80 $_REQUEST['objectType'] = urldecode($_REQUEST['objectType']);
81 $_REQUEST['parentId'] = ! empty($_REQUEST['parentId']) ? urldecode($_REQUEST['parentId']) : null;
82 $_REQUEST['permType'] = ! empty($_REQUEST['permType']) ? urldecode($_REQUEST['permType']) : 'global';
83 $smarty->assign('objectName', $_REQUEST['objectName']);
84 $smarty->assign('objectId', $_REQUEST['objectId']);
85 $smarty->assign('objectType', $_REQUEST['objectType']);
86 $smarty->assign_by_ref('permType', $_REQUEST['permType']);
87 
88 if ($_REQUEST['objectType'] == 'wiki') {
89  $_REQUEST['objectType'] = 'wiki page';
90 }
91 
93 $currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
94 
97 
98 if ($restrictions = perms_get_restrictions()) {
99  $permissionApplier->restrictPermissions($restrictions);
100 }
101 
102 if ($_REQUEST['objectType'] == 'wiki page') {
103  $structlib = TikiLib::lib('struct');
104  $pageInfoTree = $structlib->s_get_structure_pages($structlib->get_struct_ref_id($_REQUEST['objectId']));
105  if (count($pageInfoTree) > 1) {
106  $smarty->assign('inStructure', 'y');
107  }
108 
109  // If assign to structure is requested, add subelements to the applier
110  if (! empty($_REQUEST['assignstructure']) && $_REQUEST['assignstructure'] == 'on' && ! empty($pageInfoTree)) {
111  foreach ($pageInfoTree as $subPage) {
112  $sub = $objectFactory->get($_REQUEST['objectType'], $subPage['pageName']);
113  $permissionApplier->addObject($sub);
114  }
115  }
116  $cachelib = TikiLib::lib('cache');
117  $cachelib->empty_type_cache('menu_');
118  $cachelib->empty_type_cache('structure_');
119 }
120 
121 if ($_REQUEST['objectType'] == 'category' ) {
122  $categlib = TikiLib::lib('categ');
123  $categ = $categlib->get_category($_REQUEST['objectId']);
124  $groupRole = false;
125  if(isset($_REQUEST['propagate_category'])) {
126  $descendants = $categlib->get_category_descendants($_REQUEST['objectId']);
127  foreach ($descendants as $child) {
128  $o = $objectFactory->get($_REQUEST['objectType'], $child, $_REQUEST['objectId']);
129  $permissionApplier->addObject($o);
130  }
131  }
132  $templatedGroupId = TikiLib::lib('attribute')->get_attribute("category", $_REQUEST['objectId'], "tiki.category.templatedgroupid");
133  if($categ["parentId"] > 0 && $templatedGroupId){
134 
135  $roles = TikiLib::lib("roles")->getAvailableCategoriesRolesIds($categ["parentId"]);
136  $groupRole = ! empty($roles);
137 
138  }
139  $smarty->assign('groupRole', $groupRole);
140 }
141 
142 // apply feature filter change
143 if (isset($_REQUEST['feature_select'])) {
144  if (! isset($_REQUEST['feature_filter'])) {
145  $_REQUEST['feature_filter'] = [];
146  }
147  $tikilib->set_user_preference($user, 'objectperm_admin_features', serialize($_REQUEST['feature_filter']));
148  $cookietab = '1';
149 }
150 
151 $feature_filter = unserialize($tikilib->get_user_preference($user, 'objectperm_admin_features'));
152 
153 // apply group filter change
154 if (isset($_REQUEST['group_select'])) {
155  if (! isset($_REQUEST['group_filter'])) {
156  $_REQUEST['group_filter'] = [];
157  }
158  $tikilib->set_user_preference($user, 'objectperm_admin_groups', serialize($_REQUEST['group_filter']));
159  $cookietab = '1';
160 }
161 
162 $group_filter = unserialize($tikilib->get_user_preference($user, 'objectperm_admin_groups'));
163 
164 // Get a list of groups
165 $groups = $userlib->get_groups_for_permissions();
166 $smarty->assign_by_ref('groups', $groups['data']);
167 
169 
170 if ($group_filter === false) {
171  $c = 0;
172  foreach ($groups['data'] as $g) { // filter out if too many groups and hide Admins by default
173  if ($c < $OBJECTPERM_ADMIN_MAX_GROUPS && $g['groupName'] != 'Admins') {
174  $group_filter[] = $g['id'];
175  $c++;
176  }
177  }
178  if (count($groups['data']) > $OBJECTPERM_ADMIN_MAX_GROUPS) {
179  $cookietab = '2';
180  $smarty->assign('groupsFiltered', 'y');
181  }
182  $tikilib->set_user_preference($user, 'objectperm_admin_groups', serialize($group_filter));
183 }
184 
185 if (isset($_REQUEST['group'])) {
186  $grp_id = 0;
187  foreach ($groups['data'] as $grp) {
188  if ($grp['groupName'] == $_REQUEST['group']) {
189  $grp_id = $grp['id'];
190  break;
191  }
192  }
193  if ($grp_id > 0 && ! in_array($grp_id, $group_filter)) {
194  $group_filter[] = $grp_id;
195  }
196 }
197 
198 // Process the form to assign a new permission to this object
199 if (isset($_REQUEST['assign']) && ! isset($_REQUEST['quick_perms'])) {
200  $access->check_authenticity(tr('Are you sure you want to modify permissions?'));
201  if (isset($_REQUEST['perm']) && ! empty($_REQUEST['perm'])) {
202  foreach ($_REQUEST['perm'] as $group => $gperms) {
203  foreach ($gperms as $perm) {
204  if ($tiki_p_admin_objects != 'y' && ! $userlib->user_has_perm_on_object($user, $_REQUEST['objectId'], $_REQUEST['objectType'], $perm)) {
205  $smarty->assign('errortype', 401);
206  $smarty->assign('msg', tra('Permission denied'));
207  $smarty->display('error.tpl');
208  die;
209  }
210  }
211  }
212  }
213  $newPermissions = get_assign_permissions();
214  $permissionApplier->apply($newPermissions);
215  if (isset($_REQUEST['group'])) {
216  $smarty->assign('groupName', $_REQUEST['group']);
217  }
218 
219  //identify permissions changed for feedback message
220  $newPerms = $_REQUEST['perm'];
221  $oldPerms = $_REQUEST['old_perm'];
222  $groupNames = array_unique(array_merge(array_keys($newPerms), array_keys($oldPerms)));
223  $changed = [];
224  foreach ($groupNames as $groupName) {
225  $newPerms[$groupName] = ! isset($newPerms[$groupName]) ? [] : $newPerms[$groupName];
226  $oldPerms[$groupName] = ! isset($oldPerms[$groupName]) ? [] : $oldPerms[$groupName];
227  $changed['added'][$groupName] = array_diff($newPerms[$groupName], $oldPerms[$groupName]);
228  $changed['deleted'][$groupName] = array_diff($oldPerms[$groupName], $newPerms[$groupName]);
229  }
230 
231  $groupInheritance = [];
232  foreach ($groups['data'] as $row) {
233  if ($group_filter !== false && in_array($row['id'], $group_filter)) {
234  $groupList[] = $row['groupName'];
235  $groupInheritance[] = $userlib->get_included_groups($row['groupName']);
236  }
237  }
238 
239  foreach ($changed['added'] as $groupName => $addPerms) { // group messages about permissions added by parent group
240  if (count($addPerms) == 0) {
241  continue;
242  }
243 
244  $isParentGroup = false;
245  foreach ($groupInheritance as $index => $gi) {
246  if (is_array($gi) && in_array($groupName, $gi)) {
247  $delPerms = $changed['deleted'][$groupList[$index]];
248  $changed['deleted'][$groupList[$index]] = array_diff($delPerms, $addPerms);
249  $isParentGroup = true;
250  }
251  }
252 
253  if ($isParentGroup) {
254  $changed['added'][tr('%0 and all the children groups', $groupName)] = $changed['added'][$groupName];
255  unset($changed['added'][$groupName]);
256  }
257  }
258 
259  foreach ($changed['deleted'] as $groupName => $delPerms) { // group messages about permissions removed by parent group
260  if (count($delPerms) == 0) {
261  continue;
262  }
263 
264  $isParentGroup = false;
265  foreach ($groupInheritance as $index => $gi) {
266  if (is_array($gi) && in_array($groupName, $gi)) {
267  $isParentGroup = true;
268  break;
269  }
270  }
271 
272  if ($isParentGroup) {
273  $changed['deleted'][tr('%0 and all the children groups', $groupName)] = $changed['deleted'][$groupName];
274  unset($changed['deleted'][$groupName]);
275  }
276  }
277 
278  if (in_array('tiki_p_admin', $changed['deleted']['Admins'])) {
279  unset($changed['deleted']['Admins'][array_search('tiki_p_admin', $changed['deleted']['Admins'])]);
280  }
281 
282  //clean up array of changed permissions and indicate section for feedback
283  $permInfo = $userlib->get_enabled_permissions();
284  $changeCount = 0;
285  foreach ($changed as $directionName => $directionInfo) {
286  foreach ($directionInfo as $groupName => $groupInfo) {
287  if (empty($groupInfo)) {
288  unset($changed[$directionName][$groupName]);
289  } else {
290  foreach ($groupInfo as $no => $p) {
291  $changed[$directionName][$groupName][$no] = $p . ' (' . $permInfo[$p]['type'] . ')';
292  $changeCount++;
293  }
294  }
295  }
296  if (empty($changed[$directionName])) {
297  unset($changed[$directionName]);
298  }
299  }
300  if ($changeCount > 0) {
301  Feedback::add(['type' => $_REQUEST['permType'],
302  'mes' => $changed,
303  'objname' => $_REQUEST['objectName'],
304  'objid' => $_REQUEST['objectId'],
305  'objtype' => $_REQUEST['objectType'],
306  'count' => $changeCount,
307  'tpl' => 'perm']);
308  } else {
309  Feedback::note(tr('No permissions were changed'));
310  }
311 }
312 
313 if (isset($_REQUEST['remove'])) {
314  $access->check_authenticity(tra('Are you sure you want to remove the direct permissions from this object?'));
315  $newPermissions = new Perms_Reflection_PermissionSet;
316  $permissionApplier->apply($newPermissions);
317 }
318 
319 if (isset($_REQUEST['copy'])) {
320  $newPermissions = get_assign_permissions();
321  $filter = TikiFilter::get('text');
322  $to_copy = [
323  'perms' => $newPermissions->getPermissionArray(),
324  'object' => $filter->filter($_REQUEST['objectId']),
325  'type' => $filter->filter($_REQUEST['objectType'])
326  ];
327  $_SESSION['perms_clipboard'] = $to_copy;
328 }
329 
330 if (! empty($_SESSION['perms_clipboard'])) {
331  $perms_clipboard = $_SESSION['perms_clipboard'];
332  $smarty->assign(
333  'perms_clipboard_source',
334  $perms_clipboard['type'] . (empty($perms_clipboard['object']) ? '' : ' : ') . $perms_clipboard['object']
335  );
336 
337  if (isset($_REQUEST['paste'])) {
338  $access->check_authenticity(tra('Are you sure you want to paste the copied permissions into this object?'));
339  unset($_SESSION['perms_clipboard']);
340 
342 
343  if (isset($perms_clipboard['perms'])) {
344  foreach ($perms_clipboard['perms'] as $group => $gperms) {
345  foreach ($gperms as $perm) {
346  $set->add($group, $perm);
347  }
348  }
349  }
350  $permissionApplier->apply($set);
351  $smarty->assign('perms_clipboard_source', '');
352  }
353 }
354 
355 // Prepare display
356 // Get the individual object permissions if any
358 
359 //Quickperms apply {{{
360 //Test to map permissions of ile galleries into read write admin admin levels.
361 if ($prefs['feature_quick_object_perms'] == 'y') {
362  $qperms = quickperms_get_data();
363  $smarty->assign('quickperms', $qperms);
364  $quickperms = new Perms_Reflection_Quick;
365 
366  foreach ($qperms as $type => $data) {
367  $quickperms->configure($type, $data['data']);
368  }
369 
370  $groupNames = [];
371  foreach ($groups['data'] as $key => $group) {
372  $groupNames[] = $group['groupName'];
373  }
374 
375  $map = $quickperms->getAppliedPermissions($displayedPermissions, $groupNames);
376 
377  foreach ($groups['data'] as $key => $group) {
378  $groups['data'][$key]['groupSumm'] = $map[ $group['groupName'] ];
379  }
380 
381  if (isset($_REQUEST['assign']) && isset($_REQUEST['quick_perms'])) {
382  $access->check_authenticity(tr('Are you sure you want to modify permissions?'));
383 
384  $groups = $userlib->get_groups(0, -1, 'groupName_asc', '', '', 'n');
385 
386  $userInput = [];
387  foreach ($groups['data'] as $group) {
388  $groupNameEncoded = rawurlencode($group['groupName']);
389  if (isset($_REQUEST['perm_' . $groupNameEncoded])) {
390  $group = $group['groupName'];
391  $permission = $_REQUEST['perm_' . $groupNameEncoded];
392 
393  $userInput[$group] = $permission;
394  }
395  }
396 
397  $current = $currentObject->getDirectPermissions();
398  $newPermissions = $quickperms->getPermissions($current, $userInput);
399  if (! $newPermissions->has('Admins', 'tiki_p_admin')) {
400  $newPermissions->add('Admins', 'tiki_p_admin');
401  }
402  $permissionApplier->apply($newPermissions);
403  $url = $_SERVER['REQUEST_URI'];
404  $query = array_filter(array_intersect_key($_REQUEST, array_flip(['objectType', 'objectId', 'permType', 'objectName'])));
405  if ($query) {
406  $url .= '?' . http_build_query($query, null, '&');
407  }
408  $access->redirect($url);
409  }
410 }
411 
412 if (isset($_REQUEST['used_groups'])) {
413  $group_filter = [];
414  foreach ($displayedPermissions->getPermissionArray() as $group => $perms) {
415  $group_filter[] = $group;
416  $group_filter = array_merge($group_filter, $userlib->get_including_groups($group, 'y'));
417  }
418  if (empty($group_filter)) {
419  $group_filter = ['Anonymous', 'Registered', 'Admins'];
420  }
421  foreach ($group_filter as $i => $group) {
422  $ginfo = $userlib->get_group_info($group);
423  $group_filter[$i] = $ginfo['id'];
424  }
425  $cookietab = 1;
426 }
427 
428 
429 // get groupNames etc - TODO: jb will tidy...
430 //$checkboxInfo = array();
435 
436 foreach ($groups['data'] as &$row) {
437  if ($group_filter !== false && in_array($row['id'], $group_filter)) {
438  $groupNames[] = $row['groupName'];
439  $permGroups[] = 'perm[' . $row['groupName'] . ']';
440  $groupInheritance[] = $userlib->get_included_groups($row['groupName']);
441  $inh = $userlib->get_included_groups($row['groupName']);
442 
443  $groupIndices[] = $row['groupName'] . '_hasPerm';
444 
445  $row['in_group_filter'] = 'y';
446  } else {
447  $row['in_group_filter'] = 'n';
448  }
449 
450  // info for nested group treetable
451  $parents = array_merge([$row['groupName']], $userlib->get_included_groups($row['groupName']));
452  $parents = preg_replace('/[\s,]+/', '_', $parents);
453  $parents = implode(",", array_reverse($parents));
454  $row['parents'] = $parents;
455 
456 // More TODO - merge all this into a single array - but that means considerable changes to treetable (soon)
457 // $checkboxInfo[] = array('name' => $row['groupName'],
458 // 'key' => 'perm['.$row['groupName'].']',
459 // 'index' => $groupIndex,
460 // 'inheritance' => $inh);
461 }
462 
463 $smarty->assign('permGroups', $permGroups);
464 $smarty->assign('permGroupCols', $groupIndices);
465 $smarty->assign('groupNames', $groupNames);
466 //$smarty->assign('groupInheritance', $groupInheritance);
467 
468 
469 // Get the big list of permissions
470 if (isset($_REQUEST['show_disabled_features']) && ($_REQUEST['show_disabled_features'] == 'on' || $_REQUEST['show_disabled_features'] == 'y')) {
471  $show_disabled_features = 'y';
472 } else {
473  $show_disabled_features = 'n';
474 }
475 $smarty->assign('show_disabled_features', $show_disabled_features);
476 
477 // get "master" list of all perms
478 $candidates = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType'], '', $show_disabled_features != 'y' ? true : false);
479 
480 // list of all features
481 $ftemp = $userlib->get_permission_types();
483 foreach ($ftemp as $f) {
484  $features[] = ['featureName' => $f, 'in_feature_filter' => $feature_filter === false || in_array($f, $feature_filter) ? 'y' : 'n'];
485 }
487 
488 // build $masterPerms list and used (enabled) features
490 
491 foreach ($candidates['data'] as $perm) {
492  $perm['label'] = tra($perm['permDesc']) . ' <em>(' . $perm['permName'] . ')</em>' . '<span style="display:none;">' . tra($perm['level'] . '</span>');
493 
494  foreach ($groupNames as $index => $groupName) {
495  $p = $displayedPermissions->has($groupName, $perm['permName']) ? 'y' : 'n';
496  $perm[$groupName . '_hasPerm'] = $p;
498  }
499 
500  // work out if specific feature is on
501  $pref_feature = false;
502  if (isset($perm['feature_check'])) {
503  foreach (explode(',', $perm['feature_check']) as $fchk) {
504  if ($prefs[$fchk] == 'y') {
505  $pref_feature = true;
506  break;
507  }
508  }
509  } else { // if no feature check you can't turn them off (?)
510  $pref_feature = true;
511  }
512 
513  if (($feature_filter === false || in_array($perm['type'], $feature_filter))
514  && ($restrictions === false || in_array($perm['permName'], $restrictions))
515  && $pref_feature
516  ) {
517  $masterPerms[] = $perm;
518  }
519  if ($show_disabled_features != 'y' && ! in_array($perm['type'], $features_enabled)) {
520  // perms can be dependant on multiple features
521  if ($pref_feature) {
522  $features_enabled[] = $perm['type'];
523  }
524  }
525 }
526 
527 if ($show_disabled_features != 'y') {
528  $features_filtered = [];
529  foreach ($features as $f) {
530  if (in_array($f['featureName'], $features_enabled) && ! in_array($f, $features_filtered)) {
531  $features_filtered[] = $f;
532  }
533  }
534  $features = $features_filtered;
535 }
536 
537 $smarty->assign_by_ref('perms', $masterPerms);
538 $smarty->assign_by_ref('features', $features);
539 
540 // Create JS to set up checkboxs (showing group inheritance)
541 $js = '$("#perms_busy").show();
542 ';
543 $i = 0;
544 foreach ($groupNames as $groupName) {
545  $groupName = addslashes($groupName);
546  $beneficiaries = '';
547  foreach ($groupInheritance as $index => $gi) {
548  if (is_array($gi) && in_array($groupName, $gi)) {
549  $beneficiaries .= ! empty($beneficiaries) ? ',' : '';
550  $beneficiaries .= 'input[name="perm[' . addslashes($groupNames[$index]) . '][]"]';
551  }
552  }
553 
554  $js .= "\$('input[name=\"perm[$groupName][]\"]').eachAsync({
555  delay: 10,
556  bulk: 0,
557 ";
558  if ($i == count($groupNames) - 1) {
559  $js .= "end: function () {
560  \$('#perms_busy').hide();
561  },
562 ";
563  }
564  $js .= "loop: function() { // each one of this group
565 
566  if (\$(this).is(':checked')) {
567  \$('input[value=\"'+\$(this).val()+'\"]'). // other checkboxes of same value (perm)
568  filter('$beneficiaries'). // which inherit from this
569  prop('checked',\$(this).is(':checked')). // check and disable
570  prop('disabled',\$(this).is(':checked'));
571  }
572 
573  \$(this).on( 'change', function(e, parent) { // bind click event
574 
575  if (\$(this).is(':checked')) {
576  \$('input[value=\"'+\$(this).val()+'\"]'). // same...
577  filter('$beneficiaries').each(function() {
578  $(this).
579  prop('checked',true). // check?
580  prop('disabled',true). // disable
581  trigger('change', [this]);
582  });
583  } else {
584  \$('input[value=\"'+\$(this).val()+'\"]'). // same...
585  filter('$beneficiaries').each(function() {
586  $(this).
587  prop('checked',false). // check?
588  prop('disabled',false). // disable
589  trigger('change', [this]);
590  });
591  }
592  });
593 }
594 });
595 
596 ";
597  $i++;
598 } // end of for $groupNames loop
599 
600  // add cell colouring helpers
601  $js .= '
602 $("table.objectperms input[type=checkbox]").change(function () {
603  var $this = $(this);
604  var $parent = $this.parent();
605  if ($this.is(":checked")) {
606  if ($parent.hasClass("removed")) {
607  $parent.removeClass("removed");
608  } else {
609  $parent.addClass("added");
610  }
611  } else {
612  if ($parent.hasClass("added")) {
613  $parent.removeClass("added");
614  } else {
615  $parent.addClass("removed");
616  }
617  }
618 });
619 ';
620 
621 $headerlib->add_jq_onready($js);
622 
623 // setup smarty remarks flags
624 
625 // Display the template
626 $smarty->assign('mid', 'tiki-objectpermissions.tpl');
627 if (isset($_REQUEST['filegals_manager']) && $_REQUEST['filegals_manager'] != '') {
628  $smarty->assign('filegals_manager', $_REQUEST['filegals_manager']);
629  $smarty->display('tiki-print.tpl');
630 } else {
631  $smarty->display('tiki.tpl');
632 }
633 
634 
639 {
640  global $objectFactory;
641 
642  // get existing perms
643  $currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
644  $currentPermissions = $currentObject->getDirectPermissions();
645  if (count($currentPermissions->getPermissionArray()) === 0) {
646  // get "default" perms so disabled feature perms don't get removed
647  $currentPermissions = $currentObject->getParentPermissions();
648  }
649 
650  // set any checked ones
651  if (isset($_REQUEST['perm']) && ! empty($_REQUEST['perm'])) {
652  foreach ($_REQUEST['perm'] as $group => $gperms) {
653  foreach ($gperms as $perm) {
654  $currentPermissions->add($group, $perm);
655  }
656  }
657  }
658 
659  // unset any old_perms not there now
660  if (isset($_REQUEST['old_perm'])) {
661  foreach ($_REQUEST['old_perm'] as $group => $gperms) {
662  foreach ($gperms as $perm) {
663  if (! isset($_REQUEST['perm'][$group]) || ! in_array($perm, $_REQUEST['perm'][$group])) {
664  $currentPermissions->remove($group, $perm);
665  }
666  }
667  }
668  }
669 
670  return $currentPermissions;
671 }
672 
677 {
678  if ($_REQUEST['permType'] == 'file galleries') {
679  return quickperms_get_filegal();
680  } else {
681  return quickperms_get_generic();
682  }
683 }
684 
689 {
690  return [
691  'admin' => [
692  'name' => 'admin',
693  'data' => [
694  'tiki_p_admin_file_galleries' => 'tiki_p_admin_file_galleries',
695  'tiki_p_assign_perm_file_gallery' => 'tiki_p_assign_perm_file_gallery',
696  'tiki_p_batch_upload_files' => 'tiki_p_batch_upload_files',
697  'tiki_p_batch_upload_file_dir' => 'tiki_p_batch_upload_file_dir',
698  'tiki_p_create_file_galleries' => 'tiki_p_create_file_galleries',
699  'tiki_p_download_files' => 'tiki_p_download_files',
700  'tiki_p_edit_gallery_file' => 'tiki_p_edit_gallery_file',
701  'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
702  'tiki_p_upload_files' => 'tiki_p_upload_files',
703  'tiki_p_remove_files' => 'tiki_p_remove_files',
704  'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
705  'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
706  'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
707  ],
708  ],
709  'write' => [
710  'name' => 'write',
711  'data' => [
712  'tiki_p_batch_upload_files' => 'tiki_p_batch_upload_files',
713  'tiki_p_batch_upload_file_dir' => 'tiki_p_batch_upload_file_dir',
714  'tiki_p_create_file_galleries' => 'tiki_p_create_file_galleries',
715  'tiki_p_download_files' => 'tiki_p_download_files',
716  'tiki_p_edit_gallery_file' => 'tiki_p_edit_gallery_file',
717  'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
718  'tiki_p_upload_files' => 'tiki_p_upload_files',
719  'tiki_p_remove_files' => 'tiki_p_remove_files',
720  'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
721  'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
722  'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
723  ],
724  ],
725  'read' => [
726  'name' => 'read',
727  'data' => [
728  'tiki_p_download_files' => 'tiki_p_download_files',
729  'tiki_p_list_file_galleries' => 'tiki_p_list_file_galleries',
730  'tiki_p_view_fgal_explorer' => 'tiki_p_view_fgal_explorer',
731  'tiki_p_view_fgal_path' => 'tiki_p_view_fgal_path',
732  'tiki_p_view_file_gallery' => 'tiki_p_view_file_gallery',
733  ],
734  ],
735  'none' => [
736  'name' => 'none',
737  'data' => [
738  ],
739  ],
740  ];
741 }
742 
747 {
748  $userlib = TikiLib::lib('user');
749 
750  $databaseperms = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType'], '', true);
751  foreach ($databaseperms['data'] as $perm) {
752  if ($perm['level'] == 'basic') {
753  $quickperms_['basic'][$perm['permName']] = $perm['permName'];
754  } elseif ($perm['level'] == 'registered') {
755  $quickperms_['registered'][$perm['permName']] = $perm['permName'];
756  } elseif ($perm['level'] == 'editors') {
757  $quickperms_['editors'][$perm['permName']] = $perm['permName'];
758  } elseif ($perm['level'] == 'admin') {
759  $quickperms_['admin'][$perm['permName']] = $perm['permName'];
760  }
761  }
762 
763  if (! isset($quickperms_['basic'])) {
764  $quickperms_['basic'] = [];
765  }
766  if (! isset($quickperms_['registered'])) {
767  $quickperms_['registered'] = [];
768  }
769  if (! isset($quickperms_['editors'])) {
770  $quickperms_['editors'] = [];
771  }
772  if (! isset($quickperms_['admin'])) {
773  $quickperms_['admin'] = [];
774  }
775 
776  $perms = [];
777  $perms['basic']['name'] = 'basic';
778  $perms['basic']['data'] = array_merge($quickperms_['basic']);
779  $perms['registered']['name'] = 'registered';
780  $perms['registered']['data'] = array_merge($quickperms_['basic'], $quickperms_['registered']);
781  $perms['editors']['name'] = 'editors';
782 
783  $perms['editors']['data'] = array_merge(
784  $quickperms_['basic'],
785  $quickperms_['registered'],
786  $quickperms_['editors']
787  );
788 
789  $perms['admin']['name'] = 'admin';
790 
791  $perms['admin']['data'] = array_merge(
792  $quickperms_['basic'],
793  $quickperms_['registered'],
794  $quickperms_['editors'],
795  $quickperms_['admin']
796  );
797  $perms['none']['name'] = 'none';
798  $perms['none']['data'] = [];
799 
800  return $perms;
801 }
802 
807 {
808  $userlib = TikiLib::lib('user');
809  $perms = Perms::get();
810 
811  if ($perms->admin_objects) {
812  return false;
813  }
814 
815  $masterPerms = $userlib->get_permissions(0, -1, 'permName_asc', '', $_REQUEST['permType']);
816  $masterPerms = $masterPerms['data'];
817 
818  $allowed = [];
819  // filter out non-admin's unavailable perms
820  foreach ($masterPerms as $perm) {
821  $name = $perm['permName'];
822 
823  if ($perms->$name) {
824  $allowed[] = $name;
825  }
826  }
827 
828  return $allowed;
829 }
830 
835 {
836  global $objectFactory;
837  $smarty = TikiLib::lib('smarty');
838 
839  $currentObject = $objectFactory->get($_REQUEST['objectType'], $_REQUEST['objectId'], $_REQUEST['parentId']);
840  $displayedPermissions = $currentObject->getDirectPermissions();
841  $globPerms = $objectFactory->get('global', null)->getDirectPermissions(); // global perms
842 
844 
845  $smarty->assign('permissions_displayed', 'direct');
846  if ($comparator->equal()) {
847  $parent = $currentObject->getParentPermissions(); // inherited perms (could be category ones)
848  $comparator = new Perms_Reflection_PermissionComparator($globPerms, $parent);
849 
850  if ($comparator->equal()) {
851  $smarty->assign('permissions_displayed', 'global');
852  } else { // parent not globals, check parent object or category
853  $parentType = Perms::parentType($_REQUEST['objectType']);
854  $parentObject = $objectFactory->get($parentType, $_REQUEST['parentId']);
855  $parentPerms = $parentObject->getDirectPermissions();
856  $comparator = new Perms_Reflection_PermissionComparator($parentPerms, $parent);
857  if ($comparator->equal()) {
858  $smarty->assign('permissions_displayed', 'parent');
859  $smarty->assign('permissions_parent_id', $_REQUEST['parentId']);
860  $smarty->assign('permissions_parent_type', $parentType);
861  $smarty->assign('permissions_parent_name', TikiLib::lib('object')->get_title($parentType, $_REQUEST['parentId']));
862  } else {
863  $smarty->assign('permissions_displayed', 'category');
864  }
865  }
866  $displayedPermissions = $parent;
867  } else { // direct object perms
868  $comparator = new Perms_Reflection_PermissionComparator($globPerms, $displayedPermissions);
869  $permissions_added = [];
870  $permissions_removed = [];
871  foreach ($comparator->getAdditions() as $p) {
872  if (! isset($permissions_added[$p[0]])) {
873  $permissions_added[$p[0]] = [];
874  }
875  $permissions_added[$p[0]][] = str_replace('tiki_p_', '', $p[1]);
876  }
877  foreach ($comparator->getRemovals() as $p) {
878  if (! isset($permissions_removed[$p[0]])) {
879  $permissions_removed[$p[0]] = [];
880  }
881  $permissions_removed[$p[0]][] = str_replace('tiki_p_', '', $p[1]);
882  }
883  $added = '';
884  $removed = '';
885  foreach ($permissions_added as $gp => $pm) {
886  $added .= '<br />';
887  $added .= '<strong>' . $gp . ':</strong> ' . implode(', ', $pm);
888  }
889  foreach ($permissions_removed as $gp => $pm) {
890  $removed .= '<br />';
891  $removed .= '<strong>' . $gp . ':</strong> ' . implode(', ', $pm);
892  }
893  $smarty->assign('permissions_added', $added);
894  $smarty->assign('permissions_removed', $removed);
895 
896  TikiLib::lib('header')->add_jq_onready('
897 var permsAdded = ' . json_encode($permissions_added) . ';
898 var permsRemoved = ' . json_encode($permissions_removed) . ';
899 for (var group in permsAdded) {
900  if (permsAdded.hasOwnProperty(group)) {
901  for (var i = 0; i < permsAdded[group].length; i++) {
902  $("input[name=\'perm[" + `group` + "][]\'][value=\'tiki_p_" + permsAdded[group][i] + "\']").parent().addClass("added");
903  }
904  }
905 }
906 for (var group in permsRemoved) {
907  if (permsRemoved.hasOwnProperty(group)) {
908  for (var i = 0; i < permsRemoved[group].length; i++) {
909  $("input[name=\'perm[" + `group` + "][]\'][value=\'tiki_p_" + permsRemoved[group][i] + "\']").parent().addClass("removed");
910  }
911  }
912 }
913 ');
914  }
915 
916  return $displayedPermissions;
917 }
$js
$js
Definition: tiki-objectpermissions.php:541
get_displayed_permissions
get_displayed_permissions()
Definition: tiki-objectpermissions.php:834
tra
tra($content, $lg='', $unused=false, $args=[])
Definition: tra.php:37
$perm
$perm
Definition: tiki-objectpermissions.php:38
$headerlib
$headerlib
Definition: include_connect.php:16
$parents
$parents
Definition: tiki-view_forum.php:61
Perms\get
static get($context=[])
Definition: Perms.php:117
Tracker_Definition\get
static get($trackerId)
Definition: Definition.php:16
$_SESSION
$_SESSION["install-logged-$multi"]
Definition: tiki-installer.php:735
$_REQUEST
$_REQUEST['objectId']
Definition: tiki-objectpermissions.php:79
TikiLib\lib
static lib($name)
Definition: tikilib.php:53
$displayedPermissions
if($group_filter===false) if(isset($_REQUEST['group'])) if(isset($_REQUEST['assign']) &&! isset($_REQUEST['quick_perms'])) if(isset($_REQUEST['remove'])) if(isset($_REQUEST['copy'])) if(! empty($_SESSION['perms_clipboard'])) $displayedPermissions
Definition: tiki-objectpermissions.php:357
Feedback\note
static note($feedback, $sendHeaders=false)
Definition: Feedback.php:79
$groupInheritance
$groupInheritance
Definition: tiki-objectpermissions.php:434
tr
tr($content)
Definition: tra.php:22
$permissionApplier
$permissionApplier
Definition: tiki-objectpermissions.php:95
$user
if(strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !=false) global $user
Definition: avatar_force_upload.php:7
$query
$query
Definition: tiki-report_direct_object_perms.php:20
elseif
if(isset($_GET['msg'])) elseif(isset( $_SESSION[ 'msg']))
Definition: tiki-setup.php:370
Perms_Reflection_PermissionSet\add
add($group, $permission)
Definition: PermissionSet.php:12
$objectFactory
if($_REQUEST['objectType']=='wiki') $objectFactory
Definition: tiki-objectpermissions.php:92
php
$data
$data
Definition: banner_image.php:47
$groupIndices
$groupIndices
Definition: tiki-objectpermissions.php:433
$features_enabled
foreach($ftemp as $f) $features_enabled
Definition: tiki-objectpermissions.php:486
$definition
$definition
Definition: tiki-preference_translate.php:20
$filter
if(isset($_REQUEST['maxRecords'])) $filter
Definition: tiki-admin_structures.php:248
Perms_Reflection_PermissionSet
Definition: PermissionSet.php:9
Perms_Reflection_Quick
Definition: Quick.php:9
$p
$p
Definition: rebuildgrammar.php:11
$info
if(strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !=false) global $info
Definition: editmode.php:12
$name
$name
Definition: tiki-admin_integrator.php:19
$smarty
$smarty
Definition: include_connect.php:17
$groupNames
$groupNames
Definition: tiki-objectpermissions.php:432
$_SERVER
$_SERVER
Definition: tiki-installer.php:705
$prefs
if(strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !==false) global $prefs
Definition: include_connect.php:9
quickperms_get_generic
quickperms_get_generic()
Definition: tiki-objectpermissions.php:746
$masterPerms
$masterPerms
Definition: tiki-objectpermissions.php:489
$cookietab
if($prefs['unified_search_textarea_admin']==='n'|| $prefs['javascript_enabled']==='n') if(isset($_REQUEST['textareasetup']) &&(getCookie('admin_textarea', 'tabs') !='#contentadmin_textarea-3') && $access->checkCsrf()) $cookietab
Definition: include_textarea.php:39
Perms_Applier
Definition: Applier.php:9
$access
$access
Definition: include_rating.php:15
$structlib
$structlib
Definition: tiki-admin_mailin_routes.php:14
$cachelib
$cachelib
Definition: tiki-admin_system.php:17
$url
$url
Definition: include_socialnetworks.php:15
$features
$features
Definition: tiki-objectpermissions.php:482
Perms_Reflection_Quick\configure
configure($name, array $permissions)
Definition: Quick.php:16
$current
if(! empty($_REQUEST['reset_all_custom_tools'])) if(isset($_REQUEST['save'], $_REQUEST['pref'])) if((isset($_REQUEST['reset']) && $section !='global')||(isset($_REQUEST['reset_global']) && $section=='global')) if(! empty($_REQUEST['save_tool']) &&! empty($_REQUEST['tool_name'])) $current
Definition: tiki-admin_toolbars.php:129
$group_filter
if(isset($_REQUEST['group_select'])) $group_filter
Definition: tiki-objectpermissions.php:162
$categlib
if(strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !==false) $categlib
Definition: binderlib.php:18
$auto_query_args
if(! empty($_REQUEST['objectType']) && $_REQUEST['objectType'] !='global') if(empty($_REQUEST['objectType'])) $auto_query_args
Definition: tiki-objectpermissions.php:26
Perms\parentType
static parentType($type)
Definition: Perms.php:383
$type
if(! $data) $type
Definition: banner_image.php:51
$roles
$roles
Definition: tiki-admin_categories.php:15
Perms_Reflection_PermissionComparator
Definition: PermissionComparator.php:9
$currentObject
$currentObject
Definition: tiki-objectpermissions.php:93
$f
$f
Definition: fetch_windows_zones.php:29
$groupList
if(basename($_SERVER['SCRIPT_NAME'])===basename(__FILE__)) $groupList
Definition: perms.php:12
TikiFilter\get
static get($filter)
Definition: TikiFilter.php:28
$row
$row
Definition: migrateto20.php:332
$permGroups
if($prefs['feature_quick_object_perms']=='y') if(isset($_REQUEST['used_groups'])) $permGroups
Definition: tiki-objectpermissions.php:431
$groups
$groups
Definition: tiki-objectpermissions.php:165
$map
if($tikilib->get_preference("feature_comm", 'n') !='y') $map
Definition: commxmlrpc.php:18
$feature_filter
if($restrictions=perms_get_restrictions()) if($_REQUEST['objectType']=='wiki page') if($_REQUEST['objectType']=='category') if(isset($_REQUEST['feature_select'])) $feature_filter
Definition: tiki-objectpermissions.php:151
Perms_Reflection_Factory\getDefaultFactory
static getDefaultFactory()
Definition: Factory.php:41
quickperms_get_data
quickperms_get_data()
Definition: tiki-objectpermissions.php:676
$candidates
$candidates
Definition: tiki-objectpermissions.php:478
$tikilib
global $tikilib
Definition: include_textarea.php:42
perms_get_restrictions
perms_get_restrictions()
Definition: tiki-objectpermissions.php:806
$index
$index
Definition: tiki-edit_draw.php:231
quickperms_get_filegal
quickperms_get_filegal()
Definition: tiki-objectpermissions.php:688
Feedback\add
static add($feedback, $sendHeaders=false)
Definition: Feedback.php:145
get_assign_permissions
get_assign_permissions()
Definition: tiki-objectpermissions.php:638
$ftemp
$ftemp
Definition: tiki-objectpermissions.php:481
$perms
$perms
Definition: perms.php:111
$userlib
$userlib
Definition: include_connect.php:15
GuzzleHttp\json_encode
json_encode($value, $options=0, $depth=512)
Definition: functions.php:324
die
die
Definition: about.php:68
$i
$i
Definition: tiki-objectpermissions.php:543
$OBJECTPERM_ADMIN_MAX_GROUPS
$OBJECTPERM_ADMIN_MAX_GROUPS
Definition: tiki-objectpermissions.php:168