Project

General

Profile

1 1710 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         start
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7 1907 Luisehahne
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9 1710 Luisehahne
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1907 Luisehahne
 * @filesource      $HeadURL$
14 1710 Luisehahne
 * @lastmodified    $Date$
15
 *
16
 */
17
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20 1838 Luisehahne
if(!defined('WB_URL')) {
21
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 1710 Luisehahne
}
24
/* -------------------------------------------------------- */
25
26
/**
27
 *
28
 *
29
 * @access public getSystemDefaultPermissions()
30
 * @param none
31
 * @return array System Default Permissions
32
 *
33
 */
34
function getSystemDefaultPermissions ()
35
{
36
	$retVal = array(
37
		'access' => 0,
38
		'addons' => 0,
39
		'admintools' => 0,
40
		'admintools_view' => 0,
41
		'groups' => 0,
42
		'groups_add' => 0,
43
		'groups_delete' => 0,
44
		'groups_modify' => 0,
45
		'groups_view' => 0,
46
		'languages' => 0,
47
		'languages_install' => 0,
48
		'languages_uninstall' => 0,
49
		'languages_view' => 0,
50
		'media' => 0,
51
		'media_create' => 0,
52
		'media_delete' => 0,
53
		'media_rename' => 0,
54
		'media_upload' => 0,
55
		'media_view' => 0,
56
		'modules' => 0,
57
		'modules_install' => 0,
58
		'modules_uninstall' => 0,
59
		'modules_view' => 0,
60 1838 Luisehahne
        'modules_advanced' => 0,
61 1710 Luisehahne
		'pages' => 0,
62
		'pages_add' => 0,
63
		'pages_add_l0' => 0,
64
		'pages_delete' => 0,
65
		'pages_intro' => 0,
66
		'pages_modify' => 0,
67
		'pages_settings' => 0,
68
		'pages_view' => 0,
69
		'preferences' => 1,
70
		'preferences_view' => 1,
71
		'settings' => 0,
72
		'settings_basic' => 0,
73
		'settings_advanced' => 0,
74
		'settings_view' => 0,
75
		'templates' => 0,
76
		'templates_install' => 0,
77
		'templates_uninstall' => 0,
78
		'templates_view' => 0,
79
		'users' => 0,
80
		'users_add' => 0,
81
		'users_delete' => 0,
82
		'users_modify' => 0,
83
		'users_view' => 0
84
	);
85
	return $retVal;
86
}
87
88
/* *****************************************************************************
89
 * Prepare $module_permissions for workout
90
 * @access public
91
 * @param object $admin: admin-object
92
 * @return array:
93
 */
94
	function set_module_permissions ($admin)
95
	{
96
		// Get template permissions
97
		$modules = array('');
98
		$dirs = scan_current_dir(WB_PATH.'/modules');
99
100
		if(is_array($admin->get_post('module_permissions')))
101
		{
102
			$modules = $admin->get_post('module_permissions');
103
		}
104
// foldername validation
105
 		array_walk($dirs['path'],'check_dir' );
106
// delete empty items
107
		foreach($dirs['path'] AS $key=>$val) {
108
			if(empty($dirs['path'][$key])) { unset($dirs['path'][$key]); }
109
		}
110
// list of unckecked modules directories
111
		$modules = array_diff ( $dirs['path'], $modules );
112
// reindex
113
		$modules = array_merge($modules);
114
		return $modules;
115
	}
116
117
/* *****************************************************************************
118
 * Prepare $template_permissions for workout
119
 * @access public
120
 * @param object $admin: admin-object
121
 * @return array:
122
 */
123
	function set_template_permissions ($admin)
124
	{
125
		// Get template permissions
126
		$templates = array();
127
		$dirs = scan_current_dir(WB_PATH.'/templates');
128
		if(is_array($admin->get_post('template_permissions')))
129
		{
130
			foreach($admin->get_post('template_permissions') AS $selected_name)
131
			{
132
				if( file_exists( WB_PATH.'/templates/'.$selected_name.'/info.php') && in_array ($selected_name, $dirs['path']) )
133
				{
134
					$templates[] = $selected_name;
135
				}
136
			}
137
		}
138
		$templates = (sizeof($templates) > 0) ? array_diff($dirs['path'], $templates) : $dirs['path'];
139
		// return $template_permissions = implode(',', $templates);
140
		return $templates;
141
	}
142
143
/* *****************************************************************************
144
 * Prepare $system_permissions for save
145
 * @access public
146
 * @param
147
 * @return string: parsed HTML-content
148
 */
149
	function set_system_permissions ($system_permissions = array())
150
	{
151
		// Implode system permissions
152
		$imploded_system_permissions = '';
153
		$system_permissions = !is_array($system_permissions) ? array() : $system_permissions;
154
		foreach($system_permissions AS $key => $value)
155
		{
156
			if($value == true)
157
			{
158
				if($imploded_system_permissions == '')
159
				{
160
					$imploded_system_permissions = $key;
161
				} else {
162
					$imploded_system_permissions .= ','.$key;
163
				}
164
			}
165
		}
166
		return $imploded_system_permissions;
167
	}
168
169
/* *****************************************************************************
170
 * array_walk callback functions
171
 */
172
173
	if(!function_exists('check_dir'))
174
	{
175
		function check_dir(&$val, $key ) {
176
			$RetVal = null;
177
			$aArray[$key] = $val;
178
			$RetVal = array_slice ($aArray,!preg_match('/^[a-z]{1}[a-z][a-z_\-0-9]{2,}$/i', $val ));
179
			$RetVal = each ($RetVal);
180
			$val = $RetVal['value'];
181
		}
182
	}
183
184
185
	if(!function_exists('remove_underline')){
186
		function remove_underline(& $val, $key, $vars = array())
187
		{
188
			$val = rtrim($val, ',');
189
			$vars = explode ( '_', $val);
190
			$val = $vars[0];
191
		}
192
	}
193
194
	if(!function_exists('addons')){
195
		function addons(& $val, $key, $vars = '')
196
		{
197
			$val = rtrim($val, '_');
198 1789 Luisehahne
            $val = ($val == 'modules_view') || ($val == 'templates_view') || ($val == 'languages_view') ? 'addons' : $val;
199 1710 Luisehahne
		}
200
	}
201
202
	if(!function_exists('settings')){
203
		function settings(& $val, $key, $vars = '')
204
		{
205
            $val = ($val == 'settings_view') ? 'settings_basic' : $val;
206
//            $val  = ($val == 'settings_basic') || ($val == 'settings_advanced') ? 'settings_view' : $val1;
207
		}
208
	}
209
210
	if(!function_exists('access')){
211
		function access(& $val, $key, $vars = '')
212
		{
213 1789 Luisehahne
            $val = ($val == 'groups_view') || ($val == 'users_view') ? 'access' : $val;
214 1710 Luisehahne
		}
215
	}
216
	function convertArrayToString ($val=null)
217
	{
218
		$settings = '';
219
		if(is_array($val))
220
		{
221
			foreach( $val as $key => $value )
222
			{
223
				$settings .= trim($value.',','\'');
224
			}
225
		} else {
226
			$settings = $val;
227
		}
228
		return trim($settings,',');
229
	}
230
231
	function convertKeyArrayToString ($val=null)
232
	{
233
		$settings = '';
234
		if(is_array($val))
235
		{
236
			foreach( $val as $key => $value )
237
			{
238
				$settings .= trim($key.',','\'');
239
			}
240
		} else {
241
			$settings = $val;
242
		}
243
		return trim($settings,',');
244
	}
245
246
// ---------------------------------------
247
	function convertStringToArray ($val=null)
248
	{
249
		$array = array();
250
		$settings = '';
251
		if(!is_array($val)){
252
			$settings = explode(',', $val);
253
			foreach( $settings as $value )
254
			{
255
				$array[] = $value;
256
			}
257
			} else {
258
				$array = $val;
259
			}
260
		return $array;
261
	}
262
// ---------------------------------------
263
	function convertStringToKeyArray ($val=null)
264
	{
265
		$array = array();
266
		if(!is_array($val)){
267
			$settings = explode(',', $val);
268
			foreach( $settings as $value )
269
			{
270
				$array[$value] = 1;
271
			}
272
			} else {
273
				$array = $val;
274
			}
275
		return $array;
276
	}
277
278
// ---------------------------------------
279
// workout to upgrade the groups system_permissions
280
/**
281
 * get_system_permissions()
282
 *
283
 * @return
284
 */
285
 function get_system_permissions ($admin, $SystemPermissions = null )
286
{
287
	$retVal = null;
288
	$aValidAll = array();
289
	$aValidView = array();
290
	$aValidBlock = array();
291
	$aValidAddons = array();
292
	$aValidAccess = array();
293
	$aValidSettings = array();
294
	$aPermissions = array();
295
	$sValueType = '';
296
	$sTempPermissions = '';
297
	if($SystemPermissions==null) { return false; }
298
299
// be sure is the right string for working inside
300
	if(is_string($SystemPermissions)) {
301
		$SystemPermissions = convertStringToKeyArray($SystemPermissions);
302
	}
303
	if(is_array($SystemPermissions)&& sizeof($SystemPermissions)>0) {
304
		$aPermissions = convertStringToKeyArray($SystemPermissions);
305
		$sTempPermissions = convertKeyArrayToString($aPermissions).',';
306
	}
307
// workout setting preferences
308
	if($admin->is_group_match('preferences_view',$sTempPermissions))
309
	{
310
		$aPermissions[]    = 'preferences';
311
		$sTempPermissions .= 'preferences,';
312
	}
313
// workout setting admintools
314
	if($admin->is_group_match('admintools_view',$sTempPermissions))
315
	{
316
		$aPermissions[]    = 'admintools';
317
		$sTempPermissions .= 'admintools,';
318
	}
319
// search all data with *_view, if not found delete the permission block
320
	$patternView = '/[a-z]+_view/i';
321
	if(preg_match_all($patternView, $sTempPermissions, $array ))
322
	{
323
// build new Permissions kist, remove invaild entries, needed to disable checknoxes
324
		array_walk($array[0], 'remove_underline');
325
		$sValueType = array_unique($array[0]);
326
		foreach($sValueType as $key => $view )
327
		{
328
//build new permission string
329
		$regex = "/(($view)[a-z_0-9]*)\,/i";
330
		preg_match_all ($regex, $sTempPermissions, $aMatch);
331
		$aValidBlock = $aMatch[1];
332
		$aValidAll = array_merge($aValidAll,$aValidBlock);
333
		}
334
// set all missing/needed entries
335
		$aValidAddons = $aValidAll;
336
		$aValidAccess = $aValidAll;
337
		$aValidSettings = $aValidAll;
338
		array_walk($aValidAddons,   'addons');
339
		array_walk($aValidAccess,   'access');
340
		array_walk($aValidSettings, 'settings');
341
// merge all arays and set to POST ready for save and change to advanced modus
342
		$aSystem = array_merge_recursive( $sValueType, $aValidAll, $aValidBlock, $aValidSettings, $aValidAddons, $aValidAccess);
343
		$retVal = array_unique($aSystem);
344
		natsort($retVal);
345
// set correct index key
346
		$retVal = array_merge($retVal);
347
// convert to right format
348
		$retVal = array_fill_keys($retVal, 1);
349
	}
350
351
	$_POST['system_permissions'] = $retVal;
352
	return $retVal;
353
}
354
// ---------------------------------------
355
//print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />';
356
//print_r( $_POST ); print '</pre>';
357
358
/**
359
 * setSystemCheckboxes()
360
 *
361
 * @param mixed $tpl
362
 * @param mixed $permissions
363
 * @return
364
 */
365
function setSystemCheckboxes( &$tpl, $admin, $permissions = null )
366
{
367
	$array = array();
368 1838 Luisehahne
	$aSytemArray = getSystemDefaultPermissions();
369 1710 Luisehahne
	if(!is_array($permissions))
370
	{
371
		$array = convertStringToKeyArray($permissions);
372
	} else {
373
		$array = $permissions;
374
	}
375
376
	if ( true == (isset( $_POST['advanced_action']) && (( $_POST['advanced_action'] == 'no') || strpos( $_POST['advanced_action'], ">>") > 0 ) ) )
377
	{
378
	// set adbanced modus
379
		$tpl->parse('hidden_advanced_permission_list', '', true);
380
		$array = !is_array($array) ? array() : $array;
381
		$aPermissions = isset($_POST['system_permissions']) ? $_POST['system_permissions'] : array();
382
 		foreach($array AS $key => $value)
383
		{
384
	//		if(strpos($key,'_view')) { continue; }
385 1838 Luisehahne
		$checked='';
386
			if(array_key_exists($key, $aPermissions)) {
387
			 continue;
388
             }
389 1710 Luisehahne
			$tpl->set_var('SYS_NAME', "system_permissions[$key]" );
390
			$tpl->set_var('SYS_VALUE', 1 );
391
			$tpl->parse('hidden_advanced_permission_list', 'show_cmd_hidden_advanced_permission_list_block', true);
392
		}
393
394
	} else {
395 1838 Luisehahne
	// set basic modus
396 1710 Luisehahne
		$tpl->set_var('SYS_NAME', "none" );
397
		$tpl->set_var('SYS_VALUE', '' );
398
		$tpl->parse('hidden_permission_list', 'show_cmd_hidden_permission_list_block', true);
399
		$array = !is_array($array) ? array() : $array;
400
		foreach($array AS $key => $value)
401
		{
402 1838 Luisehahne
		$checked='';
403
			if(strpos($key,'_view')) {
404
			 continue;
405
             }
406 1710 Luisehahne
			$tpl->set_var('SYS_NAME', "system_permissions[$key]" );
407
			$tpl->set_var('SYS_VALUE', 1 );
408
			$tpl->parse('hidden_permission_list', 'show_cmd_hidden_permission_list_block', true);
409
		}
410
	}
411
	reset($array);
412
	// set checked
413
	foreach($array AS $key => $value)
414
	{
415
		$checked='';
416
        if( $key != '' )
417
		{
418 1838 Luisehahne
            $checked = 'checked="checked"';
419 1710 Luisehahne
		}
420
		$tpl->set_var('VALUE', 1);
421 1838 Luisehahne
		$tpl->set_var(($key.'_checked'), $checked);
422 1710 Luisehahne
	}
423
424 1838 Luisehahne
// clean html
425
    $result = array_diff_key($aSytemArray, $array);
426
	foreach($result AS $key => $value)
427
	{
428
		$tpl->set_var('VALUE', 1);
429
		$tpl->set_var(($key.'_checked'), '');
430
	}
431
432 1710 Luisehahne
	return $array;
433
}
434
435
/**
436
 * upgrade_group_system_permissions()
437
 *
438
 * @return void
439
 */
440
function upgrade_group_system_permissions ( )
441
{
442
	global $admin;
443
	$database = WbDatabase::getInstance();
444
	$aGroups = array();
445
	$sTempPermissions = '';
446
	$aTempPermissions = array();
447
	$aAllowedPermissions = array(
448
	'admintools','groups','languages','media','modules','pages','preferences','settings','templates','users'
449
	);
450
	$aPermissions = $aMatches = array();
451
	$sql  = 'SELECT `group_id`,`name`,`system_permissions` FROM `'.TABLE_PREFIX.'groups` ';
452
//	$sql .= 'WHERE `group_id` != 1 ';
453
	$sql .= 'ORDER BY `group_id` ';
454
	if($oRes = $database->query($sql) )
455
	{
456
		while( $aPage = $oRes->fetchRow(MYSQL_ASSOC) )
457
		{
458
			$sTempPermissions = convertKeyArrayToString (getSystemDefaultPermissions()).',';
459
			$sPermissions = $aPage['group_id']!= 1 ? $aPage['system_permissions'].',' : $sTempPermissions;
460
// check if old groups system_permissions format, there was no prferences
461
			if( !preg_match_all( '/(preferences[a-z_0-9]*)\,/iU', $sPermissions, $aMatches) )
462
			{
463
// fetch all known permission entries to set the permission_view
464
				foreach($aAllowedPermissions as $PermissionFound)
465
				{
466
					$aMatches = array();
467
					if( preg_match_all( "/(($PermissionFound)[a-z_0-9]*)\,/i", $sPermissions, $aMatches) )
468
					{
469
						$val1 = $admin->is_group_match("$PermissionFound".'_view',$sPermissions);
470
						$val2 = $admin->is_group_match("$PermissionFound",$sPermissions);
471
						if(!$val1 && $val2)
472
						{
473
							$sPermissions .= $PermissionFound.'_view,';
474
						}
475
					}
476
					$aTempPermissions = explode(',',$sPermissions);
477
					if(!$admin->is_group_match('preferences_view',$sPermissions))
478
					{
479
						$sPermissions .= 'preferences,preferences_view,';
480
					}
481
				}
482
			}
483
// upgrade all groups system permission
484
			$aTempPermissions = convertStringToArray(trim($sPermissions,','));
485
			natsort($aTempPermissions);
486
// reindex
487
			$aTempPermissions = array_merge(($aTempPermissions));
488
			$retVal = array_fill_keys($aTempPermissions, 1);
489
			$aPermissions[$aPage['name']] = get_system_permissions($admin, $retVal);
490
			$aGroups[$aPage['name']] = convertKeyArrayToString($aPermissions[$aPage['name']]);
491
// and update DB
492
			$sql  = 'UPDATE `'.TABLE_PREFIX.'groups` SET ';
493
			$sql .= '`system_permissions` =\''.$aGroups[$aPage['name']].'\' ';
494
			$sql .= 'WHERE `name` = \''.$aPage['name'].'\' ';
495
			if(!$database->query($sql) )
496
			{
497
			}
498
		}
499
	}
500
	return !$database->is_error();
501
}