[dgoette] 38696: * remove checks for users security level or membership checks and replace them with area protection which can be assigned per group. * Also implement a admin interface for this * update converter * minor bugfixes
11 Jan
2009
11 Jan
'09
12:41 p.m.
Author: dgoette
Date: Sun Jan 11 06:41:52 2009
New Revision: 38696
URL: http://svn.reactos.org/svn/reactos?rev=38696&view=rev
Log:
* remove checks for users security level or membership checks and replace them with area
protection which can be assigned per group.
* Also implement a admin interface for this
* update converter
* minor bugfixes
Added:
branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php
Modified:
branches/danny-web/reactos.org/htdocs/roscms/config.php
branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
branches/danny-web/reactos.org/htdocs/roscms/index.php
branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js
branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js
branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php
branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
Modified: branches/danny-web/reactos.org/htdocs/roscms/config.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/config.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/config.php [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -42,4 +42,32 @@
$config->setPathGenerated('/reactos/'); // path to generated files
$config->setPathRoscms('/reactos/roscms/'); // path to roscms files
+
+
+// RosCMS Table Names
+define('ROSCMST_ACCESS' , 'roscms_access');
+define('ROSCMST_AREA' , 'roscms_area');
+define('ROSCMST_USERS' , 'roscms_accounts');
+define('ROSCMST_FORBIDDEN' , 'roscms_accounts_forbidden');
+define('ROSCMST_SESSIONS' , 'roscms_accounts_sessions');
+define('ROSCMST_COUNTRIES' , 'roscms_countries');
+define('ROSCMST_ENTRIES' , 'roscms_entries');
+define('ROSCMST_REVISIONS' , 'roscms_entries_revisions');
+define('ROSCMST_STEXT' , 'roscms_entries_stext');
+define('ROSCMST_TAGS' , 'roscms_entries_tags');
+define('ROSCMST_TEXT' , 'roscms_entries_text');
+define('ROSCMST_FILTER' , 'roscms_filter');
+define('ROSCMST_GROUPS' , 'roscms_groups');
+define('ROSCMST_JOBS' , 'roscms_jobs');
+define('ROSCMST_LANGUAGES' , 'roscms_languages');
+define('ROSCMST_SUBSYS' , 'roscms_rel_accounts_subsys');
+define('ROSCMST_MEMBERSHIPS', 'roscms_rel_groups_accounts');
+define('ROSCMST_ENTRY_AREA' , 'roscms_rel_groups_acl');
+define('ROSCMST_AREA_ACCESS', 'roscms_rel_groups_area');
+define('ROSCMST_DEPENCIES' , 'roscms_rel_revisions_depencies');
+define('ROSCMST_ACL' , 'roscms_rel_rights_access');
+define('ROSCMST_RIGHTS' , 'roscms_rights');
+define('ROSCMST_TIMEZONES' , 'roscms_timezones');
+
+
?>
Modified: branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/convert3to4.sql [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -124,7 +124,7 @@
-- --------------------------------------------------------
-- create and convert access lists (allowed groups are stored in rel_groups_access)
-- --------------------------------------------------------
-CREATE TABLE roscms_access (
+CREATE TABLE roscms_entries_access (
id bigint(20) unsigned NOT NULL auto_increment,
name varchar(100) collate utf8_unicode_ci NOT NULL,
name_short varchar(50) collate utf8_unicode_ci NOT NULL,
@@ -134,7 +134,7 @@
UNIQUE KEY name_short (name_short)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-INSERT INTO roscms_access
+INSERT INTO roscms_entries_access
SELECT
NULL,
sec_fullname,
@@ -146,7 +146,7 @@
-- --------------------------------------------------------
--- create access lists (need to run seperate script)
+-- create access lists
-- --------------------------------------------------------
CREATE TABLE roscms_rel_groups_access (
acl_id bigint(20) unsigned NOT NULL COMMENT '->access(id)',
@@ -170,7 +170,7 @@
s.sec_lev1_add,
s.sec_lev1_pub,
s.sec_lev1_trans
-FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g
WHERE g.security_level = 1
+FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 1
UNION
SELECT
a.id,
@@ -181,7 +181,7 @@
s.sec_lev2_add,
s.sec_lev2_pub,
s.sec_lev2_trans
-FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g
WHERE g.security_level = 2
+FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 2
UNION
SELECT
a.id,
@@ -192,14 +192,97 @@
s.sec_lev3_add,
s.sec_lev3_pub,
s.sec_lev3_trans
-FROM roscms_access a JOIN data_security s ON a.name_short=s.sec_name JOIN roscms_groups g
WHERE g.security_level = 3;
-
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
+FROM roscms_entries_access a JOIN data_security s ON a.name_short=s.sec_name JOIN
roscms_groups g WHERE g.security_level = 3;
+
+UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
SET ga.can_read=TRUE, ga.can_write=TRUE, ga.can_add=TRUE, ga.can_delete=TRUE,
ga.can_publish=TRUE, ga.can_translate=TRUE WHERE s.sec_allow LIKE
CONCAT('%',g.name_short,'%');
-UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
+UPDATE roscms_rel_groups_access ga JOIN roscms_groups g ON ga.group_id=g.id JOIN
roscms_entries_access a ON ga.acl_id=a.id JOIN data_security s ON a.name_short=s.sec_name
SET ga.can_read=FALSE, ga.can_write=FALSE, ga.can_add=FALSE, ga.can_delete=FALSE,
ga.can_publish=FALSE, ga.can_translate=FALSE WHERE s.sec_deny LIKE
CONCAT('%',g.name_short,'%');
+
+
+-- --------------------------------------------------------
+-- create areas
+-- --------------------------------------------------------
+CREATE TABLE roscms_area (
+ id bigint(20) NOT NULL auto_increment,
+ `name` varchar(30) NOT NULL,
+ name_short varchar(15) NOT NULL,
+ description varchar(255) NOT NULL,
+ PRIMARY KEY (id),
+ UNIQUE KEY `name` (`name`),
+ UNIQUE KEY name_short (name_short)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO roscms_area VALUES
+(1, 'System Tags', 'system_tags', 'Can the user modify/see system
tags'),
+(2, 'Content Management System', 'CMS', 'RosCMS Interface
itself'),
+(3, 'Entry Details', 'entry_details', 'Shows Entry Details such as
Rev-ID'),
+(4, 'New Entries', 'new_entry', 'Be able to create new
entries'),
+(5, 'Admin Branch', 'admin', 'Can Access Admin Branch'),
+(6, 'Delete Files', 'delete_file', 'Able to delete files from
generated content'),
+(7, 'User Branch', 'user', 'Access user branch'),
+(8, 'Add Translator', 'addtransl', 'add someone to translator
group'),
+(9, 'Add new membership', 'addmembership', 'add someone to new
group'),
+(10, 'Delete Membership', 'delmembership', 'removes someones
membership to a group'),
+(11, 'Disable Account', 'disableaccount', 'disable/enable user
accounts'),
+(12, 'User Details', 'user_details', 'Access to user details, such as
user groups, user-id and contact data'),
+(13, 'Foreign Drafts', 'other_drafts', 'beein able to view drafts of
other people'),
+(14, 'Maintain Branch', 'maintain', 'Access to Maintain
branch'),
+(15, 'Statistics Branch', 'stats', 'Access to Statistics
branch'),
+(16, 'Website Branch', 'website', 'Access to Website branch'),
+(17, 'Pages', 'pages', 'View Pages'),
+(18, 'Dynamic Pages', 'dynamic_pages', 'View Dynamic Pages'),
+(19, 'Templates', 'templates', 'View Page Templates'),
+(20, 'Scripts', 'scripts', 'View Scripts'),
+(21, 'Delete Tags', 'deltag', 'Delete System Tags from
entries'),
+(22, 'Update Tags', 'updatetag', 'Update Tag value'),
+(23, 'More Languages', 'more_lang', 'Can change things in more
languages than the user has set in his profile'),
+(24, 'Logs', 'logs', 'Can view Logs'),
+(25, 'Delete Entries', 'del_entry', 'Delete Entries'),
+(26, 'Delete without archiv', 'del_wo_archiv', 'delete entries
without moving them to archiv'),
+(27, 'add level 0 group', 'addlvl0group', 'Add memberships with group
security level 0'),
+(28, 'add level 1 groups', 'addlvl1group', 'Add memberships with
group security level 1'),
+(29, 'add level 2 groups', 'addlvl2group', 'Add memberships with
group security level 2'),
+(30, 'add level 3 groups', 'addlvl3group', 'Add memberships with
group security level 3'),
+(31, 'Mix private & public entries', 'mix_priv_pub', 'show
private and public type entries together'),
+(32, 'show system entries', 'show_sys_entry', 'show entries of type
''system''');
+
+
+
+-- --------------------------------------------------------
+-- create area protection list
+-- --------------------------------------------------------
+CREATE TABLE roscms_rel_groups_area (
+ group_id bigint(20) NOT NULL,
+ area_id bigint(20) NOT NULL,
+ PRIMARY KEY (group_id,area_id)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO roscms_rel_groups_area
+SELECT g.id, a.id
+FROM roscms_area a JOIN roscms_groups g
+WHERE ((a.name_short = 'system_tags' OR a.name_short = 'entry_details' OR
a.name_short = 'new_entry' OR a.name_short = 'deltag' OR a.name_short =
'del_entry' OR a.name_short = 'mix_priv_pub' OR a.name_short =
'show_sys_entry' OR a.name_short = 'addlvl1group')
+AND g.security_level > 1)
+
+OR ((a.name_short = 'delete_file' OR a.name_short = 'delmembership' OR
a.name_short = 'disableaccount' OR a.name_short = 'user_details' OR
a.name_short = 'other_drafts' OR a.name_short = 'stats' OR a.name_short =
'dynamic_pages' OR a.name_short = 'updatetag' OR a.name_short =
'del_wo_archiv' OR a.name_short = 'addlvl2group' OR a.name_short =
'user' OR a.name_short = 'addmembership' OR a.name_short =
'maintain')
+AND g.security_level = 3)
+
+OR ((a.name_short = 'admin' OR a.name_short = 'logs' OR a.name_short =
'addlvl3group')
+AND g.name_short = 'ros_sadmin')
+
+OR ((a.name_short='pages' OR a.name_short = 'templates' OR a.name_short =
'scripts')
+AND g.security_level > 1 AND g.name_short != 'transmaint')
+
+OR ((a.name_short = 'CMS' OR a.name_short = 'website' OR a.name_short =
'addlvl0group')
+AND g.security_level > 0)
+
+OR ((a.name_short = 'maintain' OR a.name_short = 'user' OR a.name_short =
'addmembership' OR a.name_short = 'addtransl' OR a.name_short =
'addlvl0group')
+AND g.name_short = 'transmaint')
+
+OR ((a.name_short = 'more_lang')
+AND g.name_short != 'translator' AND g.name_short != 'transmaint' AND
g.security_level > 0);
-- --------------------------------------------------------
@@ -227,7 +310,7 @@
s.id,
d.data_id,
1
-FROM data_a d JOIN roscms_access s ON d.data_acl=s.name_short
+FROM data_a d JOIN roscms_entries_access s ON d.data_acl=s.name_short
UNION
SELECT
NULL,
@@ -236,7 +319,7 @@
s.id,
d.data_id,
0
-FROM data_ d JOIN roscms_access s ON d.data_acl=s.name_short;
+FROM data_ d JOIN roscms_entries_access s ON d.data_acl=s.name_short;
@@ -577,7 +660,6 @@
PRIMARY KEY (id),
KEY name (name)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-
@@ -641,4 +723,4 @@
DROP TABLE users;
DROP TABLE user_unsafenames;
DROP TABLE user_unsafepwds;
-DROP TABLE user_sessions;
+DROP TABLE user_sessions;
Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -32,7 +32,6 @@
require_once('config.php');
require_once('lib/RosCMS_Autoloader.class.php');
-require_once('lib/DBConnection.class.php');
// strips whitespace from sourcecode
function echo_strip( $text ) {
@@ -173,6 +172,9 @@
case 'lang':
new Admin_Languages();
break;
+ case 'system':
+ new Admin_System();
+ break;
default:
die('');
break;
Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -82,6 +82,27 @@
if (uf==true) {
makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=delete&submit=true', 'POST');
}
+ return false;
+}
+
+
+
+/**
+ * @FILLME
+ */
+function showAreaProtection( )
+{
+ makeRequest('?page=data_out&d_f=admin&d_u=system&action=apl',
'GET');
+}
+
+
+
+/**
+ * @FILLME
+ */
+function submitAreaProtection( )
+{
+
makeRequest('?page=data_out&d_f=admin&d_u=system&action=apl&submit=true',
'POST');
return false;
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_user.js [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -8,14 +8,18 @@
{
var soptckd = '';
- // get request type
- if (document.getElementById('searchopt1').checked) soptckd =
'accountname';
- if (document.getElementById('searchopt2').checked) soptckd =
'fullname';
- if (document.getElementById('searchopt3').checked) soptckd = 'email';
- if (document.getElementById('searchopt4').checked) soptckd =
'website';
- if (document.getElementById('searchopt5').checked) soptckd =
'language';
+ // only start with more than two chars
+ if (document.getElementById('textfield').value.length > 2) {
-
makeRequest('?page=data_out&d_f=user&d_u=usrtbl&d_fl=list&d_val='+encodeURIComponent(document.getElementById('textfield').value)+'&d_val2='+encodeURIComponent(soptckd));
+ // get request type
+ if (document.getElementById('searchopt1').checked) soptckd =
'accountname';
+ if (document.getElementById('searchopt2').checked) soptckd =
'fullname';
+ if (document.getElementById('searchopt3').checked) soptckd =
'email';
+ if (document.getElementById('searchopt4').checked) soptckd =
'website';
+ if (document.getElementById('searchopt5').checked) soptckd =
'language';
+
+
makeRequest('?page=data_out&d_f=user&d_u=usrtbl&d_fl=list&d_val='+encodeURIComponent(document.getElementById('textfield').value)+'&d_val2='+encodeURIComponent(soptckd));
+ }
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php [iso-8859-1] Sun Jan
11 06:41:52 2009
@@ -33,7 +33,7 @@
// check if user has enough rights
Login::required();
- if (ThisUser::getInstance()->securityLevel() < 3) {
+ if (!ThisUser::getInstance()->hasAccess('admin')) {
die('Not enough rights to access this Area.');
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -116,7 +116,7 @@
if ($access_id !== false) {
// prepare for usage in loop
- $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete,
can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete,
:publish, :translate)");
+ $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ENTRY_AREA." (acl_id, group_id, can_read, can_write, can_add,
can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add,
:delete, :publish, :translate)");
$stmt_ins->bindParam('acl_id',$access_id,PDO::PARAM_INT);
// insert access rights for each group
@@ -249,7 +249,7 @@
<th title="translate">T</th>
</tr>');
- $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name,
g.security_level, g.description, a.can_read, a.can_write, a.can_add, a.can_delete,
a.can_publish, a.can_translate FROM ".ROSCMST_ACL." a JOIN
".ROSCMST_GROUPS." g ON g.id=a.group_id WHERE a.acl_id=:acl_id ORDER BY
g.security_level ASC, g.name ASC");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name,
g.security_level, g.description, a.can_read, a.can_write, a.can_add, a.can_delete,
a.can_publish, a.can_translate FROM ".ROSCMST_ENTRY_AREA." a JOIN
".ROSCMST_GROUPS." g ON g.id=a.group_id WHERE a.acl_id=:acl_id ORDER BY
g.security_level ASC, g.name ASC");
$stmt->bindParam('acl_id',$access['id'],PDO::PARAM_INT);
$stmt->execute();
while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -294,7 +294,7 @@
$success = $success && $stmt->execute();
// prepare for usage in loop
- $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
+ $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ENTRY_AREA." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
$stmt_ins->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
// insert access rights for each group
@@ -385,7 +385,7 @@
// delete rights list
if ($success) {
- $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ACL." WHERE acl_id=:acl_id");
+ $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ENTRY_AREA." WHERE acl_id=:acl_id");
$stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
$success = $success && $stmt->execute();
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -124,7 +124,7 @@
if ($group_id !== false) {
// prepare for usage in loop
- $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete,
can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete,
:publish, :translate)");
+ $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ENTRY_AREA." (acl_id, group_id, can_read, can_write, can_add,
can_delete, can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add,
:delete, :publish, :translate)");
$stmt_ins->bindParam('group_id',$group_id,PDO::PARAM_INT);
// insert access rights for each group
@@ -265,7 +265,7 @@
<th title="translate">T</th>
</tr>');
- $stmt=&DBConnection::getInstance()->prepare("SELECT s.id, s.name,
s.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish,
a.can_translate FROM ".ROSCMST_ACCESS." s JOIN ".ROSCMST_ACL." a ON
a.acl_id=s.id WHERE a.group_id=:group_id ORDER BY name ASC");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT s.id, s.name,
s.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish,
a.can_translate FROM ".ROSCMST_ACCESS." s JOIN ".ROSCMST_ENTRY_AREA."
a ON a.acl_id=s.id WHERE a.group_id=:group_id ORDER BY name ASC");
$stmt->bindParam('group_id',$group['id'],PDO::PARAM_INT);
$stmt->execute();
while ($acl = $stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -310,7 +310,7 @@
$success = $success && $stmt->execute();
// prepare for usage in loop
- $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
+ $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ENTRY_AREA." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
$stmt_ins->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
// insert access rights for each group
@@ -380,7 +380,7 @@
// delete rights list
if ($success) {
- $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ACL." WHERE group_id=:group_id");
+ $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ENTRY_AREA." WHERE group_id=:group_id");
$stmt->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
$success = $success && $stmt->execute();
}
Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_System.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -1,0 +1,166 @@
+<?php
+ /*
+ RosCMS - ReactOS Content Management System
+ Copyright (C) 2009 Danny Götte <dangerground(a)web.de>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+/**
+ * class Admin_System
+ *
+ */
+class Admin_System
+{
+
+
+
+ /**
+ *
+ *
+ * @access protected
+ */
+ public function __construct()
+ {
+ // check if user has enough rights
+ Login::required();
+ if (!ThisUser::getInstance()->hasAccess('admin')) {
+ die('Not enough rights to access this Area.');
+ }
+
+ // is an action given ?
+ if (empty($_GET['action'])) {
+ die('missing param');
+ }
+
+ // show requested form
+ if (empty($_GET['submit'])) {
+ switch ($_GET['action']) {
+ case 'apl':
+ $this->showAPL();
+ break;
+ }
+ }
+
+ // submit form data
+ else {
+ switch ($_GET['action']) {
+ case 'apl':
+ $this->submitAPL();
+ break;
+ }
+ }
+ }
+
+
+
+ /**
+ *
+ *
+ * @access protected
+ */
+ protected function showAPL( )
+ {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id, name_short,
description FROM ".ROSCMST_AREA." ORDER BY name_short ASC");
+ $stmt->execute();
+ $areas=$stmt->fetchAll(PDO::FETCH_ASSOC);
+
+ echo_strip('
+ <h2>Create new Area Protection List (APL)</h2>
+ <form onsubmit="return false;">
+ <fieldset>
+ <legend>Groups Access Rights</legend>
+ <table>
+ <tr>
+ <th style="vertical-align:bottom;" title="Security
Level">SecLvl</th>
+ <th style="vertical-align:bottom;">Group
Name</th>');
+ foreach ($areas as $area) {
+ echo '<th style="width:
1em;font-family:monospace;vertical-align:bottom;line-height: 0.8em;"
title="'.$area['name_short'].':
'.$area['description'].'">';
+ for ($i=0; $i<strlen($area['name_short']);$i++) {
+ echo substr($area['name_short'], $i, 1).'<br />';
+ }
+ echo '</th>';
+ }
+ echo '</tr>';
+
+ $stmt_is=&DBConnection::getInstance()->prepare("SELECT TRUE FROM
".ROSCMST_AREA." a JOIN ".ROSCMST_AREA_ACCESS." b ON a.id=b.area_id
WHERE b.group_id=:group_id AND a.id=:area_id ORDER BY a.name_short LIMIT 1");
+
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id, name,
security_level, description FROM ".ROSCMST_GROUPS." ORDER BY security_level ASC,
name ASC");
+ $stmt->execute();
+ while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ $stmt_is->bindParam('group_id',$group['id'],PDO::PARAM_INT);
+ echo_strip('
+ <tr
title="'.htmlspecialchars($group['description']).'">
+ <td
style="text-align:center;">'.$group['security_level'].'</td>
+
<td>'.htmlspecialchars($group['name']).'</td>');
+ foreach ($areas as $area) {
+ $stmt_is->bindParam('area_id',$area['id'],PDO::PARAM_INT);
+ $stmt_is->execute();
+ $is = $stmt_is->fetchColumn();
+
+ echo '<td
title="'.$group['name'].'--'.$area['name_short'].':
'.$area['description'].'"><input type="checkbox"
value="1"
name="valid'.$group['id'].'_'.$area['id'].'"
'.($is ? 'checked="checked"' : '').'
/></td>';
+ }
+ echo '</tr>';
+ }
+
+ echo_strip('
+ </table>
+ </fieldset>
+ <button
onclick="'."submitAreaProtection()".'">update
APL</button>
+ </form>
+ ');
+ } // end of member function showNew
+
+
+
+ /**
+ *
+ *
+ * @access protected
+ */
+ protected function submitAPL( )
+ {
+ $success = true;
+
+ $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_AREA_ACCESS);
+ $success = $success && $stmt->execute();
+
+ if ($success) {
+ $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_AREA_ACCESS." (area_id, group_id) VALUES (:area_id,:group_id)");
+ foreach ($_POST as $item=>$val) {
+ if (strpos($item,'valid')===0) {
+ $item = substr($item, 5);
+ $id = explode('_',$item);
+ if($id[0] > 0 && $id[1] > 0 && $val=='true') {
+ $stmt->bindParam('area_id',$id[1],PDO::PARAM_INT);
+ $stmt->bindParam('group_id',$id[0],PDO::PARAM_INT);
+ $success = $success && $stmt->execute();
+ }
+ }
+ }
+ }
+
+ // give the user success message
+ if ($success) {
+ echo 'Success, Area Protection List was updated successfully';
+ }
+ else {
+ echo 'Error, while updating Area Protection list';
+ }
+ } // end of member function submitNew
+
+} // end of Admin_System
+?>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/DBConnection.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -17,28 +17,6 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
-
-// RosCMS Table Names
-define('ROSCMST_ACCESS' , 'roscms_access');
-define('ROSCMST_USERS' , 'roscms_accounts');
-define('ROSCMST_FORBIDDEN' , 'roscms_accounts_forbidden');
-define('ROSCMST_SESSIONS' , 'roscms_accounts_sessions');
-define('ROSCMST_COUNTRIES' , 'roscms_countries');
-define('ROSCMST_ENTRIES' , 'roscms_entries');
-define('ROSCMST_REVISIONS' , 'roscms_entries_revisions');
-define('ROSCMST_STEXT' , 'roscms_entries_stext');
-define('ROSCMST_TAGS' , 'roscms_entries_tags');
-define('ROSCMST_TEXT' , 'roscms_entries_text');
-define('ROSCMST_FILTER' , 'roscms_filter');
-define('ROSCMST_GROUPS' , 'roscms_groups');
-define('ROSCMST_JOBS' , 'roscms_jobs');
-define('ROSCMST_LANGUAGES' , 'roscms_languages');
-define('ROSCMST_SUBSYS' , 'roscms_rel_accounts_subsys');
-define('ROSCMST_MEMBERSHIPS', 'roscms_rel_groups_accounts');
-define('ROSCMST_ACL' , 'roscms_rel_groups_access');
-define('ROSCMST_DEPENCIES' , 'roscms_rel_revisions_depencies');
-define('ROSCMST_TIMEZONES' , 'roscms_timezones');
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Sun Jan
11 06:41:52 2009
@@ -40,7 +40,6 @@
$stmt->bindParam('type',$data_type,PDO::PARAM_STR);
$stmt->bindParam('lang',$lang_id,PDO::PARAM_INT);
$stmt->bindValue('archive',($mode == 'archive'),PDO::PARAM_BOOL);
- echo ($mode == 'archive');
$stmt->execute();
$rev_id = $stmt->fetchColumn();
@@ -187,7 +186,7 @@
public static function deleteFile( $rev_id )
{
// only for admins
- if (ThisUser::getInstance()->securityLevel() < 3) {
+ if (!ThisUser::getInstance()->hasAccess('delete_file')) {
return;
}
@@ -634,7 +633,7 @@
// mark as stable
case 'ms':
- if ($thisuser->securityLevel() > 1 &&
$thisuser->isMemberOfGroup('transmaint')) {
+ if (!$thisuser->hasAccess('more_lang')) {
// check for user language
if ($user_lang == '') {
@@ -706,7 +705,7 @@
// mark as new
case 'mn':
- if ($thisuser->securityLevel() > 1 &&
$thisuser->isMemberOfGroup('transmaint')) {
+ if (!$thisuser->hasAccess('more_lang')) {
// check for user language
if ($user_lang == 0) {
@@ -745,10 +744,10 @@
// delete entry
case 'xe':
- if ($thisuser->securityLevel() > 1 || $revision['user_id'] ==
$thisuser->id()) {
+ if ($thisuser->hasAccess('del_entry') ||
$revision['user_id'] == $thisuser->id()) {
// copy to Archive if no admin
- if ($thisuser->securityLevel() < 3) {
+ if (!$thisuser->hasAccess('del_wo_archiv')) {
Data::copy($revision['id'], 0, $lang_id);
}
//Data::deleteFile($revision['id']);
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -78,7 +78,7 @@
case 'newentry':
// add a new entry only with higher security level
- if ($thisuser->securityLevel() > 1) {
+ if ($thisuser->hasAccess('new_entry')) {
switch ($_GET['d_val']) {
case 'dynamic':
$this->showAddEntry(self::DYNAMIC);
@@ -466,7 +466,7 @@
<option value="page">Page</option>
<option value="content">Content</option>
<option value="template">Template</option>
- <option
value="script">Script</option>'.(ThisUser::getInstance()->isMemberOfGroup('ros_sadmin')
? '
+ <option
value="script">Script</option>'.(ThisUser::getInstance()->hasAccess('dynamic_pages')
? '
<option value="dynamic">Dynamic Page Type</option>'
: '').'
</select>
<br />
@@ -615,7 +615,7 @@
}
// allowed only for someone with "add" rights
- if (Security::hasRight($this->data_id, 'add')) {
+ if ($thisuser->hasAccess('entry_fields')) {
echo ' | ';
// Fields
@@ -625,6 +625,9 @@
else {
echo '<span class="detailmenu"
onclick="'."showEditorTabFields(".$this->rev_id.")".'">Fields</span>';
}
+ }
+
+ if ($thisuser->hasAccess('entry_revs')) {
echo ' | ';
if ($mode == self::REVISION) {
@@ -636,7 +639,7 @@
}
// allowed only for related super administrators
- if ($thisuser->isMemberOfGroup('ros_sadmin') ||
(Security::hasRight($this->data_id, 'add') &&
$thisuser->isMemberOfGroup('ros_admin'))) {
+ if ($thisuser->hasAccess('entry_security')) {
echo ' | ';
// Security
@@ -689,7 +692,7 @@
// helper vars
$last_user = null; // used in first while, to recognize the last type
- if ($thisuser->securityLevel() > 1) {
+ if ($thisuser->hasAccess('system_tags')) {
$stmt=&DBConnection::getInstance()->prepare("SELECT id, user_id, name,
value FROM ".ROSCMST_TAGS." WHERE rev_id = :rev_id AND user_id IN(-1,
0,:user_id) ORDER BY user_id ASC, name ASC");
}
else {
@@ -726,7 +729,7 @@
// allow to delete label if SecLev > 1
// allow to delete sys metadata if user has the rights
// allow someone to delete his metadata he set and the user-id > 0
- if (($thisuser->securityLevel() > 1 && $tag['user_id'] == 0)
|| (Security::hasRight($this->data_id, 'add') &&
$tag['user_id'] == -1) || ($tag['user_id'] == $thisuser->id()
&& $tag['user_id'] > 0)) {
+ if (($thisuser->hasAccess('system_tags') &&
$tag['user_id'] == -1) || $tag['user_id'] == $thisuser->id()) {
echo_strip('
<span class="frmeditbutton"
onclick="'."delLabelOrTag('".$tag['id']."')".'">
<img src="images/remove.gif" alt=""
style="width:11px; height:11px; border:0px;" />
@@ -746,10 +749,10 @@
<button type="button"
onclick="'."addLabelOrTag(".$this->rev_id.",'tag','addtagn',
'".$thisuser->id()."')".'">Add</button>
<br />');
- if ($thisuser->securityLevel() > 1) {
+ if ($thisuser->hasAccess('system_tags')) {
echo_strip('
<br />
- <h3>Add Label'.(Security::hasRight($this->data_id, 'add') ?
' or System Metadata' : '').'</h3>
+ <h3>Add Label'.(Security::hasAccess($this->data_id, 'add') ?
' or System Metadata' : '').'</h3>
<label for="addtags1"
class="normal">Name:</label>
<input type="text" id="addtags1" size="15"
maxlength="100" value="" />
<label for="addtags2"
class="normal">Value:</label>
@@ -1163,7 +1166,7 @@
<li>Type: '.$revision1['type'].'</li>
<li>Language: '.$revision1['language'].'</li>
<li>User:
'.$revision1['user_name'].'</li>');
- if (ThisUser::getInstance()->securityLevel() > 1) {
+ if (ThisUser::getInstance()->hasAccess('entry_details')) {
echo '<li>Rev-ID: '.$revision1['id'].'</li>';
}
echo_strip('
@@ -1175,7 +1178,7 @@
<li>Type: '.$revision2['type'].'</li>
<li>Language: '.$revision2['language'].'</li>
<li>User:
'.$revision2['user_name'].'</li>');
- if (ThisUser::getInstance()->securityLevel() > 1) {
+ if (ThisUser::getInstance()->hasAccess('entry_details')) {
echo '<li>ID: '.$revision2['id'].'</li>';
}
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Maintain.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -53,7 +53,7 @@
{
switch ($_GET['d_u']) {
case 'optimize':
- $stmt=&DBConnection::getInstance()->prepare("OPTIMIZE TABLE
".ROSCMST_ACCESS.",".ROSCMST_USERS.",".ROSCMST_FORBIDDEN.",".ROSCMST_SESSIONS.",".ROSCMST_COUNTRIES.",".ROSCMST_ENTRIES.",".ROSCMST_REVISIONS.",".ROSCMST_STEXT.",".ROSCMST_TAGS.",".ROSCMST_TEXT.",".ROSCMST_FILTER.",".ROSCMST_GROUPS.",".ROSCMST_JOBS.",".ROSCMST_LANGUAGES.",".ROSCMST_SUBSYS.",".ROSCMST_MEMBERSHIPS.",".ROSCMST_ACL.",".ROSCMST_DEPENCIES.",".ROSCMST_TIMEZONES);
+ $stmt=&DBConnection::getInstance()->prepare("OPTIMIZE TABLE
".ROSCMST_ACCESS.",".ROSCMST_USERS.",".ROSCMST_FORBIDDEN.",".ROSCMST_SESSIONS.",".ROSCMST_COUNTRIES.",".ROSCMST_ENTRIES.",".ROSCMST_REVISIONS.",".ROSCMST_STEXT.",".ROSCMST_TAGS.",".ROSCMST_TEXT.",".ROSCMST_FILTER.",".ROSCMST_GROUPS.",".ROSCMST_JOBS.",".ROSCMST_LANGUAGES.",".ROSCMST_SUBSYS.",".ROSCMST_MEMBERSHIPS.",".ROSCMST_ENTRY_AREA.",".ROSCMST_DEPENCIES.",".ROSCMST_TIMEZONES);
$stmt->execute();
Log::writeHigh('optimize database tables: done by
'.ThisUser::getInstance()->id().' {data_maintain_out}');
break;
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_QuickInfo.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -78,7 +78,7 @@
}
// show additional data for security level > 1
- if (ThisUser::getInstance()->securityLevel() > 1) {
+ if (ThisUser::getInstance()->hasAccess('entry_details')) {
echo $t_s.'Rev-ID'.$t_e.$revision['id'].$t_lb;
echo $t_s.'Data-ID'.$t_e.$revision['data_id'].$t_lb;
echo $t_s.'ACL'.$t_e.$revision['acl'].$t_lb;
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_User.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -56,16 +56,16 @@
$display = ''; // list / user details
$user_id = $_GET['d_val'];
$search_string = $_GET['d_val'];
- $group_id = $_GET['d_val2'];
- $new_lang = $_GET['d_val2'];
- $search_type = $_GET['d_Val2'];
-
- if (!$thisuser->isMemberOfGroup('transmaint') &&
$thisuser->securityLevel() > 3) {
+ $group_id = @$_GET['d_val2'];
+ $new_lang = @$_GET['d_val2'];
+ $search_type = @$_GET['d_Val2'];
+
+ if (!$thisuser->hasAccess('user')) {
return;
}
- if ($thisuser->isMemberOfGroup('transmaint')) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT lang_id FROM
".ROSCMST_LANGUAGES." WHERE id = :user_id LIMIT 1");
+ if (!$thisuser->hasAccess('more_lang')) {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT lang_id FROM
".ROSCMST_USERS." WHERE id = :user_id LIMIT 1");
$stmt->bindParam('user_id',$thisuser->id());
$stmt->execute();
$user_lang = $stmt->fetchColumn();
@@ -85,10 +85,9 @@
case 'addmembership':
// check if user is already member, so we don't add him twice
// also check that you don't give accounts a higher seclevel
- $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON m.group_id =
g.id WHERE m.user_id = :user_id AND m.group_id = :group_id AND g.security_level <=
:security_level LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON m.group_id =
g.id WHERE m.user_id = :user_id AND m.group_id = :group_id LIMIT 1");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->bindParam('group_id',$group_id,PDO::PARAM_STR);
-
$stmt->bindParam('security_level',$thisuser->securityLevel(),PDO::PARAM_INT);
$stmt->execute();
if ($stmt->fetchColumn() === false) {
@@ -121,7 +120,7 @@
case 'accountdisable':
// only with admin rights
- if ($thisuser->securityLevel() == 3) {
+ if ($thisuser->hasAccess('disableaccount')) {
$stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_USERS." SET disabled = TRUE WHERE id = :user_id");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->execute();
@@ -132,7 +131,7 @@
case 'accountenable':
// enable account only with admin rights
- if ($thisuser->securityLevel() == 3) {
+ if ($thisuser->hasAccess('disableaccount')) {
// enable account only, if he has already activated his account
$stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_USERS." SET disabled = FALSE WHERE activation = '' AND id =
:user_id");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
@@ -188,7 +187,13 @@
break;
}
- $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN
".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE
:value ORDER BY u.name ASC LIMIT 25");
+ if ($user_lang === false) {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN
".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE
:value ORDER BY u.name ASC LIMIT 25");
+ }
+ else {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language FROM ".ROSCMST_USERS." u JOIN
".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE ". $sql_search ." LIKE
:value AND u.lang_id=:user_lang ORDER BY u.name ASC LIMIT 25");
+ $stmt->bindValue('user_lang',$user_lang,PDO::PARAM_INT);
+ }
$stmt->bindValue('value','%'.$search_string.'%',PDO::PARAM_INT);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -223,7 +228,7 @@
<legend>Details for
\''.$user['name'].'\'</legend>
<p><strong>Name:</strong> '.$user['name'].'
('.$user['fullname'].') ['.$user['id'].']</p>
<p><strong>Lang:</strong>
'.$user['language'].'</p>');
- if ($thisuser->securityLevel() == 3) {
+ if ($thisuser->hasAccess('user_details')) {
echo_strip('
<p><strong>E-Mail:</strong>
'.$user['email'].'</p>
<p><strong>Latest Login:</strong>
'.$user['modified'].'; '.$user['logins'].'
logins</p>
@@ -245,7 +250,7 @@
while ($membership = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo '<li>'.$membership['name'].' ';
- if ($thisuser->securityLevel() == 3) {
+ if ($thisuser->hasAccess('delmembership')) {
echo_strip('
<span class="frmeditbutton"
onclick="'."delMembership(".$user_id.",
'".$membership['group_id']."')".'">
@@ -257,16 +262,15 @@
} // end while
echo '</ul>';
- if ($thisuser->securityLevel() == 3) {
+ if ($thisuser->hasAccess('addmembership')) {
echo '<select id="cbmmemb" name="cbmmemb">';
- $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name FROM
".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON
g.id!=m.group_id WHERE g.security_level <= :sec_level AND m.user_id != :user-id ORDER
BY g.name ASC");
-
$stmt->bindParam('sec_level',$thisuser->securityLevel(),PDO::PARAM_INT);
+ $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name FROM
".ROSCMST_MEMBERSHIPS." m JOIN ".ROSCMST_GROUPS." g ON
g.id!=m.group_id WHERE m.user_id != :user-id ORDER BY g.name ASC");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->execute();
while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
// only super admin can give super admin rights
- if ($group['usrgroup_name'] != 'sadmin' ||
$thisuser->isMemberOfGroup('ros_sadmin')) {
+ if ($group['usrgroup_name'] != 'sadmin' ||
$thisuser->hasAccess('addLvl')) {
echo '<option
value="'.$group['id'].'">'.$group['name'].'</option>';
}
}
@@ -283,7 +287,7 @@
echo_strip('</select>
<input type="button" name="addusrlang"
id="addusrlang" value="Update User language"
onclick="'."updateUserLang(".$user_id.",
document.getElementById('cbmusrlang').value)".'" /><br
/>');
}
- elseif ($thisuser->isMemberOfGroup('transmaint')) {
+ elseif ($thisuser->hasAccess('addtransl')) {
echo_strip('<input type="button" name="addmemb"
id="addmemb" value="Make this User a Translator"
onclick="'."getUserDetails(".$user_id.",
'translator')".'" />
<br />
<br />');
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_XML.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -290,7 +290,7 @@
}
break;
case 'Rights':
- $column_list_row .= Security::rightsOverview($row['id']);
+ $column_list_row .= 'Depracted';
break;
case 'Version':
$column_list_row .= $row['version'] ;
@@ -664,18 +664,8 @@
// if no filter is set, construct a new one
if ($entries_private <= 0 && $entries_system <= 0 &&
$entries_public <= 0) {
- // everything except draft
- if ($thisuser->securityLevel() == 3) {
- $this->sql_where .= " AND (t.name = 'status' AND t.value !=
'draft') ";
- }
-
- // new, stable and unknown (if more than translator)
- if ($thisuser->securityLevel() == 2) {
- $this->sql_where .= " AND (t.name = 'status' AND (t.value =
'new' OR t.value = 'stable' OR t.value = 'unknown')) ";
- }
- else {
- $this->sql_where .= " AND (t.name = 'status' AND (t.value =
'new' OR t.value = 'stable')) ";
- }
+ // new, stable
+ $this->sql_where .= " AND (t.name = 'status' AND (t.value =
'new' OR t.value = 'stable')) ";
// set additional needed sql
$this->sql_select .= ", t.name AS tag_name, t.value AS tag_value ";
@@ -685,7 +675,7 @@
// construct additioanl sql for tag-usage from filter
if ($tag_counter > 0) {
- $this->sql_select .= ", ".$tag_counter." AS tag_count";
+ $this->sql_select .= ", ".$tag_counter." AS tag_count";
for ($i = 1; $i <= $tag_counter; $i++) {
$this->sql_select .= ", t".$i.".name AS
tag_name".$i.", t".$i.".value AS tag_value".$i." ";
$this->sql_from .= " JOIN ".ROSCMST_TAGS." t".$i." ON
t".$i.".rev_id = r.id ";
@@ -694,12 +684,12 @@
}
// make sure only private drafts are visible
- if ($thisuser->securityLevel() < 3 && $entries_private > 0) {
+ if (!$thisuser->hasAccess('other_drafts') && $entries_private >
0) {
$this->sql_where .= " AND r.user_id =
'".$thisuser->id()."' ";
}
// either show draft (private) OR stable & new (public) entries, private AND
public entries together are NOT allowed => block
- if ($thisuser->securityLevel() < 2 && (($entries_private > 0
&& $entries_public > 0) || $entries_system > 0)) {
+ if (($entries_private > 0 && $entries_public > 0 &&
$thisuser->hasAccess('mix_priv_pub')) ||
($thisuser->hasAccess('show_sys_entry') && $entries_system > 0)) {
$this->sql_select = "";
$this->sql_from = "";
$this->sql_where = " FALSE ";
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -38,7 +38,7 @@
{
// need to have a logged in user with minimum security level 1
Login::required();
- if (ThisUser::getInstance()->securityLevel() == 0) {
+ if (!ThisUser::getInstance()->hasAccess('CMS')) {
header('location:?page=nopermission');
}
@@ -76,14 +76,10 @@
$group_list .=
($group_list!=''?',':'').$group['name'];
}
- // get security level
- $security_level = $thisuser->securityLevel();
-
// get selected navigation entry
echo_strip('
<div id="myReactOS">
- <strong>'.$thisuser->name().'</strong>
- '.(($security_level > 1) ? '| SecLev: '.$security_level.'
('. $group_list .')' : '').'
+ <strong>'.$thisuser->name().'</strong> ('. $group_list
.')
|
<span onclick="refreshPage()" style="color:#006090;
cursor:pointer;">
<img src="images/reload.gif" alt="reload page"
width="16" height="16" />
@@ -103,8 +99,10 @@
</div>
</div>
</th>
- <td> </td>
-
+ <td> </td>');
+
+ if ($thisuser->hasAccess('website')) {
+ echo_strip('
<th class="int'.(($this->branch == 'website') ?
'2' : '1').'"
onclick="'."loadBranch('website')".'">
<div class="tcL">
<div class="tcR">
@@ -113,8 +111,9 @@
</div>
</th>
<td> </td>');
-
- if
($thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
+ }
+
+ if ($thisuser->hasAccess('user')) {
echo_strip('
<th class="int'.(($this->branch == 'user') ? '2' :
'1').'"
onclick="'."loadBranch('user')".'">
<div class="tcL">
@@ -122,12 +121,11 @@
<div class="text">User</div>
</div>
</div>
-
- </th>
- <td> </td>');
- }
-
- if ($thisuser->isMemberOfGroup('transmaint') ||
$thisuser->securityLevel() == 3) {
+ </th>
+ <td> </td>');
+ }
+
+ if ($thisuser->hasAccess('maintain')) {
echo_strip('
<th class="int'.(($this->branch == 'maintain') ?
'2' : '1').'"
onclick="'."loadBranch('maintain')".'">
<div class="tcL">
@@ -137,27 +135,30 @@
</div>
</th>
<td> </td>');
-
- if ($thisuser->securityLevel() == 3) {
- echo_strip('
- <th class="int'.(($this->branch == 'admin') ?
'2' : '1').'"
onclick="'."loadBranch('admin')".'">
- <div class="tcL">
- <div class="tcR">
- <div class="text">Administration</div>
- </div>
- </div>
- </th>
- <td> </td>
-
- <th class="int'.(($this->branch == 'stats') ?
'2' : '1').'"
onclick="'."loadBranch('stats')".'">
- <div class="tcL">
- <div class="tcR">
- <div class="text">Statistics</div>
- </div>
- </div>
- </th>
- <td> </td>');
- }
+ }
+
+ if ($thisuser->hasAccess('admin')) {
+ echo_strip('
+ <th class="int'.(($this->branch == 'admin') ? '2'
: '1').'"
onclick="'."loadBranch('admin')".'">
+ <div class="tcL">
+ <div class="tcR">
+ <div class="text">Administration</div>
+ </div>
+ </div>
+ </th>
+ <td> </td>');
+ }
+
+ if ($thisuser->hasAccess('stats')) {
+ echo_strip('
+ <th class="int'.(($this->branch == 'stats') ? '2'
: '1').'"
onclick="'."loadBranch('stats')".'">
+ <div class="tcL">
+ <div class="tcR">
+ <div class="text">Statistics</div>
+ </div>
+ </div>
+ </th>
+ <td> </td>');
}
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -39,7 +39,7 @@
$this->register_css('cms_admin.css');
parent::__construct( $page_title, $page_css);
- if (ThisUser::getInstance()->securityLevel() < 3) {
+ if (!ThisUser::getInstance()->hasAccess('admin')) {
die('Not enough rights to get into this area');
}
}
@@ -54,7 +54,7 @@
{
echo_strip('
<ul>
- <li>Access Control Lists
+ <li>Entry Access Control Lists
<ul>
<li><a href="#"
onclick="'."showNew('acl')".'">new</a></li>
<li><a href="#"
onclick="'."showSearch('acl','edit')".'">edit</a></li>
@@ -74,6 +74,11 @@
<li><a href="#"
onclick="'."showSearch('lang','edit')".'">edit</a></li>
</ul>
</li>
+ <li>System Settings
+ <ul>
+ <li><a href="#"
onclick="'."showAreaProtection()".'">Area
Protection</a></li>
+ </ul>
+ </li>
</ul>
<div id="adminarea" style="border: 1px dashed red;">
</div>');
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Maintain.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -52,7 +52,7 @@
protected function body( )
{
// check if user has rights for this area
- if (ThisUser::getInstance()->securityLevel() < 3) {
+ if (!ThisUser::getInstance()->hasAccess('maintain')) {
return;
}
@@ -96,7 +96,7 @@
<img id="ajaxloading" style="display:none;"
src="images/ajax_loading.gif" width="13" height="13"
alt="" />
<br />');
- if (ThisUser::getInstance()->isMemberOfGroup('ros_sadmin')) {
+ if (ThisUser::getInstance()->hasAccess('logs')) {
// display logs
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_User.class.php [iso-8859-1]
Sun Jan 11 06:41:52 2009
@@ -53,7 +53,7 @@
{
$thisuser = &ThisUser::getInstance();
- if
(!$thisuser->isMemberOfGroup('transmaint','ros_admin','ros_sadmin'))
{
+ if (!$thisuser->hasAccess('user')) {
return;
}
@@ -63,18 +63,12 @@
<p style="font-weight: bold;">User Account Management
Interface</p>
<br />');
- if ($thisuser->isMemberOfGroup('ros_admin','ros_sadmin')) {
- echo '<h3>Administrator</h3>';
+ if ($thisuser->hasAccess('more_lang')) {
+ $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id
JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 GROUP BY
u.name ORDER BY editcounter DESC, u.name");
}
- elseif ($thisuser->isMemberOfGroup('transmaint')) {
- echo '<h3>Language Maintainer</h3>';
+ else {
$stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id
JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 AND
r.lang_id = :lang GROUP BY u.name ORDER BY editcounter DESC, u.name");
$stmt->bindParam('lang',Language::getStandardId(),PDO::PARAM_INT);
- }
-
- // for non language maintainers
- if (!isset($stmt)) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT u.id, u.name,
u.fullname, l.name AS language, COUNT(r.id) as editcounter FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_USERS." u ON r.user_id = u.id
JOIN ".ROSCMST_LANGUAGES." l ON u.lang_id=l.id WHERE r.version > 0 GROUP BY
u.name ORDER BY editcounter DESC, u.name");
}
echo_strip('
@@ -83,8 +77,8 @@
<input name="searchopt" type="radio"
id="searchopt1" value="accountname" checked="checked"
onclick="getUser()" /><label>account name</label>
<input name="searchopt" type="radio"
id="searchopt2" value="fullname" onclick="getUser()"
/><label>full name </label>
<input name="searchopt" type="radio"
id="searchopt3" value="email" onclick="getUser()"
/><label>email address</label>
- <input name="searchopt" type="radio"
id="searchopt4" value="website" onclick="getUser()"
/><label>website</label>
- <input name="searchopt" type="radio"
id="searchopt5" value="language" onclick="getUser()"
/><label>language</label>
+ <input name="searchopt" type="radio"
id="searchopt4" value="website" onclick="getUser()"
/><label>website</label>'.($thisuser->hasAccess('more_lang')
? '
+ <input name="searchopt" type="radio"
id="searchopt5" value="language" onclick="getUser()"
/><label>language</label>' : '').'
<img id="ajaxloading" style="display:none;"
src="images/ajax_loading.gif" width="13" height="13"
alt="" /><br />
<br />
</div>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Website.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -97,8 +97,8 @@
var roscms_intern_webserver_roscms =
'".RosCMS::getInstance()->pathRosCMS()."';
var roscms_intern_page_link =
'".RosCMS::getInstance()->pathRosCMS()."?page=';
var roscms_get_edit = '".(isset($_GET['edit']) ?
$_GET['edit'] : '')."';
- var roscms_access_level = ".$thisuser->securityLevel().";
- var roscms_cbm_hide = '".(($thisuser->securityLevel() > 1) ?
'' : ' disabled="disabled"
style="color:#CCCCCC;"')."'; // disable combobox entries for novice
user
+ var roscms_access_level = 3"./*$thisuser->securityLevel().*/";
+ var roscms_cbm_hide = '"./*(($thisuser->securityLevel() > 1) ?
'' : ' disabled="disabled"
style="color:#CCCCCC;"').*/"'; // disable combobox entries for
novice user
// favorite user language
";
@@ -137,7 +137,7 @@
<div id="roscms_container">
<div class="leftMenu" style="position: absolute; top: 0px;
width: 150px; left: 0px; border: 0px; z-index:1;">
- <div id="smenutab1" class="submb"
style="margin-bottom: 1.5em;"
onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
+ <div id="smenutab1" class="submb"
style="margin-bottom: 1.5em;"
onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('new_entry')
? ' style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc1" class="subm2"
style="font-weight: bold;">New Entry</div>
</div>
@@ -149,12 +149,12 @@
</div>
</div>
- <div id="smenutab3" class="submb"
onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
+ <div id="smenutab3" class="submb"
onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('pages') ?
' style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc3"
class="subm2">Page</div>
</div>
</div>
- <div id="smenutab13" class="submb"
onclick="loadMenu(this.id)"'.((!$thisuser->isMemberOfGroup('ros_sadmin'))
? ' style="display:none;"' : '').'>
+ <div id="smenutab13" class="submb"
onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('dynamic_pages')
? ' style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc13"
class="subm2">Dynamic Page</div>
</div>
@@ -164,12 +164,12 @@
<div id="smenutabc4"
class="subm2">Content</div>
</div>
</div>
- <div id="smenutab5" class="submb"
onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
+ <div id="smenutab5" class="submb"
onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('templates')
? ' style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc5"
class="subm2">Template</div>
</div>
</div>
- <div id="smenutab6" class="submb"
onclick="loadMenu(this.id)"'.(($thisuser->securityLevel() == 1 ||
$thisuser->isMemberOfGroup('transmaint')) ? '
style="display:none;"' : '').'>
+ <div id="smenutab6" class="submb"
onclick="loadMenu(this.id)"'.(!$thisuser->hasAccess('scripts') ?
' style="display:none;"' : '').'>
<div class="subm1">
<div id="smenutabc6"
class="subm2">Script</div>
</div>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Welcome.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -62,30 +62,27 @@
<p style="font-weight: bold;">');echo
Data::getContent('web_news', 'system', Language::getStandardId(),
'heading', 'stext').'</p>'.
Data::getContent('web_news', 'system', Language::getStandardId(),
'content', 'text').'<br />';
- if (ThisUser::getInstance()->isMemberOfGroup('translator',
'transmaint')) {
-
- $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_USERS." WHERE id = :user_id LIMIT 1");
-
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
- $stmt->execute();
- $user_lang = $stmt->fetchColumn();
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_USERS." WHERE id = :user_id LIMIT 1");
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+ $stmt->execute();
+ $user_lang = $stmt->fetchColumn();
- if ($user_lang !== false) {
- echo_strip('
- <a name="web_news_langgroup"></a>
- <h3>Translator Information</h3>');
+ if ($user_lang !== false) {
+ echo_strip('
+ <a name="web_news_langgroup"></a>
+ <h3>Translator Information</h3>');
- // try to get content in local language, otherwise use standard language
- $content = Data::getContent('web_news_langgroup', 'system',
$user_lang, 'content', 'text');
- if ($content == '') {
- $content = Data::getContent('web_news_langgroup', 'system',
Language::getStandardId(), 'content', 'text');
- }
- echo $content;
+ // try to get content in local language, otherwise use standard language
+ $content = Data::getContent('web_news_langgroup', 'system',
$user_lang, 'content', 'text');
+ if ($content == '') {
+ $content = Data::getContent('web_news_langgroup', 'system',
Language::getStandardId(), 'content', 'text');
}
- else {
- echo_strip('
- <h2>Please set your favorite language in the
'.RosCMS::siteName().' profile settings.</h2>
- <p>This language will also be the default language to that you can
translate content.</p>');
- }
+ echo $content;
+ }
+ else {
+ echo_strip('
+ <h2>Please set your favorite language in the
'.RosCMS::siteName().' profile settings.</h2>
+ <p>This language will also be the default language to that you can
translate content.</p>');
}
echo '<br />';
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -79,7 +79,7 @@
<li><a
href="'.$config->pathRosCMS().'?page=my">My
Profile</a></li>
<li><a
href="'.$config->pathRosCMS().'?page=search">User
Search</a></li>
<li><a
href="'.$config->pathGenerated().'peoplemap/">User
Map</a></li>');
- if ($thisuser->securityLevel() > 0) {
+ if ($thisuser->hasAccess('CMS')) {
echo '<li><a
href="'.$config->pathRosCMS().'?page=data&branch=welcome">RosCMS
Interface</a></li>';
}
echo_strip('
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
[iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php
[iso-8859-1] Sun Jan 11 06:41:52 2009
@@ -187,7 +187,7 @@
}
// email only for the user itself or admins
- if ($profile['id'] == $thisuser->id() || $thisuser->securityLevel() ==
3) {
+ if ($profile['id'] == $thisuser->id() ||
$thisuser->hasAccess('user_details')) {
echo_strip('
<div class="field">
<div class="key">E-Mail Address </div>
@@ -231,7 +231,7 @@
}
// Groups (only for user itself) and admins
- if ($profile['id'] == $thisuser->id() || $thisuser->securityLevel() ==
3) {
+ if ($profile['id'] == $thisuser->id() ||
$thisuser->hasAccess('user_details')) {
echo_strip('
<div class="field">
<div class="key">User Groups</div>
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Log.class.php [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -44,7 +44,7 @@
*/
public static function prepareInfo( $data_id = 'unknown', $rev_id =
'unknown' )
{
- return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid:
'.ThisUser::getInstance()->id().'; security:
'.Security::rightsOverview($rev_id).'] ';
+ return ' [dataid: '.$data_id.'; revid: '.$rev_id.'; userid:
'.ThisUser::getInstance()->id();
} // end of member function prepare_info
@@ -285,7 +285,7 @@
* @access private
*/
public static function read($level = 'medium', $log = '' ) {
- return
Data::getContent('log_website_'.($log!=''?$log.'_':'').date('Y-W'),
'system', Language::getStandardId(), $level.'_security_log',
'text', 'archive');
+ return
Data::getContent('log_website_'.($log!=''?$log.'_':'').date('Y-W'),
'system', Language::getStandardId(), $level.'_security_log',
'text');
}
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] Sun Jan
11 06:41:52 2009
@@ -162,6 +162,7 @@
*/
public static function required( )
{
+ $thisuser=&ThisUser::getInstance();
// check if user wants to logout
if (isset($_POST['logout'])) {
@@ -195,15 +196,14 @@
}
// collect memberships for current user
- $stmt=&DBConnection::getInstance()->prepare("SELECT g.name_short,
g.security_level FROM ".ROSCMST_MEMBERSHIPS." m JOIN
".ROSCMST_GROUPS." g ON m.group_id = g.id WHERE user_id = :user_id");
+ $stmt=&DBConnection::getInstance()->prepare(" SELECT a.name_short FROM
".ROSCMST_AREA." a JOIN ".ROSCMST_AREA_ACCESS." r ON r.area_id = a.id
JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = r.group_id WHERE m.user_id
=:user_id");
$stmt->bindparam('user_id',$user['id'],PDO::PARAM_INT);
$stmt->execute();
- $memberships = $stmt->fetchAll(PDO::FETCH_ASSOC);
- foreach($memberships as $membership) {
- ThisUser::getInstance()->addGroup($membership);
- }
-
- ThisUser::getInstance()->setData($user);
+ while ($area = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ $thisuser->addAccess($area['name_short']);
+ }
+
+ $thisuser->setData($user);
} // end of member function require
} // end of Login
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -48,25 +48,21 @@
$acl = '';
$sec_access = false; // security access already granted ?
- // only if user has rights to access the interface
- if ($thisuser->securityLevel() > 0) {
+ // go through acl's
+ $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read,
b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM
".ROSCMST_ACCESS." a JOIN ".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id
JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id =
:user_id");
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
+ $stmt->execute();
+ while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
- // go through acl's
- $stmt=&DBConnection::getInstance()->prepare("SELECT a.id, b.can_read,
b.can_add, b.can_write, b.can_delete, b.can_publish, b.can_translate FROM
".ROSCMST_ACCESS." a JOIN ".ROSCMST_ACL." b ON a.id=b.acl_id JOIN
".ROSCMST_MEMBERSHIPS." m ON m.group_id = b.group_id WHERE m.user_id =
:user_id");
- $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
- $stmt->execute();
- while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
-
- // add entries, remove them if they're on the deny list
- if ($access['can_'.$kind] == true) {
- if ($sec_access) {
- $acl .= " , ";
- }
- $acl .=
DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT);
- $sec_access = true;
+ // add entries, remove them if they're on the deny list
+ if ($access['can_'.$kind] == true) {
+ if ($sec_access) {
+ $acl .= " , ";
}
- } // while
- }
+ $acl .=
DBConnection::getInstance()->quote($access['id'],PDO::PARAM_INT);
+ $sec_access = true;
+ }
+ } // while
// group our acl list, or fail because no rights to access
if ($sec_access > 0) {
@@ -82,49 +78,20 @@
/**
- *
- *
- * @access public
- */
- public static function getAccessId( $name_short )
- {
- $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_ACCESS." WHERE name_short=:name_short LIMIT 1");
- $stmt->bindParam('name_short',$name_short,PDO::PARAM_STR);
- $stmt->execute();
- return $stmt->fetchColumn();
- }
-
-
- /**
* Constructs a list of things the user can do
*
* @param int data_id
* @return rights list
* @access private
*/
- private function getRightsList( $rev_id, $is_rev = true )
+ private function getRightsList( $data_id )
{
$thisuser = &ThisUser::getInstance();
- // roscms interface access ?
- if ($thisuser->securityLevel() < 1) {
- return;
- }
-
- // contains list with granted rights
- $rights =
array('read'=>false,'write'=>false,'add'=>false,'delete'=>false,'publish'=>false,'translate'=>false,);
-
// get rights
- if ($is_rev) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT b.can_read,
b.can_add, b.can_delete, b.can_translate, b.can_publish, b.can_write FROM
".ROSCMST_REVISIONS." r JOIN ".ROSCMST_ENTRIES." d ON r.data_id=d.id
JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN ".ROSCMST_ACL." b ON
a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON m.group_id=b.group_id WHERE r.id
= :rev_id AND m.user_id=:user_id");
- $stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT);
- $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
- }
- else {
- $stmt=&DBConnection::getInstance()->prepare("SELECT b.can_read,
b.can_add, b.can_delete, b.can_translate, b.can_publish, b.can_write FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN
".ROSCMST_ACL." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS." m ON
m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id");
- $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT);
- $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
- }
+ $stmt=&DBConnection::getInstance()->prepare("SELECT name_short FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACCESS." a ON d.acl_id=a.id JOIN
".ROSCMST_ENTRY_AREA." b ON a.id=b.acl_id JOIN ".ROSCMST_MEMBERSHIPS."
m ON m.group_id=b.group_id WHERE d.id = :data_id AND m.user_id=:user_id");
+ $stmt->bindParam('data_id',$rev_id,PDO::PARAM_INT);
+ $stmt->bindParam('user_id',$thisuser->id(),PDO::PARAM_INT);
$stmt->execute() or die('Rev-Entry "'.$rev_id.'" not found
[usergroups].');
// create a list with rights
@@ -151,49 +118,16 @@
* @return
* @access public
*/
- public function hasRight( $data_id, $kind )
+ public function hasRight( $data_id, $area )
{
- // only if roscms interface access is granted
- if (ThisUser::getInstance()->securityLevel() < 1) {
- return false;
- }
-
- // return if the requested kind of right is in the rights list for the user
- $rights = self::getRightsList($data_id, false);
- return $rights[$kind];
+return true;
+ $stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_ENTRIES." d JOIN ".ROSCMST_ACL." a ON a.acl_id=d.acl_id JOIN
".ROSCMST_ENTRY_AREA." e ON e.acl_id=a.id JOIN ".ROSCMST_RIGHTS." r ON
r.id=e.right_id JOIN ".ROSCMST_GROUPS." g ON g.id=e.group_id JOIN
".ROSCMST_MEMBERSHIPS." m ON m.group_id=g.id WHERE r.name_short=:area AND
m.user_id=:user_id AND d.id=:data_id LIMIT 1");
+ $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT);
+ $stmt->bindParam('area',$area,PDO::PARAM_STR);
+
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
+ return $stmt->execute();
} // end of member function hasRight
-
- /**
- * gives a short overview about user rights
- *
- * @param int data_id
- * @return explanation
- * @access public
- */
- public function rightsOverview( $data_id )
- {
- // only if roscms interface access is granted
- if (ThisUser::getInstance()->securityLevel() < 1) {
- return;
- }
-
- $rights = self::getRightsList($data_id, false); // so we don't need to call the
same function several times
- $explanation = ''; // contains abbreviations for each right or a - (if
missing) symbol instead
-
- // start to construct list
- $explanation .= $rights['read'] ? '-' : 'r';
- $explanation .= $rights['write'] ? '-' : 'w';
- $explanation .= $rights['add'] ? '-' : 'a';
- $explanation .= $rights['delete'] ? '-' : 'd';
- $explanation .= $rights['publish'] ? '-' : 'p';
- $explanation .= $rights['translate'] ? '-' : 't';
-
- // add also security level
- $explanation .= ' '.ThisUser::getInstance()->securityLevel();
-
- return $explanation;
- } // end of member function rightsOverview
} // end of Security
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Tag.class.php [iso-8859-1] Sun Jan 11
06:41:52 2009
@@ -102,7 +102,7 @@
$tag = $stmt->fetchOnce(PDO::FETCH_ASSOC);
// @unimplemented: account group membership check
- if ($tag['user_id'] == ThisUser::getInstance()->id() ||
ThisUser::getInstance()->securityLevel() > 1) {
+ if ($tag['user_id'] == ThisUser::getInstance()->id() ||
ThisUser::getInstance()->hasAccess('deltag')) {
// finally delete tag
$stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_TAGS." WHERE id = :tag_id LIMIT 1");
@@ -166,7 +166,7 @@
$stmt=&DBConnection::getInstance()->prepare("SELECT 1 FROM
".ROSCMST_TAGS." WHERE tag_id = :tag_id AND user_id IN(-1, 0, :user_id) LIMIT
1");
$stmt->bindParam('tag_id',$tag_id,PDO::PARAM_INT);
$stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT);
- if ($stmt->fetchColumn() || ThisUser::getInstance()->securityLevel() == 3) {
+ if ($stmt->fetchColumn() ||
ThisUser::getInstance()->hasAccess('updatetag')) {
// update value
$stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_TAGS." SET value = :new_value WHERE id=:tag_id");
Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/ThisUser.class.php [iso-8859-1] Sun
Jan 11 06:41:52 2009
@@ -27,60 +27,36 @@
private $security_level = 0;
private $user = array('id'=>0,'name'=>'');
private $groups = array();
+ private $access = array();
/**
- * adds a new membership for this user and registers maximum security level
+ * adds a access area to the allowed list of this user
*
* @access public
*/
- public function addGroup( $group )
+ public function addAccess( $access_area )
{
- $this->groups[$group['name_short']] = $group['security_level'];
- if ($group['security_level'] > $this->security_level)
$this->security_level = $group['security_level'];
+ $this->access[$access_area] = true;
} // end of member function setId
- /**
- * adds a new membership for this user
- *
- * @return array
- * @access public
- */
- public function getGroups( )
- {
- return $this->groups;
- } // end of member function setId
-
/**
- * checks if the user is member of at least in one of the groups
+ * checks if the user has access to a requested area
*
- * @param string group_name
- * @param string group_name2
- * @param string group_name3
+ * @param string access_area name of the area
* @return bool
* @access public
*/
- public function isMemberOfGroup( $group_name, $group_name2 = null, $group_name3 = null
)
+ public function hasAccess( $access_area )
{
- if (@$this->groups[$group_name] > -1 || @$this->groups[$group_name2] > -1
|| @$this->groups[$group_name3] > -1) {
- return true;
+ if (isset($this->access[$access_area])) {
+ return $this->access[$access_area];
}
return false;
} // end of member isGroupMember
-
- /**
- * returns highest security level of users group memberships
- *
- * @return int
- * @access public
- */
- public function securityLevel( )
- {
- return $this->security_level;
- } // end of member function securityLevel
/**
5732
days inactive
5732
days old
0 comments
1 participants
participants (1)
-
dgoette@svn.reactos.org