« back to all changes in this revision
Viewing changes to server/lib/pages/template.class.php
- browse files at revision 220
- compare with another revision
- download diff
- download tarball
- view history from revision 220
- Committer: Dan Garner
- Date: 2011-08-18 23:37:35 UTC
- mfrom: (219.1.36 server-layout-media-permissions)
- Revision ID: dan@xibo.org.uk-20110818233735-kun5v3ug5jttc7ie
MergedĀ ~dangarner/xibo/server-layout-media-permissions
- files added:
- server/lib/app/permissionmanager.class.php
- files modified:
- server/img/forms/background_timeline.png
added
removed
server/lib/pages/template.class.php
24
24
private $user;
25
25
private $isadmin = false;
26
26
private $has_permissions = true;
27
private $auth;
27
28
28
29
private $sub_page = "";
29
30
30
31
//template table fields
31
32
private $templateid;
32
33
private $template;
33
private $permissionid;
34
34
private $retired;
35
35
private $description;
36
36
private $tags;
57
57
//If we have the template ID get the templates information
58
58
if ($this->templateid != "")
59
59
{
60
$SQL = "SELECT template, description, permissionID, xml, tags, retired, isSystem, thumbnail FROM template WHERE templateID = $this->templateid ";
60
$SQL = "SELECT template, description, xml, tags, retired, isSystem, thumbnail FROM template WHERE templateID = $this->templateid ";
61
61
62
62
if (!$results = $db->query($SQL))
63
63
{
69
69
70
70
$this->template = $row[0];
71
71
$this->description = $row[1];
72
$this->permissionid = $row[2];
73
$this->xml = $row[3];
74
$this->tags = $row[4];
75
$this->retired = $row[5];
76
$this->isSystem = $row[6];
77
$this->thumbnail = $row[7];
78
79
// get the permissions
80
list($see_permission , $this->has_permissions) = $user->eval_permission($ownerid, $this->permissionid);
81
82
//check on permissions
83
if (isset($_REQUEST['ajax']) && (!$this->has_permissions || !$see_permission)) {
84
//ajax request handler
85
trigger_error("You do not have permissions to edit this layout", E_USER_ERROR);
86
}
72
$this->xml = $row[2];
73
$this->tags = $row[3];
74
$this->retired = $row[4];
75
$this->isSystem = $row[5];
76
$this->thumbnail = $row[6];
77
78
$this->auth = $user->TemplateAuth($this->templateid, true);
79
80
if (!$this->auth->edit)
81
trigger_error(__('You do not have permissions to edit this template'), E_USER_ERROR);
87
82
}
88
83
}
89
84
177
172
$SQL .= " template.template, ";
178
173
$SQL .= " CASE WHEN template.issystem = 1 THEN 'Yes' ELSE 'No' END AS issystem, ";
179
174
$SQL .= " template.tags, ";
180
$SQL .= " permission.permission, ";
181
$SQL .= " permission.permissionID, ";
182
175
$SQL .= " template.userID ";
183
176
$SQL .= "FROM template ";
184
$SQL .= "INNER JOIN permission ON template.permissionID = permission.permissionID ";
185
177
$SQL .= "WHERE 1=1 ";
186
178
if ($filter_name != "")
187
179
{
201
193
trigger_error($db->error());
202
194
trigger_error("Can not get the templates - 1st query", E_USER_ERROR);
203
195
}
204
196
197
$msgPermissions = __('Permissions');
198
205
199
$table = <<<END
206
200
<div class="info_table">
207
201
<table style="width:100%;">
210
204
<th>Name</th>
211
205
<th>Is System</th>
212
206
<th>Tags</th>
213
<th>Permissions</th>
207
<th>$msgPermissions</th>
214
208
<th>Owner</th>
215
209
<th>Action</th>
216
210
</tr>
224
218
$template = $row[1];
225
219
$issystem = $row[2];
226
220
$tags = $row[3];
227
$permission = $row[4];
228
$permissionid = $row[5];
229
$userid = $row[6];
221
$userid = $row[4];
230
222
231
223
//get the username from the userID using the user module
232
224
$username = $user->getNameFromID($userid);
233
$group = $user->getGroupFromID($userid);
234
235
//get the permissions
236
list($see_permissions, $edit_permissions) = $user->eval_permission($userid, $permissionid);
237
238
$buttons = "No available Actions";
239
240
if ($edit_permissions && $issystem == 'No')
241
{
242
$buttons = '<button class="XiboFormButton" href="index.php?p=template&q=DeleteTemplateForm&templateId=' . $templateId . '"><span>' . __('Delete') . '</span></button>';
243
}
244
245
if ($see_permissions)
246
{
225
$group = $this->GroupsForTemplate($templateId);
226
227
// Permissions
228
$auth = $this->user->TemplateAuth($templateId, true);
229
230
$buttons = "No available Actions";
231
232
if ($auth->del && $issystem == 'No')
233
$buttons = '<button class="XiboFormButton" href="index.php?p=template&q=DeleteTemplateForm&templateid=' . $templateId . '"><span>' . __('Delete') . '</span></button>';
234
235
if ($auth->modifyPermissions && $issystem == 'No')
236
$buttons .= '<button class="XiboFormButton" href="index.php?p=template&q=PermissionsForm&templateid=' . $templateId . '"><span>' . __('Permissions') . '</span></button>';
237
238
if ($auth->view)
239
{
247
240
$table .= <<<END
248
241
<tr>
249
242
<td>$template</td>
250
243
<td>$issystem</td>
251
244
<td>$tags</td>
252
<td>$permission</td>
245
<td>$group</td>
253
246
<td>$username</td>
254
247
<td>$buttons</td>
255
248
</tr>
303
296
$template = $this->template;
304
297
$description = $this->description;
305
298
$tags = $this->tags;
306
$permissionid = $this->permissionid;
307
299
$retired = $this->retired;
308
300
309
301
//init the retired option
326
318
END;
327
319
}
328
320
329
$shared_list = dropdownlist("SELECT permissionID, permission FROM permission", "permissionid", $permissionid);
330
331
321
$form = <<<END
332
322
333
323
<form class="XiboForm" action="$action" method="post">
345
335
<tr>
346
336
<td><label for="description" title="An optional description of this template.">Description</label></td>
347
337
<td><input type="text" id="description" name="description" value="$description"></td>
348
<td><label for="permissionid" title="What permissions to give this template.">Sharing <span class="required">*</span></label></td>
349
<td>$shared_list</td>
350
338
</tr>
351
339
<tr>
352
340
<td></td>
373
361
374
362
$template = $_POST['template'];
375
363
$tags = $_POST['tags'];
376
$permissionid = Kit::GetParam('permissionid', _POST, _INT);
377
364
$description = $_POST['description'];
378
365
379
366
$layoutid = $_POST['layoutid'];
421
408
}
422
409
423
410
//Insert the template
424
$SQL = "INSERT INTO template (template, tags, issystem, retired, description, createdDT, modifiedDT, userID, xml, permissionID) ";
425
$SQL.= " VALUES ('$template', '$tags', 0, 0, '$description', '$currentdate', '$currentdate', $userid, '$xml', $permissionid) ";
411
$SQL = "INSERT INTO template (template, tags, issystem, retired, description, createdDT, modifiedDT, userID, xml) ";
412
$SQL.= " VALUES ('$template', '$tags', 0, 0, '$description', '$currentdate', '$currentdate', $userid, '$xml') ";
426
413
427
414
if (!$db->query($SQL))
428
415
{
459
446
$response = new ResponseManager();
460
447
$helpManager = new HelpManager($db, $user);
461
448
462
$templateId = Kit::GetParam('templateId', _POST, _INT);
449
if (!$this->auth->del)
450
trigger_error(__('You do not have permissions to delete this template'), E_USER_ERROR);
451
452
$templateId = Kit::GetParam('templateid', _POST, _INT);
463
453
464
454
if ($templateId == 0)
465
455
trigger_error(__('No template found'), E_USER_ERROR);
489
479
$user =& $this->user;
490
480
$response = new ResponseManager();
491
481
$helpManager = new HelpManager($db, $user);
482
483
if (!$this->auth->del)
484
trigger_error(__('You do not have permissions to delete this template'), E_USER_ERROR);
492
485
493
$templateId = Kit::GetParam('templateId', _GET, _INT);
486
$templateId = Kit::GetParam('templateid', _GET, _INT);
494
487
495
488
if ($templateId == 0)
496
489
trigger_error(__('No template found'), E_USER_ERROR);
546
539
547
540
return $xml->saveXML();
548
541
}
542
543
/**
544
* Get a list of group names for a layout
545
* @param <type> $layoutId
546
* @return <type>
547
*/
548
private function GroupsForTemplate($templateId)
549
{
550
$db =& $this->db;
551
552
$SQL = '';
553
$SQL .= 'SELECT `group`.Group ';
554
$SQL .= ' FROM `group` ';
555
$SQL .= ' INNER JOIN lktemplategroup ';
556
$SQL .= ' ON `group`.GroupID = lktemplategroup.GroupID ';
557
$SQL .= ' WHERE lktemplategroup.TemplateID = %d ';
558
559
$SQL = sprintf($SQL, $templateId);
560
561
if (!$results = $db->query($SQL))
562
{
563
trigger_error($db->error());
564
trigger_error(__('Unable to get group information for template'), E_USER_ERROR);
565
}
566
567
$groups = '';
568
569
while ($row = $db->get_assoc_row($results))
570
{
571
$groups .= $row['Group'] . ', ';
572
}
573
574
$groups = trim($groups);
575
$groups = trim($groups, ',');
576
577
return $groups;
578
}
579
580
public function PermissionsForm()
581
{
582
$db =& $this->db;
583
$user =& $this->user;
584
$response = new ResponseManager();
585
$helpManager = new HelpManager($db, $user);
586
587
$templateId = Kit::GetParam('templateid', _GET, _INT);
588
589
if (!$this->auth->modifyPermissions)
590
trigger_error(__('You do not have permissions to edit this template'), E_USER_ERROR);
591
592
// Form content
593
$form = '<form id="TemplatePermissionsForm" class="XiboForm" method="post" action="index.php?p=template&q=Permissions">';
594
$form .= '<input type="hidden" name="templateid" value="' . $templateId . '" />';
595
$form .= '<div class="dialog_table">';
596
$form .= ' <table style="width:100%">';
597
$form .= ' <tr>';
598
$form .= ' <th>' . __('Group') . '</th>';
599
$form .= ' <th>' . __('View') . '</th>';
600
$form .= ' <th>' . __('Edit') . '</th>';
601
$form .= ' <th>' . __('Delete') . '</th>';
602
$form .= ' </tr>';
603
604
// List of all Groups with a view/edit/delete checkbox
605
$SQL = '';
606
$SQL .= 'SELECT `group`.GroupID, `group`.`Group`, View, Edit, Del, `group`.IsUserSpecific ';
607
$SQL .= ' FROM `group` ';
608
$SQL .= ' LEFT OUTER JOIN lktemplategroup ';
609
$SQL .= ' ON lktemplategroup.GroupID = group.GroupID ';
610
$SQL .= ' AND lktemplategroup.TemplateID = %d ';
611
$SQL .= ' WHERE `group`.GroupID <> %d ';
612
$SQL .= 'ORDER BY `group`.IsEveryone DESC, `group`.IsUserSpecific, `group`.`Group` ';
613
614
$SQL = sprintf($SQL, $templateId, $user->getGroupFromId($user->userid, true));
615
616
if (!$results = $db->query($SQL))
617
{
618
trigger_error($db->error());
619
trigger_error(__('Unable to get permissions for this template'), E_USER_ERROR);
620
}
621
622
while($row = $db->get_assoc_row($results))
623
{
624
$groupId = $row['GroupID'];
625
$group = ($row['IsUserSpecific'] == 0) ? '<strong>' . $row['Group'] . '</strong>' : $row['Group'];
626
627
$form .= '<tr>';
628
$form .= ' <td>' . $group . '</td>';
629
$form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_view" ' . (($row['View'] == 1) ? 'checked' : '') . '></td>';
630
$form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_edit" ' . (($row['Edit'] == 1) ? 'checked' : '') . '></td>';
631
$form .= ' <td><input type="checkbox" name="groupids[]" value="' . $groupId . '_del" ' . (($row['Del'] == 1) ? 'checked' : '') . '></td>';
632
$form .= '</tr>';
633
}
634
635
$form .= '</table>';
636
$form .= '</div>';
637
$form .= '</form>';
638
639
$response->SetFormRequestResponse($form, __('Permissions'), '350px', '500px');
640
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Template', 'Permissions') . '")');
641
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
642
$response->AddButton(__('Save'), '$("#TemplatePermissionsForm").submit()');
643
$response->Respond();
644
}
645
646
public function Permissions()
647
{
648
$db =& $this->db;
649
$user =& $this->user;
650
$response = new ResponseManager();
651
Kit::ClassLoader('templategroupsecurity');
652
653
$templateId = Kit::GetParam('templateid', _POST, _INT);
654
$groupIds = Kit::GetParam('groupids', _POST, _ARRAY);
655
656
if (!$this->auth->modifyPermissions)
657
trigger_error(__('You do not have permissions to edit this template'), E_USER_ERROR);
658
659
// Unlink all
660
$security = new TemplateGroupSecurity($db);
661
if (!$security->UnlinkAll($templateId))
662
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
663
664
// Some assignments for the loop
665
$lastGroupId = 0;
666
$first = true;
667
$view = 0;
668
$edit = 0;
669
$del = 0;
670
671
// List of groupIds with view, edit and del assignments
672
foreach($groupIds as $groupPermission)
673
{
674
$groupPermission = explode('_', $groupPermission);
675
$groupId = $groupPermission[0];
676
677
if ($first)
678
{
679
// First time through
680
$first = false;
681
$lastGroupId = $groupId;
682
}
683
684
if ($groupId != $lastGroupId)
685
{
686
// The groupId has changed, so we need to write the current settings to the db.
687
// Link new permissions
688
if (!$security->Link($templateId, $lastGroupId, $view, $edit, $del))
689
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
690
691
// Reset
692
$lastGroupId = $groupId;
693
$view = 0;
694
$edit = 0;
695
$del = 0;
696
}
697
698
switch ($groupPermission[1])
699
{
700
case 'view':
701
$view = 1;
702
break;
703
704
case 'edit':
705
$edit = 1;
706
break;
707
708
case 'del':
709
$del = 1;
710
break;
711
}
712
}
713
714
// Need to do the last one
715
if (!$first)
716
{
717
if (!$security->Link($templateId, $lastGroupId, $view, $edit, $del))
718
trigger_error(__('Unable to set permissions'), E_USER_ERROR);
719
}
720
721
$response->SetFormSubmitResponse(__('Permissions Changed'));
722
$response->Respond();
723
}
549
724
}
550
725
?>
b'\\ No newline at end of file'
Loggerhead is a web-based interface for Breezy
Version: 2.0.1