00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00030 function renderArray($array) {
00031 $ret = '';
00032 foreach($array as $val)
00033 $ret .= "'{$val}', ";
00034 $ret = rtrim($ret, ", ");
00035 return $ret;
00036 }
00037
00038 function inner($smallobj) {
00039 $ret = '';
00040 foreach($smallobj as $key => $val) {
00041 $temp = renderArray($val);
00042 $ret .= "'{$key}' : [{$temp}], ";
00043 }
00044 $ret = rtrim($ret, ", ");
00045 return $ret;
00046 }
00047
00048 function customjson($objDesc) {
00049 return "{'Y' : {" . inner($objDesc['Y']) . "}, 'N' : {" . inner($objDesc['N']) . "}}";
00050 }
00051
00058 function getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions) {
00065
00067 $groupIds = array(0, 1);
00068 $groupNames = array('0' => 'Everyone', '1' => 'Logged In Users');
00069 $groupCount = 2;
00070 $groupsQuery = 'SELECT `group_id`, `group_name` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
00071 $groupsResult = mysql_query($groupsQuery);
00072 while($groupsRow = mysql_fetch_row($groupsResult)) {
00073 $groupIds[] = $groupsRow[0];
00074 $groupNames[$groupsRow[0]] = $groupsRow[1];
00075 $groupCount++;
00076 }
00077 mysql_free_result($groupsResult);
00078
00080 $userIds = array(0);
00081 $userNames = array('0' => 'Anonymous');
00082 $userCount = 1;
00083 $usersQuery = 'SELECT `user_id`, `user_name` FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
00084 $usersResult = mysql_query($usersQuery);
00085 while($usersRow = mysql_fetch_row($usersResult)) {
00086 $userNames[$usersRow[0]] = $usersRow[1];
00087 $userIds[] = $usersRow[0];
00088 $userCount++;
00089 }
00090 mysql_free_result($usersResult);
00091
00094 $permIds = array();
00095 $permCount = 0;
00096 $permList = array();
00097 foreach($grantableActions as $moduleName => $actionData) {
00098 if(is_array($actionData) && ($actionCount = count($actionData)) > 0) {
00099 for($i = 0; $i < $actionCount; $i++) {
00100 $permList[$actionData[$i][0]] = array($moduleName, $actionData[$i][1], $actionData[$i][2]);
00101 $permIds[] = $actionData[$i][0];
00102 $permCount++;
00103 }
00104 }
00105 }
00106
00107 if(count($permList) <= 0 || count($pagepath) <= 0) {
00108 displayerror('Fatal Error: Missing arguments to function.');
00109 return;
00110 }
00111
00116 $groupSetPermissions = array();
00117 $userSetPermissions = array();
00118
00119 $userPermTable = '`' . MYSQL_DATABASE_PREFIX . 'userpageperm`';
00120 $permListTable = '`' . MYSQL_DATABASE_PREFIX . 'permissionlist`';
00121 $permQuery = "SELECT `perm_type`, $userPermTable.`perm_id` AS `perm_id`, `page_id`, `usergroup_id`, `perm_permission` " .
00122 "FROM $userPermTable, $permListTable WHERE `page_id` IN (" . join($pagepath, ', ') . ") AND " .
00123 "$userPermTable.`perm_id` IN (" . join($permIds, ', ') .
00124 ") AND $userPermTable.`perm_id` = $permListTable.`perm_id`";
00125 $permResult = mysql_query($permQuery);
00126
00127 while($permRow = mysql_fetch_assoc($permResult)) {
00128 $pageId = $permRow['page_id'];
00129 $permId = $permRow['perm_id'];
00130 $usergroupId = $permRow['usergroup_id'];
00131
00132 $setPermissions = &$groupSetPermissions;
00133 if($permRow['perm_type'] == 'user') {
00134 $setPermissions = &$userSetPermissions;
00135 }
00136
00137 if(!isset($setPermissions[$pageId])) {
00138 $setPermissions[$pageId] = array();
00139 }
00140 if(!isset($setPermissions[$pageId][$usergroupId])) {
00141 $setPermissions[$pageId][$usergroupId] = array();
00142 }
00143 $setPermissions[$pageId][$usergroupId][$permId] = $permRow['perm_permission'] == 'Y' ? true : false;
00144 }
00145
00148 $groupEffectivePermissions = array();
00164 for($i = count($pagepath) - 1; $i >= 0; $i--) {
00165 if(!isset($groupSetPermissions[$pagepath[$i]])) continue;
00166 $pSP = &$groupSetPermissions[$pagepath[$i]];
00167
00168 for($j = 0; $j < $groupCount; $j++) {
00169 if(!isset($pSP[$groupIds[$j]])) continue;
00170 $gSP = &$pSP[$groupIds[$j]];
00171 if(!isset($groupEffectivePermissions[$groupIds[$j]]))
00172 $groupEffectivePermissions[$groupIds[$j]] = array();
00173 $gEP = &$groupEffectivePermissions[$groupIds[$j]];
00174
00175 for($k = 0; $k < $permCount; $k++) {
00176 if(isset($gSP[$permIds[$k]])) {
00177 if(!isset($gEP[$permIds[$k]]) || $gEP[$permIds[$k]] !== false) {
00178 $gEP[$permIds[$k]] = $gSP[$permIds[$k]];
00179 }
00180 }
00181 }
00182 }
00183 }
00184
00186 $userEffectivePermissions = array();
00187
00188 for($i = count($pagepath) - 1; $i >= 0; $i--) {
00189 if(!isset($userSetPermissions[$pagepath[$i]])) continue;
00190 $pSP = &$userSetPermissions[$pagepath[$i]];
00191
00192 for($j = 0; $j < $userCount; $j++) {
00193 if(!isset($pSP[$userIds[$j]])) continue;
00194 $uSP = &$pSP[$userIds[$j]];
00195 if(!isset($userEffectivePermissions[$userIds[$j]]))
00196 $userEffectivePermissions[$userIds[$j]] = array();
00197 $uEP = &$userEffectivePermissions[$userIds[$j]];
00198
00199 for($k = 0; $k < $permCount; $k++) {
00200 if(isset($uSP[$permIds[$k]])) {
00201 if(!isset($uEP[$permIds[$k]]) || $uEP[$permIds[$k]] !== false) {
00202 $uEP[$permIds[$k]] = $uSP[$permIds[$k]];
00203 }
00204 }
00205 }
00206 }
00207 }
00208
00210 $userGroups = array();
00211 $groupsQuery = 'SELECT `user_id`, `group_id` FROM `'.MYSQL_DATABASE_PREFIX.'usergroup` ' .
00212 'ORDER BY `user_id`';
00213 $groupsResult = mysql_query($groupsQuery);
00214 while($groupsRow = mysql_fetch_row($groupsResult)) {
00215 if(!isset($userGroups[$groupsRow[0]])) $userGroups[$groupsRow[0]] = array();
00216 $userGroups[$groupsRow[0]][] = $groupsRow[1];
00217 }
00218 mysql_free_result($groupsResult);
00219
00220
00222 for($i = 0; $i < $userCount; $i++) {
00223 if(!isset($userGroups[$userIds[$i]])) {
00224 if($userIds[$i] == 0)
00225 continue;
00226 else
00227 $userGroups[$userIds[$i]] = array(0, 1);
00228 }
00229 if(!isset($userEffectivePermissions[$userIds[$i]]))
00230 $userEffectivePermissions[$userIds[$i]] = array();
00231
00232 for($j = 0; $j < $permCount; $j++) {
00233 $userGroupCount = count($userGroups[$userIds[$i]]);
00234
00235 for($k = 0; $k < $userGroupCount; $k++) {
00236 if (
00237 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]]) &&
00238 isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]])
00239 ) {
00240
00241 if(!isset($userEffectivePermissions[$userIds[$i]][$permIds[$j]]))
00242 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = false;
00243
00244 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] =
00245 $userEffectivePermissions[$userIds[$i]][$permIds[$j]] ||
00246 $groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]];
00247
00248 }
00249 }
00250 }
00251 }
00252
00253 $sortedGroupPerms = array('Y' => array(), 'N' => array());
00254 $sortedUserPerms = array('Y' => array(), 'N' => array());
00255
00256 foreach($groupEffectivePermissions as $groupid => $data) {
00257 foreach($groupEffectivePermissions[$groupid] as $permid => $value) {
00258 if($value === true) {
00259 if(!isset($sortedGroupPerms['Y'][$groupid]))
00260 $sortedGroupPerms['Y'][$groupid] = array();
00261 $sortedGroupPerms['Y'][$groupid][] = $permid;
00262 } else {
00263 if(!isset($sortedGroupPerms['N'][$groupid]))
00264 $sortedGroupPerms['N'][$groupid] = array();
00265 $sortedGroupPerms['N'][$groupid][] = $permid;
00266 }
00267 }
00268 }
00269
00270 foreach($userEffectivePermissions as $userid => $data) {
00271 foreach($userEffectivePermissions[$userid] as $permid => $value) {
00272 if($value === true) {
00273 if(!isset($sortedUserPerms['Y'][$userid]))
00274 $sortedUserPerms['Y'][$userid] = array();
00275 $sortedUserPerms['Y'][$userid][] = $permid;
00276 } else {
00277 if(!isset($sortedUserPerms['N'][$userid]))
00278 $sortedUserPerms['N'][$userid] = array();
00279 $sortedUserPerms['N'][$userid][] = $permid;
00280 }
00281 }
00282 }
00283
00284 $groupReturnText = customjson($sortedGroupPerms);
00285 $userReturnText = customjson($sortedUserPerms);
00286
00287 $ret = <<<RET
00288 permGroups = {$groupReturnText};
00289 permUsers = {$userReturnText};
00290 RET;
00291 return $ret;
00292 }
00293
00294
00295 function getPermissionId($module, $action) {
00296 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00297 "`page_module` = '$module' AND `perm_action` = '$action'";
00298 $permResult = mysql_query($permQuery);
00299
00300 if($permResult && ($permResultRow = mysql_fetch_array($permResult))) {
00301 return $permResultRow[0];
00302 }
00303 else {
00304 return -1;
00305 }
00306 }
00307
00308
00309
00319 function getPagePermission(array $pagePath, $usergroupid, $action, $module, $permtype = 'group') {
00320 $userpermTable = MYSQL_DATABASE_PREFIX . "userpageperm";
00321 $permissionlistTable = MYSQL_DATABASE_PREFIX . "permissionlist";
00322
00323 $pageids = join($pagePath, ', ');
00324
00325 $permQuery = "SELECT $userpermTable.perm_permission, $userpermTable.page_id FROM $userpermTable, $permissionlistTable ";
00326 $permQuery .= "WHERE $userpermTable.perm_type = '$permtype' AND $userpermTable.page_id IN ($pageids) AND ";
00327 $permQuery .= "$userpermTable.usergroup_id = $usergroupid AND $permissionlistTable.page_module = '$module' AND ";
00328 $permQuery .= "$permissionlistTable.perm_action = '$action' AND $permissionlistTable.perm_id = $userpermTable.perm_id";
00329 $permissionsArray = array ();
00330 if ($permQueryResult = mysql_query($permQuery)) {
00331 while ($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00332 $permissionsArray[$permQueryResultRow['page_id']] = $permQueryResultRow['perm_permission'] == 'Y' ? true : false;
00333 }
00334 }
00335
00341 $permission = -1;
00342 for ($i = count($pagePath) - 1; $i >= 0; $i--) {
00343 if (isset ($permissionsArray[$pagePath[$i]])) {
00344 $permission = $permissionsArray[$pagePath[$i]];
00345 if($permission === false) break;
00346 }
00347 }
00348
00349 if($permission === -1) {
00350 $permission = false;
00351 }
00352 return $permission;
00353 }
00354
00355
00356
00365
00366 function getPermissions($userid, $pageid, $action, $module="") {
00367 if($action!="admin" && getPermissions($userid,0,"admin"))
00368 return true;
00369 if($module=="") {
00370 $query = "SELECT 1 FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE page_module=\"page\" AND perm_action=\"$action\"";
00371 $result = mysql_query($query);
00372 if(mysql_num_rows($result)>=1)
00373 $module = 'page';
00374 else
00375 $module = getEffectivePageModule($pageid);
00376 }
00377 $permission = false;
00378
00379 if($module=="menu" || $module=="external") return getPermissions($userid,getParentPage($pageid),$action);
00382
00383 $pagePath=array();
00384 parseUrlDereferenced($pageid, $pagePath);
00385 foreach(getGroupIds($userid) as $groupid) {
00386 if($permission === true) break;
00387 $permission = getPagePermission($pagePath, $groupid, $action, $module);
00388 }
00389
00390 if($permission === false) {
00391 $permission = getPagePermission($pagePath, $userid, $action, $module, 'user');
00392 }
00393 return $permission;
00394 }
00395
00396
00401 function determineGrantTargetId(&$targettype) {
00402 $targetId = -1;
00403 $targettype = 'group';
00404 $idQuery = '';
00405
00406 if($_POST['optusergroup'] == 'group') {
00407 if($_POST['optgroup012'] == 'group0') {
00408 $targetId = 0;
00409 }
00410 else if($_POST['optgroup012'] == 'group1') {
00411 $targetId = 1;
00412 }
00413 else if($_POST['optgroup012'] == 'group3') {
00414 $targettype = 'user';
00415 $targetId = 0;
00416 }
00417 else {
00418 $idQuery = "SELECT `group_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_name` = '".escape($_POST['modifiablegroups'])."'";
00419 }
00420 }
00421 else if($_POST['optusergroup'] == 'user') {
00422 $hyphenPos = strpos($_POST['useremail'], '-');
00423 if($hyphenPos >= 0) {
00424 $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00425 }
00426 else {
00427 $userEmail = escape($_POST['useremail']);
00428 }
00429
00430 $idQuery = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` = '$userEmail'";
00431 $targettype = 'user';
00432 }
00433
00434 if($targetId == -1 && $idQuery != '') {
00435 $idResult = mysql_query($idQuery);
00436
00437 if($idResult) {
00438 if($idResultRow = mysql_fetch_row($idResult)) {
00439 $targetId = $idResultRow[0];
00440 }
00441 }
00442 }
00443
00444 return $targetId;
00445 }
00446
00447
00448
00457 function grantPermissions($userid, $pageid) {
00458
00459 if(isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
00460 $permtype = escape($_GET['permtype']);
00461 $pageid = escape($_GET['pageid']);
00462 $usergroupid = escape($_GET['usergroupid']);
00463 $permid = escape($_GET['permid']);
00464 $perm = escape($_GET['perm']);
00465 $flag = true;
00466 if($perm == 'Y' || $perm == 'N') {
00467 if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00468 if($permission['perm_permission'] != $perm) {
00469 mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00470 if(mysql_affected_rows() == 0)
00471 $flag = false;
00472 }
00473 } else {
00474 mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('$permtype','$pageid','$usergroupid','$permid','$perm')");
00475 if(mysql_affected_rows() == 0)
00476 $flag = false;
00477 }
00478 } else {
00479 if($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
00480 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
00481 if(mysql_affected_rows() == 0)
00482 $flag = false;
00483 }
00484 }
00485
00486 if($flag)
00487 echo "1";
00488 else
00489 echo "0";
00490 disconnect();
00491 exit();
00492 }
00493
00494 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
00495 global $cmsFolder,$urlRequestRoot, $templateFolder;
00496 $pageid = escape($_GET['pageid']);
00497 if(mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
00498 $pagepath = array();
00499 parseUrlDereferenced($pageid, $pagepath);
00500 $pageid = $pagepath[count($pagepath) - 1];
00501
00502 $groups = array_reverse(getGroupIds($userid));
00503 $virtue = '';
00504 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00505 if($maxPriorityGroup == -1) {
00506 return 'You do not have the required permissions to view this page.';
00507 }
00508
00509 if($virtue == 'user') {
00510 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00511 }
00512 else {
00513 $grantableActions = getGroupPermissions($groups, $pagepath);
00514 }
00515
00516 $actionCount = count($_POST['permission']);
00517 $checkedActions = array();
00518 for($i = 0; $i < $actionCount; $i++) {
00519 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00520
00521 if(isset($_POST[$modTemp.$actTemp])) {
00522 if(isset($grantableActions[$modTemp])) {
00523 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00524 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00525 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00526 break;
00527 }
00528 }
00529 }
00530 }
00531 }
00532 if(count($checkedActions) > 0) {
00533 $grantableActions = $checkedActions;
00534 }
00535
00536 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00537 $modifiableGroupIds = array(0, 1);
00538 for($i = 0; $i < count($modifiableGroups); $i++) {
00539 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00540 }
00541 $permissions = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00542 $ret =<<<RET
00543 pageid = {$pageid};
00544 {$permissions}
00545 RET;
00546 echo $ret;
00547 } else {
00548 echo "Error: Invalid Pageid passed";
00549 }
00550 disconnect();
00551 exit();
00552 }
00553
00554 global $cmsFolder,$urlRequestRoot;
00555 $pagepath = array();
00556 parseUrlDereferenced($pageid, $pagepath);
00557 $pageid = $pagepath[count($pagepath) - 1];
00558
00559 $groups = array_reverse(getGroupIds($userid));
00560 $virtue = '';
00561 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
00562 if($maxPriorityGroup == -1) {
00563 return 'You do not have the required permissions to view this page.';
00564 }
00565
00566 if($virtue == 'user') {
00567 $grantableActions = getGroupPermissions($groups, $pagepath, $userid);
00568 }
00569 else {
00570 $grantableActions = getGroupPermissions($groups, $pagepath);
00571 }
00572 if(isset($_POST['permission']))
00573 $actionCount = count($_POST['permission']);
00574 else $actionCount="";
00575 $checkedActions = array();
00576 for($i = 0; $i < $actionCount; $i++) {
00577 list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
00578
00579 if(isset($_POST[$modTemp.$actTemp])) {
00580 if(isset($grantableActions[$modTemp])) {
00581 for($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
00582 if($grantableActions[$modTemp][$j][1] == $actTemp) {
00583 $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
00584 break;
00585 }
00586 }
00587 }
00588 }
00589 }
00590 if(count($checkedActions) > 0) {
00591 $grantableActions = $checkedActions;
00592 }
00593
00594 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00595 $modifiableGroupIds = array(0, 1);
00596 for($i = 0; $i < count($modifiableGroups); $i++) {
00597 $modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
00598 }
00599 $perms = getAllPermissions();
00600 $permissions = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
00601 $groups = customGetGroups($maxPriorityGroup);
00602 $users = customGetAllUsers();
00603 global $templateFolder;
00604 $smarttableconfig = array (
00605
00606 'permtable' => array(
00607
00608 'sPaginationType' => 'two_button',
00609 'bAutoWidth' => 'false',
00610 'aoColumns' => '{ "sWidth": "100px" }'
00611 ),
00612 'permtable2' => array(
00613 'sPaginationType' => 'two_button',
00614 'bAutoWidth' => 'false',
00615 'aoColumns' => '{ "sWidth": "100px" }'
00616 )
00617 );
00618 $ret = smarttable::render(array('permtable','permtable2'),$smarttableconfig);
00619 $ret .= <<<RET
00620 <style type="text/css" title="currentStyle">
00621 div#permtable_filter input { width: 90px; }
00622 div#permtable2_filter input { width: 90px; }
00623 </style>
00624 <script type="text/javascript" language="javascript" src="$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts/permissionsTable.js"></script>
00625 <script type="text/javascript">
00626 var pageid = {$pageid};
00627 var permissions = {{$perms}};
00628 var permGroups;
00629 var permUsers;
00630 var groups = {{$groups}};
00631 var users = {{$users}};
00632 {$permissions}
00633 var selected = {'permissions' : [], 'users' : [], 'groups' : []};
00634 </script>
00635 <div id='info'></div>
00636 <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
00637 <div id='permTable'>
00638
00639 </div>
00640 <table width=100%>
00641 <tr>
00642 <td width=50%>
00643 <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a><br>
00644 <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
00645
00646 </tbody></table>
00647 </td>
00648 <td width=50%>
00649 <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a><br>
00650 <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
00651
00652 </tbody></table>
00653 </td>
00654 </tr>
00655 </table>
00656
00657 <a href='javascript:populateList()'>Click here if the lists are empty</a>
00658 RET;
00659 global $STARTSCRIPTS;
00660 $STARTSCRIPTS .= " populateList();";
00661 return $ret;
00662 }
00663
00664 function getPerms($pageId, $groupuser, $yesno) {
00665 $ret = "";
00666 $result = mysql_query("SELECT `usergroup_id`, `perm_id` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `page_id` = '{$pageId}' AND `perm_type` = '{$groupuser}' AND `perm_permission` = '{$yesno}'");
00667 while($row = mysql_fetch_array($result))
00668 $perms[$row['usergroup_id']][] = $row['perm_id'];
00669 if(isset($perms))
00670 foreach($perms as $group => $values) {
00671 $ret .= "'" . $group . "' : [";
00672 foreach($values as $value)
00673 $ret .= "'" . $value . "', ";
00674 $ret = rtrim($ret, ", ");
00675 $ret .= "], ";
00676 }
00677 $ret = rtrim($ret, ", ");
00678 return $ret;
00679 }
00680
00681 function customGetAllUsers() {
00682 $ret = "";
00683 $result = mysql_query("SELECT `user_name`,`user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users`");
00684 while($row = mysql_fetch_array($result))
00685 $ret .= "'{$row['user_id']}' : '{$row['user_name']}', ";
00686 $ret = rtrim($ret,", ");
00687 return $ret;
00688 }
00689
00690 function customGetGroups($priority) {
00691 $ret = "'0' : 'Everyone', '1' : 'Logged in Users', ";
00692 $result = mysql_query("SELECT `group_name`,`group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` < {$priority}");
00693 while($row = mysql_fetch_array($result))
00694 $ret .= "'{$row['group_id']}' : '{$row['group_name']}', ";
00695 $ret = rtrim($ret,", ");
00696 return $ret;
00697 }
00698
00699 function getAllPermissions() {
00700 $ret = "";
00701 $result = mysql_query("SELECT `perm_id`,`page_module`,`perm_action` FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`");
00702 while($row = mysql_fetch_array($result))
00703 $ret .= "'{$row['perm_id']}' : '{$row['page_module']} - {$row['perm_action']}', ";
00704 $ret = rtrim($ret,", ");
00705 return $ret;
00706 }
00707
00708
00718 function unsetPagePermission($usergroupid, $pageid, $action, $module, $permtype = 'group') {
00719 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00720 "`perm_action` = '$action' AND `page_module` = '$module'";
00721 $permQueryResult = mysql_query($permQuery);
00722
00723 if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00724 return false;
00725 }
00726
00727 $permid = $permQueryResultRow['perm_id'];
00728
00729 $removeQuery = "DELETE FROM `".MYSQL_DATABASE_PREFIX."userpageperm` " .
00730 "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00731 "`perm_type` = '$permtype' LIMIT 1";
00732 if(mysql_query($removeQuery)) {
00733 return true;
00734 }
00735 else {
00736 return false;
00737 }
00738 }
00739
00740
00741
00752 function setPagePermission($usergroupid, $pageid, $action, $module, $permission, $permtype = 'group') {
00753 $permQuery = "SELECT `perm_id` FROM `".MYSQL_DATABASE_PREFIX."permissionlist` WHERE " .
00754 "`perm_action` = '$action' AND `page_module` = '$module'";
00755 $permQueryResult = mysql_query($permQuery);
00756
00757 if(!$permQueryResult || !($permQueryResultRow = mysql_fetch_assoc($permQueryResult))) {
00758 return false;
00759 }
00760
00761 $permid = $permQueryResultRow['perm_id'];
00762
00763 $updateQuery = '';
00764 $permission = ($permission === true ? 'Y' : 'N');
00765 $permQuery = "SELECT `perm_permission` FROM `".MYSQL_DATABASE_PREFIX."userpageperm` WHERE " .
00766 "`usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00767 "`perm_type` = '$permtype'";
00768 $permQueryResult = mysql_query($permQuery);
00769
00770 if($permQueryResultRow = mysql_fetch_assoc($permQueryResult)) {
00771 if($permission != $permQueryResultRow['perm_permission']) {
00772 $updateQuery = "UPDATE `".MYSQL_DATABASE_PREFIX."userpageperm` SET `perm_permission` = '$permission' " .
00773 "WHERE `usergroup_id` = $usergroupid AND `page_id` = $pageid AND `perm_id` = $permid AND " .
00774 "`perm_type` = '$permtype' LIMIT 1";
00775 }
00776 }
00777 else {
00778 $updateQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."userpageperm` (`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) " .
00779 "VALUES('$permtype', $pageid, $usergroupid, $permid, '$permission')";
00780 }
00781
00782 if($updateQuery != '') {
00783 $updateResult = mysql_query($updateQuery);
00784 if(!$updateResult) {
00785 return false;
00786 }
00787 }
00788
00789 return true;
00790 }
00791
00792
00801 function getMaxPriorityGroup(&$pagepath, $userid, &$groupids, &$virtue) {
00802 if(getPagePermission($pagepath, $userid, 'grant', 'page', 'user')) {
00803 $virtue = 'user';
00804 return $groupids[0];
00805 }
00806 else {
00807 $l = count($groupids);
00808 for($i = 0; $i < $l; $i++) {
00809 if(getPagePermission($pagepath, $groupids[$i], 'grant', 'page')) {
00810 $virtue = 'group';
00811 return $groupids[$i];
00812 }
00813 }
00814 }
00815
00816 return -1;
00817 }
00818
00819 function getModifiableGroups($userId, $maxPriorityGroup, $ordering = 'asc') {
00820 if($ordering != 'asc') $ordering = 'desc';
00821 $modifiableGroups = array(
00822
00823
00824 );
00825
00826 $groupsTable = MYSQL_DATABASE_PREFIX.'groups';
00827 $usergroupTable = MYSQL_DATABASE_PREFIX.'usergroup';
00828
00831
00832 $groupPriority = "(SELECT `group_priority` FROM `$groupsTable` WHERE `group_id` = $maxPriorityGroup)";
00833 if($maxPriorityGroup == 1) $groupPriority = 1;
00834 $groupsQuery = "SELECT `$groupsTable`.`group_id`, `$groupsTable`.`group_name`, `$groupsTable`.`group_description`, `$groupsTable`.`group_priority` " .
00835 "FROM `$groupsTable` WHERE `group_priority` <= $groupPriority ORDER BY `group_priority` $ordering";
00844 $groupsResult = mysql_query($groupsQuery) or die($groupsQuery . '<br />' . mysql_error());
00845
00846 while($groupsRow = mysql_fetch_assoc($groupsResult)) {
00847 $modifiableGroups[] = $groupsRow;
00848 }
00849
00850 return $modifiableGroups;
00851 }
00852
00859 function getGroupPermissions($groupids, $pagepath, $userid = -1) {
00860
00861 $permQuery = "SELECT `perm_id`, `perm_action`, `page_module`, `perm_description` FROM `".MYSQL_DATABASE_PREFIX."permissionlist`";
00862 $permResult = mysql_query($permQuery);
00863 if(!$permResult) {
00864 return '';
00865 }
00866
00867 $permList = array();
00868 $groupCount = count($groupids);
00869
00870 while($permResultRow = mysql_fetch_assoc($permResult)) {
00871 $moduleName = $permResultRow['page_module'];
00872 $actionName = $permResultRow['perm_action'];
00873 $actionDescription = $permResultRow['perm_description'];
00874 $permissionId = $permResultRow['perm_id'];
00875
00876 $permissionSet = false;
00877
00878 for($i = 0; $i < $groupCount; $i++) {
00879 if(getPagePermission($pagepath, $groupids[$i], $actionName, $moduleName)) {
00880 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00881 $permissionSet = true;
00882 break;
00883 }
00884 }
00885
00886 if(!$permissionSet && $userid > -1) {
00887 if(getPagePermission($pagepath, $userid, $actionName, $moduleName, 'user')) {
00888 $permList[$moduleName][] = array($permissionId, $actionName, $actionDescription);
00889 }
00890 }
00891 }
00892
00893 return $permList;
00894 }
00895