openrat-cms

# OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs

commit adf12d3b65e94c0fdae20fc09598c12590dc596a
parent 1f359bff35d586cab0bc989387071aeda2cc5cde
Author: Jan Dankert <develop@jandankert.de>
Date:   Tue, 28 May 2019 22:03:17 +0200

Refactoring: Acl-Konstanten als Klassenkonstanten.

Diffstat:
modules/cms-core/action/FolderAction.class.php | 73+++++++++++++++++++++++++++++++++++++------------------------------------
modules/cms-core/action/ObjectAction.class.php | 1168++++++++++++++++++++++++++++++++++++++++----------------------------------------
modules/cms-core/action/PageAction.class.php | 15++++++++-------
modules/cms-core/action/PageelementAction.class.php | 23++++++++++++-----------
modules/cms-core/action/ProjectlistAction.class.php | 3++-
modules/cms-core/action/SearchAction.class.php | 5+++--
modules/cms-core/action/TemplateAction.class.php | 3++-
modules/cms-core/model/Acl.class.php | 180++++++++++++++++++++++++++++++++++++++++---------------------------------------
modules/cms-core/model/BaseObject.class.php | 26+++++++++++++-------------
modules/cms-core/model/User.class.php | 12++++++------
modules/util/Tree.class.php | 11++++++-----
11 files changed, 764 insertions(+), 755 deletions(-)

diff --git a/modules/cms-core/action/FolderAction.class.php b/modules/cms-core/action/FolderAction.class.php @@ -3,6 +3,7 @@ namespace cms\action; use ArchiveTar; +use cms\model\Acl; use cms\model\Image; use cms\model\Language; use cms\model\Project; @@ -443,9 +444,9 @@ class FolderAction extends ObjectAction // // Beim Verschieben und Kopieren muss im Zielordner die Berechtigung // zum Erstellen von Ordner, Dateien oder Seiten vorhanden sein. - if ( ( $type=='link' && $f->hasRight( ACL_CREATE_LINK ) ) || + if ( ( $type=='link' && $f->hasRight( Acl::ACL_CREATE_LINK ) ) || ( ( $type=='move' || $type == 'copy' ) && - ( $f->hasRight(ACL_CREATE_FOLDER) || $f->hasRight(ACL_CREATE_FILE) || $f->hasRight(ACL_CREATE_PAGE) ) ) ) + ( $f->hasRight(Acl::ACL_CREATE_FOLDER) || $f->hasRight(Acl::ACL_CREATE_FILE) || $f->hasRight(Acl::ACL_CREATE_PAGE) ) ) ) // Zielordner hinzuf�gen $otherfolder[$id] = FILE_SEP.implode( FILE_SEP,$f->parentObjectNames(false,true) ); } @@ -485,11 +486,11 @@ class FolderAction extends ObjectAction // F�r die gew�nschte Aktion m�ssen pro Objekt die entsprechenden Rechte // vorhanden sein. - if ( $type == 'copy' && $o->hasRight( ACL_READ ) || - $type == 'move' && $o->hasRight( ACL_DELETE ) || - $type == 'link' && $o->hasRight( ACL_READ ) || - $type == 'archive' && $o->hasRight( ACL_READ ) || - $type == 'delete' && $o->hasRight( ACL_DELETE ) ) + if ( $type == 'copy' && $o->hasRight( Acl::ACL_READ ) || + $type == 'move' && $o->hasRight( Acl::ACL_DELETE ) || + $type == 'link' && $o->hasRight( Acl::ACL_READ ) || + $type == 'archive' && $o->hasRight( Acl::ACL_READ ) || + $type == 'delete' && $o->hasRight( Acl::ACL_DELETE ) ) $objectList[ $id ] = $o->getProperties(); } @@ -524,9 +525,9 @@ class FolderAction extends ObjectAction // // Beim Verschieben und Kopieren muss im Zielordner die Berechtigung // zum Erstellen von Ordner, Dateien oder Seiten vorhanden sein. - if ( ( $type=='link' && $f->hasRight( ACL_CREATE_LINK ) ) || + if ( ( $type=='link' && $f->hasRight( Acl::ACL_CREATE_LINK ) ) || ( ( $type=='move' || $type == 'copy' ) && - ( $f->hasRight(ACL_CREATE_FOLDER) || $f->hasRight(ACL_CREATE_FILE) || $f->hasRight(ACL_CREATE_PAGE) ) ) ) + ( $f->hasRight(Acl::ACL_CREATE_FOLDER) || $f->hasRight(Acl::ACL_CREATE_FILE) || $f->hasRight(Acl::ACL_CREATE_PAGE) ) ) ) { // OK } @@ -555,11 +556,11 @@ class FolderAction extends ObjectAction // Fuer die gewuenschte Aktion muessen pro Objekt die entsprechenden Rechte // vorhanden sein. - if ( $type == 'copy' && $o->hasRight( ACL_READ ) || - $type == 'move' && $o->hasRight( ACL_WRITE ) || - $type == 'link' && $o->hasRight( ACL_READ ) || - $type == 'archive' && $o->hasRight( ACL_READ ) || - $type == 'delete' && $o->hasRight( ACL_DELETE ) ) + if ( $type == 'copy' && $o->hasRight( Acl::ACL_READ ) || + $type == 'move' && $o->hasRight( Acl::ACL_WRITE ) || + $type == 'link' && $o->hasRight( Acl::ACL_READ ) || + $type == 'archive' && $o->hasRight( Acl::ACL_READ ) || + $type == 'delete' && $o->hasRight( Acl::ACL_DELETE ) ) $objectList[ $id ] = $o->getProperties(); else $this->addNotice($o->getType(),$o->name,'no_rights',OR_NOTICE_WARN); @@ -803,13 +804,13 @@ class FolderAction extends ObjectAction public function createView() { - $this->setTemplateVar('mayCreateFolder',$this->folder->hasRight( ACL_CREATE_FOLDER ) ); - $this->setTemplateVar('mayCreateFile' ,$this->folder->hasRight( ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreateText' ,$this->folder->hasRight( ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreateImage' ,$this->folder->hasRight( ACL_CREATE_FILE ) ); - $this->setTemplateVar('mayCreatePage' ,$this->folder->hasRight( ACL_CREATE_PAGE ) ); - $this->setTemplateVar('mayCreateUrl' ,$this->folder->hasRight( ACL_CREATE_LINK ) ); - $this->setTemplateVar('mayCreateLink' ,$this->folder->hasRight( ACL_CREATE_LINK ) ); + $this->setTemplateVar('mayCreateFolder',$this->folder->hasRight( Acl::ACL_CREATE_FOLDER ) ); + $this->setTemplateVar('mayCreateFile' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreateText' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreateImage' ,$this->folder->hasRight( Acl::ACL_CREATE_FILE ) ); + $this->setTemplateVar('mayCreatePage' ,$this->folder->hasRight( Acl::ACL_CREATE_PAGE ) ); + $this->setTemplateVar('mayCreateUrl' ,$this->folder->hasRight( Acl::ACL_CREATE_LINK ) ); + $this->setTemplateVar('mayCreateLink' ,$this->folder->hasRight( Acl::ACL_CREATE_LINK ) ); } @@ -985,7 +986,7 @@ class FolderAction extends ObjectAction $id = $o->objectid; - if ( $o->hasRight(ACL_READ) ) + if ( $o->hasRight(Acl::ACL_READ) ) { $list[$id]['name'] = \Text::maxLength($o->name, 30); $list[$id]['filename'] = \Text::maxLength($o->filename, 20); @@ -1036,7 +1037,7 @@ class FolderAction extends ObjectAction if ( ! $this->folder->isRoot ) $this->setTemplateVar('up_url',Html::url('folder','show',$this->folder->parentid)); - $this->setTemplateVar('writable',$this->folder->hasRight(ACL_WRITE) ); + $this->setTemplateVar('writable',$this->folder->hasRight(Acl::ACL_WRITE) ); $list = array(); @@ -1046,7 +1047,7 @@ class FolderAction extends ObjectAction /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(ACL_READ) ) + if ( $o->hasRight(Acl::ACL_READ) ) { $list[$id]['name'] = \Text::maxLength($o->name, 30); $list[$id]['filename'] = \Text::maxLength($o->filename, 20); @@ -1089,7 +1090,7 @@ class FolderAction extends ObjectAction public function advancedView() { - $this->setTemplateVar('writable',$this->folder->hasRight(ACL_WRITE) ); + $this->setTemplateVar('writable',$this->folder->hasRight(Acl::ACL_WRITE) ); $list = array(); @@ -1099,7 +1100,7 @@ class FolderAction extends ObjectAction /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(ACL_READ) ) + if ( $o->hasRight(Acl::ACL_READ) ) { $list[$id]['objectid'] = $id; $list[$id]['id' ] = 'obj'.$id; @@ -1123,7 +1124,7 @@ class FolderAction extends ObjectAction } } - if ( $this->folder->hasRight(ACL_WRITE) ) + if ( $this->folder->hasRight(Acl::ACL_WRITE) ) { // Alle anderen Ordner ermitteln $otherfolder = array(); @@ -1131,7 +1132,7 @@ class FolderAction extends ObjectAction foreach( $project->getAllFolders() as $id ) { $f = new Folder( $id ); - if ( $f->hasRight( ACL_WRITE ) ) + if ( $f->hasRight( Acl::ACL_WRITE ) ) $otherfolder[$id] = FILE_SEP.implode( FILE_SEP,$f->parentObjectNames(false,true) ); } asort( $otherfolder ); @@ -1147,7 +1148,7 @@ class FolderAction extends ObjectAction $actionList[] = 'link'; $actionList[] = 'archive'; - if ( $this->folder->hasRight(ACL_WRITE) ) + if ( $this->folder->hasRight(Acl::ACL_WRITE) ) { $actionList[] = 'move'; $actionList[] = 'delete'; @@ -1199,7 +1200,7 @@ class FolderAction extends ObjectAction /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(ACL_READ) ) + if ( $o->hasRight(Acl::ACL_READ) ) { $list[$id]['id' ] = $id; $list[$id]['name'] = \Text::maxLength( $o->name ,30); @@ -1330,7 +1331,7 @@ class FolderAction extends ObjectAction public function pubPost() { - if ( !$this->folder->hasRight( ACL_PUBLISH ) ) + if ( !$this->folder->hasRight( Acl::ACL_PUBLISH ) ) throw new \SecurityException('no rights for publish'); $subdirs = ( $this->hasRequestVar('subdirs') ); @@ -1368,16 +1369,16 @@ class FolderAction extends ObjectAction switch( $name) { case 'createfolder': - return !readonly() && $this->folder->hasRight(ACL_CREATE_FOLDER); + return !readonly() && $this->folder->hasRight(Acl::ACL_CREATE_FOLDER); case 'createfile': - return !readonly() && $this->folder->hasRight(ACL_CREATE_FILE); + return !readonly() && $this->folder->hasRight(Acl::ACL_CREATE_FILE); case 'createlink': - return !readonly() && $this->folder->hasRight(ACL_CREATE_LINK); + return !readonly() && $this->folder->hasRight(Acl::ACL_CREATE_LINK); case 'createpage': - return !readonly() && $this->folder->hasRight(ACL_CREATE_PAGE); + return !readonly() && $this->folder->hasRight(Acl::ACL_CREATE_PAGE); case 'remove': return !readonly() && count($this->folder->getObjectIds()) == 0; @@ -1415,7 +1416,7 @@ class FolderAction extends ObjectAction /* @var $o BaseObject */ $id = $o->objectid; - if ( $o->hasRight(ACL_READ) ) + if ( $o->hasRight(Acl::ACL_READ) ) { echo '<li><a href="'. Html::url($o->getType(),'',$id).'">'.$o->filename.'</a></li>'; diff --git a/modules/cms-core/action/ObjectAction.class.php b/modules/cms-core/action/ObjectAction.class.php @@ -1,585 +1,585 @@ -<?php - -namespace cms\action; - -use cms\model\Acl; -use cms\model\Project; -use cms\model\User; -use cms\model\Group; -use cms\model\Page; -use cms\model\Folder; -use cms\model\BaseObject; -use cms\model\Language; -use cms\model\File; -use cms\model\Link; -use Http; -use Session; - - -/** - * Basis-Action-Klasse zum Bearbeiten des Basis-Objektes. - * @author Jan Dankert - */ - -class ObjectAction extends Action -{ - - public $security = Action::SECURITY_USER; - - private $objectid; - - /** - * @var BaseObject - */ - protected $baseObject; - - public function __construct() - { - parent::__construct(); - - } - - - public function init() - { - $this->baseObject = new BaseObject( $this->getRequestId() ); - $this->baseObject->objectLoad(); - } - - public function copyView() - { - $sourceObject = new BaseObject( $this->getRequestId()); - $sourceObject->load(); - - $targetFolder = new BaseObject( $this->getRequestVar('targetFolderId',OR_FILTER_NUMBER)); - $targetFolder->load(); - - $this->setTemplateVar('source' ,$sourceObject->getProperties() ); - $this->setTemplateVar('sourceId',$sourceObject->objectid ); - $this->setTemplateVar('target' ,$targetFolder->getProperties() ); - $this->setTemplateVar('targetId',$targetFolder->objectid ); - $this->setTemplateVar('types' ,array('move'=>'move','moveandlink'=>'moveandlink','copy'=>'copy','link'=>'link') ); - - if ( ! $targetFolder->hasRight(ACL_WRITE) ) - { - $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); - } - } - - - /** - * Ein Fileobjekt wird in einen neuen Ordner kopiert oder verschoben. - */ - public function copyPost() - { - $type = $this->getRequestVar('type'); - $targetObjectId = $this->getRequestVar('targetid',OR_FILTER_NUMBER); - $sourceObjectId = $this->getRequestVar('sourceid',OR_FILTER_NUMBER); - - $sourceObject = new BaseObject( $sourceObjectId ); - $sourceObject->load(); - - $targetFolder = new BaseObject( $targetObjectId ); - $targetFolder->load(); - - // Prüfen, ob Schreibrechte im Zielordner bestehen. - if ( ! $targetFolder->hasRight(ACL_WRITE) ) - { - $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); - return; - } - - switch( $type ) - { - case 'move': - - if ( $sourceObject->isFolder ) - { - $f = new Folder( $sourceObjectId ); - $allsubfolders = $f->getAllSubFolderIds(); - - // Plausibilisierungsprüfung: - // - // Wenn - // - Das Zielverzeichnis sich nicht in einem Unterverzeichnis des zu verschiebenen Ordners liegt - // und - // - Das Zielverzeichnis nicht der zu verschiebene Ordner ist - // dann verschieben - if ( in_array($targetObjectId,$allsubfolders) || $sourceObjectId == $targetObjectId ) - { - $this->addNotice('folder',$sourceObject->name,'ERROR',OR_NOTICE_ERROR); - return; - } - } - - // TODO: - // Beim Verschieben und Kopieren muss im Zielordner die Berechtigung - // zum Erstellen von Ordner, Dateien oder Seiten vorhanden sein. - $sourceObject->setParentId( $targetObjectId ); - $this->addNotice($sourceObject->type, $sourceObject->name, 'moved'); - break; - - case 'moveandlink': - - $oldParentId = $sourceObject->parentid; - - $sourceObject->setParentId( $targetObjectId ); - $this->addNotice($sourceObject->type, $sourceObject->name, 'moved'); - - $link = new Link(); - $link->parentid = $oldParentId; - $link->name = lang('LINK_TO').' '.$sourceObject->name; - $link->filename = $sourceObject->filename; - $link->linkedObjectId = $sourceObjectId; - $link->add(); - $this->addNotice('link', $link->name, 'added'); - - break; - - case 'copy': - - switch( $sourceObject->getType() ) - { - case 'folder': - // Ordner zur Zeit nicht kopieren - // Funktion waere zu verwirrend - $this->addNotice($sourceObject->getType(),$sourceObject->name,'CANNOT_COPY_FOLDER','error'); - break; - - case 'file': - $f = new File( $sourceObjectId ); - $f->load(); - $f->filename = ''; - $f->name = lang('COPY_OF').' '.$f->name; - $f->parentid = $targetObjectId; - $f->add(); - $f->copyValueFromFile( $sourceObjectId ); - - $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); - break; - - case 'page': - $p = new Page( $sourceObjectId ); - $p->load(); - $p->filename = ''; - $p->name = lang('COPY_OF').' '.$p->name; - $p->parentid = $targetObjectId; - $p->add(); - $p->copyValuesFromPage( $sourceObjectId ); - $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); - break; - - case 'link': - $l = new Link( $sourceObjectId ); - $l->load(); - $l->filename = ''; - $l->name = lang('COPY_OF').' '.$l->name; - $l->parentid = $targetObjectId; - $l->add(); - $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); - break; - - default: - throw new \LogicException('fatal: unknown type while deleting'); - } - break; - - case 'link': - - // Beim Verkn�pfen muss im Zielordner die Berechtigung zum Erstellen - // von Verkn�pfungen vorhanden sein. - if ( ! $targetFolder->hasRight(ACL_CREATE_LINK) ) - { - $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); - return; - } - - $link = new Link(); - $link->parentid = $targetObjectId; - $link->name = lang('LINK_TO').' '.$sourceObject->name; - $link->filename = $sourceObject->filename; - $link->linkedObjectId = $sourceObjectId; - $link->isLinkToObject = true; - $link->add(); - $this->addNotice('link', $link->name, 'added'); - // OK - break; - - default: - throw new \LogicException('Unknown type for copying'); - break; - } - - $targetFolder->setTimestamp(); - - } - - /** - * ACL zu einem Objekt setzen - * - * @access public - */ - function aclformPost() - { - $acl = new Acl(); - - $acl->objectid = $this->getRequestId(); - - // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an - // diesem Objekt die ACLs zu aendern. - $o = new BaseObject( $acl->objectid ); - - if ( !$o->hasRight( ACL_GRANT ) ) - throw new \SecurityException('Not allowed to insert permissions.'); // Scheiss Hacker ;) - - // Handelt es sich um eine Benutzer- oder Gruppen ACL? - switch( $this->getRequestVar('type') ) - { - case 'user': - $acl->userid = $this->getRequestVar('userid' ); - - if ( $acl->userid <= 0 ) - { - $this->addValidationError('type' ); - $this->addValidationError('userid',''); - $this->callSubAction('aclform'); - return; - } - break; - case 'group': - $acl->groupid = $this->getRequestVar('groupid'); - if ( $acl->groupid <= 0 ) - { - $this->addValidationError('type' ); - $this->addValidationError('groupid',''); - $this->callSubAction('aclform'); - return; - } - break; - case 'all': - break; - default: - $this->addValidationError('type'); - $this->callSubAction('aclform'); - return; - } - - $acl->languageid = $this->getRequestVar(REQ_PARAM_LANGUAGE_ID); - - $acl->write = ( $this->hasRequestVar('write' ) ); - $acl->prop = ( $this->hasRequestVar('prop' ) ); - $acl->delete = ( $this->hasRequestVar('delete' ) ); - $acl->release = ( $this->hasRequestVar('release' ) ); - $acl->publish = ( $this->hasRequestVar('publish' ) ); - $acl->create_folder = ( $this->hasRequestVar('create_folder') ); - $acl->create_file = ( $this->hasRequestVar('create_file' ) ); - $acl->create_link = ( $this->hasRequestVar('create_link' ) ); - $acl->create_page = ( $this->hasRequestVar('create_page' ) ); - $acl->grant = ( $this->hasRequestVar('grant' ) ); - $acl->transmit = ( $this->hasRequestVar('transmit' ) ); - - $acl->add(); - - // Falls die Berechtigung vererbbar ist, dann diese sofort an - // Unterobjekte vererben. - if ( $acl->transmit ) - { - $folder = new Folder( $acl->objectid ); - $oids = $folder->getObjectIds(); - foreach( $folder->getAllSubfolderIds() as $sfid ) - { - $subfolder = new Folder( $sfid ); - $oids = array_merge($oids,$subfolder->getObjectIds()); - } - - foreach( $oids as $oid ) - { - $acl->objectid = $oid; - $acl->add(); - } - } - - - - - $this->addNotice('','','ADDED',OR_NOTICE_OK); - - $o->setTimestamp(); - } - - - - /** - * Alle Rechte anzeigen - */ - function rightsView() - { - $o = new BaseObject( $this->getRequestId() ); - $o->objectLoadRaw(); - $this->setTemplateVar( 'show',$o->getRelatedAclTypes() ); - $this->setTemplateVar( 'type',$o->getType() ); - - $acllist = array(); - - - foreach( $o->getAllAclIds() as $aclid ) - { - $acl = new Acl( $aclid ); - $acl->load(); - $key = 'bu'.$acl->username.'g'.$acl->groupname.'a'.$aclid; - $acllist[$key] = $acl->getProperties(); - $acllist[$key]['aclid'] = $aclid; - } - ksort( $acllist ); - - $this->setTemplateVar('acls',$acllist ); - - $this->setTemplateVars( $o->getAssocRelatedAclTypes() ); - } - - - - /** - * Alle Rechte anzeigen - */ - function inheritView() - { - $o = new BaseObject( $this->getRequestId() ); - $o->objectLoadRaw(); - $this->setTemplateVar( 'type',$o->getType() ); - - $acllist = array(); - $this->setTemplateVar('acls',$acllist ); - } - - - - /** - * - * @return unknown_type - */ - function inheritPost() - { - Session::close(); - - $folder = new Folder( $this->getRequestId() ); - $folder->load(); - - if ( ! $this->hasRequestVar('inherit') ) - { - $this->addNotice('folder',$folder->name,'NOTHING_DONE',OR_NOTICE_WARN); - return; - } - - - $aclids = $folder->getAllAclIds(); - - $newAclList = array(); - foreach( $aclids as $aclid ) - { - $acl = new Acl( $aclid ); - $acl->load(); - if ( $acl->transmit ) - $newAclList[] = $acl; - } - Logger::debug('inheriting '.count($newAclList).' acls'); - - $oids = $folder->getObjectIds(); - - foreach( $folder->getAllSubfolderIds() as $sfid ) - { - $subfolder = new Folder( $sfid ); - - $oids = array_merge($oids,$subfolder->getObjectIds()); - } - - foreach( $oids as $oid ) - { - $object = new BaseObject( $oid ); - - // Die alten ACLs des Objektes löschen. - foreach( $object->getAllAclIds() as $aclid ) - { - $acl = new Acl( $aclid ); - $acl->objectid = $oid; - $acl->delete(); - Logger::debug('removing acl '.$aclid.' for object '.$oid); - } - - // Vererbbare ACLs des aktuellen Ordners anwenden. - foreach( $newAclList as $newAcl ) - { - $newAcl->objectid = $oid; - $newAcl->add(); - Logger::debug('adding new acl '.$newAcl->aclid.' for object '.$oid); - } - } - - $this->addNotice('folder',$folder->name,'SAVED',OR_NOTICE_OK); - } - - - /** - * Formular anzeigen, um Rechte hinzufuegen - */ - function aclformView() - { - $o = new BaseObject( $this->getRequestId() ); - $o->objectLoadRaw(); - - $this->setTemplateVars( $o->getAssocRelatedAclTypes() ); - $this->setTemplateVar( 'show',$o->getRelatedAclTypes() ); - - $this->setTemplateVar('users' ,User::listAll() ); - $this->setTemplateVar('groups' ,Group::getAll() ); - - $languages = array(0=>lang('ALL_LANGUAGES')); - - $project = new Project( $this->baseObject->projectid ); - - $languages += $project->getLanguages(); - $this->setTemplateVar('languages',$languages ); - $this->setTemplateVar('objectid' ,$o->objectid ); - $this->setTemplateVar('action' ,$this->request->action); - } - - - - /** - * Entfernen einer ACL - * - * @access protected - */ - function delaclPost() - { - $acl = new Acl($this->getRequestVar('aclid')); - $acl->load(); - - // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an - // diesem Objekt die ACLs zu aendern. - $o = new BaseObject( $acl->objectid ); - - if ( !$o->hasRight( ACL_GRANT ) ) - Http::notAuthorized('no grant rights'); // Da wollte uns wohl einer vereimern. - - $acl->delete(); // Weg mit der ACL - - $this->addNotice('','','DELETED',OR_NOTICE_OK); - } - - - /** - * Abspeichern der Ordner-Eigenschaften. - */ - public function propPost() - { - if ( ! $this->hasRequestVar('filename' ) ) - throw new \ValidationException('filename'); - - $this->baseObject->filename = BaseObject::urlify( $this->getRequestVar('filename') ); - $this->baseObject->save(); - - // Name/Beschreibung für alle Sprachen speichern. - foreach( $this->baseObject->getNames() as $name ) - { - $language = new Language( $name->languageid ); - $language->load(); - - if ( $this->hasRequestVar( 'name_'.$language->name ) ) - $name->name = $this->getRequestVar( 'name_'.$language->name ); - if ( $this->hasRequestVar( 'description_'.$language->name ) ) - $name->description = $this->getRequestVar( 'description_'.$language->name ); - - $name->save(); - } - - $this->addNotice($this->baseObject->getType(),$this->baseObject->filename,'PROP_SAVED','ok'); - } - - - - - - - /** - * Eigenschaften anzeigen. - */ - public function propView() - { - $this->setTemplateVar( 'filename', $this->baseObject->filename ); - - $nameProps = array(); - foreach( $this->baseObject->getNames() as $name ) - { - $nameProps[ $name->languageid ] = get_object_vars( $name ); - $language = new Language( $name->languageid ); - $language->load(); - $nameProps[ $name->languageid ]['languageName' ] = $language->name; - $nameProps[ $name->languageid ]['languageIsDefault'] = $language->isDefault; - $nameProps[ $name->languageid ]['languageIsoCode' ] = $language->isoCode; - } - $this->setTemplateVar('names',$nameProps); - - - // Should we do this? - if ( $this->hasRequestVar('creationTimestamp') && $this->userIsAdmin() ) - $this->baseObject->createDate = $this->getRequestVar('creationTimestamp',OR_FILTER_NUMBER); - $this->baseObject->setCreationTimestamp(); - - } - - - public function settingsView() - { - $this->setTemplateVar('settings',$this->baseObject->settings); - - $this->setTemplateVar( 'valid_from_date' ,$this->baseObject->validFromDate==null?'':date('Y-m-d',$this->baseObject->validFromDate) ); - $this->setTemplateVar( 'valid_from_time' ,$this->baseObject->validFromDate==null?'':date('H:i' ,$this->baseObject->validFromDate) ); - $this->setTemplateVar( 'valid_until_date',$this->baseObject->validToDate ==null?'':date('Y-m-d',$this->baseObject->validToDate ) ); - $this->setTemplateVar( 'valid_until_time',$this->baseObject->validToDate ==null?'':date('H:i' ,$this->baseObject->validToDate ) ); - } - - public function settingsPost() - { - $this->baseObject->settings = $this->getRequestVar( 'settings'); - - // Validate YAML-Settings - try { - \Spyc::YAMLLoad( $this->baseObject->settings); - } - catch( \Exception $e ) - { - throw new \ValidationException( 'settings' ); - } - - // Gültigkeitszeiträume speichern. - if ($this->hasRequestVar( 'valid_from_date' )) - $this->baseObject->validFromDate = strtotime( $this->getRequestVar( 'valid_from_date' ).' '.$this->getRequestVar( 'valid_from_time' ) ); - else - $this->baseObject->validFromDate = null; - - if ($this->hasRequestVar( 'valid_until_date')) - $this->baseObject->validToDate = strtotime( $this->getRequestVar( 'valid_until_date').' '.$this->getRequestVar( 'valid_until_time') ); - else - $this->baseObject->validToDate = null; - - - $this->baseObject->save(); - - $this->addNotice($this->baseObject->getType(),$this->baseObject->filename,'SAVED',OR_NOTICE_OK); - } - - - /** - * Stellt fest, ob der angemeldete Benutzer Projekt-Admin ist. - * Dies ist der Fall, wenn der Benutzer PROP-Rechte im Root-Folder hat. - * @return bool|int - */ - protected function userIsProjectAdmin() { - - $project = new Project( $this->baseObject->projectid ); - $rootFolder = new Folder( $project->getRootObjectId() ); - - return $rootFolder->hasRight(ACL_PROP); - } +<?php + +namespace cms\action; + +use cms\model\Acl; +use cms\model\Project; +use cms\model\User; +use cms\model\Group; +use cms\model\Page; +use cms\model\Folder; +use cms\model\BaseObject; +use cms\model\Language; +use cms\model\File; +use cms\model\Link; +use Http; +use Session; + + +/** + * Basis-Action-Klasse zum Bearbeiten des Basis-Objektes. + * @author Jan Dankert + */ + +class ObjectAction extends Action +{ + + public $security = Action::SECURITY_USER; + + private $objectid; + + /** + * @var BaseObject + */ + protected $baseObject; + + public function __construct() + { + parent::__construct(); + + } + + + public function init() + { + $this->baseObject = new BaseObject( $this->getRequestId() ); + $this->baseObject->objectLoad(); + } + + public function copyView() + { + $sourceObject = new BaseObject( $this->getRequestId()); + $sourceObject->load(); + + $targetFolder = new BaseObject( $this->getRequestVar('targetFolderId',OR_FILTER_NUMBER)); + $targetFolder->load(); + + $this->setTemplateVar('source' ,$sourceObject->getProperties() ); + $this->setTemplateVar('sourceId',$sourceObject->objectid ); + $this->setTemplateVar('target' ,$targetFolder->getProperties() ); + $this->setTemplateVar('targetId',$targetFolder->objectid ); + $this->setTemplateVar('types' ,array('move'=>'move','moveandlink'=>'moveandlink','copy'=>'copy','link'=>'link') ); + + if ( ! $targetFolder->hasRight(Acl::ACL_WRITE) ) + { + $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); + } + } + + + /** + * Ein Fileobjekt wird in einen neuen Ordner kopiert oder verschoben. + */ + public function copyPost() + { + $type = $this->getRequestVar('type'); + $targetObjectId = $this->getRequestVar('targetid',OR_FILTER_NUMBER); + $sourceObjectId = $this->getRequestVar('sourceid',OR_FILTER_NUMBER); + + $sourceObject = new BaseObject( $sourceObjectId ); + $sourceObject->load(); + + $targetFolder = new BaseObject( $targetObjectId ); + $targetFolder->load(); + + // Prüfen, ob Schreibrechte im Zielordner bestehen. + if ( ! $targetFolder->hasRight(Acl::ACL_WRITE) ) + { + $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); + return; + } + + switch( $type ) + { + case 'move': + + if ( $sourceObject->isFolder ) + { + $f = new Folder( $sourceObjectId ); + $allsubfolders = $f->getAllSubFolderIds(); + + // Plausibilisierungsprüfung: + // + // Wenn + // - Das Zielverzeichnis sich nicht in einem Unterverzeichnis des zu verschiebenen Ordners liegt + // und + // - Das Zielverzeichnis nicht der zu verschiebene Ordner ist + // dann verschieben + if ( in_array($targetObjectId,$allsubfolders) || $sourceObjectId == $targetObjectId ) + { + $this->addNotice('folder',$sourceObject->name,'ERROR',OR_NOTICE_ERROR); + return; + } + } + + // TODO: + // Beim Verschieben und Kopieren muss im Zielordner die Berechtigung + // zum Erstellen von Ordner, Dateien oder Seiten vorhanden sein. + $sourceObject->setParentId( $targetObjectId ); + $this->addNotice($sourceObject->type, $sourceObject->name, 'moved'); + break; + + case 'moveandlink': + + $oldParentId = $sourceObject->parentid; + + $sourceObject->setParentId( $targetObjectId ); + $this->addNotice($sourceObject->type, $sourceObject->name, 'moved'); + + $link = new Link(); + $link->parentid = $oldParentId; + $link->name = lang('LINK_TO').' '.$sourceObject->name; + $link->filename = $sourceObject->filename; + $link->linkedObjectId = $sourceObjectId; + $link->add(); + $this->addNotice('link', $link->name, 'added'); + + break; + + case 'copy': + + switch( $sourceObject->getType() ) + { + case 'folder': + // Ordner zur Zeit nicht kopieren + // Funktion waere zu verwirrend + $this->addNotice($sourceObject->getType(),$sourceObject->name,'CANNOT_COPY_FOLDER','error'); + break; + + case 'file': + $f = new File( $sourceObjectId ); + $f->load(); + $f->filename = ''; + $f->name = lang('COPY_OF').' '.$f->name; + $f->parentid = $targetObjectId; + $f->add(); + $f->copyValueFromFile( $sourceObjectId ); + + $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); + break; + + case 'page': + $p = new Page( $sourceObjectId ); + $p->load(); + $p->filename = ''; + $p->name = lang('COPY_OF').' '.$p->name; + $p->parentid = $targetObjectId; + $p->add(); + $p->copyValuesFromPage( $sourceObjectId ); + $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); + break; + + case 'link': + $l = new Link( $sourceObjectId ); + $l->load(); + $l->filename = ''; + $l->name = lang('COPY_OF').' '.$l->name; + $l->parentid = $targetObjectId; + $l->add(); + $this->addNotice($sourceObject->getType(),$sourceObject->name,'COPIED','ok'); + break; + + default: + throw new \LogicException('fatal: unknown type while deleting'); + } + break; + + case 'link': + + // Beim Verkn�pfen muss im Zielordner die Berechtigung zum Erstellen + // von Verkn�pfungen vorhanden sein. + if ( ! $targetFolder->hasRight(Acl::ACL_CREATE_LINK) ) + { + $this->addNotice('folder', $targetFolder->name, 'NOT_WRITABLE',OR_NOTICE_ERROR); + return; + } + + $link = new Link(); + $link->parentid = $targetObjectId; + $link->name = lang('LINK_TO').' '.$sourceObject->name; + $link->filename = $sourceObject->filename; + $link->linkedObjectId = $sourceObjectId; + $link->isLinkToObject = true; + $link->add(); + $this->addNotice('link', $link->name, 'added'); + // OK + break; + + default: + throw new \LogicException('Unknown type for copying'); + break; + } + + $targetFolder->setTimestamp(); + + } + + /** + * ACL zu einem Objekt setzen + * + * @access public + */ + function aclformPost() + { + $acl = new Acl(); + + $acl->objectid = $this->getRequestId(); + + // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an + // diesem Objekt die ACLs zu aendern. + $o = new BaseObject( $acl->objectid ); + + if ( !$o->hasRight( Acl::ACL_GRANT ) ) + throw new \SecurityException('Not allowed to insert permissions.'); // Scheiss Hacker ;) + + // Handelt es sich um eine Benutzer- oder Gruppen ACL? + switch( $this->getRequestVar('type') ) + { + case 'user': + $acl->userid = $this->getRequestVar('userid' ); + + if ( $acl->userid <= 0 ) + { + $this->addValidationError('type' ); + $this->addValidationError('userid',''); + $this->callSubAction('aclform'); + return; + } + break; + case 'group': + $acl->groupid = $this->getRequestVar('groupid'); + if ( $acl->groupid <= 0 ) + { + $this->addValidationError('type' ); + $this->addValidationError('groupid',''); + $this->callSubAction('aclform'); + return; + } + break; + case 'all': + break; + default: + $this->addValidationError('type'); + $this->callSubAction('aclform'); + return; + } + + $acl->languageid = $this->getRequestVar(REQ_PARAM_LANGUAGE_ID); + + $acl->write = ( $this->hasRequestVar('write' ) ); + $acl->prop = ( $this->hasRequestVar('prop' ) ); + $acl->delete = ( $this->hasRequestVar('delete' ) ); + $acl->release = ( $this->hasRequestVar('release' ) ); + $acl->publish = ( $this->hasRequestVar('publish' ) ); + $acl->create_folder = ( $this->hasRequestVar('create_folder') ); + $acl->create_file = ( $this->hasRequestVar('create_file' ) ); + $acl->create_link = ( $this->hasRequestVar('create_link' ) ); + $acl->create_page = ( $this->hasRequestVar('create_page' ) ); + $acl->grant = ( $this->hasRequestVar('grant' ) ); + $acl->transmit = ( $this->hasRequestVar('transmit' ) ); + + $acl->add(); + + // Falls die Berechtigung vererbbar ist, dann diese sofort an + // Unterobjekte vererben. + if ( $acl->transmit ) + { + $folder = new Folder( $acl->objectid ); + $oids = $folder->getObjectIds(); + foreach( $folder->getAllSubfolderIds() as $sfid ) + { + $subfolder = new Folder( $sfid ); + $oids = array_merge($oids,$subfolder->getObjectIds()); + } + + foreach( $oids as $oid ) + { + $acl->objectid = $oid; + $acl->add(); + } + } + + + + + $this->addNotice('','','ADDED',OR_NOTICE_OK); + + $o->setTimestamp(); + } + + + + /** + * Alle Rechte anzeigen + */ + function rightsView() + { + $o = new BaseObject( $this->getRequestId() ); + $o->objectLoadRaw(); + $this->setTemplateVar( 'show',$o->getRelatedAclTypes() ); + $this->setTemplateVar( 'type',$o->getType() ); + + $acllist = array(); + + + foreach( $o->getAllAclIds() as $aclid ) + { + $acl = new Acl( $aclid ); + $acl->load(); + $key = 'bu'.$acl->username.'g'.$acl->groupname.'a'.$aclid; + $acllist[$key] = $acl->getProperties(); + $acllist[$key]['aclid'] = $aclid; + } + ksort( $acllist ); + + $this->setTemplateVar('acls',$acllist ); + + $this->setTemplateVars( $o->getAssocRelatedAclTypes() ); + } + + + + /** + * Alle Rechte anzeigen + */ + function inheritView() + { + $o = new BaseObject( $this->getRequestId() ); + $o->objectLoadRaw(); + $this->setTemplateVar( 'type',$o->getType() ); + + $acllist = array(); + $this->setTemplateVar('acls',$acllist ); + } + + + + /** + * + * @return unknown_type + */ + function inheritPost() + { + Session::close(); + + $folder = new Folder( $this->getRequestId() ); + $folder->load(); + + if ( ! $this->hasRequestVar('inherit') ) + { + $this->addNotice('folder',$folder->name,'NOTHING_DONE',OR_NOTICE_WARN); + return; + } + + + $aclids = $folder->getAllAclIds(); + + $newAclList = array(); + foreach( $aclids as $aclid ) + { + $acl = new Acl( $aclid ); + $acl->load(); + if ( $acl->transmit ) + $newAclList[] = $acl; + } + Logger::debug('inheriting '.count($newAclList).' acls'); + + $oids = $folder->getObjectIds(); + + foreach( $folder->getAllSubfolderIds() as $sfid ) + { + $subfolder = new Folder( $sfid ); + + $oids = array_merge($oids,$subfolder->getObjectIds()); + } + + foreach( $oids as $oid ) + { + $object = new BaseObject( $oid ); + + // Die alten ACLs des Objektes löschen. + foreach( $object->getAllAclIds() as $aclid ) + { + $acl = new Acl( $aclid ); + $acl->objectid = $oid; + $acl->delete(); + Logger::debug('removing acl '.$aclid.' for object '.$oid); + } + + // Vererbbare ACLs des aktuellen Ordners anwenden. + foreach( $newAclList as $newAcl ) + { + $newAcl->objectid = $oid; + $newAcl->add(); + Logger::debug('adding new acl '.$newAcl->aclid.' for object '.$oid); + } + } + + $this->addNotice('folder',$folder->name,'SAVED',OR_NOTICE_OK); + } + + + /** + * Formular anzeigen, um Rechte hinzufuegen + */ + function aclformView() + { + $o = new BaseObject( $this->getRequestId() ); + $o->objectLoadRaw(); + + $this->setTemplateVars( $o->getAssocRelatedAclTypes() ); + $this->setTemplateVar( 'show',$o->getRelatedAclTypes() ); + + $this->setTemplateVar('users' ,User::listAll() ); + $this->setTemplateVar('groups' ,Group::getAll() ); + + $languages = array(0=>lang('ALL_LANGUAGES')); + + $project = new Project( $this->baseObject->projectid ); + + $languages += $project->getLanguages(); + $this->setTemplateVar('languages',$languages ); + $this->setTemplateVar('objectid' ,$o->objectid ); + $this->setTemplateVar('action' ,$this->request->action); + } + + + + /** + * Entfernen einer ACL + * + * @access protected + */ + function delaclPost() + { + $acl = new Acl($this->getRequestVar('aclid')); + $acl->load(); + + // Nachschauen, ob der Benutzer ueberhaupt berechtigt ist, an + // diesem Objekt die ACLs zu aendern. + $o = new BaseObject( $acl->objectid ); + + if ( !$o->hasRight( Acl::ACL_GRANT ) ) + Http::notAuthorized('no grant rights'); // Da wollte uns wohl einer vereimern. + + $acl->delete(); // Weg mit der ACL + + $this->addNotice('','','DELETED',OR_NOTICE_OK); + } + + + /** + * Abspeichern der Ordner-Eigenschaften. + */ + public function propPost() + { + if ( ! $this->hasRequestVar('filename' ) ) + throw new \ValidationException('filename'); + + $this->baseObject->filename = BaseObject::urlify( $this->getRequestVar('filename') ); + $this->baseObject->save(); + + // Name/Beschreibung für alle Sprachen speichern. + foreach( $this->baseObject->getNames() as $name ) + { + $language = new Language( $name->languageid ); + $language->load(); + + if ( $this->hasRequestVar( 'name_'.$language->name ) ) + $name->name = $this->getRequestVar( 'name_'.$language->name ); + if ( $this->hasRequestVar( 'description_'.$language->name ) ) + $name->description = $this->getRequestVar( 'description_'.$language->name ); + + $name->save(); + } + + $this->addNotice($this->baseObject->getType(),$this->baseObject->filename,'PROP_SAVED','ok'); + } + + + + + + + /** + * Eigenschaften anzeigen. + */ + public function propView() + { + $this->setTemplateVar( 'filename', $this->baseObject->filename ); + + $nameProps = array(); + foreach( $this->baseObject->getNames() as $name ) + { + $nameProps[ $name->languageid ] = get_object_vars( $name ); + $language = new Language( $name->languageid ); + $language->load(); + $nameProps[ $name->languageid ]['languageName' ] = $language->name; + $nameProps[ $name->languageid ]['languageIsDefault'] = $language->isDefault; + $nameProps[ $name->languageid ]['languageIsoCode' ] = $language->isoCode; + } + $this->setTemplateVar('names',$nameProps); + + + // Should we do this? + if ( $this->hasRequestVar('creationTimestamp') && $this->userIsAdmin() ) + $this->baseObject->createDate = $this->getRequestVar('creationTimestamp',OR_FILTER_NUMBER); + $this->baseObject->setCreationTimestamp(); + + } + + + public function settingsView() + { + $this->setTemplateVar('settings',$this->baseObject->settings); + + $this->setTemplateVar( 'valid_from_date' ,$this->baseObject->validFromDate==null?'':date('Y-m-d',$this->baseObject->validFromDate) ); + $this->setTemplateVar( 'valid_from_time' ,$this->baseObject->validFromDate==null?'':date('H:i' ,$this->baseObject->validFromDate) ); + $this->setTemplateVar( 'valid_until_date',$this->baseObject->validToDate ==null?'':date('Y-m-d',$this->baseObject->validToDate ) ); + $this->setTemplateVar( 'valid_until_time',$this->baseObject->validToDate ==null?'':date('H:i' ,$this->baseObject->validToDate ) ); + } + + public function settingsPost() + { + $this->baseObject->settings = $this->getRequestVar( 'settings'); + + // Validate YAML-Settings + try { + \Spyc::YAMLLoad( $this->baseObject->settings); + } + catch( \Exception $e ) + { + throw new \ValidationException( 'settings' ); + } + + // Gültigkeitszeiträume speichern. + if ($this->hasRequestVar( 'valid_from_date' )) + $this->baseObject->validFromDate = strtotime( $this->getRequestVar( 'valid_from_date' ).' '.$this->getRequestVar( 'valid_from_time' ) ); + else + $this->baseObject->validFromDate = null; + + if ($this->hasRequestVar( 'valid_until_date')) + $this->baseObject->validToDate = strtotime( $this->getRequestVar( 'valid_until_date').' '.$this->getRequestVar( 'valid_until_time') ); + else + $this->baseObject->validToDate = null; + + + $this->baseObject->save(); + + $this->addNotice($this->baseObject->getType(),$this->baseObject->filename,'SAVED',OR_NOTICE_OK); + } + + + /** + * Stellt fest, ob der angemeldete Benutzer Projekt-Admin ist. + * Dies ist der Fall, wenn der Benutzer PROP-Rechte im Root-Folder hat. + * @return bool|int + */ + protected function userIsProjectAdmin() { + + $project = new Project( $this->baseObject->projectid ); + $rootFolder = new Folder( $project->getRootObjectId() ); + + return $rootFolder->hasRight(Acl::ACL_PROP); + } } \ No newline at end of file diff --git a/modules/cms-core/action/PageAction.class.php b/modules/cms-core/action/PageAction.class.php @@ -2,6 +2,7 @@ namespace cms\action; +use cms\model\Acl; use cms\model\Project; use cms\model\Value; use cms\model\Element; @@ -114,7 +115,7 @@ class PageAction extends ObjectAction $value->page = &$this->page; // Ermitteln, ob Inhalt sofort freigegeben werden kann und soll - if ( $this->page->hasRight( ACL_RELEASE ) && $this->hasRequestVar('release') ) + if ( $this->page->hasRight( Acl::ACL_RELEASE ) && $this->hasRequestVar('release') ) $value->publish = true; else $value->publish = false; @@ -238,8 +239,8 @@ class PageAction extends ObjectAction asort($objects); $this->setTemplateVar( 'objects' ,$objects ); - $this->setTemplateVar( 'release' ,$this->page->hasRight(ACL_RELEASE) ); - $this->setTemplateVar( 'publish' ,$this->page->hasRight(ACL_PUBLISH) ); + $this->setTemplateVar( 'release' ,$this->page->hasRight(Acl::ACL_RELEASE) ); + $this->setTemplateVar( 'publish' ,$this->page->hasRight(Acl::ACL_PUBLISH) ); $this->setTemplateVar( 'html' ,$value->element->html ); $this->setTemplateVar( 'wiki' ,$value->element->wiki ); $this->setTemplateVar( 'text' ,$value->text ); @@ -273,7 +274,7 @@ class PageAction extends ObjectAction // Inhalt sofort freigegeben, wenn // - Recht vorhanden // - Freigabe gewuenscht - if ( $value->page->hasRight( ACL_RELEASE ) && $this->getRequestVar('release')!='' ) + if ( $value->page->hasRight( Acl::ACL_RELEASE ) && $this->getRequestVar('release')!='' ) $value->publish = true; else $value->publish = false; @@ -538,8 +539,8 @@ class PageAction extends ObjectAction } } - $this->setTemplateVar( 'release',$this->page->hasRight(ACL_RELEASE) ); - $this->setTemplateVar( 'publish',$this->page->hasRight(ACL_PUBLISH) ); + $this->setTemplateVar( 'release',$this->page->hasRight(Acl::ACL_RELEASE) ); + $this->setTemplateVar( 'publish',$this->page->hasRight(Acl::ACL_PUBLISH) ); $this->setWindowMenu( 'elements' ); $this->setTemplateVar('el',$list); @@ -685,7 +686,7 @@ class PageAction extends ObjectAction */ function pubPost() { - if ( !$this->page->hasRight( ACL_PUBLISH ) ) + if ( !$this->page->hasRight( Acl::ACL_PUBLISH ) ) throw new \SecurityException( 'no right for publish' ); Session::close(); diff --git a/modules/cms-core/action/PageelementAction.class.php b/modules/cms-core/action/PageelementAction.class.php @@ -2,6 +2,7 @@ namespace cms\action; +use cms\model\Acl; use cms\model\Project; use cms\model\User; use cms\model\Value; @@ -327,9 +328,9 @@ class PageelementAction extends Action $this->setTemplateVar( 'objectid',$this->value->page->objectid ); - if ( $this->value->page->hasRight(ACL_RELEASE) ) + if ( $this->value->page->hasRight(Acl::ACL_RELEASE) ) $this->setTemplateVar( 'release',true ); - if ( $this->value->page->hasRight(ACL_PUBLISH) ) + if ( $this->value->page->hasRight(Acl::ACL_PUBLISH) ) $this->setTemplateVar( 'publish',false ); $funktionName = 'edit'.$this->value->element->type; @@ -471,8 +472,8 @@ class PageelementAction extends Action $this->value->page->languageid = $this->value->languageid; $this->value->page->load(); - $this->setTemplateVar( 'release',$this->value->page->hasRight(ACL_RELEASE) ); - $this->setTemplateVar( 'publish',$this->value->page->hasRight(ACL_PUBLISH) ); + $this->setTemplateVar( 'release',$this->value->page->hasRight(Acl::ACL_RELEASE) ); + $this->setTemplateVar( 'publish',$this->value->page->hasRight(Acl::ACL_PUBLISH) ); $this->setTemplateVar( 'objectid',$this->value->page->objectid ); } @@ -666,7 +667,7 @@ class PageelementAction extends Action throw new \LogicException( 'Cannot find value','page-id does not match' ); // Pruefen, ob Berechtigung zum Freigeben besteht - //$this->value->release = $this->page->hasRight(ACL_RELEASE); + //$this->value->release = $this->page->hasRight(Acl::ACL_RELEASE); $this->value->release = false; // Inhalt wieder herstellen, in dem er neu gespeichert wird. @@ -689,7 +690,7 @@ class PageelementAction extends Action throw new LogicException( 'cannot release, bad page' ); // Pruefen, ob Berechtigung zum Freigeben besteht - if ( !$this->page->hasRight(ACL_RELEASE) ) + if ( !$this->page->hasRight(Acl::ACL_RELEASE) ) throw new \SecurityException( 'Cannot release','no right' ); // Inhalt freigeben @@ -901,7 +902,7 @@ class PageelementAction extends Action // Inhalt sofort freigegeben, wenn // - Recht vorhanden // - Freigabe gewuenscht - if ( $value->page->hasRight( ACL_RELEASE ) && $this->hasRequestVar('release') ) + if ( $value->page->hasRight( Acl::ACL_RELEASE ) && $this->hasRequestVar('release') ) $value->publish = true; else $value->publish = false; @@ -936,7 +937,7 @@ class PageelementAction extends Action $this->page->setTimestamp(); // "Letzte Aenderung" setzen // Falls ausgewaehlt die Seite sofort veroeffentlichen - if ( $value->page->hasRight( ACL_PUBLISH ) && $this->hasRequestVar('publish') ) + if ( $value->page->hasRight( Acl::ACL_PUBLISH ) && $this->hasRequestVar('publish') ) { $this->page->publish(); $this->addNotice('pageelement',$value->element->name,'PUBLISHED',OR_NOTICE_OK); @@ -990,8 +991,8 @@ class PageelementAction extends Action } - $this->setTemplateVar( 'release' ,$this->page->hasRight(ACL_RELEASE) ); - $this->setTemplateVar( 'publish' ,$this->page->hasRight(ACL_PUBLISH) ); + $this->setTemplateVar( 'release' ,$this->page->hasRight(Acl::ACL_RELEASE) ); + $this->setTemplateVar( 'publish' ,$this->page->hasRight(Acl::ACL_PUBLISH) ); $this->setTemplateVar( 'html' ,$value->element->html ); $this->setTemplateVar( 'wiki' ,$value->element->wiki ); $this->setTemplateVar( 'text' ,$inputText ); @@ -1297,7 +1298,7 @@ class PageelementAction extends Action */ function pubPost() { - if ( !$this->page->hasRight( ACL_PUBLISH ) ) + if ( !$this->page->hasRight( Acl::ACL_PUBLISH ) ) throw new \SecurityException( 'no right for publish' ); $this->page->public = true; diff --git a/modules/cms-core/action/ProjectlistAction.class.php b/modules/cms-core/action/ProjectlistAction.class.php @@ -2,6 +2,7 @@ namespace cms\action; +use cms\model\Acl; use cms\model\Folder; use cms\model\Project; @@ -59,7 +60,7 @@ class ProjectlistAction extends Action $rootFolder->load(); // Berechtigt für das Projekt? - if ($rootFolder->hasRight(ACL_READ)) { + if ($rootFolder->hasRight(Acl::ACL_READ)) { $list[$id] = array(); $list[$id]['id' ] = $id; $list[$id]['name' ] = $name; diff --git a/modules/cms-core/action/SearchAction.class.php b/modules/cms-core/action/SearchAction.class.php @@ -2,6 +2,7 @@ namespace cms\action; +use cms\model\Acl; use cms\model\Project; use cms\model\User; use cms\model\Value; @@ -219,7 +220,7 @@ class SearchAction extends Action { $o = new BaseObject( $objectid ); $o->load(); - if ($o->hasRight( ACL_READ )) + if ($o->hasRight( Acl::ACL_READ )) $resultList[] = array( 'id' => $objectid, 'type' => $o->getType(), @@ -235,7 +236,7 @@ class SearchAction extends Action $t->load(); $p = new Project( $t->projectid ); $o = new BaseObject( $p->getRootObjectId() ); - if ($o->hasRight( ACL_READ )) + if ($o->hasRight( Acl::ACL_READ )) $resultList[] = array( 'id' => $templateid, 'type'=> 'template', diff --git a/modules/cms-core/action/TemplateAction.class.php b/modules/cms-core/action/TemplateAction.class.php @@ -3,6 +3,7 @@ namespace cms\action; namespace cms\action; +use cms\model\Acl; use cms\model\Element; use cms\model\Project; use cms\model\Template; @@ -598,7 +599,7 @@ class TemplateAction extends Action $page = new Page( $objectid ); $page->load(); - if ( !$page->hasRight( ACL_PUBLISH ) ) + if ( !$page->hasRight( Acl::ACL_PUBLISH ) ) continue; $page->publisher = $publisher; diff --git a/modules/cms-core/model/Acl.class.php b/modules/cms-core/model/Acl.class.php @@ -1,37 +1,34 @@ <?php + namespace cms\model; -// OpenRat Content Management System -// Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de -// -// This program is free software; you can redistribute it and/or -// modify it under the terms of the GNU General Public License -// as published by the Free Software Foundation; either version 2 -// of the License, or (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program; if not, write to the Free Software -// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - - - -// Definition der Berechtigungs-Bits -define('ACL_READ' ,1 ); -define('ACL_WRITE' ,2 ); -define('ACL_PROP' ,4 ); -define('ACL_DELETE' ,8 ); -define('ACL_RELEASE' ,16 ); -define('ACL_PUBLISH' ,32 ); -define('ACL_CREATE_FOLDER',64 ); -define('ACL_CREATE_FILE' ,128 ); -define('ACL_CREATE_LINK' ,256 ); -define('ACL_CREATE_PAGE' ,512 ); -define('ACL_GRANT' ,1024); -define('ACL_TRANSMIT' ,2048); + +/** + * <editor-fold defaultstate="collapsed" desc="license"> + * + * OpenRat Content Management System + * Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de + + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + * </editor-fold> + */ + + + + + /** @@ -41,138 +38,151 @@ define('ACL_TRANSMIT' ,2048); * Falls es mehrere ACLs zu einem Objekt gibt, werden die Berechtigung-Flags addiert. * * @author Jan Dankert - * @package openrat.objects */ class Acl { + // Definition der Berechtigungs-Flags + const ACL_READ = 1; + const ACL_WRITE = 2; + const ACL_PROP = 4; + const ACL_DELETE = 8; + const ACL_RELEASE = 16; + const ACL_PUBLISH = 32; + const ACL_CREATE_FOLDER = 64; + const ACL_CREATE_FILE = 128; + const ACL_CREATE_LINK = 256; + const ACL_CREATE_PAGE = 512; + const ACL_GRANT = 1024; + const ACL_TRANSMIT = 2048; + /** * eindeutige ID dieser ACL * @type Integer */ - var $aclid; + public $aclid; /** * ID des Objektes, f?r das diese Berechtigung gilt * @type Integer */ - var $objectid = 0; + public $objectid = 0; /** * ID des Benutzers * ( = 0 falls die Berechtigung f?r eine Gruppe gilt) * @type Integer */ - var $userid = 0; + public $userid = 0; /** * ID der Gruppe * ( = 0 falls die Berechtigung f?r einen Benutzer gilt) * @type Integer */ - var $groupid = 0; + public $groupid = 0; /** * ID der Sprache * @type Integer */ - var $languageid = 0; + public $languageid = 0; /** * Name der Sprache * @type String */ - var $languagename = ''; + public $languagename = ''; /** * Es handelt sich um eine Standard-Berechtigung * (Falls false, dann Zugriffs-Berechtigung) * @type Boolean */ - var $isDefault = false; + public $isDefault = false; /** * Name des Benutzers, f?r den diese Berechtigung gilt * @type String */ - var $username = ''; + public $username = ''; /** * Name der Gruppe, f?r die diese Berechtigung gilt * @type String */ - var $groupname = ''; + public $groupname = ''; /** * Inhalt lesen (ist immer wahr) * @type Boolean */ - var $read = true; + public $read = true; /** * Inhalt bearbeiten * @type Boolean */ - var $write = false; + public $write = false; /** * Eigenschaften bearbeiten * @type Boolean */ - var $prop = false; + public $prop = false; /** * Objekt l?schen * @type Boolean */ - var $delete = false; + public $delete = false; /** * Objektinhalt freigeben * @type Boolean */ - var $release = false; + public $release = false; /** * Objekt ver?ffentlichen * @type Boolean */ - var $publish = false; + public $publish = false; /** * Unterordner anlegen * @type Boolean */ - var $create_folder = false; + public $create_folder = false; /** * Datei anlegen (bzw. hochladen) * @type Boolean */ - var $create_file = false; + public $create_file = false; /** * Verknuepfung anlegen * @type Boolean */ - var $create_link = false; + public $create_link = false; /** * Seite anlegen * @type Boolean */ - var $create_page = false; + public $create_page = false; /** * Berechtigungen vergeben * @type Boolean */ - var $grant = false; + public $grant = false; /** * Berechtigungen an Unterobjekte vererben * @type Boolean */ - var $transmit = false; + public $transmit = false; public $projectid; @@ -183,7 +193,7 @@ class Acl * * @param Integer Acl-ID */ - function __construct( $aclid = 0 ) + public function __construct( $aclid = 0 ) { if ( $aclid != 0 ) $this->aclid = $aclid; @@ -194,11 +204,9 @@ class Acl * Laden einer ACL inklusive Benutzer-, Gruppen- und Sprachbezeichnungen. * Zum einfachen Laden sollte #loadRaw() benutzt werden. */ - function load() + public function load() { - $db = db_connection(); - - $sql = $db->sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. + $sql = db()->sql( 'SELECT {{acl}}.*,{{user}}.name as username,{{group}}.name as groupname,{{language}}.name as languagename'. ' FROM {{acl}} '. ' LEFT JOIN {{user}} ON {{user}}.id = {{acl}}.userid '. ' LEFT JOIN {{group}} ON {{group}}.id = {{acl}}.groupid '. @@ -223,11 +231,9 @@ class Acl * Laden einer ACL (ohne verknuepfte Namen). * Diese Methode ist schneller als #load(). */ - function loadRaw() + public function loadRaw() { - $db = db_connection(); - - $sql = $db->sql( 'SELECT * '. + $sql = db()->sql( 'SELECT * '. ' FROM {{acl}} '. ' WHERE {{acl}}.id={aclid}' ); @@ -244,7 +250,7 @@ class Acl * * @param row Ergebniszeile aus ACL-Datenbanktabelle */ - function setDatabaseRow( $row ) + public function setDatabaseRow( $row ) { $this->aclid = $row['id']; @@ -272,7 +278,7 @@ class Acl * * @return Array (Schluessel=Berechtigungstyp, Wert=boolean) */ - function getProperties() + public function getProperties() { return Array( 'read' => true, 'write' => $this->write, @@ -326,21 +332,21 @@ class Acl * * @return Integer Bitmaske */ - function getMask() + public function getMask() { // intval(boolean) erzeugt numerisch 0 oder 1 :) - $this->mask = ACL_READ; // immer lesen - $this->mask += ACL_WRITE *intval($this->write ); - $this->mask += ACL_PROP *intval($this->prop ); - $this->mask += ACL_DELETE *intval($this->delete ); - $this->mask += ACL_RELEASE *intval($this->release ); - $this->mask += ACL_PUBLISH *intval($this->publish ); - $this->mask += ACL_CREATE_FOLDER *intval($this->create_folder); - $this->mask += ACL_CREATE_FILE *intval($this->create_file ); - $this->mask += ACL_CREATE_LINK *intval($this->create_link ); - $this->mask += ACL_CREATE_PAGE *intval($this->create_page ); - $this->mask += ACL_GRANT *intval($this->grant ); - $this->mask += ACL_TRANSMIT *intval($this->transmit ); + $this->mask = self::ACL_READ; // immer lesen + $this->mask += self::ACL_WRITE *intval($this->write ); + $this->mask += self::ACL_PROP *intval($this->prop ); + $this->mask += self::ACL_DELETE *intval($this->delete ); + $this->mask += self::ACL_RELEASE *intval($this->release ); + $this->mask += self::ACL_PUBLISH *intval($this->publish ); + $this->mask += self::ACL_CREATE_FOLDER *intval($this->create_folder); + $this->mask += self::ACL_CREATE_FILE *intval($this->create_file ); + $this->mask += self::ACL_CREATE_LINK *intval($this->create_link ); + $this->mask += self::ACL_CREATE_PAGE *intval($this->create_page ); + $this->mask += self::ACL_GRANT *intval($this->grant ); + $this->mask += self::ACL_TRANSMIT *intval($this->transmit ); \Logger::trace('mask of acl '.$this->aclid.': '.$this->mask ); return $this->mask; @@ -353,7 +359,7 @@ class Acl * * @return 0..n-Array */ - function getTrueProperties() + public function getTrueProperties() { $erg = array('read'); if ( $this->write ) $erg[] = 'write'; @@ -376,11 +382,9 @@ class Acl /** * ACL unwiderruflich loeschen. */ - function delete() + public function delete() { - $db = db_connection(); - - $sql = $db->sql( 'DELETE FROM {{acl}} '. + $sql = db()->sql( 'DELETE FROM {{acl}} '. ' WHERE id = {aclid} '. ' AND objectid= {objectid}' ); @@ -396,10 +400,8 @@ class Acl /** * ACL der Datenbank hinzufügen. */ - function add() + public function add() { - $db = db_connection(); - if ( $this->delete ) $this->prop = true; @@ -408,7 +410,7 @@ class Acl $group_comp = intval($this->groupid )>0?'={groupid}':'IS NULL'; $language_comp = intval($this->languageid)>0?'={languageid}':'IS NULL'; - $stmt = $db->sql( <<<SQL + $stmt = db()->sql( <<<SQL SELECT id FROM {{acl}} WHERE userid $user_comp AND groupid $group_comp AND @@ -462,10 +464,10 @@ SQL - $stmt = $db->sql('SELECT MAX(id) FROM {{acl}}'); + $stmt = db()->sql('SELECT MAX(id) FROM {{acl}}'); $this->aclid = intval($stmt->getOne())+1; - $stmt = $db->sql( <<<SQL + $stmt = db()->sql( <<<SQL INSERT INTO {{acl}} (id,userid,groupid,objectid,is_write,is_prop,is_create_folder,is_create_file,is_create_link,is_create_page,is_delete,is_release,is_publish,is_grant,is_transmit,languageid) VALUES( {aclid},{userid},{groupid},{objectid},{write},{prop},{create_folder},{create_file},{create_link},{create_page},{delete},{release},{publish},{grant},{transmit},{languageid} ) diff --git a/modules/cms-core/model/BaseObject.class.php b/modules/cms-core/model/BaseObject.class.php @@ -255,18 +255,18 @@ class BaseObject if ( $user->isAdmin ) { // Administratoren erhalten eine Maske mit allen Rechten - $this->aclMask = ACL_READ + - ACL_WRITE + - ACL_PROP + - ACL_DELETE + - ACL_RELEASE + - ACL_PUBLISH + - ACL_CREATE_FOLDER + - ACL_CREATE_FILE + - ACL_CREATE_LINK + - ACL_CREATE_PAGE + - ACL_GRANT + - ACL_TRANSMIT; + $this->aclMask = Acl::ACL_READ + + Acl::ACL_WRITE + + Acl::ACL_PROP + + Acl::ACL_DELETE + + Acl::ACL_RELEASE + + Acl::ACL_PUBLISH + + Acl::ACL_CREATE_FOLDER + + Acl::ACL_CREATE_FILE + + Acl::ACL_CREATE_LINK + + Acl::ACL_CREATE_PAGE + + Acl::ACL_GRANT + + Acl::ACL_TRANSMIT; } else { @@ -301,7 +301,7 @@ SQL if ( readonly() ) // System ist im Nur-Lese-Zustand - return $type == ACL_READ && $this->aclMask & $type; + return $type == Acl::ACL_READ && $this->aclMask & $type; else // Ermittelte Maske auswerten return $this->aclMask & $type; diff --git a/modules/cms-core/model/User.class.php b/modules/cms-core/model/User.class.php @@ -780,7 +780,7 @@ SQL * Ueberpruft, ob der Benutzer ein bestimmtes Recht hat * * @param $objectid Objekt-Id zu dem Objekt, dessen Rechte untersucht werden sollen - * @param $type Typ des Rechts (Lesen,Schreiben,...) als Konstante ACL_* + * @param $type Typ des Rechts (Lesen,Schreiben,...) als Konstante Acl::ACL_* */ function hasRight( $objectid,$type ) { @@ -788,7 +788,7 @@ SQL if ( $this->isAdmin && !$conf['security']['readonly'] ) return true; - if ( $this->isAdmin && $type & ACL_READ ) + if ( $this->isAdmin && $type & Acl::ACL_READ ) return true; if ( !isset($this->rights[$objectid]) ) @@ -809,13 +809,13 @@ SQL global $conf; if ( $conf['security']['readonly'] ) - if ( $type & ACL_READ ) - $type = ACL_READ; + if ( $type & Acl::ACL_READ ) + $type = Acl::ACL_READ; else $type = 0; - if ( $type & ACL_PUBLISH && $conf['security']['nopublish'] ) - $type -= ACL_PUBLISH; + if ( $type & Acl::ACL_PUBLISH && $conf['security']['nopublish'] ) + $type -= Acl::ACL_PUBLISH; if ( !isset($this->rights[$objectid]) ) diff --git a/modules/util/Tree.class.php b/modules/util/Tree.class.php @@ -1,5 +1,6 @@ <?php +use cms\model\Acl; use cms\model\Element; use cms\model\File; use cms\model\Link; @@ -121,7 +122,7 @@ class Tree $rootFolder->load(); // Berechtigt für das Projekt? - if ( $rootFolder->hasRight( ACL_READ ) ) + if ( $rootFolder->hasRight( Acl::ACL_READ ) ) { $treeElement = new TreeElement(); @@ -152,9 +153,9 @@ class Tree // Ermitteln, ob der Benutzer Projektadministrator ist // Projektadministratoren haben das Recht, im Root-Ordner die Eigenschaften zu aendern. - $userIsProjectAdmin = $folder->hasRight(ACL_PROP); + $userIsProjectAdmin = $folder->hasRight(Acl::ACL_PROP); - if ($folder->hasRight(ACL_READ)) { + if ($folder->hasRight(Acl::ACL_READ)) { $treeElement = new TreeElement(); $treeElement->id = $folder->objectid; // $treeElement->text = $folder->name; @@ -459,7 +460,7 @@ class Tree if ($o->isPage) { // Nur wenn die Seite beschreibbar ist, werden die // Elemente im Baum angezeigt - if ($o->hasRight(ACL_WRITE)) + if ($o->hasRight(Acl::ACL_WRITE)) $treeElement->type = 'pageelements'; } $this->addTreeElement($treeElement); @@ -485,7 +486,7 @@ class Tree foreach ($f->getObjects() as /*@var BaseObject */$o) { // Wenn keine Leseberechtigung - if (!$o->hasRight(ACL_READ)) + if (!$o->hasRight(Acl::ACL_READ)) continue; $treeElement = new TreeElement();