From 32662367ec676159582e72b57772525a012a9074 Mon Sep 17 00:00:00 2001
From: Martin Kamerbeek <martin@webgui-svn>
Date: Tue, 19 Dec 2006 18:10:12 +0000
Subject: [PATCH] A bunch of sqlform fixes

---
 docs/changelog/7.x.x.txt                      |  9 ++
 .../default-sqlform-search.tmpl               | 83 +++++++++++++++++++
 lib/WebGUI/Asset/Wobject/SQLForm.pm           | 61 +++++++++++++-
 .../wobject/SQLForm/SQLFormEditField.js       |  5 +-
 4 files changed, 155 insertions(+), 3 deletions(-)
 create mode 100644 docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index ebf6d15d3..ca685e8fe 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -11,6 +11,15 @@
  - fix: CS Phishing Exploit.
  - fix: Groups admin gui
  - fix: Wiki does not show history correctly
+ - fix: SQLForm - Field Constraint (Martin Kamerbeek / Oqapi)
+ - fix: SQLForm - Default search template uses downloadUrl in stead of 
+   templateUrl for displaying thumbnails. (Martin Kamerbeek / Oqapi)
+ - fix: SQLForm - Required file fields could be left open (Martin Kamerbeek / 
+   Oqapi)
+ - fix: SQLForm - Using radio buttons would error when re-edited (Martin Kamerbeek /
+   Oqapi)
+ - fix: SQLForm - DBD Error handling (Martin Kamerbeek / Oqapi)
+ 
 
 7.3.1
  - Fixed a problem with IE and resizable text areas that caused IE to crash
diff --git a/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl b/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl
new file mode 100644
index 000000000..f4c512a07
--- /dev/null
+++ b/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl
@@ -0,0 +1,83 @@
+#SQLFormSearchTmpl00001
+
+<a name="id<tmpl_var assetId>"></a>
+
+<tmpl_if session.var.adminOn>
+	<p><tmpl_var controls></p>
+</tmpl_if>
+
+<div class="SQLForm-contentBox">
+
+<tmpl_if displayTitle>
+	<h1><tmpl_var title></h1>
+</tmpl_if>
+
+<tmpl_var managementLinks>
+
+<h2>Search records</h2>
+<a href="<tmpl_var superSearch.url>"><tmpl_var superSearch.label></a><br />
+
+<tmpl_if errorOccurred>
+Some error(s) occurred:
+<ul>
+	<tmpl_loop errorLoop>
+	<li><tmpl_var error.message></li>
+	</tmpl_loop>
+</ul>
+</tmpl_if>
+
+<tmpl_var searchForm>
+
+<tmpl_if showFieldsDefined>
+<tmpl_var searchResults.header>
+<tmpl_var searchResults.actionButtons>
+<table border="0">
+	<tr>
+		<th></th>
+		<tmpl_if showMetaData>
+		<th>Last update</th>
+		<th>Last update by</th>
+		</tmpl_if>
+	<tmpl_loop headerLoop>
+		<th <tmpl_if
+header.sort.onThis>color="red"</tmpl_if>>
+			<a href="<tmpl_var header.sort.url>">
+			<tmpl_var header.title> 
+			<tmpl_if header.sort.onThis><tmpl_if header.sort.ascending>(asc)<tmpl_else>(desc)</tmpl_if></tmpl_if></a></th>
+	</tmpl_loop>
+	</tr>
+	<tmpl_loop searchResults.recordLoop>
+	<tr>
+		<td><tmpl_var record.controls></td>
+		<tmpl_if showMetaData>
+		<td><tmpl_var record.updateDate></td>
+		<td><tmpl_var record.updatedBy></td>
+		</tmpl_if>
+		<tmpl_loop record.valueLoop>
+		<td>
+		<tmpl_if record.value.isFile>
+			<tmpl_if record.value>
+				<a href="<tmpl_var record.value.downloadUrl>">
+				<tmpl_if record.value.isImage>
+					<img width="100" src="<tmpl_var record.value.thumbnailUrl>" alt="<tmpl_var record.value.downloadUrl>" />
+				<tmpl_else>
+					Click here for file
+				</tmpl_if>
+				</a>
+			</tmpl_if>
+		<tmpl_else>
+			<tmpl_var record.value>
+		</tmpl_if>
+		</td>
+		</tmpl_loop>
+	</tr>
+	</tmpl_loop>
+</table>
+<tmpl_var searchResults.actionButtons>
+<tmpl_var searchResults.footer>
+<tmpl_else>
+No fields are defined to be shown in the search results.
+</tmpl_if>
+
+</div>
+
diff --git a/lib/WebGUI/Asset/Wobject/SQLForm.pm b/lib/WebGUI/Asset/Wobject/SQLForm.pm
index 066a56f3e..ffe712bfc 100644
--- a/lib/WebGUI/Asset/Wobject/SQLForm.pm
+++ b/lib/WebGUI/Asset/Wobject/SQLForm.pm
@@ -608,6 +608,49 @@ sub _createFieldType {
 
 #-------------------------------------------------------------------
 
+=head2 _databaseLinkHasPrivileges ( wantedPrivileges, databaseLink )
+
+Returns true if the database link has at least the given privileges.
+
+=head3 wantedPrivileges
+
+Arrayref containing the desired privileges (eg. ['SELECT','ALTER'])
+
+=head3 databaseName
+
+The name of the database you want to check the privileges of.
+
+=head3 databaseLink
+
+An instanciated databaselink object. Defaults to the databaselink of the sqlform table.
+
+=cut
+
+sub _databaseLinkHasPrivileges {
+	my (@privileges, @grants, $databaseName);
+	my $self = shift;
+	my $wantedPrivileges = shift;
+	my $dbLink = shift || $self->_getDbLink;
+
+	($databaseName = $dbLink->get->{DSN}) =~ s/^[^:]*:[^:]*:([^:]*)(:.*)?$/$1/;
+
+	@grants = $dbLink->db->buildArray('show grants for current_user');
+
+	foreach (@grants) {
+		if (m/GRANT ([\w\s\d,]*?) ON .$databaseName.*$/) {
+			push(@privileges, (split(/, /,$1)));
+		}
+	}
+
+	return 1 if (isIn('ALL PRIVILEGES', @privileges));
+	
+	foreach (@$wantedPrivileges) {
+		return 0 unless (isIn(uc($_), @privileges));
+	}
+}
+
+#-------------------------------------------------------------------
+
 =head2 _getDbLink ( )
 
 Returns a WebGUI::DatabaseLink object for the database the SQLForm table is in.
@@ -1178,7 +1221,14 @@ sub processPropertiesFromFormPost {
 	my $self = shift;
 
 	my $dbLink = WebGUI::DatabaseLink->new($self->session, $self->session->form->process("databaseLinkId"));
-	
+
+	# $dbLink->db will raise a fatal error if there is a connection error.
+#	return ["Can't connect to database through the selected database link"] unless ($dbLink->db);
+
+	unless ($self->_databaseLinkHasPrivileges([qw(ALTER CREATE DELETE INDEX INSERT SELECT UPDATE)], $dbLink)) {
+		return ["Databaselink does not have enough privileges (Needs ALTER, CREATE, DELETE, INDEX, INSERT, SELECT, UPDATE)"];
+	}
+
 	$tableName = $self->session->form->process("tableName");
 
 	if ($self->session->form->process("assetId") eq 'new') {
@@ -2359,7 +2409,13 @@ sub _getFormElement {
 		$fieldParameters->{options}			= $field->{options};
 		# make sure that previously selected items still appear for this for element, even if
 		# if is set to a set difference.
-		@{$fieldParameters->{options}}{@$fieldValue} 	= @{$field->{allOptions}}{@$fieldValue} if ($fieldValue && $field->{hasOptions});
+		if ($fieldValue && $field->{hasOptions}) {
+			if ($field->{canHaveMultipleValues}) {
+				@{$fieldParameters->{options}}{@$fieldValue} 	= @{$field->{allOptions}}{@$fieldValue};
+			} else {
+				$fieldParameters->{options}->{$fieldValue}	= $field->{allOptions}->{$fieldValue};
+			}
+		}
 		$fieldParameters->{options}->{''}		= '-leave empty-' if (!$field->{isRequired});
 		$fieldParameters->{name} 			= $field->{fieldName};
 		$fieldParameters->{value}			= $fieldValue unless ($fieldType eq 'file');
@@ -2658,6 +2714,7 @@ my			@results = $self->session->db->quickArray($sql);
 					push(@update, "__".$fieldName."_mimeType=".$self->session->db->quote($fileType));
 				}
 			} else {
+				push(@error, $i18n->get('ers field required').' '.$field->{displayName}) if ($field->{isRequired});
 			}
 		# Throw error if field is required and empty.
 		} elsif ($self->session->form->process($fieldName) eq '' && $field->{isRequired}) {
diff --git a/www/extras/wobject/SQLForm/SQLFormEditField.js b/www/extras/wobject/SQLForm/SQLFormEditField.js
index f30f62688..8a9dfb559 100644
--- a/www/extras/wobject/SQLForm/SQLFormEditField.js
+++ b/www/extras/wobject/SQLForm/SQLFormEditField.js
@@ -39,7 +39,10 @@ function updateFormFields() {
 	// Handle Field constraints section
 	if (document.getElementById('SQLFormFieldConstraintType').value > 0) {
 		enableField('SQLFormFieldConstraintTarget');
-		if (document.getElementById('SQLFormFieldConstraintTarget').value == 'value') {
+		if (
+			(document.getElementById('SQLFormFieldConstraintTarget').value == 'value') ||
+			(document.getElementById('SQLFormFieldConstraintTarget').value == '' && document.getElementById('SQLFormFieldConstraintValue').value != '')
+		) {
 			enableField('SQLFormFieldConstraintValue');
 		} else {
 			disableField('SQLFormFieldConstraintValue');