per wobject privileges
This commit is contained in:
JT Smith
parent
4612a88f96
commit
3f4e5f3fbd
17 changed files with 2623 additions and 2444 deletions
|
|
@ -48,3 +48,13 @@ insert into help (helpId, namespace, titleId, bodyId, seeAlso) VALUES ('70', 'We
|
|||
|
||||
|
||||
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=979;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (979,1,'WebGUI','Wobject Privileges', 1056041703,'Would you like Wobject Privileges to be enabled?');
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=116;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (116,1,'WebGUI','Select \"Yes\" to change the privileges of all pages and wobjects under this page to these privileges.', 1056054674,NULL);
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=632;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (632,1,'WebGUI','You can add wobjects by selecting from the <I>Add Content</I> pulldown menu. You can edit them by clicking on the \"Edit\" button that appears directly above an instance of a particular wobject. \r\n<P>Almost all wobjects share some properties. Those properties are: \r\n<P><B>Wobject ID</B><BR>This is the unique identifier WebGUI uses to keep track of this wobject instance. Normal users should never need to be concerned with the Wobject ID, but some advanced users may need to know it for things like SQL Reports. \r\n<P><B>Title</B> The title of the wobject. This is typically displayed at the top of each wobject. \r\n<P><I>Note:</I> You should always specify a title even if you are going to turn it off (with the next property). This is because the title shows up in the trash and clipboard and you\'ll want to be able to distinguish which wobject is which. \r\n<P><B>Display title?</B><BR>Do you wish to display the title you specified? On some sites, displaying the title is not necessary. \r\n<P><B>Process macros?</B><BR>Do you wish to process macros in the content of this wobject? Sometimes you\'ll want to do this, but more often than not you\'ll want to say \"no\" to this question. By disabling the processing of macros on the wobjects that don\'t use them, you\'ll speed up your web server slightly. \r\n<P><B>Template Position</B><BR>Template positions range from 0 (zero) to any number. How many are available depends upon the Template associated with this page. The default template has only one template position, others may have more. By selecting a template position, you\'re specifying where this wobject should be placed within the template. \r\n<P><B>Start Date</B><BR>On what date should this wobject become visible? Before this date, the wobject will only be displayed to Content Managers. \r\n<P><B>End Date</B><BR>On what date should this wobject become invisible? After this date, the wobject will only be displayed to Content Managers. <BR><BR><B>Owner</B><BR>The owner of a wobject is usually the person who created the wobject. This user has full edit and viewing rights on the wobject unless privileges to edit the page the wobject apears on are taken away. \r\n<P><B>NOTE:</B> The owner can only be changed by an administrator. \r\n<P><B>Who can view?</B><BR>Choose which group can view this wobject. If you want both visitors and registered users to be able to view the wobject then you should choose the \"Everybody\" group. \r\n<P><B>Who can edit?</B><BR>Choose the group that can edit this wobject. The group assigned editing rights can also always view the wobject. </P>\r\n<P><B>Description</B><BR>A content area in which you can place as much content as you wish. For instance, even before an FAQ there is usually a paragraph describing what is contained in the FAQ. \r\n<P></P>', 1056055106,NULL);
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=634;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (634,1,'WebGUI','<B>Default Home Page</B><BR>Some really small sites don\'t have a home page, but instead like to use one of their internal pages like \"About Us\" or \"Company Information\" as their home page. For that reason, you can set the default page of your site to any page in the site. That page will be the one people go to if they type in just your URL http://www.mywebguisite.com, or if they click on the Home link generated by the ^H; macro. \r\n<P><B>Not Found Page</B><BR>If a page that a user requests is not found in the system, the user can be redirected to the home page or to an error page where they can attempt to find what they were looking for. You decide which is better for your users. \r\n<P><B>Document Type Declaration</B><BR>These days it is very common to have a wide array of browsers accessing your site, including automated browsers like search engine spiders. Many of those browsers want to know what kind of content you are serving. The doctype tag allows you to specify that. By default WebGUI generates HTML 4.0 compliant content. \r\n<P><B>Favicon</B><BR>An icon that appears on Internet Explorer short cuts such as your \"Favorites\". To learn more about Favicon <A href=\"http://msdn.microsoft.com/workshop/author/dhtml/howto/shortcuticon.asp\">click here</A>. \r\n<P><B>Site Icon</B><BR>An icon that appears in the URL bar of most modern browsers. It may also appear in the bookmarks of the browser. The image must be 16x16 pixels. \r\n<P><B>Add edit stamp to posts?</B><BR>Typically if a user edits a post on a discussion, a stamp is added to that post to identify who made the edit, and at what time. On some sites that information is not necessary, therefore you can turn it off here. \r\n<P><B>Filter Contributed HTML</B><BR>Especially when running a public site where anybody can post to your message boards or user submission systems, it is often a good idea to filter their content for malicious code that can harm the viewing experience of your visitors; And in some circumstances, it can even cause security problems. Use this setting to select the level of filtering you wish to apply. \r\n<P><B>Maximum Attachment Size</B><BR>The size (in kilobytes) of the maximum allowable attachment to be uploaded to your system. \r\n<P><B>Max Image Size</B><BR>If images are uploaded to your system that are bigger than the max image size, then they will be resized to the max image size. The max image size is measured in pixels and will use the size of the longest side of the image to determine if the limit has been reached. \r\n<P><B>Thumbnail Size</B><BR>When images are uploaded to your system, they will automatically have thumbnails generated at the size specified here (unless overridden on a case-by-case basis). Thumbnail size is measured in pixels. \r\n<P><B>Snippet Preview Length</B><BR>How many characters of a snippet should be displayed in the collateral management system main listing. \r\n<P><B>Text Area Rows</B><BR>Some sites wish to control the size of the forms that WebGUI generates. With this setting you can specify how many rows of characters will be displayed in textareas on the site. \r\n<P><B>Text Area Columns</B><BR>Some sites wish to control the size of the forms that WebGUI generates. With this setting you can specify how many columns of characters will be displayed in textareas on the site. \r\n<P><B>Text Box Size</B><BR>Some sites wish to control the size of the forms that WebGUI generates. With this setting you can specify how characters can be displayed at once in text boxes on the site. \r\n<P><B>Page Cache Timeout</B><BR>The amount of time pages should remain cached for registered users. \r\n<P><B>Page Cache Timeout (Visitors)</B><BR>The amount of time pages should remain cached for visitors. \r\n<P><B>NOTE:</B> Page caching is only available if your administrator has installed the Cache::FileCache Perl module. Using page caching can improve site performance by as much as 1000%. <BR><BR><B>Wobject Privileges</B><BR>Choose \'Yes\' to enable privileges at the Wobject level. By default, Wobjects are set to inherit page level privileges</P>', 1056055394,NULL);
|
||||
delete from settings where name='wobjectPrivileges';
|
||||
insert into settings (name,value) values ('wobjectPrivileges','0');
|
||||
|
|
|
|||
577
lib/WebGUI.pm
577
lib/WebGUI.pm
|
|
@ -1,281 +1,296 @@
|
|||
package WebGUI;
|
||||
our $VERSION = "5.4.0";
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
# WebGUI is Copyright 2001-2003 Plain Black LLC.
|
||||
#-------------------------------------------------------------------
|
||||
# Please read the legal notices (docs/legal.txt) and the license
|
||||
# (docs/license.txt) that came with this distribution before using
|
||||
# this software.
|
||||
#-------------------------------------------------------------------
|
||||
# http://www.plainblack.com info@plainblack.com
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
use strict qw(vars subs);
|
||||
use Tie::CPHash;
|
||||
use WebGUI::Cache;
|
||||
use WebGUI::ErrorHandler;
|
||||
use WebGUI::Icon;
|
||||
use WebGUI::International;
|
||||
use WebGUI::Macro;
|
||||
use WebGUI::Operation;
|
||||
use WebGUI::Privilege;
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
use WebGUI::Style;
|
||||
use WebGUI::Page;
|
||||
use WebGUI::Template;
|
||||
use WebGUI::URL;
|
||||
use WebGUI::Utility;
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _generateDebug {
|
||||
if ($session{setting}{showDebug} || ($session{form}{debug}==1 && WebGUI::Privilege::isInGroup(3))) {
|
||||
return WebGUI::ErrorHandler::showDebug();
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _generatePage {
|
||||
my ($canEdit, $pageEdit, $sth, $wobject, %contentHash, $originalWobject, $sql, $extra, %hash, $cmd, $w, $template);
|
||||
if (WebGUI::Privilege::canViewPage()) {
|
||||
if ($session{var}{adminOn}) {
|
||||
$canEdit = WebGUI::Privilege::canEditPage();
|
||||
if ($canEdit) {
|
||||
$pageEdit = "\n<br>"
|
||||
.pageIcon()
|
||||
.deleteIcon('op=deletePage')
|
||||
.editIcon('op=editPage')
|
||||
.moveUpIcon('op=movePageUp')
|
||||
.moveDownIcon('op=movePageDown')
|
||||
.cutIcon('op=cutPage')
|
||||
."\n";
|
||||
}
|
||||
}
|
||||
$sth = WebGUI::SQL->read("select * from wobject where pageId=$session{page}{pageId}
|
||||
order by sequenceNumber, wobjectId");
|
||||
while ($wobject = $sth->hashRef) {
|
||||
if ($session{var}{adminOn} && $canEdit) {
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= "\n<hr>"
|
||||
.wobjectIcon()
|
||||
.deleteIcon('func=delete&wid='.${$wobject}{wobjectId})
|
||||
.editIcon('func=edit&wid='.${$wobject}{wobjectId})
|
||||
.moveUpIcon('func=moveUp&wid='.${$wobject}{wobjectId})
|
||||
.moveDownIcon('func=moveDown&wid='.${$wobject}{wobjectId})
|
||||
.moveTopIcon('func=moveTop&wid='.${$wobject}{wobjectId})
|
||||
.moveBottomIcon('func=moveBottom&wid='.${$wobject}{wobjectId})
|
||||
.cutIcon('func=cut&wid='.${$wobject}{wobjectId})
|
||||
.copyIcon('func=copy&wid='.${$wobject}{wobjectId});
|
||||
if (${$wobject}{namespace} ne "WobjectProxy" && isIn("WobjectProxy",@{$session{config}{wobjects}})) {
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .=
|
||||
shortcutIcon('func=createShortcut&wid='.${$wobject}{wobjectId})
|
||||
}
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<br>';
|
||||
}
|
||||
if (${$wobject}{namespace} eq "WobjectProxy") {
|
||||
$originalWobject = $wobject;
|
||||
my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId});
|
||||
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId});
|
||||
if (${$wobject}{namespace} eq "") {
|
||||
$wobject = $originalWobject;
|
||||
} else {
|
||||
${$wobject}{startDate} = ${$originalWobject}{startDate};
|
||||
${$wobject}{endDate} = ${$originalWobject}{endDate};
|
||||
${$wobject}{templatePosition} = ${$originalWobject}{templatePosition};
|
||||
${$wobject}{_WobjectProxy} = ${$originalWobject}{wobjectId};
|
||||
if ($wobjectProxy->{overrideTitle}) {
|
||||
${$wobject}{title} = ${$originalWobject}{title};
|
||||
}
|
||||
if ($wobjectProxy->{overrideDisplayTitle}) {
|
||||
${$wobject}{displayTitle} = ${$originalWobject}{displayTitle};
|
||||
}
|
||||
if ($wobjectProxy->{overrideDescription}) {
|
||||
${$wobject}{description} = ${$originalWobject}{description};
|
||||
}
|
||||
if ($wobjectProxy->{overrideTemplate}) {
|
||||
${$wobject}{templateId} = $wobjectProxy->{proxiedTemplateId};
|
||||
}
|
||||
}
|
||||
}
|
||||
my $sql = "select * from ".$wobject->{namespace}." where wobjectId=".$wobject->{wobjectId};
|
||||
$extra = WebGUI::SQL->quickHashRef("select * from ".$wobject->{namespace}."
|
||||
where wobjectId=".$wobject->{wobjectId});
|
||||
tie %hash, 'Tie::CPHash';
|
||||
%hash = (%{$wobject},%{$extra});
|
||||
$wobject = \%hash;
|
||||
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
|
||||
$w = eval{$cmd->new($wobject)};
|
||||
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root cause: ".$@) if($@);
|
||||
if ($w->inDateRange) {
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<div class="wobject"><div class="wobject'
|
||||
.${$wobject}{namespace}.'" id="wobjectId'.${$wobject}{wobjectId}.'">';
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<a name="'
|
||||
.${$wobject}{wobjectId}.'"></a>';
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= eval{$w->www_view};
|
||||
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace}. Root cause: ".$@) if($@);
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= "</div></div>\n\n";
|
||||
}
|
||||
}
|
||||
$sth->finish;
|
||||
$template = $session{page}{templateId};
|
||||
} else {
|
||||
$contentHash{"page.position1"} = WebGUI::Privilege::noAccess();
|
||||
}
|
||||
return (\%contentHash,$template,$pageEdit);
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processAction {
|
||||
my ($urlString, %form, $pair, @pairs, @param);
|
||||
$urlString = WebGUI::URL::unescape($_[0]);
|
||||
@pairs = split(/\&/,$urlString);
|
||||
foreach $pair (@pairs) {
|
||||
@param = split(/\=/,$pair);
|
||||
$form{$param[0]} = $param[1];
|
||||
}
|
||||
$session{form} = \%form;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processFunctions {
|
||||
my ($wobject, $extra, %hash, $output, $proxyWobjectId, $cmd, $w);
|
||||
if (exists $session{form}{func} && exists $session{form}{wid}) {
|
||||
if ($session{form}{func} =~ /^[A-Za-z]+$/) {
|
||||
if ($session{form}{wid} eq "new") {
|
||||
$wobject = {wobjectId=>"new",namespace=>$session{form}{namespace},pageId=>$session{page}{pageId}};
|
||||
} else {
|
||||
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId="
|
||||
.$session{form}{wid});
|
||||
if (${$wobject}{namespace} eq "") {
|
||||
WebGUI::ErrorHandler::warn("Wobject [$session{form}{wid}] appears to be missing or "
|
||||
."corrupt, but was requested "
|
||||
."by $session{user}{username} [$session{user}{userId}].");
|
||||
$wobject = ();
|
||||
} else {
|
||||
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace}
|
||||
where wobjectId=${$wobject}{wobjectId}");
|
||||
tie %hash, 'Tie::CPHash';
|
||||
%hash = (%{$wobject},%{$extra});
|
||||
$wobject = \%hash;
|
||||
}
|
||||
}
|
||||
if ($wobject) {
|
||||
if (${$wobject}{pageId} != $session{page}{pageId}) {
|
||||
($proxyWobjectId) = WebGUI::SQL->quickArray("select wobject.wobjectId from
|
||||
wobject,WobjectProxy
|
||||
where wobject.wobjectId=WobjectProxy.wobjectId
|
||||
and wobject.pageId=".$session{page}{pageId}."
|
||||
and WobjectProxy.proxiedWobjectId=".${$wobject}{wobjectId});
|
||||
${$wobject}{_WobjectProxy} = $proxyWobjectId;
|
||||
}
|
||||
unless (${$wobject}{pageId} == $session{page}{pageId}
|
||||
|| ${$wobject}{pageId} == 2
|
||||
|| ${$wobject}{pageId} == 3
|
||||
|| ${$wobject}{_WobjectProxy} ne "") {
|
||||
$output .= WebGUI::International::get(417);
|
||||
WebGUI::ErrorHandler::security("access wobject [".$session{form}{wid}."] on page '"
|
||||
.$session{page}{title}."' [".$session{page}{pageId}."].");
|
||||
} else {
|
||||
if (WebGUI::Privilege::canViewPage()) {
|
||||
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
|
||||
$w = eval{$cmd->new($wobject)};
|
||||
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
|
||||
$cmd = "www_".$session{form}{func};
|
||||
$output = eval{$w->$cmd};
|
||||
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace} / $session{form}{func}. Root cause: ".$@) if($@);
|
||||
} else {
|
||||
$output = WebGUI::Privilege::noAccess();
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
WebGUI::ErrorHandler::security("execute an invalid function on wobject "
|
||||
.$session{form}{wid}.": ".$session{form}{func});
|
||||
}
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processOperations {
|
||||
my ($cmd, $output);
|
||||
if (exists $session{form}{op}) {
|
||||
if ($session{form}{op} =~ /^[A-Za-z]+$/) {
|
||||
$cmd = "WebGUI::Operation::www_".$session{form}{op};
|
||||
$output = eval($cmd);
|
||||
WebGUI::ErrorHandler::security("call a non-existent operation: $session{form}{op}. Root cause: ".$@) if($@);
|
||||
} else {
|
||||
WebGUI::ErrorHandler::security("execute an invalid operation: ".$session{form}{op});
|
||||
}
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub page {
|
||||
my ($cache, $debug, $positions, $wobjectOutput, $pageEdit, $httpHeader, $content, $operationOutput, $template);
|
||||
WebGUI::Session::open($_[0],$_[1]);
|
||||
my $useCache = ($session{form}{op} eq "" && $session{form}{wid} eq "" && $session{form}{makePrintable} eq "" && not $session{var}{adminOn});
|
||||
if ($useCache) {
|
||||
$cache = WebGUI::Cache->new("page_".$session{page}{pageId}."_".$session{user}{userId});
|
||||
$content = $cache->get;
|
||||
}
|
||||
$operationOutput = _processOperations();
|
||||
$wobjectOutput = _processFunctions();
|
||||
if ($operationOutput eq "" && $wobjectOutput eq "" && $session{form}{action2} ne "") {
|
||||
_processAction($session{form}{action2});
|
||||
$operationOutput = _processOperations();
|
||||
$wobjectOutput = _processFunctions();
|
||||
}
|
||||
if ($operationOutput eq "" && $session{setting}{trackPageStatistics} && $session{form}{wid} ne "new") {
|
||||
WebGUI::SQL->write("insert into pageStatistics (dateStamp, userId, username, ipAddress, userAgent, referer,
|
||||
pageId, pageTitle, wobjectId, wobjectFunction) values (".time().",".$session{user}{userId}
|
||||
.",".quote($session{user}{username}).",
|
||||
".quote($session{env}{REMOTE_ADDR}).", ".quote($session{env}{HTTP_USER_AGENT}).",
|
||||
".quote($session{env}{HTTP_REFERER}).", ".$session{page}{pageId}.",
|
||||
".quote($session{page}{title}).", ".quote($session{form}{wid}).", ".quote($session{form}{func}).")");
|
||||
}
|
||||
if ($session{header}{mimetype} ne "text/html") {
|
||||
$httpHeader = WebGUI::Session::httpHeader();
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader.$operationOutput.$wobjectOutput;
|
||||
} elsif ($operationOutput ne "") {
|
||||
$positions->{"page.position1"} = $operationOutput;
|
||||
} elsif ($session{page}{redirectURL} && !$session{var}{adminOn}) {
|
||||
$httpHeader = WebGUI::Session::httpRedirect(WebGUI::Macro::process($session{page}{redirectURL}));
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader;
|
||||
} elsif ($session{header}{redirect} ne "") {
|
||||
$httpHeader = $session{header}{redirect};
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader;
|
||||
} elsif ($wobjectOutput ne "") {
|
||||
$positions->{"page.position1"} = $wobjectOutput;
|
||||
} elsif (!($useCache && defined $content)) {
|
||||
($positions, $template, $pageEdit) = _generatePage();
|
||||
}
|
||||
$httpHeader = WebGUI::Session::httpHeader();
|
||||
unless ($useCache && defined $content) {
|
||||
$content = WebGUI::Macro::process(WebGUI::Template::process(WebGUI::Style::get($pageEdit.WebGUI::Page::getTemplate($template)), $positions));
|
||||
my $ttl;
|
||||
if ($session{user}{userId} == 1) {
|
||||
$ttl = $session{setting}{cachePagesVisitor};
|
||||
} else {
|
||||
$ttl = $session{setting}{cachePages};
|
||||
}
|
||||
$cache->set($content, $ttl) if ($useCache);
|
||||
}
|
||||
$debug = _generateDebug();
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader.$content.$debug;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
1;
|
||||
|
||||
|
||||
package WebGUI;
|
||||
our $VERSION = "5.3.3";
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
# WebGUI is Copyright 2001-2003 Plain Black LLC.
|
||||
#-------------------------------------------------------------------
|
||||
# Please read the legal notices (docs/legal.txt) and the license
|
||||
# (docs/license.txt) that came with this distribution before using
|
||||
# this software.
|
||||
#-------------------------------------------------------------------
|
||||
# http://www.plainblack.com info@plainblack.com
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
use strict qw(vars subs);
|
||||
use Tie::CPHash;
|
||||
use WebGUI::Cache;
|
||||
use WebGUI::ErrorHandler;
|
||||
use WebGUI::Icon;
|
||||
use WebGUI::International;
|
||||
use WebGUI::Macro;
|
||||
use WebGUI::Operation;
|
||||
use WebGUI::Privilege;
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
use WebGUI::Style;
|
||||
use WebGUI::Page;
|
||||
use WebGUI::Template;
|
||||
use WebGUI::URL;
|
||||
use WebGUI::Utility;
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _generateDebug {
|
||||
if ($session{setting}{showDebug} || ($session{form}{debug}==1 && WebGUI::Privilege::isInGroup(3))) {
|
||||
return WebGUI::ErrorHandler::showDebug();
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _generatePage {
|
||||
my ($canEdit, $pageEdit, $sth, $wobject, %contentHash, $originalWobject, $sql, $extra, %hash, $cmd, $w, $template,$canEditWobject);
|
||||
if (WebGUI::Privilege::canViewPage()) {
|
||||
if ($session{var}{adminOn}) {
|
||||
$canEdit = WebGUI::Privilege::canEditPage();
|
||||
if ($canEdit) {
|
||||
$pageEdit = "\n<br>"
|
||||
.pageIcon()
|
||||
.deleteIcon('op=deletePage')
|
||||
.editIcon('op=editPage')
|
||||
.moveUpIcon('op=movePageUp')
|
||||
.moveDownIcon('op=movePageDown')
|
||||
.cutIcon('op=cutPage')
|
||||
."\n";
|
||||
}
|
||||
}
|
||||
$sth = WebGUI::SQL->read("select * from wobject where pageId=$session{page}{pageId}
|
||||
order by sequenceNumber, wobjectId");
|
||||
while ($wobject = $sth->hashRef) {
|
||||
|
||||
#-- Added by Frank Dillon. Includes WebGUI::Privilege::canEditWobject() as part of the checksum of $canEdit
|
||||
$canEditWobject = $canEdit && WebGUI::Privilege::canEditWobject($wobject->{wobjectId});
|
||||
#-- End Changes
|
||||
if ($session{var}{adminOn} && $canEditWobject) {
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= "\n<hr>"
|
||||
.wobjectIcon()
|
||||
.deleteIcon('func=delete&wid='.${$wobject}{wobjectId})
|
||||
.editIcon('func=edit&wid='.${$wobject}{wobjectId})
|
||||
.moveUpIcon('func=moveUp&wid='.${$wobject}{wobjectId})
|
||||
.moveDownIcon('func=moveDown&wid='.${$wobject}{wobjectId})
|
||||
.moveTopIcon('func=moveTop&wid='.${$wobject}{wobjectId})
|
||||
.moveBottomIcon('func=moveBottom&wid='.${$wobject}{wobjectId})
|
||||
.cutIcon('func=cut&wid='.${$wobject}{wobjectId})
|
||||
.copyIcon('func=copy&wid='.${$wobject}{wobjectId});
|
||||
if (${$wobject}{namespace} ne "WobjectProxy" && isIn("WobjectProxy",@{$session{config}{wobjects}})) {
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .=
|
||||
shortcutIcon('func=createShortcut&wid='.${$wobject}{wobjectId})
|
||||
}
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<br>';
|
||||
}
|
||||
|
||||
#-- Added by Frank Dillon. Checks if user has privilege to view the wobject
|
||||
if(!WebGUI::Privilege::canViewWobject($wobject->{wobjectId})){ next; }
|
||||
#-- End Changes
|
||||
|
||||
if (${$wobject}{namespace} eq "WobjectProxy") {
|
||||
$originalWobject = $wobject;
|
||||
my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId});
|
||||
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId});
|
||||
if (${$wobject}{namespace} eq "") {
|
||||
$wobject = $originalWobject;
|
||||
} else {
|
||||
${$wobject}{startDate} = ${$originalWobject}{startDate};
|
||||
${$wobject}{endDate} = ${$originalWobject}{endDate};
|
||||
${$wobject}{templatePosition} = ${$originalWobject}{templatePosition};
|
||||
${$wobject}{_WobjectProxy} = ${$originalWobject}{wobjectId};
|
||||
if ($wobjectProxy->{overrideTitle}) {
|
||||
${$wobject}{title} = ${$originalWobject}{title};
|
||||
}
|
||||
if ($wobjectProxy->{overrideDisplayTitle}) {
|
||||
${$wobject}{displayTitle} = ${$originalWobject}{displayTitle};
|
||||
}
|
||||
if ($wobjectProxy->{overrideDescription}) {
|
||||
${$wobject}{description} = ${$originalWobject}{description};
|
||||
}
|
||||
if ($wobjectProxy->{overrideTemplate}) {
|
||||
${$wobject}{templateId} = $wobjectProxy->{proxiedTemplateId};
|
||||
}
|
||||
}
|
||||
}
|
||||
#-- Removed by Frank Dillon. Statement repeated below
|
||||
#my $sql = "select * from ".$wobject->{namespace}." where wobjectId=".$wobject->{wobjectId};
|
||||
#-- End Changes
|
||||
$extra = WebGUI::SQL->quickHashRef("select * from ".$wobject->{namespace}."
|
||||
where wobjectId=".$wobject->{wobjectId});
|
||||
tie %hash, 'Tie::CPHash';
|
||||
%hash = (%{$wobject},%{$extra});
|
||||
$wobject = \%hash;
|
||||
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
|
||||
$w = eval{$cmd->new($wobject)};
|
||||
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root cause: ".$@) if($@);
|
||||
#-- Changes by Frank Dillon. Check for date range done in WebGUI::Privilege::canViewWobject()
|
||||
#if ($w->inDateRange) {
|
||||
#-- End Changes
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<div class="wobject"><div class="wobject'
|
||||
.${$wobject}{namespace}.'" id="wobjectId'.${$wobject}{wobjectId}.'">';
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<a name="'
|
||||
.${$wobject}{wobjectId}.'"></a>';
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= eval{$w->www_view};
|
||||
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace}. Root cause: ".$@) if($@);
|
||||
$contentHash{"page.position".${$wobject}{templatePosition}} .= "</div></div>\n\n";
|
||||
#-- Changes by Frank Dillon. Remove close bracket for if statement
|
||||
#}
|
||||
#-- End Changes
|
||||
}
|
||||
$sth->finish;
|
||||
$template = $session{page}{templateId};
|
||||
} else {
|
||||
$contentHash{"page.position1"} = WebGUI::Privilege::noAccess();
|
||||
}
|
||||
return (\%contentHash,$template,$pageEdit);
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processAction {
|
||||
my ($urlString, %form, $pair, @pairs, @param);
|
||||
$urlString = WebGUI::URL::unescape($_[0]);
|
||||
@pairs = split(/\&/,$urlString);
|
||||
foreach $pair (@pairs) {
|
||||
@param = split(/\=/,$pair);
|
||||
$form{$param[0]} = $param[1];
|
||||
}
|
||||
$session{form} = \%form;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processFunctions {
|
||||
my ($wobject, $extra, %hash, $output, $proxyWobjectId, $cmd, $w);
|
||||
if (exists $session{form}{func} && exists $session{form}{wid}) {
|
||||
if ($session{form}{func} =~ /^[A-Za-z]+$/) {
|
||||
if ($session{form}{wid} eq "new") {
|
||||
$wobject = {wobjectId=>"new",namespace=>$session{form}{namespace},pageId=>$session{page}{pageId}};
|
||||
} else {
|
||||
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId="
|
||||
.$session{form}{wid});
|
||||
if (${$wobject}{namespace} eq "") {
|
||||
WebGUI::ErrorHandler::warn("Wobject [$session{form}{wid}] appears to be missing or "
|
||||
."corrupt, but was requested "
|
||||
."by $session{user}{username} [$session{user}{userId}].");
|
||||
$wobject = ();
|
||||
} else {
|
||||
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace}
|
||||
where wobjectId=${$wobject}{wobjectId}");
|
||||
tie %hash, 'Tie::CPHash';
|
||||
%hash = (%{$wobject},%{$extra});
|
||||
$wobject = \%hash;
|
||||
}
|
||||
}
|
||||
if ($wobject) {
|
||||
if (${$wobject}{pageId} != $session{page}{pageId}) {
|
||||
($proxyWobjectId) = WebGUI::SQL->quickArray("select wobject.wobjectId from
|
||||
wobject,WobjectProxy
|
||||
where wobject.wobjectId=WobjectProxy.wobjectId
|
||||
and wobject.pageId=".$session{page}{pageId}."
|
||||
and WobjectProxy.proxiedWobjectId=".${$wobject}{wobjectId});
|
||||
${$wobject}{_WobjectProxy} = $proxyWobjectId;
|
||||
}
|
||||
unless (${$wobject}{pageId} == $session{page}{pageId}
|
||||
|| ${$wobject}{pageId} == 2
|
||||
|| ${$wobject}{pageId} == 3
|
||||
|| ${$wobject}{_WobjectProxy} ne "") {
|
||||
$output .= WebGUI::International::get(417);
|
||||
WebGUI::ErrorHandler::security("access wobject [".$session{form}{wid}."] on page '"
|
||||
.$session{page}{title}."' [".$session{page}{pageId}."].");
|
||||
} else {
|
||||
if (WebGUI::Privilege::canViewPage()) {
|
||||
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
|
||||
$w = eval{$cmd->new($wobject)};
|
||||
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
|
||||
$cmd = "www_".$session{form}{func};
|
||||
$output = eval{$w->$cmd};
|
||||
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace} / $session{form}{func}. Root cause: ".$@) if($@);
|
||||
} else {
|
||||
$output = WebGUI::Privilege::noAccess();
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
WebGUI::ErrorHandler::security("execute an invalid function on wobject "
|
||||
.$session{form}{wid}.": ".$session{form}{func});
|
||||
}
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _processOperations {
|
||||
my ($cmd, $output);
|
||||
if (exists $session{form}{op}) {
|
||||
if ($session{form}{op} =~ /^[A-Za-z]+$/) {
|
||||
$cmd = "WebGUI::Operation::www_".$session{form}{op};
|
||||
$output = eval($cmd);
|
||||
WebGUI::ErrorHandler::security("call a non-existent operation: $session{form}{op}. Root cause: ".$@) if($@);
|
||||
} else {
|
||||
WebGUI::ErrorHandler::security("execute an invalid operation: ".$session{form}{op});
|
||||
}
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub page {
|
||||
my ($cache, $debug, $positions, $wobjectOutput, $pageEdit, $httpHeader, $content, $operationOutput, $template);
|
||||
WebGUI::Session::open($_[0],$_[1]);
|
||||
my $useCache = ($session{form}{op} eq "" && $session{form}{wid} eq "" && $session{form}{makePrintable} eq "" && not $session{var}{adminOn});
|
||||
if ($useCache) {
|
||||
$cache = WebGUI::Cache->new("page_".$session{page}{pageId}."_".$session{user}{userId});
|
||||
$content = $cache->get;
|
||||
}
|
||||
$operationOutput = _processOperations();
|
||||
$wobjectOutput = _processFunctions();
|
||||
if ($operationOutput eq "" && $wobjectOutput eq "" && $session{form}{action2} ne "") {
|
||||
_processAction($session{form}{action2});
|
||||
$operationOutput = _processOperations();
|
||||
$wobjectOutput = _processFunctions();
|
||||
}
|
||||
if ($operationOutput eq "" && $session{setting}{trackPageStatistics} && $session{form}{wid} ne "new") {
|
||||
WebGUI::SQL->write("insert into pageStatistics (dateStamp, userId, username, ipAddress, userAgent, referer,
|
||||
pageId, pageTitle, wobjectId, wobjectFunction) values (".time().",".$session{user}{userId}
|
||||
.",".quote($session{user}{username}).",
|
||||
".quote($session{env}{REMOTE_ADDR}).", ".quote($session{env}{HTTP_USER_AGENT}).",
|
||||
".quote($session{env}{HTTP_REFERER}).", ".$session{page}{pageId}.",
|
||||
".quote($session{page}{title}).", ".quote($session{form}{wid}).", ".quote($session{form}{func}).")");
|
||||
}
|
||||
if ($session{header}{mimetype} ne "text/html") {
|
||||
$httpHeader = WebGUI::Session::httpHeader();
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader.$operationOutput.$wobjectOutput;
|
||||
} elsif ($operationOutput ne "") {
|
||||
$positions->{"page.position1"} = $operationOutput;
|
||||
} elsif ($session{page}{redirectURL} && !$session{var}{adminOn}) {
|
||||
$httpHeader = WebGUI::Session::httpRedirect(WebGUI::Macro::process($session{page}{redirectURL}));
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader;
|
||||
} elsif ($session{header}{redirect} ne "") {
|
||||
$httpHeader = $session{header}{redirect};
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader;
|
||||
} elsif ($wobjectOutput ne "") {
|
||||
$positions->{"page.position1"} = $wobjectOutput;
|
||||
} elsif (!($useCache && defined $content)) {
|
||||
($positions, $template, $pageEdit) = _generatePage();
|
||||
}
|
||||
$httpHeader = WebGUI::Session::httpHeader();
|
||||
unless ($useCache && defined $content) {
|
||||
$content = WebGUI::Macro::process(WebGUI::Template::process(WebGUI::Style::get($pageEdit.WebGUI::Page::getTemplate($template)), $positions));
|
||||
my $ttl;
|
||||
if ($session{user}{userId} == 1) {
|
||||
$ttl = $session{setting}{cachePagesVisitor};
|
||||
} else {
|
||||
$ttl = $session{setting}{cachePages};
|
||||
}
|
||||
$cache->set($content, $ttl) if ($useCache);
|
||||
}
|
||||
$debug = _generateDebug();
|
||||
WebGUI::Session::close();
|
||||
return $httpHeader.$content.$debug;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
1;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,11 @@ our @EXPORT = qw(&www_deployPackage &www_selectPackageToDeploy);
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub _duplicateWobjects {
|
||||
my ($sth, $wobject, $cmd, %hash, $extra, $w);
|
||||
my ($sth, $wobject, $cmd, %hash, $extra, $w, %properties, $page);
|
||||
tie %properties, 'Tie::CPHash';
|
||||
#-- Added by Frank Dillon. Get page privilege information for the package
|
||||
$page = WebGUI::SQL->quickHashRef("select ownerId,groupIdView,groupIdEdit from page where pageId=".quote($_[0]));
|
||||
#-- End Changes
|
||||
$sth = WebGUI::SQL->read("select * from wobject where pageId=$_[0] order by sequenceNumber");
|
||||
while ($wobject = $sth->hashRef) {
|
||||
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace} where wobjectId=${$wobject}{wobjectId}");
|
||||
|
|
@ -34,6 +38,13 @@ sub _duplicateWobjects {
|
|||
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
|
||||
$w = $cmd->new($wobject);
|
||||
$w->duplicate($_[1]);
|
||||
#-- Added by Frank Dillon. Set privileges for newly duplicated wobjects
|
||||
%properties=();
|
||||
$properties{ownerId} = ${$page}{ownerId};
|
||||
$properties{groupIdView} = ${$page}{groupIdView};
|
||||
$properties{groupIdEdit} = ${$page}{groupIdEdit};
|
||||
$w->set(\%properties);
|
||||
#-- End Changes
|
||||
}
|
||||
$sth->finish;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,10 +32,25 @@ our @EXPORT = qw(&www_viewPageTree &www_movePageUp &www_movePageDown
|
|||
&www_editPageSave &www_pastePage &www_moveTreePageUp
|
||||
&www_moveTreePageDown &www_moveTreePageLeft &www_moveTreePageRight);
|
||||
|
||||
#Method Added By Frank Dillon - Changes Wobject Privileges on a page
|
||||
#-------------------------------------------------------------------
|
||||
sub _changeWobjectPrivileges {
|
||||
my($wobject,$sth);
|
||||
$sth = WebGUI::SQL->read("select wobjectId from wobject where pageId=".quote($_[0]));
|
||||
while ($wobject = $sth->hashRef) {
|
||||
if (WebGUI::Privilege::canEditWobject($wobject->{wobjectId})) {
|
||||
WebGUI::SQL->write("update wobject set startDate=$session{form}{startDate}, endDate=$session{form}{endDate}, ownerId=$session{form}{ownerId}, groupIdView=$session{form}{groupIdView}, groupIdEdit=$session{form}{groupIdEdit} where wobjectId=".quote($wobject->{wobjectId}));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub _recursivelyChangePrivileges {
|
||||
my ($sth, $pageId);
|
||||
$sth = WebGUI::SQL->read("select pageId from page where parentId=$_[0]");
|
||||
#--Added By Frank Dillon - Change the Wobject Privileges on the current page
|
||||
_changeWobjectPrivileges($_[0]);
|
||||
#--End Changes
|
||||
while (($pageId) = $sth->array) {
|
||||
if (WebGUI::Privilege::canEditPage($pageId)) {
|
||||
WebGUI::SQL->write("update page set startDate=$session{form}{startDate},
|
||||
|
|
|
|||
|
|
@ -123,6 +123,7 @@ sub www_editContentSettings {
|
|||
-intervalValue=>$data[0],
|
||||
-unitsValue=>$data[1]
|
||||
);
|
||||
$f->yesNo("wobjectPrivileges",WebGUI::International::get(979),$session{setting}{wobjectPrivileges});
|
||||
$f->submit;
|
||||
$output .= $f->print;
|
||||
return _submenu($output);
|
||||
|
|
|
|||
|
|
@ -1,379 +1,447 @@
|
|||
package WebGUI::Privilege;
|
||||
|
||||
=head1 LEGAL
|
||||
|
||||
-------------------------------------------------------------------
|
||||
WebGUI is Copyright 2001-2003 Plain Black LLC.
|
||||
-------------------------------------------------------------------
|
||||
Please read the legal notices (docs/legal.txt) and the license
|
||||
(docs/license.txt) that came with this distribution before using
|
||||
this software.
|
||||
-------------------------------------------------------------------
|
||||
http://www.plainblack.com info@plainblack.com
|
||||
-------------------------------------------------------------------
|
||||
|
||||
=cut
|
||||
|
||||
use strict;
|
||||
use Tie::CPHash;
|
||||
use WebGUI::DateTime;
|
||||
use WebGUI::Group;
|
||||
use WebGUI::Grouping;
|
||||
use WebGUI::International;
|
||||
use WebGUI::Operation::Account ();
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
use WebGUI::URL;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Package WebGUI::Privilege
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This package provides access to the WebGUI security system and security messages.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use WebGUI::Privilege;
|
||||
$html = WebGUI::Privilege::adminOnly();
|
||||
$boolean = WebGUI::Privilege::canEditPage();
|
||||
$boolean = WebGUI::Privilege::canViewPage();
|
||||
$html = WebGUI::Privilege::insufficient();
|
||||
$boolean = WebGUI::Privilege::isInGroup($groupId);
|
||||
$html = WebGUI::Privilege::noAccess();
|
||||
$html = WebGUI::Privilege::notMember();
|
||||
$html = WebGUI::Privilege::vitalComponent();
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
These functions are available from this package:
|
||||
|
||||
=cut
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 adminOnly ( )
|
||||
|
||||
Returns a message stating that this functionality can only be used by administrators. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub adminOnly {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--Admin Only-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output, $sth, @data);
|
||||
$output = '<h1>'.WebGUI::International::get(35).'</h1>';
|
||||
$output .= WebGUI::International::get(36);
|
||||
$output .= '<ul>';
|
||||
$sth = WebGUI::SQL->read("select users.username,users.userId from users,groupings where users.userId=groupings.userId and groupings.groupId=3 order by users.username");
|
||||
while (@data = $sth->array) {
|
||||
$output .= '<li><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data[1]).'">'.$data[0].'</a>';
|
||||
}
|
||||
$sth->finish;
|
||||
$output .= '</ul><p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canEditPage ( [ pageId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges.
|
||||
|
||||
=over
|
||||
|
||||
=item pageId
|
||||
|
||||
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canEditPage {
|
||||
my (%page);
|
||||
tie %page, 'Tie::CPHash';
|
||||
if ($_[0] ne "") {
|
||||
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$_[0]");
|
||||
} else {
|
||||
%page = %{$session{page}};
|
||||
}
|
||||
if ($session{user}{userId} == $page{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($page{groupIdEdit})) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canViewPage ( [ pageId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this page.
|
||||
|
||||
=over
|
||||
|
||||
=item pageId
|
||||
|
||||
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canViewPage {
|
||||
my (%page, $inDateRange);
|
||||
tie %page, 'Tie::CPHash';
|
||||
if ($_[0] eq "") {
|
||||
%page = %{$session{page}};
|
||||
} else {
|
||||
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$_[0]");
|
||||
}
|
||||
if ($page{startDate} < time() && $page{endDate} > time()) {
|
||||
$inDateRange = 1;
|
||||
}
|
||||
if ($session{user}{userId} == $page{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($page{groupIdView}) && $inDateRange) {
|
||||
return 1;
|
||||
} elsif (canEditPage($_[0])) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 insufficient ( )
|
||||
|
||||
Returns a message stating that the user does not have the required privileges to perform the operation they requested. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub insufficient {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--Insufficient Privileges-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
|
||||
$output .= WebGUI::International::get(38);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 isInGroup ( groupId [ , userId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
|
||||
|
||||
=over
|
||||
|
||||
=item groupId
|
||||
|
||||
The group that you wish to verify against the user.
|
||||
|
||||
=item userId
|
||||
|
||||
The user that you wish to verify against the group. Defaults to the currently logged in user.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub isInGroup {
|
||||
my ($gid, $uid, @data, %group, $groupId);
|
||||
($gid, $uid) = @_;
|
||||
$uid = $session{user}{userId} if ($uid eq "");
|
||||
### The "Everyone" group automatically returns true.
|
||||
if ($gid == 7) {
|
||||
return 1;
|
||||
}
|
||||
### The "Visitor" group returns false, unless the user is visitor.
|
||||
if ($gid == 1) {
|
||||
if ($uid == 1) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
### The "Registered Users" group returns true if user is not visitor.
|
||||
if ($gid==2 && $uid != 1) {
|
||||
return 1;
|
||||
}
|
||||
### Use session to cache multiple lookups of the same group.
|
||||
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
|
||||
return 1;
|
||||
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
|
||||
return 0;
|
||||
}
|
||||
### Lookup the actual groupings.
|
||||
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
|
||||
foreach (@{$groups}) {
|
||||
$session{isInGroup}{$_}{$uid} = 1;
|
||||
}
|
||||
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
|
||||
return 1;
|
||||
}
|
||||
### Get data for auxillary checks.
|
||||
tie %group, 'Tie::CPHash';
|
||||
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter from groups where groupId='$gid'");
|
||||
### Check IP Address
|
||||
if ($group{ipFilter} ne "") {
|
||||
$group{ipFilter} =~ s/\t//g;
|
||||
$group{ipFilter} =~ s/\r//g;
|
||||
$group{ipFilter} =~ s/\n//g;
|
||||
$group{ipFilter} =~ s/\s//g;
|
||||
$group{ipFilter} =~ s/\./\\\./g;
|
||||
my @ips = split(";",$group{ipFilter});
|
||||
foreach my $ip (@ips) {
|
||||
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
### Check Scratch Variables
|
||||
if ($group{scratchFilter} ne "") {
|
||||
$group{scratchFilter} =~ s/\t//g;
|
||||
$group{scratchFilter} =~ s/\r//g;
|
||||
$group{scratchFilter} =~ s/\n//g;
|
||||
$group{scratchFilter} =~ s/\s//g;
|
||||
my @vars = split(";",$group{scratchFilter});
|
||||
foreach my $var (@vars) {
|
||||
my ($name, $value) = split(/\=/,$var);
|
||||
if ($session{scratch}{$name} eq $value) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
### Check karma levels.
|
||||
if ($session{setting}{useKarma}) {
|
||||
my $karma;
|
||||
if ($uid == $session{user}{userId}) {
|
||||
$karma = $session{user}{karma};
|
||||
} else {
|
||||
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
|
||||
}
|
||||
if ($karma >= $group{karmaThreshold}) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
### Check for groups of groups.
|
||||
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
|
||||
foreach (@{$groups}) {
|
||||
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
|
||||
if ($session{isInGroup}{$_}{$uid}) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
$session{isInGroup}{$gid}{$uid} = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 noAccess ( )
|
||||
|
||||
Returns a message stating that the user does not have the privileges necessary to access this page. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub noAccess {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--No Access-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output);
|
||||
if ($session{user}{userId} <= 1) {
|
||||
$output = WebGUI::Operation::Account::www_displayAccount();
|
||||
} else {
|
||||
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
|
||||
$output .= WebGUI::International::get(39);
|
||||
$output .= '<p>';
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 notMember ( )
|
||||
|
||||
Returns a message stating that the user they requested information about is no longer active on this server. This method also sets the HTTP header status to 400.
|
||||
|
||||
=cut
|
||||
|
||||
sub notMember {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(400, '<!--Not A Member-->' );
|
||||
$r->status(400);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 400;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(345).'</h1>';
|
||||
$output .= WebGUI::International::get(346);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 vitalComponent ( )
|
||||
|
||||
Returns a message stating that the user made a request to delete something that should never delete. This method also sets the HTTP header status to 403.
|
||||
|
||||
=cut
|
||||
|
||||
sub vitalComponent {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(403, '<!--Vital Component-->' );
|
||||
$r->status(403);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 403;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(40).'</h1>';
|
||||
$output .= WebGUI::International::get(41);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
1;
|
||||
|
||||
package WebGUI::Privilege;
|
||||
|
||||
=head1 LEGAL
|
||||
|
||||
-------------------------------------------------------------------
|
||||
WebGUI is Copyright 2001-2003 Plain Black LLC.
|
||||
-------------------------------------------------------------------
|
||||
Please read the legal notices (docs/legal.txt) and the license
|
||||
(docs/license.txt) that came with this distribution before using
|
||||
this software.
|
||||
-------------------------------------------------------------------
|
||||
http://www.plainblack.com info@plainblack.com
|
||||
-------------------------------------------------------------------
|
||||
|
||||
=cut
|
||||
|
||||
use strict;
|
||||
use Tie::CPHash;
|
||||
use WebGUI::DateTime;
|
||||
use WebGUI::Group;
|
||||
use WebGUI::Grouping;
|
||||
use WebGUI::International;
|
||||
use WebGUI::Operation::Account ();
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
use WebGUI::URL;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Package WebGUI::Privilege
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This package provides access to the WebGUI security system and security messages.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use WebGUI::Privilege;
|
||||
$html = WebGUI::Privilege::adminOnly();
|
||||
$boolean = WebGUI::Privilege::canEditPage();
|
||||
$boolean = WebGUI::Privilege::canViewPage();
|
||||
$html = WebGUI::Privilege::insufficient();
|
||||
$boolean = WebGUI::Privilege::isInGroup($groupId);
|
||||
$html = WebGUI::Privilege::noAccess();
|
||||
$html = WebGUI::Privilege::notMember();
|
||||
$html = WebGUI::Privilege::vitalComponent();
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
These functions are available from this package:
|
||||
|
||||
=cut
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 adminOnly ( )
|
||||
|
||||
Returns a message stating that this functionality can only be used by administrators. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub adminOnly {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--Admin Only-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output, $sth, @data);
|
||||
$output = '<h1>'.WebGUI::International::get(35).'</h1>';
|
||||
$output .= WebGUI::International::get(36);
|
||||
$output .= '<ul>';
|
||||
$sth = WebGUI::SQL->read("select users.username,users.userId from users,groupings where users.userId=groupings.userId and groupings.groupId=3 order by users.username");
|
||||
while (@data = $sth->array) {
|
||||
$output .= '<li><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data[1]).'">'.$data[0].'</a>';
|
||||
}
|
||||
$sth->finish;
|
||||
$output .= '</ul><p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canEditPage ( [ pageId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges.
|
||||
|
||||
=over
|
||||
|
||||
=item pageId
|
||||
|
||||
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canEditPage {
|
||||
my (%page);
|
||||
tie %page, 'Tie::CPHash';
|
||||
if ($_[0] ne "") {
|
||||
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$_[0]");
|
||||
} else {
|
||||
%page = %{$session{page}};
|
||||
}
|
||||
if ($session{user}{userId} == $page{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($page{groupIdEdit})) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#Added by Frank Dillon. Wobject API not used due to possible performance issues
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canEditWobject ( wobjectId )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges.
|
||||
|
||||
=over
|
||||
|
||||
=item wobjectId
|
||||
|
||||
The unique identifier for the wobject that you wish to check the privileges on.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canEditWobject {
|
||||
my (%wobject);
|
||||
tie %wobject, 'Tie::CPHash';
|
||||
return canEditPage() unless ($session{setting}{wobjectPrivileges} == 1);
|
||||
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from wobject where wobjectId=".quote($_[0]));
|
||||
if ($session{user}{userId} == $wobject{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($wobject{groupIdEdit})) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canViewPage ( [ pageId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this page.
|
||||
|
||||
=over
|
||||
|
||||
=item pageId
|
||||
|
||||
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canViewPage {
|
||||
my (%page, $inDateRange);
|
||||
tie %page, 'Tie::CPHash';
|
||||
if ($_[0] eq "") {
|
||||
%page = %{$session{page}};
|
||||
} else {
|
||||
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$_[0]");
|
||||
}
|
||||
if ($page{startDate} < time() && $page{endDate} > time()) {
|
||||
$inDateRange = 1;
|
||||
}
|
||||
if ($session{user}{userId} == $page{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($page{groupIdView}) && $inDateRange) {
|
||||
return 1;
|
||||
} elsif (canEditPage($_[0])) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#Added by Frank Dillon. Wobject API not used due to possible performance issues
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canViewWobject ( wobjectId )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this wobject.
|
||||
|
||||
=over
|
||||
|
||||
=item wobjectId
|
||||
|
||||
The unique identifier for the wobject that you wish to check the privileges on.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub canViewWobject {
|
||||
my (%wobject);
|
||||
tie %wobject, 'Tie::CPHash';
|
||||
return canViewPage() unless ($session{setting}{wobjectPrivileges} == 1);
|
||||
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from wobject where wobjectId=".quote($_[0]));
|
||||
if ($wobject{startDate} < time() && $wobject{endDate} > time()) {
|
||||
if ($session{user}{userId} == $wobject{ownerId}) {
|
||||
return 1;
|
||||
} elsif (isInGroup($wobject{groupIdView})) {
|
||||
return 1;
|
||||
} elsif (canEditWobject($_[0])) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}else{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 insufficient ( )
|
||||
|
||||
Returns a message stating that the user does not have the required privileges to perform the operation they requested. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub insufficient {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--Insufficient Privileges-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
|
||||
$output .= WebGUI::International::get(38);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 isInGroup ( groupId [ , userId ] )
|
||||
|
||||
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
|
||||
|
||||
=over
|
||||
|
||||
=item groupId
|
||||
|
||||
The group that you wish to verify against the user.
|
||||
|
||||
=item userId
|
||||
|
||||
The user that you wish to verify against the group. Defaults to the currently logged in user.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
sub isInGroup {
|
||||
my ($gid, $uid, @data, %group, $groupId);
|
||||
($gid, $uid) = @_;
|
||||
$uid = $session{user}{userId} if ($uid eq "");
|
||||
### The "Everyone" group automatically returns true.
|
||||
if ($gid == 7) {
|
||||
return 1;
|
||||
}
|
||||
### The "Visitor" group returns false, unless the user is visitor.
|
||||
if ($gid == 1) {
|
||||
if ($uid == 1) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
### The "Registered Users" group returns true if user is not visitor.
|
||||
if ($gid==2 && $uid != 1) {
|
||||
return 1;
|
||||
}
|
||||
### Use session to cache multiple lookups of the same group.
|
||||
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
|
||||
return 1;
|
||||
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
|
||||
return 0;
|
||||
}
|
||||
### Lookup the actual groupings.
|
||||
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
|
||||
foreach (@{$groups}) {
|
||||
$session{isInGroup}{$_}{$uid} = 1;
|
||||
}
|
||||
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
|
||||
return 1;
|
||||
}
|
||||
### Get data for auxillary checks.
|
||||
tie %group, 'Tie::CPHash';
|
||||
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter from groups where groupId='$gid'");
|
||||
### Check IP Address
|
||||
if ($group{ipFilter} ne "") {
|
||||
$group{ipFilter} =~ s/\t//g;
|
||||
$group{ipFilter} =~ s/\r//g;
|
||||
$group{ipFilter} =~ s/\n//g;
|
||||
$group{ipFilter} =~ s/\s//g;
|
||||
$group{ipFilter} =~ s/\./\\\./g;
|
||||
my @ips = split(";",$group{ipFilter});
|
||||
foreach my $ip (@ips) {
|
||||
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
### Check Scratch Variables
|
||||
if ($group{scratchFilter} ne "") {
|
||||
$group{scratchFilter} =~ s/\t//g;
|
||||
$group{scratchFilter} =~ s/\r//g;
|
||||
$group{scratchFilter} =~ s/\n//g;
|
||||
$group{scratchFilter} =~ s/\s//g;
|
||||
my @vars = split(";",$group{scratchFilter});
|
||||
foreach my $var (@vars) {
|
||||
my ($name, $value) = split(/\=/,$var);
|
||||
if ($session{scratch}{$name} eq $value) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
### Check karma levels.
|
||||
if ($session{setting}{useKarma}) {
|
||||
my $karma;
|
||||
if ($uid == $session{user}{userId}) {
|
||||
$karma = $session{user}{karma};
|
||||
} else {
|
||||
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
|
||||
}
|
||||
if ($karma >= $group{karmaThreshold}) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
### Check for groups of groups.
|
||||
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
|
||||
foreach (@{$groups}) {
|
||||
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
|
||||
if ($session{isInGroup}{$_}{$uid}) {
|
||||
$session{isInGroup}{$gid}{$uid} = 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
$session{isInGroup}{$gid}{$uid} = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 noAccess ( )
|
||||
|
||||
Returns a message stating that the user does not have the privileges necessary to access this page. This method also sets the HTTP header status to 401.
|
||||
|
||||
=cut
|
||||
|
||||
sub noAccess {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(401, '<!--No Access-->' );
|
||||
$r->status(401);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 401;
|
||||
}
|
||||
my ($output);
|
||||
if ($session{user}{userId} <= 1) {
|
||||
$output = WebGUI::Operation::Account::www_displayAccount();
|
||||
} else {
|
||||
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
|
||||
$output .= WebGUI::International::get(39);
|
||||
$output .= '<p>';
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 notMember ( )
|
||||
|
||||
Returns a message stating that the user they requested information about is no longer active on this server. This method also sets the HTTP header status to 400.
|
||||
|
||||
=cut
|
||||
|
||||
sub notMember {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(400, '<!--Not A Member-->' );
|
||||
$r->status(400);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 400;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(345).'</h1>';
|
||||
$output .= WebGUI::International::get(346);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 vitalComponent ( )
|
||||
|
||||
Returns a message stating that the user made a request to delete something that should never delete. This method also sets the HTTP header status to 403.
|
||||
|
||||
=cut
|
||||
|
||||
sub vitalComponent {
|
||||
if($session{env}{MOD_PERL}) {
|
||||
my $r = Apache->request;
|
||||
if(defined($r)) {
|
||||
$r->custom_response(403, '<!--Vital Component-->' );
|
||||
$r->status(403);
|
||||
}
|
||||
} else {
|
||||
$session{header}{status} = 403;
|
||||
}
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(40).'</h1>';
|
||||
$output .= WebGUI::International::get(41);
|
||||
$output .= '<p>';
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
1;
|
||||
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -161,7 +161,7 @@ sub getRecordTemplateVars {
|
|||
my $self = shift;
|
||||
my $var = shift;
|
||||
$var->{error_loop} = [] unless (exists $var->{error_loop});
|
||||
$var->{canEdit} = (WebGUI::Privilege::canEditPage());
|
||||
$var->{canEdit} = (WebGUI::Privilege::canEditWobject($self->get("wobjectId")));
|
||||
$var->{"entryList.url"} = WebGUI::URL::page('func=view&entryId=list&wid='.$self->get("wobjectId"));
|
||||
$var->{"entryList.label"} = WebGUI::International::get(86,$self->get("namespace"));
|
||||
$var->{"export.tab.url"} = WebGUI::URL::page('func=exportTab&wid='.$self->get("wobjectId"));
|
||||
|
|
@ -311,14 +311,14 @@ sub uiLevel {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteField {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(19,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteFieldConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid}));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteFieldConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("DataForm_field","DataForm_fieldId",$session{form}{fid});
|
||||
$_[0]->reorderCollateral("DataForm_field","DataForm_fieldId");
|
||||
return "";
|
||||
|
|
@ -378,7 +378,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->SUPER::www_editSave();
|
||||
if ($session{form}{wid} eq "new") {
|
||||
$_[0]->setCollateral("DataForm_field","DataForm_fieldId",{
|
||||
|
|
@ -437,7 +437,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editField {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, %field, $f, %fieldStatus);
|
||||
tie %field, 'Tie::CPHash';
|
||||
tie %fieldStatus, 'Tie::IxHash';
|
||||
|
|
@ -523,7 +523,7 @@ sub www_editField {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editFieldSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{form}{name} = $session{form}{label} if ($session{form}{name} eq "");
|
||||
$_[0]->setCollateral("DataForm_field","DataForm_fieldId",{
|
||||
DataForm_fieldId=>$session{form}{fid},
|
||||
|
|
@ -546,7 +546,7 @@ sub www_editFieldSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_exportTab {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{header}{filename} = WebGUI::URL::urlize($_[0]->get("title")).".tab";
|
||||
$session{header}{mimetype} = "text/plain";
|
||||
my @fields = WebGUI::SQL->buildArray("select name from DataForm_field where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber");
|
||||
|
|
@ -569,14 +569,14 @@ sub www_exportTab {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveFieldDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("DataForm_field","DataForm_fieldId",$session{form}{fid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveFieldUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("DataForm_field","DataForm_fieldId",$session{form}{fid});
|
||||
return "";
|
||||
}
|
||||
|
|
@ -640,7 +640,7 @@ sub www_process {
|
|||
sub www_view {
|
||||
my $var;
|
||||
$var->{entryId} = $session{form}{entryId};
|
||||
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditPage()) {
|
||||
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
|
||||
return $_[0]->processTemplate($_[0]->get("listTemplateId"),$_[0]->getListTemplateVars,"DataForm/List");
|
||||
}
|
||||
$var = $_[1] || $_[0]->getRecordTemplateVars($var);
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ sub _drawBigCalendar {
|
|||
$calendar->monthname(WebGUI::DateTime::getMonthName($calendar->month));
|
||||
$calendar->header('<h2 align="center">'.$calendar->monthname.' '.$calendar->year.'</h2>');
|
||||
($start,$end) = monthStartEnd($_[1]);
|
||||
my $canEdit = ($session{var}{adminOn} && WebGUI::Privilege::canEditPage());
|
||||
my $canEdit = ($session{var}{adminOn} && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$sth = WebGUI::SQL->read("select * from EventsCalendar_event where wobjectId="
|
||||
.$_[0]->get("wobjectId")." order by startDate,endDate");
|
||||
while (%event = $sth->hash) {
|
||||
|
|
@ -195,7 +195,7 @@ sub purge {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteEvent {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output);
|
||||
$output = '<h1>'.WebGUI::International::get(42).'</h1>';
|
||||
$output .= WebGUI::International::get(75,$_[0]->get("namespace")).'<p><blockquote>';
|
||||
|
|
@ -212,7 +212,7 @@ sub www_deleteEvent {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteEventConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
if ($session{form}{rid} > 0) {
|
||||
$_[0]->deleteCollateral("EventsCalendar_event","EventsCalendar_recurringId",$session{form}{rid});
|
||||
} else {
|
||||
|
|
@ -305,7 +305,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editEvent {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my (%recursEvery, $special, $output, $f, %event);
|
||||
tie %event, 'Tie::CPHash';
|
||||
tie %recursEvery, 'Tie::IxHash';
|
||||
|
|
@ -369,7 +369,7 @@ sub www_editEvent {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editEventSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my (@startDate, @endDate, $until, @eventId, $i, $recurringEventId);
|
||||
$startDate[0] = WebGUI::FormProcessor::dateTime("startDate");
|
||||
$startDate[0] = time() unless ($startDate[0] > 0);
|
||||
|
|
@ -542,7 +542,7 @@ sub www_viewEvent {
|
|||
$var{"start.date"} = epochToHuman($event{startDate},"%z");
|
||||
$var{"end.label"} = WebGUI::International::get(15,$_[0]->get("namespace"));
|
||||
$var{"end.date"} = epochToHuman($event{endDate},"%z");
|
||||
$var{canEdit} = WebGUI::Privilege::canEditPage();
|
||||
$var{canEdit} = WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"));
|
||||
$var{"edit.url"} = WebGUI::URL::page('func=editEvent&eid='.$session{form}{eid}.'&wid='.$session{form}{wid});
|
||||
$var{"edit.label"} = WebGUI::International::get(575);
|
||||
$var{"delete.url"} = WebGUI::URL::page('func=deleteEvent&eid='.$session{form}{eid}.'&wid='
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ sub uiLevel {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_edit {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $f);
|
||||
$output = helpIcon(1,$_[0]->get("namespace"));
|
||||
$output .= '<h1>'.WebGUI::International::get(6,$_[0]->get("namespace")).'</h1>';
|
||||
|
|
|
|||
|
|
@ -63,14 +63,14 @@ sub purge {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteQuestion {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(7,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteQuestionConfirm&wid='.$_[0]->get("wobjectId").'&qid='.$session{form}{qid}));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteQuestionConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("FAQ_question","FAQ_questionId",$session{form}{qid});
|
||||
$_[0]->reorderCollateral("FAQ_question","FAQ_questionId");
|
||||
return "";
|
||||
|
|
@ -107,7 +107,7 @@ sub www_editSave {
|
|||
#-------------------------------------------------------------------
|
||||
sub www_editQuestion {
|
||||
my ($output, $question, $f);
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$question = $_[0]->getCollateral("FAQ_question","FAQ_questionId",$session{form}{qid});
|
||||
$output = helpIcon(2,$_[0]->get("namespace"));
|
||||
$output .= '<h1>'.WebGUI::International::get(10,$_[0]->get("namespace")).'</h1>';
|
||||
|
|
@ -141,7 +141,7 @@ sub www_editQuestion {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editQuestionSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->setCollateral("FAQ_question", "FAQ_questionId", {
|
||||
FAQ_questionId => $session{form}{qid},
|
||||
question => $session{form}{question},
|
||||
|
|
@ -156,14 +156,14 @@ sub www_editQuestionSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveQuestionDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("FAQ_question","FAQ_questionId",$session{form}{qid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveQuestionUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("FAQ_question","FAQ_questionId",$session{form}{qid});
|
||||
return "";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ sub uiLevel {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteFile {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->setCollateral("FileManager_file","FileManager_fileId",
|
||||
{$session{form}{file}=>'',FileManager_fileId=>$session{form}{did}},0,0);
|
||||
return $_[0]->www_editDownload();
|
||||
|
|
@ -101,14 +101,14 @@ sub www_deleteFile {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteDownload {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(12,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteDownloadConfirm&wid='.$session{form}{wid}.'&did='.$session{form}{did}));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteDownloadConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $file);
|
||||
$file = WebGUI::Attachment->new("",$session{form}{wid},$session{form}{did});
|
||||
$file->deleteNode;
|
||||
|
|
@ -171,7 +171,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->SUPER::www_editSave();
|
||||
if ($session{form}{proceed} eq "addFile") {
|
||||
$session{form}{did} = "new";
|
||||
|
|
@ -183,7 +183,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editDownload {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $file, $f);
|
||||
$file = $_[0]->getCollateral("FileManager_file","FileManager_fileId",$session{form}{did});
|
||||
$output .= helpIcon(2,$_[0]->get("namespace"));
|
||||
|
|
@ -232,7 +232,7 @@ sub www_editDownload {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editDownloadSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($file, %files);
|
||||
$files{FileManager_fileId} = $_[0]->setCollateral("FileManager_file", "FileManager_fileId", {
|
||||
FileManager_fileId => $session{form}{did},
|
||||
|
|
@ -269,7 +269,7 @@ sub www_editDownloadSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveDownloadDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
|
||||
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
|
||||
$_[0]->moveCollateralUp("FileManager_file","FileManager_fileId",$session{form}{did});
|
||||
|
|
@ -278,7 +278,7 @@ sub www_moveDownloadDown {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveDownloadUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
|
||||
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
|
||||
$_[0]->moveCollateralDown("FileManager_file","FileManager_fileId",$session{form}{did});
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($attachment, $property);
|
||||
$_[0]->SUPER::www_editSave() if ($_[0]->get("wobjectId") eq "new");
|
||||
$attachment = WebGUI::Attachment->new("",$_[0]->get("wobjectId"));
|
||||
|
|
|
|||
|
|
@ -64,14 +64,14 @@ sub purge {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteLink {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(9,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteLinkConfirm&wid='.$session{form}{wid}.'&lid='.$session{form}{lid}));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteLinkConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("LinkList_link","LinkList_linkId",$session{form}{lid});
|
||||
$_[0]->reorderCollateral("LinkList_link","LinkList_linkId");
|
||||
return "";
|
||||
|
|
@ -98,7 +98,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->SUPER::www_editSave();
|
||||
if ($session{form}{proceed} eq "addLink") {
|
||||
$session{form}{lid} = "new";
|
||||
|
|
@ -110,7 +110,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editLink {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $link, $f, $linkId, $newWindow);
|
||||
$link = $_[0]->getCollateral("LinkList_link", "LinkList_linkId",$session{form}{lid});
|
||||
if ($link->{LinkList_linkId} eq "new") {
|
||||
|
|
@ -145,7 +145,7 @@ sub www_editLink {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editLinkSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->setCollateral("LinkList_link", "LinkList_linkId", {
|
||||
LinkList_linkId => $session{form}{lid},
|
||||
description => $session{form}{description},
|
||||
|
|
@ -164,14 +164,14 @@ sub www_editLinkSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveLinkDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("LinkList_link","LinkList_linkId",$session{form}{lid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveLinkUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("LinkList_link","LinkList_linkId",$session{form}{lid});
|
||||
return "";
|
||||
}
|
||||
|
|
@ -181,7 +181,7 @@ sub www_view {
|
|||
my (%var, @linkloop, $controls, $link, $sth);
|
||||
$var{"addlink.url"} = WebGUI::URL::page('func=editLink&lid=new&wid='.$_[0]->get("wobjectId"));
|
||||
$var{"addlink.label"} = WebGUI::International::get(13,$_[0]->get("namespace"));
|
||||
$var{canEdit} = WebGUI::Privilege::canEditPage();
|
||||
$var{canEdit} = WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"));
|
||||
$sth = WebGUI::SQL->read("select * from LinkList_link where wobjectId=".$_[0]->get("wobjectId")."
|
||||
order by sequenceNumber");
|
||||
while ($link = $sth->hashRef) {
|
||||
|
|
|
|||
|
|
@ -185,7 +185,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_resetVotes {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("Poll_answer","wobjectId",$_[0]->get("wobjectId"));
|
||||
return "";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ sub purge {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_addAccessory {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $f, $accessory, @usedAccessories);
|
||||
$output = helpIcon(4,$_[0]->get("namespace"));
|
||||
$output .= '<h1>'.WebGUI::International::get(16,$_[0]->get("namespace")).'</h1>';
|
||||
|
|
@ -136,7 +136,7 @@ sub www_addAccessory {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_addAccessorySave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($seq);
|
||||
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory
|
||||
where wobjectId=".$_[0]->get("wobjectId"));
|
||||
|
|
@ -151,7 +151,7 @@ sub www_addAccessorySave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_addRelated {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $f, $related, @usedRelated);
|
||||
$output = helpIcon(5,$_[0]->get("namespace"));
|
||||
$output .= '<h1>'.WebGUI::International::get(19,$_[0]->get("namespace")).'</h1>';
|
||||
|
|
@ -172,7 +172,7 @@ sub www_addRelated {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_addRelatedSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($seq);
|
||||
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related
|
||||
where wobjectId=".$_[0]->get("wobjectId"));
|
||||
|
|
@ -187,7 +187,7 @@ sub www_addRelatedSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteAccessory {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(
|
||||
WebGUI::International::get(2,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteAccessoryConfirm&wid='.$_[0]->get("wobjectId").'&aid='.$session{form}{aid})
|
||||
|
|
@ -196,7 +196,7 @@ sub www_deleteAccessory {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteAccessoryConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::SQL->write("delete from Product_accessory where wobjectId=$session{form}{wid} and accessoryWobjectId=$session{form}{aid}");
|
||||
$_[0]->reorderCollateral("Product_accessory","accessoryWobjectId");
|
||||
return "";
|
||||
|
|
@ -204,7 +204,7 @@ sub www_deleteAccessoryConfirm {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteBenefit {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(
|
||||
WebGUI::International::get(48,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteBenefitConfirm&wid='.$_[0]->get("wobjectId").'&bid='.$session{form}{bid})
|
||||
|
|
@ -213,7 +213,7 @@ sub www_deleteBenefit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteBenefitConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
|
||||
$_[0]->reorderCollateral("Product_benefit","Product_benefitId");
|
||||
return "";
|
||||
|
|
@ -221,7 +221,7 @@ sub www_deleteBenefitConfirm {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteFeature {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(
|
||||
WebGUI::International::get(3,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteFeatureConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid})
|
||||
|
|
@ -230,7 +230,7 @@ sub www_deleteFeature {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteFeatureConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("Product_feature","Product_featureId",$session{form}{fid});
|
||||
$_[0]->reorderCollateral("Product_feature","Product_featureId");
|
||||
return "";
|
||||
|
|
@ -238,7 +238,7 @@ sub www_deleteFeatureConfirm {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteRelated {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(
|
||||
WebGUI::International::get(4,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteRelatedConfirm&wid='.$_[0]->get("wobjectId").'&rid='.$session{form}{rid})
|
||||
|
|
@ -247,7 +247,7 @@ sub www_deleteRelated {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteRelatedConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::SQL->write("delete from Product_related where wobjectId=$session{form}{wid} and relatedWobjectId=$session{form}{rid}");
|
||||
$_[0]->reorderCollateral("Product_related","relatedWobjectId");
|
||||
return "";
|
||||
|
|
@ -255,7 +255,7 @@ sub www_deleteRelatedConfirm {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteSpecification {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(
|
||||
WebGUI::International::get(5,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteSpecificationConfirm&wid='.$_[0]->get("wobjectId").'&sid='.$session{form}{sid})
|
||||
|
|
@ -264,7 +264,7 @@ sub www_deleteSpecification {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteSpecificationConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->deleteCollateral("Product_specification","Product_specificationId",$session{form}{sid});
|
||||
$_[0]->reorderCollateral("Product_specification","Product_specificationId");
|
||||
return "";
|
||||
|
|
@ -298,7 +298,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($file, %property);
|
||||
$_[0]->SUPER::www_editSave() if ($_[0]->get("wobjectId") eq "new");
|
||||
$file = WebGUI::Attachment->new("",$_[0]->get("wobjectId"));
|
||||
|
|
@ -325,7 +325,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editBenefit {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $data, $f, $benefits);
|
||||
$data = $_[0]->getCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
|
||||
$output = helpIcon(6,$_[0]->get("namespace"));
|
||||
|
|
@ -344,7 +344,7 @@ sub www_editBenefit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editBenefitSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{form}{benefit} = $session{form}{benefit_new} if ($session{form}{benefit_new} ne "");
|
||||
$_[0]->setCollateral("Product_benefit", "Product_benefitId", {
|
||||
Product_benefitId => $session{form}{bid},
|
||||
|
|
@ -360,7 +360,7 @@ sub www_editBenefitSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editFeature {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $data, $f, $features);
|
||||
$data = $_[0]->getCollateral("Product_feature","Product_featureId",$session{form}{fid});
|
||||
$output = helpIcon(2,$_[0]->get("namespace"));
|
||||
|
|
@ -379,7 +379,7 @@ sub www_editFeature {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editFeatureSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{form}{feature} = $session{form}{feature_new} if ($session{form}{feature_new} ne "");
|
||||
$_[0]->setCollateral("Product_feature", "Product_featureId", {
|
||||
Product_featureId => $session{form}{fid},
|
||||
|
|
@ -395,7 +395,7 @@ sub www_editFeatureSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSpecification {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $data, $f, $hashRef);
|
||||
$data = $_[0]->getCollateral("Product_specification","Product_specificationId",$session{form}{sid});
|
||||
$output = helpIcon(3,$_[0]->get("namespace"));
|
||||
|
|
@ -417,7 +417,7 @@ sub www_editSpecification {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSpecificationSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{form}{name} = $session{form}{name_new} if ($session{form}{name_new} ne "");
|
||||
$session{form}{units} = $session{form}{units_new} if ($session{form}{units_new} ne "");
|
||||
$_[0]->setCollateral("Product_specification", "Product_specificationId", {
|
||||
|
|
@ -436,70 +436,70 @@ sub www_editSpecificationSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveAccessoryDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Product_related","accessoryWobjectId",$session{form}{aid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveAccessoryUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Product_accessory","accessoryWobjectId",$session{form}{aid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveBenefitDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Product_benefit","Product_benefitId",$session{form}{bid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveBenefitUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Product_benefit","Product_benefitId",$session{form}{bid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveFeatureDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Product_feature","Product_featureId",$session{form}{fid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveFeatureUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Product_feature","Product_featureId",$session{form}{fid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveRelatedDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Product_related","relatedWobjectId",$session{form}{rid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveRelatedUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Product_related","relatedWobjectId",$session{form}{rid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveSpecificationDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Product_specification","Product_specificationId",$session{form}{sid});
|
||||
return "";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveSpecificationUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Product_specification","Product_specificationId",$session{form}{sid});
|
||||
return "";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ sub uiLevel {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteAnswer {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(45,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteAnswerConfirm&wid='.$_[0]->get("wobjectId").'&aid='
|
||||
.$session{form}{aid}.'&qid='.$session{form}{qid}));
|
||||
|
|
@ -159,7 +159,7 @@ sub www_deleteAnswer {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteAnswerConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::SQL->write("delete from Survey_response where Survey_answerId=$session{form}{aid}");
|
||||
$_[0]->deleteCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
|
||||
$_[0]->reorderCollateral("Survey_answer","Survey_answerId","Survey_id");
|
||||
|
|
@ -168,14 +168,14 @@ sub www_deleteAnswerConfirm {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteQuestion {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
return $_[0]->confirm(WebGUI::International::get(44,$_[0]->get("namespace")),
|
||||
WebGUI::URL::page('func=deleteQuestionConfirm&wid='.$_[0]->get("wobjectId").'&qid='.$session{form}{qid}));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_deleteQuestionConfirm {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
WebGUI::SQL->write("delete from Survey_answer where Survey_questionId=$session{form}{qid}");
|
||||
WebGUI::SQL->write("delete from Survey_response where Survey_questionId=$session{form}{qid}");
|
||||
$_[0]->deleteCollateral("Survey_question","Survey_questionId",$session{form}{qid});
|
||||
|
|
@ -285,7 +285,7 @@ sub www_edit {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->SUPER::www_editSave();
|
||||
if ($session{form}{proceed} eq "addQuestion") {
|
||||
$session{form}{qid} = "new";
|
||||
|
|
@ -296,7 +296,7 @@ sub www_editSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editAnswer {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($question, $output, $f, $answer);
|
||||
$answer = $_[0]->getCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
|
||||
$output = '<h1>'.WebGUI::International::get(18,$_[0]->get("namespace")).'</h1>';
|
||||
|
|
@ -350,7 +350,7 @@ sub www_editAnswer {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editAnswerSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->setCollateral("Survey_answer", "Survey_answerId", {
|
||||
Survey_answerId => $session{form}{aid},
|
||||
Survey_questionId => $session{form}{qid},
|
||||
|
|
@ -372,7 +372,7 @@ sub www_editAnswerSave {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editQuestion {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
my ($output, $f, $question, $answerFieldType, $sth, %data);
|
||||
tie %data, 'Tie::CPHash';
|
||||
$question = $_[0]->getCollateral("Survey_question","Survey_questionId",$session{form}{qid});
|
||||
|
|
@ -440,7 +440,7 @@ sub www_editQuestion {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_editQuestionSave {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$session{form}{qid} = $_[0]->setCollateral("Survey_question", "Survey_questionId", {
|
||||
question=>$session{form}{question},
|
||||
Survey_questionId=>$session{form}{qid},
|
||||
|
|
@ -520,28 +520,28 @@ sub www_exportResponses {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveAnswerDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
|
||||
return $_[0]->www_editQuestion;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveAnswerUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
|
||||
return $_[0]->www_editQuestion;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveQuestionDown {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralDown("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
|
||||
return $_[0]->www_edit;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_moveQuestionUp {
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||
$_[0]->moveCollateralUp("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
|
||||
return $_[0]->www_edit;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue