oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

per wobject privileges

Browse source
This commit is contained in:
JT Smith 2003-06-22 16:15:49 +00:00
parent 4612a88f96
commit 3f4e5f3fbd
17 changed files with 2623 additions and 2444 deletions
Download patch file Download diff file Expand all files Collapse all files

577
lib/WebGUI.pm
View file

@ -1,281 +1,296 @@
package WebGUI;
our $VERSION = "5.4.0";
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2003 Plain Black LLC.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use strict qw(vars subs);
use Tie::CPHash;
use WebGUI::Cache;
use WebGUI::ErrorHandler;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Operation;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::Style;
use WebGUI::Page;
use WebGUI::Template;
use WebGUI::URL;
use WebGUI::Utility;
#-------------------------------------------------------------------
sub _generateDebug {
if ($session{setting}{showDebug} || ($session{form}{debug}==1 && WebGUI::Privilege::isInGroup(3))) {
return WebGUI::ErrorHandler::showDebug();
}
return "";
}
#-------------------------------------------------------------------
sub _generatePage {
my ($canEdit, $pageEdit, $sth, $wobject, %contentHash, $originalWobject, $sql, $extra, %hash, $cmd, $w, $template);
if (WebGUI::Privilege::canViewPage()) {
if ($session{var}{adminOn}) {
$canEdit = WebGUI::Privilege::canEditPage();
if ($canEdit) {
$pageEdit = "\n<br>"
.pageIcon()
.deleteIcon('op=deletePage')
.editIcon('op=editPage')
.moveUpIcon('op=movePageUp')
.moveDownIcon('op=movePageDown')
.cutIcon('op=cutPage')
."\n";
}
}
$sth = WebGUI::SQL->read("select * from wobject where pageId=$session{page}{pageId}
order by sequenceNumber, wobjectId");
while ($wobject = $sth->hashRef) {
if ($session{var}{adminOn} && $canEdit) {
$contentHash{"page.position".${$wobject}{templatePosition}} .= "\n<hr>"
.wobjectIcon()
.deleteIcon('func=delete&wid='.${$wobject}{wobjectId})
.editIcon('func=edit&wid='.${$wobject}{wobjectId})
.moveUpIcon('func=moveUp&wid='.${$wobject}{wobjectId})
.moveDownIcon('func=moveDown&wid='.${$wobject}{wobjectId})
.moveTopIcon('func=moveTop&wid='.${$wobject}{wobjectId})
.moveBottomIcon('func=moveBottom&wid='.${$wobject}{wobjectId})
.cutIcon('func=cut&wid='.${$wobject}{wobjectId})
.copyIcon('func=copy&wid='.${$wobject}{wobjectId});
if (${$wobject}{namespace} ne "WobjectProxy" && isIn("WobjectProxy",@{$session{config}{wobjects}})) {
$contentHash{"page.position".${$wobject}{templatePosition}} .=
shortcutIcon('func=createShortcut&wid='.${$wobject}{wobjectId})
}
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<br>';
}
if (${$wobject}{namespace} eq "WobjectProxy") {
$originalWobject = $wobject;
my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId});
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId});
if (${$wobject}{namespace} eq "") {
$wobject = $originalWobject;
} else {
${$wobject}{startDate} = ${$originalWobject}{startDate};
${$wobject}{endDate} = ${$originalWobject}{endDate};
${$wobject}{templatePosition} = ${$originalWobject}{templatePosition};
${$wobject}{_WobjectProxy} = ${$originalWobject}{wobjectId};
if ($wobjectProxy->{overrideTitle}) {
${$wobject}{title} = ${$originalWobject}{title};
}
if ($wobjectProxy->{overrideDisplayTitle}) {
${$wobject}{displayTitle} = ${$originalWobject}{displayTitle};
}
if ($wobjectProxy->{overrideDescription}) {
${$wobject}{description} = ${$originalWobject}{description};
}
if ($wobjectProxy->{overrideTemplate}) {
${$wobject}{templateId} = $wobjectProxy->{proxiedTemplateId};
}
}
}
my $sql = "select * from ".$wobject->{namespace}." where wobjectId=".$wobject->{wobjectId};
$extra = WebGUI::SQL->quickHashRef("select * from ".$wobject->{namespace}."
where wobjectId=".$wobject->{wobjectId});
tie %hash, 'Tie::CPHash';
%hash = (%{$wobject},%{$extra});
$wobject = \%hash;
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
$w = eval{$cmd->new($wobject)};
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root cause: ".$@) if($@);
if ($w->inDateRange) {
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<div class="wobject"><div class="wobject'
.${$wobject}{namespace}.'" id="wobjectId'.${$wobject}{wobjectId}.'">';
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<a name="'
.${$wobject}{wobjectId}.'"></a>';
$contentHash{"page.position".${$wobject}{templatePosition}} .= eval{$w->www_view};
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace}. Root cause: ".$@) if($@);
$contentHash{"page.position".${$wobject}{templatePosition}} .= "</div></div>\n\n";
}
}
$sth->finish;
$template = $session{page}{templateId};
} else {
$contentHash{"page.position1"} = WebGUI::Privilege::noAccess();
}
return (\%contentHash,$template,$pageEdit);
}
#-------------------------------------------------------------------
sub _processAction {
my ($urlString, %form, $pair, @pairs, @param);
$urlString = WebGUI::URL::unescape($_[0]);
@pairs = split(/\&/,$urlString);
foreach $pair (@pairs) {
@param = split(/\=/,$pair);
$form{$param[0]} = $param[1];
}
$session{form} = \%form;
}
#-------------------------------------------------------------------
sub _processFunctions {
my ($wobject, $extra, %hash, $output, $proxyWobjectId, $cmd, $w);
if (exists $session{form}{func} && exists $session{form}{wid}) {
if ($session{form}{func} =~ /^[A-Za-z]+$/) {
if ($session{form}{wid} eq "new") {
$wobject = {wobjectId=>"new",namespace=>$session{form}{namespace},pageId=>$session{page}{pageId}};
} else {
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId="
.$session{form}{wid});
if (${$wobject}{namespace} eq "") {
WebGUI::ErrorHandler::warn("Wobject [$session{form}{wid}] appears to be missing or "
."corrupt, but was requested "
."by $session{user}{username} [$session{user}{userId}].");
$wobject = ();
} else {
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace}
where wobjectId=${$wobject}{wobjectId}");
tie %hash, 'Tie::CPHash';
%hash = (%{$wobject},%{$extra});
$wobject = \%hash;
}
}
if ($wobject) {
if (${$wobject}{pageId} != $session{page}{pageId}) {
($proxyWobjectId) = WebGUI::SQL->quickArray("select wobject.wobjectId from
wobject,WobjectProxy
where wobject.wobjectId=WobjectProxy.wobjectId
and wobject.pageId=".$session{page}{pageId}."
and WobjectProxy.proxiedWobjectId=".${$wobject}{wobjectId});
${$wobject}{_WobjectProxy} = $proxyWobjectId;
}
unless (${$wobject}{pageId} == $session{page}{pageId}
|| ${$wobject}{pageId} == 2
|| ${$wobject}{pageId} == 3
|| ${$wobject}{_WobjectProxy} ne "") {
$output .= WebGUI::International::get(417);
WebGUI::ErrorHandler::security("access wobject [".$session{form}{wid}."] on page '"
.$session{page}{title}."' [".$session{page}{pageId}."].");
} else {
if (WebGUI::Privilege::canViewPage()) {
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
$w = eval{$cmd->new($wobject)};
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
$cmd = "www_".$session{form}{func};
$output = eval{$w->$cmd};
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace} / $session{form}{func}. Root cause: ".$@) if($@);
} else {
$output = WebGUI::Privilege::noAccess();
}
}
}
} else {
WebGUI::ErrorHandler::security("execute an invalid function on wobject "
.$session{form}{wid}.": ".$session{form}{func});
}
}
return $output;
}
#-------------------------------------------------------------------
sub _processOperations {
my ($cmd, $output);
if (exists $session{form}{op}) {
if ($session{form}{op} =~ /^[A-Za-z]+$/) {
$cmd = "WebGUI::Operation::www_".$session{form}{op};
$output = eval($cmd);
WebGUI::ErrorHandler::security("call a non-existent operation: $session{form}{op}. Root cause: ".$@) if($@);
} else {
WebGUI::ErrorHandler::security("execute an invalid operation: ".$session{form}{op});
}
}
return $output;
}
#-------------------------------------------------------------------
sub page {
my ($cache, $debug, $positions, $wobjectOutput, $pageEdit, $httpHeader, $content, $operationOutput, $template);
WebGUI::Session::open($_[0],$_[1]);
my $useCache = ($session{form}{op} eq "" && $session{form}{wid} eq "" && $session{form}{makePrintable} eq "" && not $session{var}{adminOn});
if ($useCache) {
$cache = WebGUI::Cache->new("page_".$session{page}{pageId}."_".$session{user}{userId});
$content = $cache->get;
}
$operationOutput = _processOperations();
$wobjectOutput = _processFunctions();
if ($operationOutput eq "" && $wobjectOutput eq "" && $session{form}{action2} ne "") {
_processAction($session{form}{action2});
$operationOutput = _processOperations();
$wobjectOutput = _processFunctions();
}
if ($operationOutput eq "" && $session{setting}{trackPageStatistics} && $session{form}{wid} ne "new") {
WebGUI::SQL->write("insert into pageStatistics (dateStamp, userId, username, ipAddress, userAgent, referer,
pageId, pageTitle, wobjectId, wobjectFunction) values (".time().",".$session{user}{userId}
.",".quote($session{user}{username}).",
".quote($session{env}{REMOTE_ADDR}).", ".quote($session{env}{HTTP_USER_AGENT}).",
".quote($session{env}{HTTP_REFERER}).", ".$session{page}{pageId}.",
".quote($session{page}{title}).", ".quote($session{form}{wid}).", ".quote($session{form}{func}).")");
}
if ($session{header}{mimetype} ne "text/html") {
$httpHeader = WebGUI::Session::httpHeader();
WebGUI::Session::close();
return $httpHeader.$operationOutput.$wobjectOutput;
} elsif ($operationOutput ne "") {
$positions->{"page.position1"} = $operationOutput;
} elsif ($session{page}{redirectURL} && !$session{var}{adminOn}) {
$httpHeader = WebGUI::Session::httpRedirect(WebGUI::Macro::process($session{page}{redirectURL}));
WebGUI::Session::close();
return $httpHeader;
} elsif ($session{header}{redirect} ne "") {
$httpHeader = $session{header}{redirect};
WebGUI::Session::close();
return $httpHeader;
} elsif ($wobjectOutput ne "") {
$positions->{"page.position1"} = $wobjectOutput;
} elsif (!($useCache && defined $content)) {
($positions, $template, $pageEdit) = _generatePage();
}
$httpHeader = WebGUI::Session::httpHeader();
unless ($useCache && defined $content) {
$content = WebGUI::Macro::process(WebGUI::Template::process(WebGUI::Style::get($pageEdit.WebGUI::Page::getTemplate($template)), $positions));
my $ttl;
if ($session{user}{userId} == 1) {
$ttl = $session{setting}{cachePagesVisitor};
} else {
$ttl = $session{setting}{cachePages};
}
$cache->set($content, $ttl) if ($useCache);
}
$debug = _generateDebug();
WebGUI::Session::close();
return $httpHeader.$content.$debug;
}
1;
package WebGUI;
our $VERSION = "5.3.3";
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2003 Plain Black LLC.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use strict qw(vars subs);
use Tie::CPHash;
use WebGUI::Cache;
use WebGUI::ErrorHandler;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Operation;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::Style;
use WebGUI::Page;
use WebGUI::Template;
use WebGUI::URL;
use WebGUI::Utility;
#-------------------------------------------------------------------
sub _generateDebug {
if ($session{setting}{showDebug} || ($session{form}{debug}==1 && WebGUI::Privilege::isInGroup(3))) {
return WebGUI::ErrorHandler::showDebug();
}
return "";
}
#-------------------------------------------------------------------
sub _generatePage {
my ($canEdit, $pageEdit, $sth, $wobject, %contentHash, $originalWobject, $sql, $extra, %hash, $cmd, $w, $template,$canEditWobject);
if (WebGUI::Privilege::canViewPage()) {
if ($session{var}{adminOn}) {
$canEdit = WebGUI::Privilege::canEditPage();
if ($canEdit) {
$pageEdit = "\n<br>"
.pageIcon()
.deleteIcon('op=deletePage')
.editIcon('op=editPage')
.moveUpIcon('op=movePageUp')
.moveDownIcon('op=movePageDown')
.cutIcon('op=cutPage')
."\n";
}
}
$sth = WebGUI::SQL->read("select * from wobject where pageId=$session{page}{pageId}
order by sequenceNumber, wobjectId");
while ($wobject = $sth->hashRef) {
#-- Added by Frank Dillon. Includes WebGUI::Privilege::canEditWobject() as part of the checksum of $canEdit
$canEditWobject = $canEdit && WebGUI::Privilege::canEditWobject($wobject->{wobjectId});
#-- End Changes
if ($session{var}{adminOn} && $canEditWobject) {
$contentHash{"page.position".${$wobject}{templatePosition}} .= "\n<hr>"
.wobjectIcon()
.deleteIcon('func=delete&wid='.${$wobject}{wobjectId})
.editIcon('func=edit&wid='.${$wobject}{wobjectId})
.moveUpIcon('func=moveUp&wid='.${$wobject}{wobjectId})
.moveDownIcon('func=moveDown&wid='.${$wobject}{wobjectId})
.moveTopIcon('func=moveTop&wid='.${$wobject}{wobjectId})
.moveBottomIcon('func=moveBottom&wid='.${$wobject}{wobjectId})
.cutIcon('func=cut&wid='.${$wobject}{wobjectId})
.copyIcon('func=copy&wid='.${$wobject}{wobjectId});
if (${$wobject}{namespace} ne "WobjectProxy" && isIn("WobjectProxy",@{$session{config}{wobjects}})) {
$contentHash{"page.position".${$wobject}{templatePosition}} .=
shortcutIcon('func=createShortcut&wid='.${$wobject}{wobjectId})
}
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<br>';
}
#-- Added by Frank Dillon. Checks if user has privilege to view the wobject
if(!WebGUI::Privilege::canViewWobject($wobject->{wobjectId})){ next; }
#-- End Changes
if (${$wobject}{namespace} eq "WobjectProxy") {
$originalWobject = $wobject;
my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId});
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId});
if (${$wobject}{namespace} eq "") {
$wobject = $originalWobject;
} else {
${$wobject}{startDate} = ${$originalWobject}{startDate};
${$wobject}{endDate} = ${$originalWobject}{endDate};
${$wobject}{templatePosition} = ${$originalWobject}{templatePosition};
${$wobject}{_WobjectProxy} = ${$originalWobject}{wobjectId};
if ($wobjectProxy->{overrideTitle}) {
${$wobject}{title} = ${$originalWobject}{title};
}
if ($wobjectProxy->{overrideDisplayTitle}) {
${$wobject}{displayTitle} = ${$originalWobject}{displayTitle};
}
if ($wobjectProxy->{overrideDescription}) {
${$wobject}{description} = ${$originalWobject}{description};
}
if ($wobjectProxy->{overrideTemplate}) {
${$wobject}{templateId} = $wobjectProxy->{proxiedTemplateId};
}
}
}
#-- Removed by Frank Dillon. Statement repeated below
#my $sql = "select * from ".$wobject->{namespace}." where wobjectId=".$wobject->{wobjectId};
#-- End Changes
$extra = WebGUI::SQL->quickHashRef("select * from ".$wobject->{namespace}."
where wobjectId=".$wobject->{wobjectId});
tie %hash, 'Tie::CPHash';
%hash = (%{$wobject},%{$extra});
$wobject = \%hash;
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
$w = eval{$cmd->new($wobject)};
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root cause: ".$@) if($@);
#-- Changes by Frank Dillon. Check for date range done in WebGUI::Privilege::canViewWobject()
#if ($w->inDateRange) {
#-- End Changes
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<div class="wobject"><div class="wobject'
.${$wobject}{namespace}.'" id="wobjectId'.${$wobject}{wobjectId}.'">';
$contentHash{"page.position".${$wobject}{templatePosition}} .= '<a name="'
.${$wobject}{wobjectId}.'"></a>';
$contentHash{"page.position".${$wobject}{templatePosition}} .= eval{$w->www_view};
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace}. Root cause: ".$@) if($@);
$contentHash{"page.position".${$wobject}{templatePosition}} .= "</div></div>\n\n";
#-- Changes by Frank Dillon. Remove close bracket for if statement
#}
#-- End Changes
}
$sth->finish;
$template = $session{page}{templateId};
} else {
$contentHash{"page.position1"} = WebGUI::Privilege::noAccess();
}
return (\%contentHash,$template,$pageEdit);
}
#-------------------------------------------------------------------
sub _processAction {
my ($urlString, %form, $pair, @pairs, @param);
$urlString = WebGUI::URL::unescape($_[0]);
@pairs = split(/\&/,$urlString);
foreach $pair (@pairs) {
@param = split(/\=/,$pair);
$form{$param[0]} = $param[1];
}
$session{form} = \%form;
}
#-------------------------------------------------------------------
sub _processFunctions {
my ($wobject, $extra, %hash, $output, $proxyWobjectId, $cmd, $w);
if (exists $session{form}{func} && exists $session{form}{wid}) {
if ($session{form}{func} =~ /^[A-Za-z]+$/) {
if ($session{form}{wid} eq "new") {
$wobject = {wobjectId=>"new",namespace=>$session{form}{namespace},pageId=>$session{page}{pageId}};
} else {
$wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId="
.$session{form}{wid});
if (${$wobject}{namespace} eq "") {
WebGUI::ErrorHandler::warn("Wobject [$session{form}{wid}] appears to be missing or "
."corrupt, but was requested "
."by $session{user}{username} [$session{user}{userId}].");
$wobject = ();
} else {
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace}
where wobjectId=${$wobject}{wobjectId}");
tie %hash, 'Tie::CPHash';
%hash = (%{$wobject},%{$extra});
$wobject = \%hash;
}
}
if ($wobject) {
if (${$wobject}{pageId} != $session{page}{pageId}) {
($proxyWobjectId) = WebGUI::SQL->quickArray("select wobject.wobjectId from
wobject,WobjectProxy
where wobject.wobjectId=WobjectProxy.wobjectId
and wobject.pageId=".$session{page}{pageId}."
and WobjectProxy.proxiedWobjectId=".${$wobject}{wobjectId});
${$wobject}{_WobjectProxy} = $proxyWobjectId;
}
unless (${$wobject}{pageId} == $session{page}{pageId}
|| ${$wobject}{pageId} == 2
|| ${$wobject}{pageId} == 3
|| ${$wobject}{_WobjectProxy} ne "") {
$output .= WebGUI::International::get(417);
WebGUI::ErrorHandler::security("access wobject [".$session{form}{wid}."] on page '"
.$session{page}{title}."' [".$session{page}{pageId}."].");
} else {
if (WebGUI::Privilege::canViewPage()) {
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
$w = eval{$cmd->new($wobject)};
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
$cmd = "www_".$session{form}{func};
$output = eval{$w->$cmd};
WebGUI::ErrorHandler::fatalError("Wobject runtime error: ${$wobject}{namespace} / $session{form}{func}. Root cause: ".$@) if($@);
} else {
$output = WebGUI::Privilege::noAccess();
}
}
}
} else {
WebGUI::ErrorHandler::security("execute an invalid function on wobject "
.$session{form}{wid}.": ".$session{form}{func});
}
}
return $output;
}
#-------------------------------------------------------------------
sub _processOperations {
my ($cmd, $output);
if (exists $session{form}{op}) {
if ($session{form}{op} =~ /^[A-Za-z]+$/) {
$cmd = "WebGUI::Operation::www_".$session{form}{op};
$output = eval($cmd);
WebGUI::ErrorHandler::security("call a non-existent operation: $session{form}{op}. Root cause: ".$@) if($@);
} else {
WebGUI::ErrorHandler::security("execute an invalid operation: ".$session{form}{op});
}
}
return $output;
}
#-------------------------------------------------------------------
sub page {
my ($cache, $debug, $positions, $wobjectOutput, $pageEdit, $httpHeader, $content, $operationOutput, $template);
WebGUI::Session::open($_[0],$_[1]);
my $useCache = ($session{form}{op} eq "" && $session{form}{wid} eq "" && $session{form}{makePrintable} eq "" && not $session{var}{adminOn});
if ($useCache) {
$cache = WebGUI::Cache->new("page_".$session{page}{pageId}."_".$session{user}{userId});
$content = $cache->get;
}
$operationOutput = _processOperations();
$wobjectOutput = _processFunctions();
if ($operationOutput eq "" && $wobjectOutput eq "" && $session{form}{action2} ne "") {
_processAction($session{form}{action2});
$operationOutput = _processOperations();
$wobjectOutput = _processFunctions();
}
if ($operationOutput eq "" && $session{setting}{trackPageStatistics} && $session{form}{wid} ne "new") {
WebGUI::SQL->write("insert into pageStatistics (dateStamp, userId, username, ipAddress, userAgent, referer,
pageId, pageTitle, wobjectId, wobjectFunction) values (".time().",".$session{user}{userId}
.",".quote($session{user}{username}).",
".quote($session{env}{REMOTE_ADDR}).", ".quote($session{env}{HTTP_USER_AGENT}).",
".quote($session{env}{HTTP_REFERER}).", ".$session{page}{pageId}.",
".quote($session{page}{title}).", ".quote($session{form}{wid}).", ".quote($session{form}{func}).")");
}
if ($session{header}{mimetype} ne "text/html") {
$httpHeader = WebGUI::Session::httpHeader();
WebGUI::Session::close();
return $httpHeader.$operationOutput.$wobjectOutput;
} elsif ($operationOutput ne "") {
$positions->{"page.position1"} = $operationOutput;
} elsif ($session{page}{redirectURL} && !$session{var}{adminOn}) {
$httpHeader = WebGUI::Session::httpRedirect(WebGUI::Macro::process($session{page}{redirectURL}));
WebGUI::Session::close();
return $httpHeader;
} elsif ($session{header}{redirect} ne "") {
$httpHeader = $session{header}{redirect};
WebGUI::Session::close();
return $httpHeader;
} elsif ($wobjectOutput ne "") {
$positions->{"page.position1"} = $wobjectOutput;
} elsif (!($useCache && defined $content)) {
($positions, $template, $pageEdit) = _generatePage();
}
$httpHeader = WebGUI::Session::httpHeader();
unless ($useCache && defined $content) {
$content = WebGUI::Macro::process(WebGUI::Template::process(WebGUI::Style::get($pageEdit.WebGUI::Page::getTemplate($template)), $positions));
my $ttl;
if ($session{user}{userId} == 1) {
$ttl = $session{setting}{cachePagesVisitor};
} else {
$ttl = $session{setting}{cachePages};
}
$cache->set($content, $ttl) if ($useCache);
}
$debug = _generateDebug();
WebGUI::Session::close();
return $httpHeader.$content.$debug;
}
1;

13
lib/WebGUI/Operation/Package.pm
View file

@ -24,7 +24,11 @@ our @EXPORT = qw(&www_deployPackage &www_selectPackageToDeploy);
#-------------------------------------------------------------------
sub _duplicateWobjects {
my ($sth, $wobject, $cmd, %hash, $extra, $w);
my ($sth, $wobject, $cmd, %hash, $extra, $w, %properties, $page);
tie %properties, 'Tie::CPHash';
#-- Added by Frank Dillon. Get page privilege information for the package
$page = WebGUI::SQL->quickHashRef("select ownerId,groupIdView,groupIdEdit from page where pageId=".quote($_[0]));
#-- End Changes
$sth = WebGUI::SQL->read("select * from wobject where pageId=$_[0] order by sequenceNumber");
while ($wobject = $sth->hashRef) {
$extra = WebGUI::SQL->quickHashRef("select * from ${$wobject}{namespace} where wobjectId=${$wobject}{wobjectId}");
@ -34,6 +38,13 @@ sub _duplicateWobjects {
$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
$w = $cmd->new($wobject);
$w->duplicate($_[1]);
#-- Added by Frank Dillon. Set privileges for newly duplicated wobjects
%properties=();
$properties{ownerId} = ${$page}{ownerId};
$properties{groupIdView} = ${$page}{groupIdView};
$properties{groupIdEdit} = ${$page}{groupIdEdit};
$w->set(\%properties);
#-- End Changes
}
$sth->finish;
}

15
lib/WebGUI/Operation/Page.pm
View file

@ -32,10 +32,25 @@ our @EXPORT = qw(&www_viewPageTree &www_movePageUp &www_movePageDown
&www_editPageSave &www_pastePage &www_moveTreePageUp
&www_moveTreePageDown &www_moveTreePageLeft &www_moveTreePageRight);
#Method Added By Frank Dillon - Changes Wobject Privileges on a page
#-------------------------------------------------------------------
sub _changeWobjectPrivileges {
my($wobject,$sth);
$sth = WebGUI::SQL->read("select wobjectId from wobject where pageId=".quote($_[0]));
while ($wobject = $sth->hashRef) {
if (WebGUI::Privilege::canEditWobject($wobject->{wobjectId})) {
WebGUI::SQL->write("update wobject set startDate=$session{form}{startDate}, endDate=$session{form}{endDate}, ownerId=$session{form}{ownerId}, groupIdView=$session{form}{groupIdView}, groupIdEdit=$session{form}{groupIdEdit} where wobjectId=".quote($wobject->{wobjectId}));
}
}
}
#-------------------------------------------------------------------
sub _recursivelyChangePrivileges {
my ($sth, $pageId);
$sth = WebGUI::SQL->read("select pageId from page where parentId=$_[0]");
#--Added By Frank Dillon - Change the Wobject Privileges on the current page
_changeWobjectPrivileges($_[0]);
#--End Changes
while (($pageId) = $sth->array) {
if (WebGUI::Privilege::canEditPage($pageId)) {
WebGUI::SQL->write("update page set startDate=$session{form}{startDate},

1
lib/WebGUI/Operation/Settings.pm
View file

@ -123,6 +123,7 @@ sub www_editContentSettings {
-intervalValue=>$data[0],
-unitsValue=>$data[1]
);
$f->yesNo("wobjectPrivileges",WebGUI::International::get(979),$session{setting}{wobjectPrivileges});
$f->submit;
$output .= $f->print;
return _submenu($output);

826
lib/WebGUI/Privilege.pm
View file

@ -1,379 +1,447 @@
package WebGUI::Privilege;
=head1 LEGAL
-------------------------------------------------------------------
WebGUI is Copyright 2001-2003 Plain Black LLC.
-------------------------------------------------------------------
Please read the legal notices (docs/legal.txt) and the license
(docs/license.txt) that came with this distribution before using
this software.
-------------------------------------------------------------------
http://www.plainblack.com info@plainblack.com
-------------------------------------------------------------------
=cut
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Group;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Operation::Account ();
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
=head1 NAME
Package WebGUI::Privilege
=head1 DESCRIPTION
This package provides access to the WebGUI security system and security messages.
=head1 SYNOPSIS
use WebGUI::Privilege;
$html = WebGUI::Privilege::adminOnly();
$boolean = WebGUI::Privilege::canEditPage();
$boolean = WebGUI::Privilege::canViewPage();
$html = WebGUI::Privilege::insufficient();
$boolean = WebGUI::Privilege::isInGroup($groupId);
$html = WebGUI::Privilege::noAccess();
$html = WebGUI::Privilege::notMember();
$html = WebGUI::Privilege::vitalComponent();
=head1 METHODS
These functions are available from this package:
=cut
#-------------------------------------------------------------------
=head2 adminOnly ( )
Returns a message stating that this functionality can only be used by administrators. This method also sets the HTTP header status to 401.
=cut
sub adminOnly {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--Admin Only-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output, $sth, @data);
$output = '<h1>'.WebGUI::International::get(35).'</h1>';
$output .= WebGUI::International::get(36);
$output .= '<ul>';
$sth = WebGUI::SQL->read("select users.username,users.userId from users,groupings where users.userId=groupings.userId and groupings.groupId=3 order by users.username");
while (@data = $sth->array) {
$output .= '<li><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data[1]).'">'.$data[0].'</a>';
}
$sth->finish;
$output .= '</ul><p>';
return $output;
}
#-------------------------------------------------------------------
=head2 canEditPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canEditPage {
my (%page);
tie %page, 'Tie::CPHash';
if ($_[0] ne "") {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$_[0]");
} else {
%page = %{$session{page}};
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdEdit})) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 canViewPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this page.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canViewPage {
my (%page, $inDateRange);
tie %page, 'Tie::CPHash';
if ($_[0] eq "") {
%page = %{$session{page}};
} else {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$_[0]");
}
if ($page{startDate} < time() && $page{endDate} > time()) {
$inDateRange = 1;
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdView}) && $inDateRange) {
return 1;
} elsif (canEditPage($_[0])) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 insufficient ( )
Returns a message stating that the user does not have the required privileges to perform the operation they requested. This method also sets the HTTP header status to 401.
=cut
sub insufficient {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--Insufficient Privileges-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
$output .= WebGUI::International::get(38);
$output .= '<p>';
return $output;
}
#-------------------------------------------------------------------
=head2 isInGroup ( groupId [ , userId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
=over
=item groupId
The group that you wish to verify against the user.
=item userId
The user that you wish to verify against the group. Defaults to the currently logged in user.
=back
=cut
sub isInGroup {
my ($gid, $uid, @data, %group, $groupId);
($gid, $uid) = @_;
$uid = $session{user}{userId} if ($uid eq "");
### The "Everyone" group automatically returns true.
if ($gid == 7) {
return 1;
}
### The "Visitor" group returns false, unless the user is visitor.
if ($gid == 1) {
if ($uid == 1) {
return 1;
} else {
return 0;
}
}
### The "Registered Users" group returns true if user is not visitor.
if ($gid==2 && $uid != 1) {
return 1;
}
### Use session to cache multiple lookups of the same group.
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
return 1;
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
return 0;
}
### Lookup the actual groupings.
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = 1;
}
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
return 1;
}
### Get data for auxillary checks.
tie %group, 'Tie::CPHash';
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter from groups where groupId='$gid'");
### Check IP Address
if ($group{ipFilter} ne "") {
$group{ipFilter} =~ s/\t//g;
$group{ipFilter} =~ s/\r//g;
$group{ipFilter} =~ s/\n//g;
$group{ipFilter} =~ s/\s//g;
$group{ipFilter} =~ s/\./\\\./g;
my @ips = split(";",$group{ipFilter});
foreach my $ip (@ips) {
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check Scratch Variables
if ($group{scratchFilter} ne "") {
$group{scratchFilter} =~ s/\t//g;
$group{scratchFilter} =~ s/\r//g;
$group{scratchFilter} =~ s/\n//g;
$group{scratchFilter} =~ s/\s//g;
my @vars = split(";",$group{scratchFilter});
foreach my $var (@vars) {
my ($name, $value) = split(/\=/,$var);
if ($session{scratch}{$name} eq $value) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check karma levels.
if ($session{setting}{useKarma}) {
my $karma;
if ($uid == $session{user}{userId}) {
$karma = $session{user}{karma};
} else {
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
}
if ($karma >= $group{karmaThreshold}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
### Check for groups of groups.
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
if ($session{isInGroup}{$_}{$uid}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
$session{isInGroup}{$gid}{$uid} = 0;
return 0;
}
#-------------------------------------------------------------------
=head2 noAccess ( )
Returns a message stating that the user does not have the privileges necessary to access this page. This method also sets the HTTP header status to 401.
=cut
sub noAccess {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--No Access-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output);
if ($session{user}{userId} <= 1) {
$output = WebGUI::Operation::Account::www_displayAccount();
} else {
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
$output .= WebGUI::International::get(39);
$output .= '<p>';
}
return $output;
}
#-------------------------------------------------------------------
=head2 notMember ( )
Returns a message stating that the user they requested information about is no longer active on this server. This method also sets the HTTP header status to 400.
=cut
sub notMember {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(400, '<!--Not A Member-->' );
$r->status(400);
}
} else {
$session{header}{status} = 400;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(345).'</h1>';
$output .= WebGUI::International::get(346);
$output .= '<p>';
return $output;
}
#-------------------------------------------------------------------
=head2 vitalComponent ( )
Returns a message stating that the user made a request to delete something that should never delete. This method also sets the HTTP header status to 403.
=cut
sub vitalComponent {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(403, '<!--Vital Component-->' );
$r->status(403);
}
} else {
$session{header}{status} = 403;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(40).'</h1>';
$output .= WebGUI::International::get(41);
$output .= '<p>';
return $output;
}
1;
package WebGUI::Privilege;
=head1 LEGAL
-------------------------------------------------------------------
WebGUI is Copyright 2001-2003 Plain Black LLC.
-------------------------------------------------------------------
Please read the legal notices (docs/legal.txt) and the license
(docs/license.txt) that came with this distribution before using
this software.
-------------------------------------------------------------------
http://www.plainblack.com info@plainblack.com
-------------------------------------------------------------------
=cut
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Group;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Operation::Account ();
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
=head1 NAME
Package WebGUI::Privilege
=head1 DESCRIPTION
This package provides access to the WebGUI security system and security messages.
=head1 SYNOPSIS
use WebGUI::Privilege;
$html = WebGUI::Privilege::adminOnly();
$boolean = WebGUI::Privilege::canEditPage();
$boolean = WebGUI::Privilege::canViewPage();
$html = WebGUI::Privilege::insufficient();
$boolean = WebGUI::Privilege::isInGroup($groupId);
$html = WebGUI::Privilege::noAccess();
$html = WebGUI::Privilege::notMember();
$html = WebGUI::Privilege::vitalComponent();
=head1 METHODS
These functions are available from this package:
=cut
#-------------------------------------------------------------------
=head2 adminOnly ( )
Returns a message stating that this functionality can only be used by administrators. This method also sets the HTTP header status to 401.
=cut
sub adminOnly {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--Admin Only-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output, $sth, @data);
$output = '<h1>'.WebGUI::International::get(35).'</h1>';
$output .= WebGUI::International::get(36);
$output .= '<ul>';
$sth = WebGUI::SQL->read("select users.username,users.userId from users,groupings where users.userId=groupings.userId and groupings.groupId=3 order by users.username");
while (@data = $sth->array) {
$output .= '<li><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data[1]).'">'.$data[0].'</a>';
}
$sth->finish;
$output .= '</ul><p>';
return $output;
}
#-------------------------------------------------------------------
=head2 canEditPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canEditPage {
my (%page);
tie %page, 'Tie::CPHash';
if ($_[0] ne "") {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$_[0]");
} else {
%page = %{$session{page}};
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdEdit})) {
return 1;
} else {
return 0;
}
}
#Added by Frank Dillon. Wobject API not used due to possible performance issues
#-------------------------------------------------------------------
=head2 canEditWobject ( wobjectId )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item wobjectId
The unique identifier for the wobject that you wish to check the privileges on.
=back
=cut
sub canEditWobject {
my (%wobject);
tie %wobject, 'Tie::CPHash';
return canEditPage() unless ($session{setting}{wobjectPrivileges} == 1);
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from wobject where wobjectId=".quote($_[0]));
if ($session{user}{userId} == $wobject{ownerId}) {
return 1;
} elsif (isInGroup($wobject{groupIdEdit})) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 canViewPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this page.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canViewPage {
my (%page, $inDateRange);
tie %page, 'Tie::CPHash';
if ($_[0] eq "") {
%page = %{$session{page}};
} else {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$_[0]");
}
if ($page{startDate} < time() && $page{endDate} > time()) {
$inDateRange = 1;
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdView}) && $inDateRange) {
return 1;
} elsif (canEditPage($_[0])) {
return 1;
} else {
return 0;
}
}
#Added by Frank Dillon. Wobject API not used due to possible performance issues
#-------------------------------------------------------------------
=head2 canViewWobject ( wobjectId )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this wobject.
=over
=item wobjectId
The unique identifier for the wobject that you wish to check the privileges on.
=back
=cut
sub canViewWobject {
my (%wobject);
tie %wobject, 'Tie::CPHash';
return canViewPage() unless ($session{setting}{wobjectPrivileges} == 1);
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from wobject where wobjectId=".quote($_[0]));
if ($wobject{startDate} < time() && $wobject{endDate} > time()) {
if ($session{user}{userId} == $wobject{ownerId}) {
return 1;
} elsif (isInGroup($wobject{groupIdView})) {
return 1;
} elsif (canEditWobject($_[0])) {
return 1;
} else {
return 0;
}
}else{
return 0;
}
}
#-------------------------------------------------------------------
=head2 insufficient ( )
Returns a message stating that the user does not have the required privileges to perform the operation they requested. This method also sets the HTTP header status to 401.
=cut
sub insufficient {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--Insufficient Privileges-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
$output .= WebGUI::International::get(38);
$output .= '<p>';
return $output;
}
#-------------------------------------------------------------------
=head2 isInGroup ( groupId [ , userId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
=over
=item groupId
The group that you wish to verify against the user.
=item userId
The user that you wish to verify against the group. Defaults to the currently logged in user.
=back
=cut
sub isInGroup {
my ($gid, $uid, @data, %group, $groupId);
($gid, $uid) = @_;
$uid = $session{user}{userId} if ($uid eq "");
### The "Everyone" group automatically returns true.
if ($gid == 7) {
return 1;
}
### The "Visitor" group returns false, unless the user is visitor.
if ($gid == 1) {
if ($uid == 1) {
return 1;
} else {
return 0;
}
}
### The "Registered Users" group returns true if user is not visitor.
if ($gid==2 && $uid != 1) {
return 1;
}
### Use session to cache multiple lookups of the same group.
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
return 1;
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
return 0;
}
### Lookup the actual groupings.
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = 1;
}
if ($session{isInGroup}{$gid}{$uid} || $session{isInGroup}{3}{$uid}) {
return 1;
}
### Get data for auxillary checks.
tie %group, 'Tie::CPHash';
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter from groups where groupId='$gid'");
### Check IP Address
if ($group{ipFilter} ne "") {
$group{ipFilter} =~ s/\t//g;
$group{ipFilter} =~ s/\r//g;
$group{ipFilter} =~ s/\n//g;
$group{ipFilter} =~ s/\s//g;
$group{ipFilter} =~ s/\./\\\./g;
my @ips = split(";",$group{ipFilter});
foreach my $ip (@ips) {
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check Scratch Variables
if ($group{scratchFilter} ne "") {
$group{scratchFilter} =~ s/\t//g;
$group{scratchFilter} =~ s/\r//g;
$group{scratchFilter} =~ s/\n//g;
$group{scratchFilter} =~ s/\s//g;
my @vars = split(";",$group{scratchFilter});
foreach my $var (@vars) {
my ($name, $value) = split(/\=/,$var);
if ($session{scratch}{$name} eq $value) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check karma levels.
if ($session{setting}{useKarma}) {
my $karma;
if ($uid == $session{user}{userId}) {
$karma = $session{user}{karma};
} else {
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
}
if ($karma >= $group{karmaThreshold}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
### Check for groups of groups.
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
if ($session{isInGroup}{$_}{$uid}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
$session{isInGroup}{$gid}{$uid} = 0;
return 0;
}
#-------------------------------------------------------------------
=head2 noAccess ( )
Returns a message stating that the user does not have the privileges necessary to access this page. This method also sets the HTTP header status to 401.
=cut
sub noAccess {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(401, '<!--No Access-->' );
$r->status(401);
}
} else {
$session{header}{status} = 401;
}
my ($output);
if ($session{user}{userId} <= 1) {
$output = WebGUI::Operation::Account::www_displayAccount();
} else {
$output = '<h1>'.WebGUI::International::get(37).'</h1>';
$output .= WebGUI::International::get(39);
$output .= '<p>';
}
return $output;
}
#-------------------------------------------------------------------
=head2 notMember ( )
Returns a message stating that the user they requested information about is no longer active on this server. This method also sets the HTTP header status to 400.
=cut
sub notMember {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(400, '<!--Not A Member-->' );
$r->status(400);
}
} else {
$session{header}{status} = 400;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(345).'</h1>';
$output .= WebGUI::International::get(346);
$output .= '<p>';
return $output;
}
#-------------------------------------------------------------------
=head2 vitalComponent ( )
Returns a message stating that the user made a request to delete something that should never delete. This method also sets the HTTP header status to 403.
=cut
sub vitalComponent {
if($session{env}{MOD_PERL}) {
my $r = Apache->request;
if(defined($r)) {
$r->custom_response(403, '<!--Vital Component-->' );
$r->status(403);
}
} else {
$session{header}{status} = 403;
}
my ($output);
$output = '<h1>'.WebGUI::International::get(40).'</h1>';
$output .= WebGUI::International::get(41);
$output .= '<p>';
return $output;
}
1;

3455
lib/WebGUI/Wobject.pm
View file

File diff suppressed because it is too large Load diff

20
lib/WebGUI/Wobject/DataForm.pm
View file

@ -161,7 +161,7 @@ sub getRecordTemplateVars {
my $self = shift;
my $var = shift;
$var->{error_loop} = [] unless (exists $var->{error_loop});
$var->{canEdit} = (WebGUI::Privilege::canEditPage());
$var->{canEdit} = (WebGUI::Privilege::canEditWobject($self->get("wobjectId")));
$var->{"entryList.url"} = WebGUI::URL::page('func=view&entryId=list&wid='.$self->get("wobjectId"));
$var->{"entryList.label"} = WebGUI::International::get(86,$self->get("namespace"));
$var->{"export.tab.url"} = WebGUI::URL::page('func=exportTab&wid='.$self->get("wobjectId"));
@ -311,14 +311,14 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteField {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(19,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteFieldConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid}));
}
#-------------------------------------------------------------------
sub www_deleteFieldConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("DataForm_field","DataForm_fieldId",$session{form}{fid});
$_[0]->reorderCollateral("DataForm_field","DataForm_fieldId");
return "";
@ -378,7 +378,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->SUPER::www_editSave();
if ($session{form}{wid} eq "new") {
$_[0]->setCollateral("DataForm_field","DataForm_fieldId",{
@ -437,7 +437,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editField {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, %field, $f, %fieldStatus);
tie %field, 'Tie::CPHash';
tie %fieldStatus, 'Tie::IxHash';
@ -523,7 +523,7 @@ sub www_editField {
#-------------------------------------------------------------------
sub www_editFieldSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{form}{name} = $session{form}{label} if ($session{form}{name} eq "");
$_[0]->setCollateral("DataForm_field","DataForm_fieldId",{
DataForm_fieldId=>$session{form}{fid},
@ -546,7 +546,7 @@ sub www_editFieldSave {
#-------------------------------------------------------------------
sub www_exportTab {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{header}{filename} = WebGUI::URL::urlize($_[0]->get("title")).".tab";
$session{header}{mimetype} = "text/plain";
my @fields = WebGUI::SQL->buildArray("select name from DataForm_field where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber");
@ -569,14 +569,14 @@ sub www_exportTab {
#-------------------------------------------------------------------
sub www_moveFieldDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("DataForm_field","DataForm_fieldId",$session{form}{fid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFieldUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("DataForm_field","DataForm_fieldId",$session{form}{fid});
return "";
}
@ -640,7 +640,7 @@ sub www_process {
sub www_view {
my $var;
$var->{entryId} = $session{form}{entryId};
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditPage()) {
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
return $_[0]->processTemplate($_[0]->get("listTemplateId"),$_[0]->getListTemplateVars,"DataForm/List");
}
$var = $_[1] || $_[0]->getRecordTemplateVars($var);

12
lib/WebGUI/Wobject/EventsCalendar.pm
View file

@ -51,7 +51,7 @@ sub _drawBigCalendar {
$calendar->monthname(WebGUI::DateTime::getMonthName($calendar->month));
$calendar->header('<h2 align="center">'.$calendar->monthname.' '.$calendar->year.'</h2>');
($start,$end) = monthStartEnd($_[1]);
my $canEdit = ($session{var}{adminOn} && WebGUI::Privilege::canEditPage());
my $canEdit = ($session{var}{adminOn} && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$sth = WebGUI::SQL->read("select * from EventsCalendar_event where wobjectId="
.$_[0]->get("wobjectId")." order by startDate,endDate");
while (%event = $sth->hash) {
@ -195,7 +195,7 @@ sub purge {
#-------------------------------------------------------------------
sub www_deleteEvent {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output);
$output = '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(75,$_[0]->get("namespace")).'<p><blockquote>';
@ -212,7 +212,7 @@ sub www_deleteEvent {
#-------------------------------------------------------------------
sub www_deleteEventConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
if ($session{form}{rid} > 0) {
$_[0]->deleteCollateral("EventsCalendar_event","EventsCalendar_recurringId",$session{form}{rid});
} else {
@ -305,7 +305,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editEvent {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my (%recursEvery, $special, $output, $f, %event);
tie %event, 'Tie::CPHash';
tie %recursEvery, 'Tie::IxHash';
@ -369,7 +369,7 @@ sub www_editEvent {
#-------------------------------------------------------------------
sub www_editEventSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my (@startDate, @endDate, $until, @eventId, $i, $recurringEventId);
$startDate[0] = WebGUI::FormProcessor::dateTime("startDate");
$startDate[0] = time() unless ($startDate[0] > 0);
@ -542,7 +542,7 @@ sub www_viewEvent {
$var{"start.date"} = epochToHuman($event{startDate},"%z");
$var{"end.label"} = WebGUI::International::get(15,$_[0]->get("namespace"));
$var{"end.date"} = epochToHuman($event{endDate},"%z");
$var{canEdit} = WebGUI::Privilege::canEditPage();
$var{canEdit} = WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"));
$var{"edit.url"} = WebGUI::URL::page('func=editEvent&eid='.$session{form}{eid}.'&wid='.$session{form}{wid});
$var{"edit.label"} = WebGUI::International::get(575);
$var{"delete.url"} = WebGUI::URL::page('func=deleteEvent&eid='.$session{form}{eid}.'&wid='

2
lib/WebGUI/Wobject/ExtraColumn.pm
View file

@ -60,7 +60,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_edit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $f);
$output = helpIcon(1,$_[0]->get("namespace"));
$output .= '<h1>'.WebGUI::International::get(6,$_[0]->get("namespace")).'</h1>';

12
lib/WebGUI/Wobject/FAQ.pm
View file

@ -63,14 +63,14 @@ sub purge {
#-------------------------------------------------------------------
sub www_deleteQuestion {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(7,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteQuestionConfirm&wid='.$_[0]->get("wobjectId").'&qid='.$session{form}{qid}));
}
#-------------------------------------------------------------------
sub www_deleteQuestionConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("FAQ_question","FAQ_questionId",$session{form}{qid});
$_[0]->reorderCollateral("FAQ_question","FAQ_questionId");
return "";
@ -107,7 +107,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editQuestion {
my ($output, $question, $f);
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$question = $_[0]->getCollateral("FAQ_question","FAQ_questionId",$session{form}{qid});
$output = helpIcon(2,$_[0]->get("namespace"));
$output .= '<h1>'.WebGUI::International::get(10,$_[0]->get("namespace")).'</h1>';
@ -141,7 +141,7 @@ sub www_editQuestion {
#-------------------------------------------------------------------
sub www_editQuestionSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->setCollateral("FAQ_question", "FAQ_questionId", {
FAQ_questionId => $session{form}{qid},
question => $session{form}{question},
@ -156,14 +156,14 @@ sub www_editQuestionSave {
#-------------------------------------------------------------------
sub www_moveQuestionDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("FAQ_question","FAQ_questionId",$session{form}{qid});
return "";
}
#-------------------------------------------------------------------
sub www_moveQuestionUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("FAQ_question","FAQ_questionId",$session{form}{qid});
return "";
}

16
lib/WebGUI/Wobject/FileManager.pm
View file

@ -93,7 +93,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteFile {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->setCollateral("FileManager_file","FileManager_fileId",
{$session{form}{file}=>'',FileManager_fileId=>$session{form}{did}},0,0);
return $_[0]->www_editDownload();
@ -101,14 +101,14 @@ sub www_deleteFile {
#-------------------------------------------------------------------
sub www_deleteDownload {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(12,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteDownloadConfirm&wid='.$session{form}{wid}.'&did='.$session{form}{did}));
}
#-------------------------------------------------------------------
sub www_deleteDownloadConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $file);
$file = WebGUI::Attachment->new("",$session{form}{wid},$session{form}{did});
$file->deleteNode;
@ -171,7 +171,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->SUPER::www_editSave();
if ($session{form}{proceed} eq "addFile") {
$session{form}{did} = "new";
@ -183,7 +183,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editDownload {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $file, $f);
$file = $_[0]->getCollateral("FileManager_file","FileManager_fileId",$session{form}{did});
$output .= helpIcon(2,$_[0]->get("namespace"));
@ -232,7 +232,7 @@ sub www_editDownload {
#-------------------------------------------------------------------
sub www_editDownloadSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($file, %files);
$files{FileManager_fileId} = $_[0]->setCollateral("FileManager_file", "FileManager_fileId", {
FileManager_fileId => $session{form}{did},
@ -269,7 +269,7 @@ sub www_editDownloadSave {
#-------------------------------------------------------------------
sub www_moveDownloadDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
$_[0]->moveCollateralUp("FileManager_file","FileManager_fileId",$session{form}{did});
@ -278,7 +278,7 @@ sub www_moveDownloadDown {
#-------------------------------------------------------------------
sub www_moveDownloadUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
$_[0]->moveCollateralDown("FileManager_file","FileManager_fileId",$session{form}{did});

2
lib/WebGUI/Wobject/Item.pm
View file

@ -70,7 +70,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($attachment, $property);
$_[0]->SUPER::www_editSave() if ($_[0]->get("wobjectId") eq "new");
$attachment = WebGUI::Attachment->new("",$_[0]->get("wobjectId"));

16
lib/WebGUI/Wobject/LinkList.pm
View file

@ -64,14 +64,14 @@ sub purge {
#-------------------------------------------------------------------
sub www_deleteLink {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(9,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteLinkConfirm&wid='.$session{form}{wid}.'&lid='.$session{form}{lid}));
}
#-------------------------------------------------------------------
sub www_deleteLinkConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("LinkList_link","LinkList_linkId",$session{form}{lid});
$_[0]->reorderCollateral("LinkList_link","LinkList_linkId");
return "";
@ -98,7 +98,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->SUPER::www_editSave();
if ($session{form}{proceed} eq "addLink") {
$session{form}{lid} = "new";
@ -110,7 +110,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editLink {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $link, $f, $linkId, $newWindow);
$link = $_[0]->getCollateral("LinkList_link", "LinkList_linkId",$session{form}{lid});
if ($link->{LinkList_linkId} eq "new") {
@ -145,7 +145,7 @@ sub www_editLink {
#-------------------------------------------------------------------
sub www_editLinkSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->setCollateral("LinkList_link", "LinkList_linkId", {
LinkList_linkId => $session{form}{lid},
description => $session{form}{description},
@ -164,14 +164,14 @@ sub www_editLinkSave {
#-------------------------------------------------------------------
sub www_moveLinkDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("LinkList_link","LinkList_linkId",$session{form}{lid});
return "";
}
#-------------------------------------------------------------------
sub www_moveLinkUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("LinkList_link","LinkList_linkId",$session{form}{lid});
return "";
}
@ -181,7 +181,7 @@ sub www_view {
my (%var, @linkloop, $controls, $link, $sth);
$var{"addlink.url"} = WebGUI::URL::page('func=editLink&lid=new&wid='.$_[0]->get("wobjectId"));
$var{"addlink.label"} = WebGUI::International::get(13,$_[0]->get("namespace"));
$var{canEdit} = WebGUI::Privilege::canEditPage();
$var{canEdit} = WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"));
$sth = WebGUI::SQL->read("select * from LinkList_link where wobjectId=".$_[0]->get("wobjectId")."
order by sequenceNumber");
while ($link = $sth->hashRef) {

2
lib/WebGUI/Wobject/Poll.pm
View file

@ -185,7 +185,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_resetVotes {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("Poll_answer","wobjectId",$_[0]->get("wobjectId"));
return "";
}

62
lib/WebGUI/Wobject/Product.pm
View file

@ -115,7 +115,7 @@ sub purge {
#-------------------------------------------------------------------
sub www_addAccessory {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $f, $accessory, @usedAccessories);
$output = helpIcon(4,$_[0]->get("namespace"));
$output .= '<h1>'.WebGUI::International::get(16,$_[0]->get("namespace")).'</h1>';
@ -136,7 +136,7 @@ sub www_addAccessory {
#-------------------------------------------------------------------
sub www_addAccessorySave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($seq);
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory
where wobjectId=".$_[0]->get("wobjectId"));
@ -151,7 +151,7 @@ sub www_addAccessorySave {
#-------------------------------------------------------------------
sub www_addRelated {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $f, $related, @usedRelated);
$output = helpIcon(5,$_[0]->get("namespace"));
$output .= '<h1>'.WebGUI::International::get(19,$_[0]->get("namespace")).'</h1>';
@ -172,7 +172,7 @@ sub www_addRelated {
#-------------------------------------------------------------------
sub www_addRelatedSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($seq);
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related
where wobjectId=".$_[0]->get("wobjectId"));
@ -187,7 +187,7 @@ sub www_addRelatedSave {
#-------------------------------------------------------------------
sub www_deleteAccessory {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(
WebGUI::International::get(2,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteAccessoryConfirm&wid='.$_[0]->get("wobjectId").'&aid='.$session{form}{aid})
@ -196,7 +196,7 @@ sub www_deleteAccessory {
#-------------------------------------------------------------------
sub www_deleteAccessoryConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::SQL->write("delete from Product_accessory where wobjectId=$session{form}{wid} and accessoryWobjectId=$session{form}{aid}");
$_[0]->reorderCollateral("Product_accessory","accessoryWobjectId");
return "";
@ -204,7 +204,7 @@ sub www_deleteAccessoryConfirm {
#-------------------------------------------------------------------
sub www_deleteBenefit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(
WebGUI::International::get(48,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteBenefitConfirm&wid='.$_[0]->get("wobjectId").'&bid='.$session{form}{bid})
@ -213,7 +213,7 @@ sub www_deleteBenefit {
#-------------------------------------------------------------------
sub www_deleteBenefitConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
$_[0]->reorderCollateral("Product_benefit","Product_benefitId");
return "";
@ -221,7 +221,7 @@ sub www_deleteBenefitConfirm {
#-------------------------------------------------------------------
sub www_deleteFeature {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(
WebGUI::International::get(3,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteFeatureConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid})
@ -230,7 +230,7 @@ sub www_deleteFeature {
#-------------------------------------------------------------------
sub www_deleteFeatureConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("Product_feature","Product_featureId",$session{form}{fid});
$_[0]->reorderCollateral("Product_feature","Product_featureId");
return "";
@ -238,7 +238,7 @@ sub www_deleteFeatureConfirm {
#-------------------------------------------------------------------
sub www_deleteRelated {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(
WebGUI::International::get(4,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteRelatedConfirm&wid='.$_[0]->get("wobjectId").'&rid='.$session{form}{rid})
@ -247,7 +247,7 @@ sub www_deleteRelated {
#-------------------------------------------------------------------
sub www_deleteRelatedConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::SQL->write("delete from Product_related where wobjectId=$session{form}{wid} and relatedWobjectId=$session{form}{rid}");
$_[0]->reorderCollateral("Product_related","relatedWobjectId");
return "";
@ -255,7 +255,7 @@ sub www_deleteRelatedConfirm {
#-------------------------------------------------------------------
sub www_deleteSpecification {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(
WebGUI::International::get(5,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteSpecificationConfirm&wid='.$_[0]->get("wobjectId").'&sid='.$session{form}{sid})
@ -264,7 +264,7 @@ sub www_deleteSpecification {
#-------------------------------------------------------------------
sub www_deleteSpecificationConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->deleteCollateral("Product_specification","Product_specificationId",$session{form}{sid});
$_[0]->reorderCollateral("Product_specification","Product_specificationId");
return "";
@ -298,7 +298,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($file, %property);
$_[0]->SUPER::www_editSave() if ($_[0]->get("wobjectId") eq "new");
$file = WebGUI::Attachment->new("",$_[0]->get("wobjectId"));
@ -325,7 +325,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editBenefit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $data, $f, $benefits);
$data = $_[0]->getCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
$output = helpIcon(6,$_[0]->get("namespace"));
@ -344,7 +344,7 @@ sub www_editBenefit {
#-------------------------------------------------------------------
sub www_editBenefitSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{form}{benefit} = $session{form}{benefit_new} if ($session{form}{benefit_new} ne "");
$_[0]->setCollateral("Product_benefit", "Product_benefitId", {
Product_benefitId => $session{form}{bid},
@ -360,7 +360,7 @@ sub www_editBenefitSave {
#-------------------------------------------------------------------
sub www_editFeature {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $data, $f, $features);
$data = $_[0]->getCollateral("Product_feature","Product_featureId",$session{form}{fid});
$output = helpIcon(2,$_[0]->get("namespace"));
@ -379,7 +379,7 @@ sub www_editFeature {
#-------------------------------------------------------------------
sub www_editFeatureSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{form}{feature} = $session{form}{feature_new} if ($session{form}{feature_new} ne "");
$_[0]->setCollateral("Product_feature", "Product_featureId", {
Product_featureId => $session{form}{fid},
@ -395,7 +395,7 @@ sub www_editFeatureSave {
#-------------------------------------------------------------------
sub www_editSpecification {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $data, $f, $hashRef);
$data = $_[0]->getCollateral("Product_specification","Product_specificationId",$session{form}{sid});
$output = helpIcon(3,$_[0]->get("namespace"));
@ -417,7 +417,7 @@ sub www_editSpecification {
#-------------------------------------------------------------------
sub www_editSpecificationSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{form}{name} = $session{form}{name_new} if ($session{form}{name_new} ne "");
$session{form}{units} = $session{form}{units_new} if ($session{form}{units_new} ne "");
$_[0]->setCollateral("Product_specification", "Product_specificationId", {
@ -436,70 +436,70 @@ sub www_editSpecificationSave {
#-------------------------------------------------------------------
sub www_moveAccessoryDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Product_related","accessoryWobjectId",$session{form}{aid});
return "";
}
#-------------------------------------------------------------------
sub www_moveAccessoryUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Product_accessory","accessoryWobjectId",$session{form}{aid});
return "";
}
#-------------------------------------------------------------------
sub www_moveBenefitDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Product_benefit","Product_benefitId",$session{form}{bid});
return "";
}
#-------------------------------------------------------------------
sub www_moveBenefitUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Product_benefit","Product_benefitId",$session{form}{bid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFeatureDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Product_feature","Product_featureId",$session{form}{fid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFeatureUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Product_feature","Product_featureId",$session{form}{fid});
return "";
}
#-------------------------------------------------------------------
sub www_moveRelatedDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Product_related","relatedWobjectId",$session{form}{rid});
return "";
}
#-------------------------------------------------------------------
sub www_moveRelatedUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Product_related","relatedWobjectId",$session{form}{rid});
return "";
}
#-------------------------------------------------------------------
sub www_moveSpecificationDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Product_specification","Product_specificationId",$session{form}{sid});
return "";
}
#-------------------------------------------------------------------
sub www_moveSpecificationUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Product_specification","Product_specificationId",$session{form}{sid});
return "";
}

26
lib/WebGUI/Wobject/Survey.pm
View file

@ -151,7 +151,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteAnswer {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(45,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteAnswerConfirm&wid='.$_[0]->get("wobjectId").'&aid='
.$session{form}{aid}.'&qid='.$session{form}{qid}));
@ -159,7 +159,7 @@ sub www_deleteAnswer {
#-------------------------------------------------------------------
sub www_deleteAnswerConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::SQL->write("delete from Survey_response where Survey_answerId=$session{form}{aid}");
$_[0]->deleteCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
$_[0]->reorderCollateral("Survey_answer","Survey_answerId","Survey_id");
@ -168,14 +168,14 @@ sub www_deleteAnswerConfirm {
#-------------------------------------------------------------------
sub www_deleteQuestion {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(44,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteQuestionConfirm&wid='.$_[0]->get("wobjectId").'&qid='.$session{form}{qid}));
}
#-------------------------------------------------------------------
sub www_deleteQuestionConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
WebGUI::SQL->write("delete from Survey_answer where Survey_questionId=$session{form}{qid}");
WebGUI::SQL->write("delete from Survey_response where Survey_questionId=$session{form}{qid}");
$_[0]->deleteCollateral("Survey_question","Survey_questionId",$session{form}{qid});
@ -285,7 +285,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->SUPER::www_editSave();
if ($session{form}{proceed} eq "addQuestion") {
$session{form}{qid} = "new";
@ -296,7 +296,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editAnswer {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($question, $output, $f, $answer);
$answer = $_[0]->getCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
$output = '<h1>'.WebGUI::International::get(18,$_[0]->get("namespace")).'</h1>';
@ -350,7 +350,7 @@ sub www_editAnswer {
#-------------------------------------------------------------------
sub www_editAnswerSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->setCollateral("Survey_answer", "Survey_answerId", {
Survey_answerId => $session{form}{aid},
Survey_questionId => $session{form}{qid},
@ -372,7 +372,7 @@ sub www_editAnswerSave {
#-------------------------------------------------------------------
sub www_editQuestion {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my ($output, $f, $question, $answerFieldType, $sth, %data);
tie %data, 'Tie::CPHash';
$question = $_[0]->getCollateral("Survey_question","Survey_questionId",$session{form}{qid});
@ -440,7 +440,7 @@ sub www_editQuestion {
#-------------------------------------------------------------------
sub www_editQuestionSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$session{form}{qid} = $_[0]->setCollateral("Survey_question", "Survey_questionId", {
question=>$session{form}{question},
Survey_questionId=>$session{form}{qid},
@ -520,28 +520,28 @@ sub www_exportResponses {
#-------------------------------------------------------------------
sub www_moveAnswerDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
return $_[0]->www_editQuestion;
}
#-------------------------------------------------------------------
sub www_moveAnswerUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
return $_[0]->www_editQuestion;
}
#-------------------------------------------------------------------
sub www_moveQuestionDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralDown("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
return $_[0]->www_edit;
}
#-------------------------------------------------------------------
sub www_moveQuestionUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage());
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->moveCollateralUp("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
return $_[0]->www_edit;
}