oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

changed the privileges API

Browse source
This commit is contained in:
JT Smith 2004-05-29 05:27:19 +00:00
parent 1f052120ed
commit 8e79f008c7
48 changed files with 758 additions and 749 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/WebGUI/Forum.pm
View file

@ -16,7 +16,7 @@ package WebGUI::Forum;
use strict;
use WebGUI::Forum::Thread;
use WebGUI::Privilege;
use WebGUI::Grouping;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::Utility;
@ -81,7 +81,7 @@ Defaults to $session{user}{userId}. Specify a user ID to check privileges for.
sub canPost {
my ($self, $userId) = @_;
$userId = $session{user}{userId} unless ($userId);
return (WebGUI::Privilege::isInGroup($self->get("groupToPost"),$userId) || $self->isModerator);
return (WebGUI::Grouping::isInGroup($self->get("groupToPost"),$userId) || $self->isModerator);
}
#-------------------------------------------------------------------
@ -103,7 +103,7 @@ Defaults to $session{user}{userId}. Specify a user ID to check privileges for.
sub canView {
my ($self, $userId) = @_;
$userId = $session{user}{userId} unless ($userId);
return (WebGUI::Privilege::isInGroup($self->get("groupToView"),$userId) || $self->canPost);
return (WebGUI::Grouping::isInGroup($self->get("groupToView"),$userId) || $self->canPost);
}
#-------------------------------------------------------------------
@ -242,7 +242,7 @@ Defaults to $session{user}{userId}. A user id to test for moderator privileges.
sub isModerator {
my ($self, $userId) = @_;
$userId = $session{user}{userId} unless ($userId);
return WebGUI::Privilege::isInGroup($self->get("groupToModerate"), $userId);
return WebGUI::Grouping::isInGroup($self->get("groupToModerate"), $userId);
}
#-------------------------------------------------------------------

151
lib/WebGUI/Grouping.pm
View file

@ -40,7 +40,8 @@ This package provides an interface for managing WebGUI user and group groupings.
$arrayRef = WebGUI::Grouping::getGroupsForUser($userId);
$arrayRef = WebGUI::Grouping::getGroupsInGroup($groupId);
$arrayRef = WebGUI::Grouping::getUsersInGroup($groupId);
$yesNo = WebGUI::Grouping::userGroupAdmin($userId,$groupId);
$boolean = WebGUI::Grouping::isInGroup($groupId, $userId);
$boolean = WebGUI::Grouping::userGroupAdmin($userId,$groupId);
$epoch = WebGUI::Grouping::userGroupExpireDate($userId,$groupId);
=head1 METHODS
@ -227,11 +228,13 @@ If set to "1" then the listing will not include expired groupings. Defaults to "
=cut
sub getGroupsForUser {
my $clause = "and expireDate>".time() if ($_[1]);
if ($_[0] eq "") {
my $userId = shift;
my $withoutExpired = shift;
my $clause = "and expireDate>".time() if ($withoutExpired);
if ($userId eq "") {
return [];
} else {
return WebGUI::SQL->buildArrayRef("select groupId from groupings where userId=$_[0] $clause");
return WebGUI::SQL->buildArrayRef("select groupId from groupings where userId=$userId $clause");
}
}
@ -311,6 +314,146 @@ sub getUsersInGroup {
}
#-------------------------------------------------------------------
=head2 isInGroup ( [ groupId , userId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
=over
=item groupId
The group that you wish to verify against the user. Defaults to group with Id 3 (the Admin group).
=item userId
The user that you wish to verify against the group. Defaults to the currently logged in user.
=back
=cut
sub isInGroup {
my ($gid, $uid, @data, %group, $groupId);
($gid, $uid) = @_;
$gid = 3 unless (defined $gid);
$uid = $session{user}{userId} if ($uid eq "");
### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal.
return 1 if ($gid == 7); # everyone is in the everyone group
return 1 if ($gid == 1 && $uid == 1); # visitors are in the visitors group
return 0 if ($gid != 1 && $uid == 1); # visitors can't be in any group execpt the visitors group
return 1 if ($gid==2 && $uid != 1); # if you're not a visitor, then you're a registered user
### Look to see if we've already looked up this group.
if ($session{isInGroup}{$gid}{$uid} == 1) {
return 1;
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
return 0;
}
### Lookup the actual groupings.
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = 1;
}
if ($session{isInGroup}{$gid}{$uid} == 1) {
return 1;
}
### Get data for auxillary checks.
tie %group, 'Tie::CPHash';
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId='$gid'");
### Check IP Address
if ($group{ipFilter} ne "") {
$group{ipFilter} =~ s/\t//g;
$group{ipFilter} =~ s/\r//g;
$group{ipFilter} =~ s/\n//g;
$group{ipFilter} =~ s/\s//g;
$group{ipFilter} =~ s/\./\\\./g;
my @ips = split(";",$group{ipFilter});
foreach my $ip (@ips) {
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check Scratch Variables
if ($group{scratchFilter} ne "") {
$group{scratchFilter} =~ s/\t//g;
$group{scratchFilter} =~ s/\r//g;
$group{scratchFilter} =~ s/\n//g;
$group{scratchFilter} =~ s/\s//g;
my @vars = split(";",$group{scratchFilter});
foreach my $var (@vars) {
my ($name, $value) = split(/\=/,$var);
if ($session{scratch}{$name} eq $value) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check karma levels.
if ($session{setting}{useKarma}) {
my $karma;
if ($uid == $session{user}{userId}) {
$karma = $session{user}{karma};
} else {
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
}
if ($karma >= $group{karmaThreshold}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
### Check external database
if ($group{dbQuery} ne "" && $group{databaseLinkId}) {
# skip if not logged in and query contains a User macro
unless ($group{dbQuery} =~ /\^User/i && $uid == 1) {
my $dbLink = WebGUI::DatabaseLink->new($group{databaseLinkId});
my $dbh = $dbLink->dbh;
if (defined $dbh) {
if ($group{dbQuery} =~ /select 1/i) {
$group{dbQuery} = WebGUI::Macro::process($group{dbQuery});
my $sth = WebGUI::SQL->unconditionalRead($group{dbQuery},$dbh);
unless ($sth->errorCode < 1) {
WebGUI::ErrorHandler::warn("There was a problem with the database query for group ID $gid.");
} else {
my ($result) = $sth->array;
if ($result == 1) {
$session{isInGroup}{$gid}{$uid} = 1;
if ($group{dbCacheTimeout} > 0) {
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]);
WebGUI::Grouping::addUsersToGroups([$uid],[$gid],$group{dbCacheTimeout});
}
} else {
$session{isInGroup}{$gid}{$uid} = 0;
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]) if ($group{dbCacheTimeout} > 0);
}
}
$sth->finish;
} else {
WebGUI::ErrorHandler::warn("Database query for group ID $gid must use 'select 1'");
}
$dbLink->disconnect;
return 1 if ($session{isInGroup}{$gid}{$uid});
}
}
}
### Check for groups of groups.
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
if ($session{isInGroup}{$_}{$uid}) {
$session{isInGroup}{$gid}{$uid} = 1; # cache current group also so we don't have to do the group in group check again
return 1;
}
}
$session{isInGroup}{$gid}{$uid} = 0;
return 0;
}
#-------------------------------------------------------------------

8
lib/WebGUI/HTMLForm.pm
View file

@ -20,7 +20,7 @@ use WebGUI::DateTime;
use WebGUI::Form;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Privilege;
use WebGUI::Grouping;
use WebGUI::Session;
use WebGUI::SQL;
@ -535,7 +535,7 @@ sub databaseLink {
rearrange([qw(name value label afterEdit extras uiLevel)], @p);
if (_uiLevelChecksOut($uiLevel)) {
$label = $label || WebGUI::International::get(1075);
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
if ($afterEdit) {
$subtext = editIcon("op=editDatabaseLink&amp;lid=".$value."&amp;afterEdit=".WebGUI::URL::escape($afterEdit));
}
@ -1079,7 +1079,7 @@ sub group {
my ($name, $label, $value, $size, $multiple, $extras, $subtext, $uiLevel, $excludeGroups) =
rearrange([qw(name label value size multiple extras subtext uiLevel excludeGroups)], @p);
if (_uiLevelChecksOut($uiLevel)) {
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$subtext = manageIcon("op=listGroups").$subtext;
}
$output = WebGUI::Form::group({
@ -1956,7 +1956,7 @@ sub template {
rearrange([qw(name value label namespace afterEdit extras uiLevel)], @p);
if (_uiLevelChecksOut($uiLevel)) {
$label = $label || WebGUI::International::get(356);
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
if ($afterEdit) {
$subtext = editIcon("op=editTemplate&tid=".$value."&namespace=".$namespace."&afterEdit=".WebGUI::URL::escape($afterEdit));
}

16
lib/WebGUI/Macro/AdminBar.pm
View file

@ -13,9 +13,9 @@ package WebGUI::Macro::AdminBar;
use strict qw(refs vars);
use Tie::CPHash;
use Tie::IxHash;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
@ -137,7 +137,7 @@ sub process {
$var{'clipboard_loop'} = \@clipboard;
#--admin functions
%hash = ();
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
%hash = (
WebGUI::URL::page('op=listGroups')=>WebGUI::International::get(5),
WebGUI::URL::page('op=manageSettings')=>WebGUI::International::get(4),
@ -146,14 +146,14 @@ sub process {
WebGUI::URL::page('op=listDatabaseLinks')=>WebGUI::International::get(981),
WebGUI::URL::page('op=listNavigation')=>'Manage navigation.'
);
} elsif (WebGUI::Privilege::isInGroup(11)) {
} elsif (WebGUI::Grouping::isInGroup(11)) {
%hash = (
WebGUI::URL::page('op=listGroupsSecondary')=>WebGUI::International::get(5),
WebGUI::URL::page('op=addUserSecondary')=>WebGUI::International::get(169),
%hash
);
}
if (WebGUI::Privilege::isInGroup(4)) {
if (WebGUI::Grouping::isInGroup(4)) {
%hash = (
WebGUI::URL::page('op=listRoots')=>WebGUI::International::get(410),
'http://validator.w3.org/check?uri='.WebGUI::URL::escape(WebGUI::URL::page())=>WebGUI::International::get(399),
@ -164,25 +164,25 @@ sub process {
%hash
);
}
if (WebGUI::Privilege::isInGroup(6)) {
if (WebGUI::Grouping::isInGroup(6)) {
%hash = (
WebGUI::URL::gateway('packages')=>WebGUI::International::get(374),
%hash
);
}
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
%hash = (
WebGUI::URL::page('op=listTemplates')=>WebGUI::International::get(508),
%hash
);
}
if (WebGUI::Privilege::isInGroup(9)) {
if (WebGUI::Grouping::isInGroup(9)) {
%hash = (
WebGUI::URL::page('op=listThemes')=>WebGUI::International::get(900),
%hash
);
}
if (WebGUI::Privilege::isInGroup(10)) {
if (WebGUI::Grouping::isInGroup(10)) {
%hash = (
WebGUI::URL::page('op=listLanguages')=>WebGUI::International::get(585),
%hash

3
lib/WebGUI/Macro/AdminToggle.pm
View file

@ -11,6 +11,7 @@ package WebGUI::Macro::AdminToggle;
#-------------------------------------------------------------------
use strict;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Session;
@ -19,7 +20,7 @@ use WebGUI::URL;
#-------------------------------------------------------------------
sub process {
my ($temp, @param, $turnOn, $turnOff);
if (WebGUI::Privilege::isInGroup(12)) {
if (WebGUI::Grouping::isInGroup(12)) {
@param = WebGUI::Macro::getParams($_[0]);
if ($session{var}{adminOn}) {
$turnOff = $param[1] || WebGUI::International::get(517);

4
lib/WebGUI/Macro/CanEditText.pm
View file

@ -12,13 +12,13 @@ package WebGUI::Macro::CanEditText;
use strict;
use WebGUI::Macro;
use WebGUI::Page;
use WebGUI::Session;
use WebGUI::Privilege;
#-------------------------------------------------------------------
sub process {
my @param = WebGUI::Macro::getParams($_[0]);
if (WebGUI::Privilege::canEditPage()) {
if (WebGUI::Page::canEdit()) {
return $param[0];
} else {
return "";

5
lib/WebGUI/Macro/EditableToggle.pm
View file

@ -11,16 +11,17 @@ package WebGUI::Macro::EditableToggle;
#-------------------------------------------------------------------
use strict;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Privilege;
use WebGUI::Page;
use WebGUI::Session;
use WebGUI::URL;
#-------------------------------------------------------------------
sub process {
my ($temp, @param, $turnOn, $turnOff);
if (WebGUI::Privilege::canEditPage() && WebGUI::Privilege::isInGroup(12)) {
if (WebGUI::Page::canEdit() && WebGUI::Grouping::isInGroup(12)) {
@param = WebGUI::Macro::getParams($_[0]);
if ($session{var}{adminOn}) {
$turnOff = $param[1] || WebGUI::International::get(517);

4
lib/WebGUI/Macro/GroupAdd.pm
View file

@ -12,9 +12,9 @@ package WebGUI::Macro::GroupAdd;
use strict;
use WebGUI::Group;
use WebGUI::Grouping;
use WebGUI::Macro;
use WebGUI::Session;
use WebGUI::Privilege;
use WebGUI::URL;
#-------------------------------------------------------------------
@ -24,7 +24,7 @@ sub process {
my $g = WebGUI::Group->find($param[0]);
return "" if ($g->groupId eq "");
return "" unless ($g->autoAdd);
return "" if (WebGUI::Privilege::isInGroup($g->groupId));
return "" if (WebGUI::Grouping::isInGroup($g->groupId));
return '<a href="'.WebGUI::URL::page("op=autoAddToGroup&groupId=".$g->groupId).'">'.$param[1].'</a>';
}

4
lib/WebGUI/Macro/GroupDelete.pm
View file

@ -12,9 +12,9 @@ package WebGUI::Macro::GroupDelete;
use strict;
use WebGUI::Group;
use WebGUI::Grouping;
use WebGUI::Macro;
use WebGUI::Session;
use WebGUI::Privilege;
use WebGUI::URL;
#-------------------------------------------------------------------
@ -24,7 +24,7 @@ sub process {
my $g = WebGUI::Group->find($param[0]);
return "" if ($g->groupId eq "");
return "" unless ($g->autoDelete);
return "" unless (WebGUI::Privilege::isInGroup($g->groupId));
return "" unless (WebGUI::Grouping::isInGroup($g->groupId));
return '<a href="'.WebGUI::URL::page("op=autoDeleteFromGroup&groupId=".$g->groupId).'">'.$param[1].'</a>';
}

4
lib/WebGUI/Macro/GroupText.pm
View file

@ -11,17 +11,17 @@ package WebGUI::Macro::GroupText;
#-------------------------------------------------------------------
use strict;
use WebGUI::Grouping;
use WebGUI::Macro;
use WebGUI::SQL;
use WebGUI::Session;
use WebGUI::Privilege;
#-------------------------------------------------------------------
sub process {
my @param = WebGUI::Macro::getParams($_[0]);
my ($groupId) = WebGUI::SQL->quickArray("select groupId from groups where groupName=".quote($param[0]));
$groupId = 3 if ($groupId eq "");
if (WebGUI::Privilege::isInGroup($groupId)) {
if (WebGUI::Grouping::isInGroup($groupId)) {
return $param[1];
} else {
return $param[2];

17
lib/WebGUI/Navigation.pm
View file

@ -18,16 +18,15 @@ package WebGUI::Navigation;
use strict;
use Tie::CPHash;
use Tie::IxHash;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
use WebGUI::Operation::Navigation;
use WebGUI::Page;
use WebGUI::Utility;
use WebGUI::Privilege;
use WebGUI::Template;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Operation::Navigation;
use WebGUI::Page;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::Template;
use WebGUI::URL;
use WebGUI::Utility;
=head1 NAME
@ -269,7 +268,7 @@ sub build {
$pageData->{"page.isHidden"} = $page->get('hideFromNavigation');
$pageData->{"page.isSystem"} = (($page->get('pageId') < 1000 && $page->get('pageId') > 1) ||
$page->get('pageId') == 0);
$pageData->{"page.isViewable"} = WebGUI::Privilege::canViewPage($page->get('pageId'));
$pageData->{"page.isViewable"} = WebGUI::Page::canView($page->get('pageId'));
# indent
my $indent = 0;

6
lib/WebGUI/Operation/Admin.pm
View file

@ -12,7 +12,7 @@ package WebGUI::Operation::Admin;
use Exporter;
use strict;
use WebGUI::Privilege;
use WebGUI::Grouping;
use WebGUI::Session;
use WebGUI::SQL;
@ -21,7 +21,7 @@ our @EXPORT = qw(&www_switchOffAdmin &www_switchOnAdmin);
#-------------------------------------------------------------------
sub www_switchOffAdmin {
return "" unless (WebGUI::Privilege::isInGroup(12));
return "" unless (WebGUI::Grouping::isInGroup(12));
WebGUI::SQL->write("update userSession set adminOn=0 where sessionId='$session{var}{sessionId}'");
WebGUI::Session::refreshSessionVars($session{var}{sessionId});
return "";
@ -29,7 +29,7 @@ sub www_switchOffAdmin {
#-------------------------------------------------------------------
sub www_switchOnAdmin {
return "" unless (WebGUI::Privilege::isInGroup(12));
return "" unless (WebGUI::Grouping::isInGroup(12));
WebGUI::SQL->write("update userSession set adminOn=1 where sessionId='$session{var}{sessionId}'");
WebGUI::Session::refreshSessionVars($session{var}{sessionId});
return "";

22
lib/WebGUI/Operation/Clipboard.pm
View file

@ -39,7 +39,7 @@ sub _submenu {
if ($session{form}{systemClipboard} ne "1") {
$menu{WebGUI::URL::page('op=emptyClipboard')} = WebGUI::International::get(950);
}
if ( ($session{setting}{sharedClipboard} ne "1") && (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedClipboard} ne "1") && (WebGUI::Grouping::isInGroup(3)) ) {
$menu{WebGUI::URL::page('op=manageClipboard&systemClipboard=1')} = WebGUI::International::get(954);
if ($session{form}{systemClipboard} eq "1") {
$menu{WebGUI::URL::page('op=emptyClipboard&systemClipboard=1')} = WebGUI::International::get(959);
@ -51,7 +51,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_deleteClipboardItem {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($output);
if ($session{form}{wid} ne "") {
$output .= helpIcon(14);
@ -74,9 +74,9 @@ sub www_deleteClipboardItem {
#-------------------------------------------------------------------
sub www_deleteClipboardItemConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
if ($session{form}{wid} ne "") {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
WebGUI::SQL->write("update wobject set pageId=3, "
."bufferDate=".time().", "
."bufferUserId=".$session{user}{userId} .", "
@ -96,7 +96,7 @@ sub www_deleteClipboardItemConfirm {
}
WebGUI::ErrorHandler::audit("moved wobject ". $session{form}{wid} ." from clipboard to trash");
} elsif ($session{form}{pageId} ne "") {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
WebGUI::SQL->write("update page set parentId=3, "
."bufferDate=".time().", "
."bufferUserId=".$session{user}{userId} .", "
@ -122,12 +122,12 @@ sub www_deleteClipboardItemConfirm {
#-------------------------------------------------------------------
sub www_emptyClipboard {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($output);
$output = helpIcon(67);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(951).'<p>';
if ( ($session{setting}{sharedClipboard} ne "1") && (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedClipboard} ne "1") && (WebGUI::Grouping::isInGroup(3)) ) {
$output .= '<div align="center"><a href="'.WebGUI::URL::page('op=emptyClipboardConfirm&systemClipboard=1')
.'">'.WebGUI::International::get(44).'</a>';
} else {
@ -141,12 +141,12 @@ sub www_emptyClipboard {
#-------------------------------------------------------------------
sub www_emptyClipboardConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($allUsers);
if ($session{setting}{sharedClipboard} eq "1") {
$allUsers = 1;
} elsif ($session{form}{systemClipboard} eq "1") {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
$allUsers = 1;
} else {
$allUsers = 0;
@ -184,7 +184,7 @@ sub www_emptyClipboardConfirm {
#-------------------------------------------------------------------
sub www_manageClipboard {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($sth, @data, @row, @sorted_row, $i, $p, $allUsers);
my $output = helpIcon(65);
@ -194,7 +194,7 @@ sub www_manageClipboard {
$allUsers = 1;
$output .= '<h1>'. WebGUI::International::get(948) .'</h1>';
} elsif ($session{form}{systemClipboard} eq "1") {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
$allUsers = 1;
$output .= '<h1>'. WebGUI::International::get(955) .'</h1>';
} else {

39
lib/WebGUI/Operation/Collateral.pm
View file

@ -22,6 +22,7 @@ use strict;
use WebGUI::Collateral;
use WebGUI::CollateralFolder;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -55,7 +56,7 @@ sub _submenu {
$menu{WebGUI::URL::page('op=deleteCollateral&cid='.$session{form}{cid})} = WebGUI::International::get(765);
}
$menu{WebGUI::URL::page('op=editCollateralFolder')} = WebGUI::International::get(759);
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$menu{WebGUI::URL::page('op=emptyCollateralFolder')} = WebGUI::International::get(980);
$menu{WebGUI::URL::page('op=deleteCollateralFolder')} = WebGUI::International::get(760);
}
@ -66,7 +67,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_deleteCollateral {
my $collateral = WebGUI::Collateral->new($session{form}{cid});
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Grouping::isInGroup(3));
my $output = '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(774).'<p/><div align="center">';
$output .= '<a href="'.WebGUI::URL::page('op=deleteCollateralConfirm&cid='.$session{form}{cid}).'">'
@ -80,7 +81,7 @@ sub www_deleteCollateral {
#-------------------------------------------------------------------
sub www_deleteCollateralConfirm {
my $collateral = WebGUI::Collateral->new($session{form}{cid});
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Grouping::isInGroup(3));
$collateral->delete;
WebGUI::Session::deleteScratch("collateralPageNumber");
return www_listCollateral();
@ -89,14 +90,14 @@ sub www_deleteCollateralConfirm {
#-------------------------------------------------------------------
sub www_deleteCollateralFile {
my $collateral = WebGUI::Collateral->new($session{form}{cid});
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Grouping::isInGroup(3));
$collateral->deleteFile;
return www_editCollateral($collateral);
}
#-------------------------------------------------------------------
sub www_deleteCollateralFolder {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999);
my $output = '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(775).'<p/><div align="center">';
@ -110,7 +111,7 @@ sub www_deleteCollateralFolder {
#-------------------------------------------------------------------
sub www_deleteCollateralFolderConfirm {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999);
my $folders = WebGUI::CollateralFolder->getTree({-minimumFields => 1});
if (my $deadFolder = $folders->{$session{scratch}{collateralFolderId}}) {
@ -123,7 +124,7 @@ sub www_deleteCollateralFolderConfirm {
#-------------------------------------------------------------------
sub www_emptyCollateralFolder {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999);
my $output = '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(979).'<p/><div align="center">';
@ -137,7 +138,7 @@ sub www_emptyCollateralFolder {
#-------------------------------------------------------------------
sub www_emptyCollateralFolderConfirm {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999);
my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId=".$session{scratch}{collateralFolderId});
WebGUI::Collateral->multiDelete(@collateralIds);
@ -146,7 +147,7 @@ sub www_emptyCollateralFolderConfirm {
#-------------------------------------------------------------------
sub www_editCollateral {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4));
my ($canEdit, $file, $folderId, $output, $f, $collateral, $image, $error, $x, $y);
if ($session{form}{cid} eq "new") {
$collateral->{collateralType} = $session{form}{type};
@ -159,7 +160,7 @@ sub www_editCollateral {
my $c = $_[1] || WebGUI::Collateral->new($session{form}{cid});
$collateral = $c->get;
}
$canEdit = ($collateral->{userId} == $session{user}{userId} || WebGUI::Privilege::isInGroup(3));
$canEdit = ($collateral->{userId} == $session{user}{userId} || WebGUI::Grouping::isInGroup(3));
$folderId = $session{scratch}{collateralFolderId} || 0;
$f = WebGUI::HTMLForm->new;
$f->hidden("op","editCollateralSave");
@ -295,7 +296,7 @@ sub www_editCollateral {
#-------------------------------------------------------------------
sub www_editCollateralSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4));
WebGUI::Session::setScratch("collateralFolderId",$session{form}{collateralFolderId});
my ($test, $file, $addFile);
my $collateral = WebGUI::Collateral->new($session{form}{cid});
@ -322,7 +323,7 @@ sub www_editCollateralSave {
#-------------------------------------------------------------------
sub www_editCollateralFolder {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4));
my ($output, $f, $folder, $folderId, $constraint);
$output .= '<h1>'.WebGUI::International::get(776).'</h1>';
if ($session{form}{fid} eq "new") {
@ -368,7 +369,7 @@ sub www_editCollateralFolder {
#-------------------------------------------------------------------
sub www_editCollateralFolderSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4));
if ($session{form}{fid} eq "new") {
$session{form}{fid} = getNextId("collateralFolderId");
WebGUI::Session::setScratch("collateralFolderId",$session{form}{fid});
@ -392,7 +393,7 @@ sub www_editCollateralFolderSave {
#-------------------------------------------------------------------
sub www_listCollateral {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4));
my (%type, %user, $f, $row, $data, $sth, $url, $output, $parent, $p, $thumbnail, $file, $page, $constraints, $folderId);
tie %type, 'Tie::IxHash';
tie %user, 'Tie::IxHash';
@ -519,7 +520,7 @@ sub _htmlAreaCreateTree {
sub www_htmlArealistCollateral {
my (@parents, $sth, $data, $indent);
$session{page}{makePrintable}=1; $session{page}{printableStyleId}=10;
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Privilege::isInGroup(4));
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Grouping::isInGroup(4));
my $output = '<table border="0" cellspacing="0" cellpadding="0" width="100%">';
my $folderId = $session{form}{fid} || 0;
@ -574,7 +575,7 @@ sub www_htmlAreaviewCollateral {
my($output, $collateral, $file, $x, $y, $image, $error);
$session{page}{makePrintable}=1; $session{page}{printableStyleId}=10;
$output .= '<table align="center" border="0" cellspacing="0" cellpadding="2" width="100%" height="100%">';
if($session{form}{cid} == 0 || ! WebGUI::Privilege::isInGroup(4)) {
if($session{form}{cid} == 0 || ! WebGUI::Grouping::isInGroup(4)) {
$output .= '<tr><td align="center" valign="middle" width="100%" height="100%">';
$output .= '<p align="center"><br><img src="'.$session{config}{extrasURL}.'/htmlArea/images/icon.gif"
border="0"></p>';
@ -610,7 +611,7 @@ sub www_htmlAreaviewCollateral {
#-------------------------------------------------------------------
sub www_htmlAreaUpload {
$session{page}{makePrintable}=1; $session{page}{printableStyleId}=10;
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Privilege::isInGroup(4));
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Grouping::isInGroup(4));
return www_htmlArealistCollateral() if ($session{form}{image} eq "");
my($test, $file);
$session{form}{fid} = $session{form}{collateralFolderId} = $session{form}{path};
@ -635,7 +636,7 @@ sub www_htmlAreaUpload {
#-------------------------------------------------------------------
sub www_htmlAreaDelete {
$session{page}{makePrintable}=1; $session{page}{printableStyleId}=10;
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Privilege::isInGroup(4));
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Grouping::isInGroup(4));
if($session{form}{cid}) { # Delete Image
my $collateral = WebGUI::Collateral->new($session{form}{cid});
$collateral->delete;
@ -652,7 +653,7 @@ sub www_htmlAreaDelete {
#-------------------------------------------------------------------
sub www_htmlAreaCreateFolder {
$session{page}{makePrintable}=1; $session{page}{printableStyleId}=10;
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Privilege::isInGroup(4));
return "<b>Only Content Managers are allowed to use WebGUI Collateral</b>" unless (WebGUI::Grouping::isInGroup(4));
$session{form}{fid} = getNextId("collateralFolderId");
WebGUI::Session::setScratch("collateralFolderId",$session{form}{fid});
WebGUI::SQL->write("insert into collateralFolder (collateralFolderId) values ($session{form}{fid})");

13
lib/WebGUI/Operation/DatabaseLink.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict;
use Tie::CPHash;
use WebGUI::DatabaseLink;
use WebGUI::Grouping;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Operation::Shared;
@ -43,7 +44,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_copyDatabaseLink {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
my (%db);
tie %db, 'Tie::CPHash';
%db = WebGUI::SQL->quickHash("select * from databaseLink where databaseLinkId=$session{form}{dlid}");
@ -54,7 +55,7 @@ sub www_copyDatabaseLink {
#-------------------------------------------------------------------
sub www_deleteDatabaseLink {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
my ($output);
$output .= helpIcon(70);
$output .= '<h1>'.WebGUI::International::get(987).'</h1>';
@ -77,14 +78,14 @@ sub www_deleteDatabaseLink {
#-------------------------------------------------------------------
sub www_deleteDatabaseLinkConfirm {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
WebGUI::SQL->write("delete from databaseLink where databaseLinkId=".$session{form}{dlid});
return www_listDatabaseLinks();
}
#-------------------------------------------------------------------
sub www_editDatabaseLink {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
my ($output, %db, $f);
tie %db, 'Tie::CPHash';
if ($session{form}{dlid} eq "new") {
@ -109,7 +110,7 @@ sub www_editDatabaseLink {
#-------------------------------------------------------------------
sub www_editDatabaseLinkSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3));
if ($session{form}{dlid} eq "new") {
$session{form}{dlid} = getNextId("databaseLinkId");
WebGUI::SQL->write("insert into databaseLink (databaseLinkId) values ($session{form}{dlid})");
@ -121,7 +122,7 @@ sub www_editDatabaseLinkSave {
#-------------------------------------------------------------------
sub www_listDatabaseLinks {
return WebGUI::Privilege::adminOnly() unless(WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless(WebGUI::Grouping::isInGroup(3));
my ($output, $p, $sth, %data, @row, $i);
$output = helpIcon(68);
$output .= '<h1>'.WebGUI::International::get(996).'</h1>';

30
lib/WebGUI/Operation/Group.pm
View file

@ -40,7 +40,7 @@ our @EXPORT = qw(&www_manageUsersInGroup &www_deleteGroup &www_deleteGroupConfir
#-------------------------------------------------------------------
sub _hasSecondaryPrivilege {
return 0 unless (WebGUI::Privilege::isInGroup(11));
return 0 unless (WebGUI::Grouping::isInGroup(11));
return WebGUI::Grouping::userGroupAdmin($session{user}{userId},$_[0]);
}
@ -49,7 +49,7 @@ sub _hasSecondaryPrivilege {
sub _submenu {
my ($output, %menu);
tie %menu, 'Tie::IxHash';
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$menu{WebGUI::URL::page('op=editGroup&gid=new')} = WebGUI::International::get(90);
unless ($session{form}{op} eq "listGroups"
|| $session{form}{gid} eq "new"
@ -69,7 +69,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_addGroupsToGroupSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my @groups = $session{cgi}->param('groups');
WebGUI::Grouping::addGroupsToGroups(\@groups,[$session{form}{gid}]);
return www_manageGroupsInGroup();
@ -77,7 +77,7 @@ sub www_addGroupsToGroupSave {
#-------------------------------------------------------------------
sub www_addUsersToGroupSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my @users = $session{cgi}->param('users');
WebGUI::Grouping::addUsersToGroups(\@users,[$session{form}{gid}]);
return www_manageUsersInGroup();
@ -113,7 +113,7 @@ sub www_autoDeleteFromGroup {
#-------------------------------------------------------------------
sub www_deleteGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output);
return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26);
$output .= helpIcon(15);
@ -128,7 +128,7 @@ sub www_deleteGroup {
#-------------------------------------------------------------------
sub www_deleteGroupConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26);
my $g = WebGUI::Group->new($session{form}{gid});
$g->delete;
@ -137,7 +137,7 @@ sub www_deleteGroupConfirm {
#-------------------------------------------------------------------
sub www_deleteGroupGrouping {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::Grouping::deleteGroupsFromGroups([$session{form}{delete}],[$session{form}{gid}]);
return www_manageGroupsInGroup();
}
@ -154,7 +154,7 @@ sub www_deleteGroupingSecondary {
#-------------------------------------------------------------------
sub www_editGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $g);
if ($session{form}{gid} eq "new") {
$g = WebGUI::Group->new("");
@ -233,7 +233,7 @@ sub www_editGroup {
#-------------------------------------------------------------------
sub www_editGroupSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my $g = WebGUI::Group->new($session{form}{gid});
$g->description($session{form}{description});
$g->name($session{form}{groupName});
@ -255,7 +255,7 @@ sub www_editGroupSave {
#-------------------------------------------------------------------
sub www_emailGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output,$f);
$output = '<h1>'.WebGUI::International::get(809).'</h1>';
$f = WebGUI::HTMLForm->new;
@ -282,7 +282,7 @@ sub www_emailGroup {
#-------------------------------------------------------------------
sub www_emailGroupSend {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($sth, $email);
$sth = WebGUI::SQL->read("select b.fieldData from groupings a left join userProfileData b
on a.userId=b.userId and b.fieldName='email' where a.groupId=$session{form}{gid}");
@ -297,7 +297,7 @@ sub www_emailGroupSend {
#-------------------------------------------------------------------
sub www_listGroups {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $p, $sth, @data, @row, $i, $userCount);
$output = helpIcon(10);
$output .= '<h1>'.WebGUI::International::get(89).'</h1>';
@ -328,7 +328,7 @@ sub www_listGroups {
#-------------------------------------------------------------------
sub www_listGroupsSecondary {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(11));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(11));
my ($output, $p, $sth, @data, @row, $i, $userCount);
$output .= '<h1>'.WebGUI::International::get(89).'</h1>';
my @editableGroups = WebGUI::SQL->buildArray("select groupId from groupings where userId=$session{user}{userId} and groupAdmin=1");
@ -360,7 +360,7 @@ sub www_listGroupsSecondary {
#-------------------------------------------------------------------
sub www_manageGroupsInGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $p, $group, $groups, $f);
$output = '<h1>'.WebGUI::International::get(813).'</h1><div align="center">';
$f = WebGUI::HTMLForm->new;
@ -397,7 +397,7 @@ sub www_manageGroupsInGroup {
#-------------------------------------------------------------------
sub www_manageUsersInGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $sth, %hash);
tie %hash, 'Tie::CPHash';
$output = '<h1>'.WebGUI::International::get(88).'</h1>';

13
lib/WebGUI/Operation/Help.pm
View file

@ -15,6 +15,7 @@ use strict;
use Tie::IxHash;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -70,7 +71,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_deleteHelp {
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
my $output = '<h1>Confirm</h1>Are you sure? Deleting help is never a good idea. <a href="'
.WebGUI::URL::page("op=deleteHelpConfirm&hid=".$session{form}{hid}."&namespace=".$session{form}{namespace})
.'">Yes</a> / <a href="'.WebGUI::URL::page("op=manageHelp").'">No</a><p>';
@ -79,7 +80,7 @@ sub www_deleteHelp {
#-------------------------------------------------------------------
sub www_deleteHelpConfirm {
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
my ($titleId, $bodyId) = WebGUI::SQL->quickArray("select titleId,bodyId from help where helpId=".$session{form}{hid}."
and namespace=".quote($session{form}{namespace}));
WebGUI::SQL->write("delete from international where internationalId=$titleId
@ -93,7 +94,7 @@ sub www_deleteHelpConfirm {
#-------------------------------------------------------------------
sub www_editHelp {
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, %data, %help, @seeAlso);
tie %data, 'Tie::IxHash';
tie %help, 'Tie::CPHash';
@ -141,7 +142,7 @@ sub www_editHelp {
#-------------------------------------------------------------------
sub www_editHelpSave {
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
my (@seeAlso);
if ($session{form}{hid} eq "new") {
if ($session{form}{namespace_new} ne "") {
@ -178,7 +179,7 @@ sub www_editHelpSave {
#-------------------------------------------------------------------
sub www_exportHelp {
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
my ($export, $output, %help, $sth);
$export = "#export of WebGUI ".$WebGUI::VERSION." help system.\n\n";
$sth = WebGUI::SQL->read("select * from help");
@ -195,7 +196,7 @@ sub www_exportHelp {
#-------------------------------------------------------------------
sub www_manageHelp {
my ($sth, @help, $output);
return "" unless (WebGUI::Privilege::isInGroup(3));
return "" unless (WebGUI::Grouping::isInGroup(3));
$output = '<h1>Manage Help</h1>';
$output .= 'This interface is for WebGUI developers only. If you\'re not a developer, leave this alone. Also,
this interface works <b>ONLY</b> under MySQL and is not supported by Plain Black under any

20
lib/WebGUI/Operation/International.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -21,6 +22,7 @@ use WebGUI::Macro;
use WebGUI::Mail;
use WebGUI::Operation::Shared;
use WebGUI::Paginator;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
@ -85,7 +87,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_addInternationalMessage {
my ($output,$f);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
$output = '<h1>Add English Message</h1>';
$f = WebGUI::HTMLForm->new();
$f->hidden("lid",1);
@ -118,7 +120,7 @@ sub www_addInternationalMessageSave {
sub www_deleteLanguage {
my ($output);
return WebGUI::Privilege::vitalComponent() if ($session{form}{lid} < 1000 && $session{form}{lid} > 0);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(587).'<p>';
$output .= '<div align="center"><a href="'.
@ -131,7 +133,7 @@ sub www_deleteLanguage {
#-------------------------------------------------------------------
sub www_deleteLanguageConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
return WebGUI::Privilege::vitalComponent() if ($session{form}{lid} < 1000 && $session{form}{lid} > 0);
WebGUI::SQL->write("delete from language where languageId=".$session{form}{lid});
WebGUI::SQL->write("delete from international where languageId=".$session{form}{lid});
@ -143,7 +145,7 @@ sub www_deleteLanguageConfirm {
#-------------------------------------------------------------------
sub www_editInternationalMessage {
my ($output, $message, $context, $f, $language);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
($language) = WebGUI::SQL->quickArray("select language from language where languageId=".$session{form}{lid});
$output = '<h1>'.WebGUI::International::get(597).'</h1>';
$f = WebGUI::HTMLForm->new;
@ -171,7 +173,7 @@ sub www_editInternationalMessage {
#-------------------------------------------------------------------
sub www_editInternationalMessageSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
if ($session{form}{status} eq "missing") {
WebGUI::SQL->write("insert into international (message,namespace,languageId,internationalId,lastUpdated)
values (".quote($session{form}{message}).",".quote($session{form}{namespace})
@ -187,7 +189,7 @@ sub www_editInternationalMessageSave {
#-------------------------------------------------------------------
sub www_editLanguage {
my ($output, $dir, @files, $file, %data, $f, %options);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
tie %data, 'Tie::CPHash';
$dir = $session{config}{extrasPath}.$session{os}{slash}."toolbar";
opendir (DIR,$dir) or WebGUI::ErrorHandler::warn("Can't open toolbar directory!");
@ -219,7 +221,7 @@ sub www_editLanguage {
#-------------------------------------------------------------------
sub www_editLanguageSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
if ($session{form}{lid} eq "new") {
$session{form}{lid} = getNextId("languageId");
WebGUI::SQL->write("insert into language (languageId) values ($session{form}{lid})");
@ -238,7 +240,7 @@ sub www_exportTranslation {
#-------------------------------------------------------------------
sub www_listInternationalMessages {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
my ($output, $sth, $key, $p, $status,%data, %list, $deprecated, $i, $missing, @row, $f, $outOfDate, $ok);
tie %data, 'Tie::CPHash';
%data = WebGUI::SQL->quickHash("select language from language where languageId=".$session{form}{lid});
@ -370,7 +372,7 @@ sub www_listInternationalMessages {
sub www_listLanguages {
my ($output, $sth, %data);
tie %data, 'Tie::CPHash';
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(10));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(10));
$output = '<h1>'.WebGUI::International::get(586).'</h1>';
$sth = WebGUI::SQL->read("select languageId,language from language where languageId<>1 order by language");
while (%data = $sth->hash) {

5
lib/WebGUI/Operation/MessageLog.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict qw(vars subs);
use URI;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Paginator;
use WebGUI::Privilege;
@ -36,7 +37,7 @@ sub _status {
#-------------------------------------------------------------------
sub www_viewMessageLog {
my (@msg, $vars);
WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(2,$session{user}{userId}));
WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(2,$session{user}{userId}));
$vars->{displayTitle} = '<h1>'.WebGUI::International::get(159).'</h1>';
my $p = WebGUI::Paginator->new(WebGUI::URL::page('op=viewMessageLog'));
my $query = "select messageLogId,subject,url,dateOfEntry,status from messageLog where userId=$session{user}{userId} order by dateOfEntry desc";
@ -73,7 +74,7 @@ sub www_viewMessageLog {
#-------------------------------------------------------------------
sub www_viewMessageLogMessage {
my ($data, $vars);
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(2,$session{user}{userId}));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(2,$session{user}{userId}));
$vars->{displayTitle} = '<h1>'.WebGUI::International::get(159).'</h1>';
$data = WebGUI::SQL->quickHashRef("select * from messageLog where messageLogId=$session{form}{mlog} and userId=$session{user}{userId}");

21
lib/WebGUI/Operation/Navigation.pm
View file

@ -15,19 +15,20 @@ use strict;
use Tie::IxHash;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::ErrorHandler;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Navigation;
use WebGUI::Operation::Shared;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
use WebGUI::Utility;
use WebGUI::Navigation;
use WebGUI::TabForm;
use WebGUI::ErrorHandler;
use WebGUI::Privilege;
our @ISA = qw(Exporter);
our @EXPORT = qw(&www_listNavigation &www_editNavigation &www_editNavigationSave &www_copyNavigation
@ -52,7 +53,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_copyNavigation {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
my %navigation = WebGUI::SQL->quickHash("select * from Navigation where identifier = ".
quote($session{form}{identifier}));
WebGUI::SQL->write("insert into Navigation (navigationId, identifier, depth, method, startAt, stopAtLevel,
@ -68,7 +69,7 @@ sub www_copyNavigation {
#-------------------------------------------------------------------
sub www_deleteNavigation {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
if ($session{form}{navigationId} < 1000 && $session{form}{navigationId} > 0) {
return WebGUI::Privilege::vitalComponent();
}
@ -84,7 +85,7 @@ sub www_deleteNavigation {
#-------------------------------------------------------------------
sub www_deleteNavigationConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
if ($session{form}{navigationId} < 1000 && $session{form}{navigationId} > 0) {
return WebGUI::Privilege::vitalComponent();
}
@ -94,7 +95,7 @@ sub www_deleteNavigationConfirm {
#-------------------------------------------------------------------
sub www_editNavigation {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
my $identifier = shift || $session{form}{identifier};
#return WebGUI::ErrorHandler::warn("editNavigation called without identifier") unless $identifier;
@ -241,7 +242,7 @@ sub www_editNavigation {
#-------------------------------------------------------------------
sub www_editNavigationSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
# Check on duplicate identifier
my ($existingNavigationId, $existingIdentifier) = WebGUI::SQL->quickArray("select navigationId,
@ -274,7 +275,7 @@ sub www_editNavigationSave {
#-------------------------------------------------------------------
sub www_listNavigation {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
my $output .= helpIcon(84).'<h1>'.WebGUI::International::get(34,'Navigation').'</h1>';
my $sth = WebGUI::SQL->read("select navigationId, identifier from Navigation order by identifier");
my $i = 0;
@ -303,7 +304,7 @@ sub www_previewNavigation {
#$session{page}{useEmptyStyle} = 1;
$session{page}{useAdminStyle} = 1;
$session{var}{adminOn} = 0;
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(3));
my $nav = WebGUI::Navigation->new( depth=>$session{form}{depth},
method=>$session{form}{method},
startAt=>$session{form}{startAt},

2
lib/WebGUI/Operation/Package.pm
View file

@ -117,7 +117,7 @@ sub _recursePageTree {
#-------------------------------------------------------------------
sub www_deployPackage {
if (WebGUI::Privilege::canEditPage()) {
if (WebGUI::Page::canEdit()) {
_recursePageTree($session{form}{pid},$session{page}{pageId});
return "";
} else {

52
lib/WebGUI/Operation/Page.pm
View file

@ -40,13 +40,21 @@ This private function changes the privileges of all wobjects on page.
=cut
sub _changeWobjectPrivileges {
my($wobject,$sth);
$sth = WebGUI::SQL->read("select wobjectId from wobject where pageId=".quote($_[0]));
$sth = WebGUI::SQL->read("select wobjectId,namespace from wobject where pageId=".quote($_[0]));
while ($wobject = $sth->hashRef) {
if (WebGUI::Privilege::canEditWobject($wobject->{wobjectId})) {
WebGUI::SQL->write("update wobject set startDate=".WebGUI::FormProcessor::dateTime("startDate").",
endDate=".WebGUI::FormProcessor::dateTime("endDate").",
ownerId=$session{form}{ownerId}, groupIdView=$session{form}{groupIdView},
groupIdEdit=$session{form}{groupIdEdit} where wobjectId=".quote($wobject->{wobjectId}));
my $cmd = "WebGUI::Wobject::".$wobject->{namespace};
my $load = "use ".$cmd;
eval($load);
WebGUI::ErrorHandler::warn("Wobject failed to compile: $cmd.".$@) if($@);
my $w = $cmd->new($wobject);
if ($w->canEdit) {
$w->set({
startDate=>WebGUI::FormProcessor::dateTime("startDate"),
endDate=>WebGUI::FormProcessor::dateTime("endDate"),
ownerId=>$session{form}{ownerId},
groupIdView=>$session{form}{ownerId},
groupIdEdit=>$session{form}{groupIdEdit}
});
}
}
}
@ -76,7 +84,7 @@ sub _recursivelyChangeProperties {
$page->walk_down({
callback => sub {
$currentPage = shift;
if (WebGUI::Privilege::canEditPage($currentPage->get('pageId'))) {
if (WebGUI::Page::canEdit($currentPage->get('pageId'))) {
$currentPage->setWithoutRecache({
startDate => WebGUI::FormProcessor::dateTime("startDate"),
endDate => WebGUI::FormProcessor::dateTime("endDate"),
@ -234,7 +242,7 @@ sub www_cutPage {
if ($session{page}{pageId} < 26 && $session{page}{pageId} >= 0) {
return WebGUI::Privilege::vitalComponent();
} elsif (WebGUI::Privilege::canEditPage()) {
} elsif (WebGUI::Page::canEdit()) {
$page = WebGUI::Page->getPage($session{page}{pageId});
$page->cut;
return "";
@ -255,7 +263,7 @@ sub www_deletePage {
my ($output);
if ($session{page}{pageId} < 1000 && $session{page}{pageId} > 0) {
return WebGUI::Privilege::vitalComponent();
} elsif (WebGUI::Privilege::canEditPage()) {
} elsif (WebGUI::Page::canEdit()) {
$output .= helpIcon(3);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(101).'<p>';
@ -280,7 +288,7 @@ Actually transfers the page to the trash.
sub www_deletePageConfirm {
if ($session{page}{pageId} < 1000 && $session{page}{pageId} > 0) {
return WebGUI::Privilege::vitalComponent();
} elsif (WebGUI::Privilege::canEditPage()) {
} elsif (WebGUI::Page::canEdit()) {
my $page = WebGUI::Page->getPage($session{page}{pageId});
$page->delete;
WebGUI::Session::refreshPageInfo($session{page}{parentId});
@ -304,7 +312,7 @@ sub www_editPage {
$session{page}{useAdminStyle} = 1;
tie %hash, "Tie::IxHash";
tie %page, "Tie::CPHash";
if (WebGUI::Privilege::canEditPage($session{form}{npp})) {
if (WebGUI::Page::canEdit($session{form}{npp})) {
my %tabs;
tie %tabs, 'Tie::IxHash';
%tabs = (
@ -466,13 +474,13 @@ sub www_editPage {
-value=>$page{endDate},
-uiLevel=>6
);
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$subtext = manageIcon('op=listUsers');
} else {
$subtext = "";
}
my $clause;
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
my $contentManagers = WebGUI::Grouping::getUsersInGroup(4,1);
push (@$contentManagers, $session{user}{userId});
$clause = "userId in (".join(",",@$contentManagers).")";
@ -549,7 +557,7 @@ sub www_editPageSave {
$pageId = $session{form}{pageId};
}
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage($pageId));
return WebGUI::Privilege::insufficient() unless (WebGUI::Page::canEdit($pageId));
if ($session{form}{pageId} eq "new") {
$currentPage = WebGUI::Page->getPage($pageId);
@ -605,7 +613,7 @@ Moves page down in the context of it's sisters.
=cut
sub www_movePageDown {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveDown($session{page}{pageId});
return "";
} else {
@ -622,7 +630,7 @@ Moves page up in the context of it's sisters.
=cut
sub www_movePageUp {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveUp($session{page}{pageId});
return "";
} else {
@ -639,7 +647,7 @@ Same as www_movePageUp wit this difference that this module returns the www_view
=cut
sub www_moveTreePageUp {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveUp($session{page}{pageId});
return www_viewPageTree();
} else {
@ -656,7 +664,7 @@ Same as www_movePageDown with this difference that this module returns the www_v
=cut
sub www_moveTreePageDown {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveDown($session{page}{pageId});
return www_viewPageTree();
} else {
@ -674,7 +682,7 @@ Another way to look at is that the mother of the current page becomes the elder
=cut
sub www_moveTreePageLeft {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveLeft($session{page}{pageId});
return www_viewPageTree();
} else {
@ -684,7 +692,7 @@ sub www_moveTreePageLeft {
#-------------------------------------------------------------------
sub www_moveTreePageRight {
if (WebGUI::Privilege::canEditPage($session{page}{pageId})) {
if (WebGUI::Page::canEdit($session{page}{pageId})) {
WebGUI::Page->moveRight($session{page}{pageId});
return www_viewPageTree();
} else {
@ -695,7 +703,7 @@ sub www_moveTreePageRight {
#-------------------------------------------------------------------
sub www_pastePage {
my ($currentPage, $pageToPaste);
if (WebGUI::Privilege::canEditPage()) {
if (WebGUI::Page::canEdit()) {
$currentPage = WebGUI::Page->getPage($session{page}{pageId});
$pageToPaste = WebGUI::Page->getPage($session{form}{pageId});
$pageToPaste->paste($currentPage);
@ -707,7 +715,7 @@ sub www_pastePage {
#-------------------------------------------------------------------
sub www_rearrangeWobjects {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditPage($session{page}{pageId}));
return WebGUI::Privilege::insufficient() unless (WebGUI::Page::canEdit($session{page}{pageId}));
$session{page}{styleId} = 2;
my @contentAreas = split(/\./,$session{form}{map});
my $templatePosition = 1;

3
lib/WebGUI/Operation/Profile.pm
View file

@ -17,6 +17,7 @@ use WebGUI::Operation::Auth;
use WebGUI::DateTime;
use WebGUI::ErrorHandler;
use WebGUI::FormProcessor;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::International;
use WebGUI::Macro;
@ -222,7 +223,7 @@ sub www_viewProfile {
$vars->{displayTitle} = '<h1>'.WebGUI::International::get(347).' '.$u->username.'</h1>';
return WebGUI::Privilege::notMember() if($u->username eq "");
return $vars->{displayTitle}.WebGUI::International::get(862) if($u->profileField("publicProfile") < 1);
return WebGUI::Privilege::insufficient() if(!WebGUI::Privilege::isInGroup(2));
return WebGUI::Privilege::insufficient() if(!WebGUI::Grouping::isInGroup(2));
$a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
and userProfileCategory.visible=1 and userProfileField.visible=1 order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
while (%data = $a->hash) {

27
lib/WebGUI/Operation/ProfileSettings.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict;
use Tie::CPHash;
use Tie::IxHash;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -68,7 +69,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_deleteProfileCategory {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output);
return WebGUI::Privilege::vitalComponent() if ($session{form}{cid} < 1000);
$output = '<h1>'.WebGUI::International::get(42).'</h1>';
@ -82,7 +83,7 @@ sub www_deleteProfileCategory {
#-------------------------------------------------------------------
sub www_deleteProfileCategoryConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
return WebGUI::Privilege::vitalComponent() if ($session{form}{cid} < 1000);
WebGUI::SQL->write("delete from userProfileCategory where profileCategoryId=$session{form}{cid}");
WebGUI::SQL->write("update userProfileField set profileCategoryId=1 where profileCategoryId=$session{form}{cid}");
@ -91,7 +92,7 @@ sub www_deleteProfileCategoryConfirm {
#-------------------------------------------------------------------
sub www_deleteProfileField {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output,$protected);
($protected) = WebGUI::SQL->quickArray("select protected from userProfileField where fieldname=".quote($session{form}{fid}));
return WebGUI::Privilege::vitalComponent() if ($protected);
@ -106,7 +107,7 @@ sub www_deleteProfileField {
#-------------------------------------------------------------------
sub www_deleteProfileFieldConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($protected);
($protected) = WebGUI::SQL->quickArray("select protected from userProfileField where fieldname=".quote($session{form}{fid}));
return WebGUI::Privilege::vitalComponent() if ($protected);
@ -117,7 +118,7 @@ sub www_deleteProfileFieldConfirm {
#-------------------------------------------------------------------
sub www_editProfileCategory {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, %data);
tie %data, 'Tie::CPHash';
$output = '<h1>'.WebGUI::International::get(468,"WebGUI/Profile").'</h1>';
@ -148,7 +149,7 @@ sub www_editProfileCategory {
#-------------------------------------------------------------------
sub www_editProfileCategorySave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($sequenceNumber, $test);
$session{form}{categoryName} = 'Unamed' if ($session{form}{categoryName} eq "" || $session{form}{categoryName} eq "''");
$test = eval($session{form}{categoryName});
@ -167,7 +168,7 @@ sub www_editProfileCategorySave {
#-------------------------------------------------------------------
sub www_editProfileField {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, %data, %hash, $key);
tie %data, 'Tie::CPHash';
$output = '<h1>'.WebGUI::International::get(471,"WebGUI/Profile").'</h1>';
@ -222,7 +223,7 @@ sub www_editProfileField {
#-------------------------------------------------------------------
sub www_editProfileFieldSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($sequenceNumber, $fieldName, $test);
$session{form}{fieldLabel} = 'Unamed' if ($session{form}{fieldLabel} eq "" || $session{form}{fieldLabel} eq "''");
$test = eval($session{form}{fieldLabel});
@ -261,7 +262,7 @@ sub www_editProfileFieldSave {
#-------------------------------------------------------------------
sub www_editProfileSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $a, %category, %field, $b);
tie %category, 'Tie::CPHash';
tie %field, 'Tie::CPHash';
@ -296,7 +297,7 @@ sub www_editProfileSettings {
#-------------------------------------------------------------------
sub www_moveProfileCategoryDown {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($id, $thisSeq);
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from userProfileCategory where profileCategoryId=$session{form}{cid}");
($id) = WebGUI::SQL->quickArray("select profileCategoryId from userProfileCategory where sequenceNumber=$thisSeq+1");
@ -310,7 +311,7 @@ sub www_moveProfileCategoryDown {
#-------------------------------------------------------------------
sub www_moveProfileCategoryUp {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($id, $thisSeq);
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from userProfileCategory where profileCategoryId=$session{form}{cid}");
($id) = WebGUI::SQL->quickArray("select profileCategoryId from userProfileCategory where sequenceNumber=$thisSeq-1");
@ -324,7 +325,7 @@ sub www_moveProfileCategoryUp {
#-------------------------------------------------------------------
sub www_moveProfileFieldDown {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($id, $thisSeq, $profileCategoryId);
($thisSeq,$profileCategoryId) = WebGUI::SQL->quickArray("select sequenceNumber,profileCategoryId from userProfileField where fieldName=".quote($session{form}{fid}));
($id) = WebGUI::SQL->quickArray("select fieldName from userProfileField where profileCategoryId=$profileCategoryId and sequenceNumber=$thisSeq+1");
@ -338,7 +339,7 @@ sub www_moveProfileFieldDown {
#-------------------------------------------------------------------
sub www_moveProfileFieldUp {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($id, $thisSeq, $profileCategoryId);
($thisSeq,$profileCategoryId) = WebGUI::SQL->quickArray("select sequenceNumber,profileCategoryId from userProfileField where fieldName=".quote($session{form}{fid}));
($id) = WebGUI::SQL->quickArray("select fieldName from userProfileField where profileCategoryId=$profileCategoryId and sequenceNumber=$thisSeq-1");

10
lib/WebGUI/Operation/Replacements.pm
View file

@ -12,10 +12,12 @@ package WebGUI::Operation::Replacements;
use Exporter;
use strict;
use WebGUI::Grouping;
use WebGUI::Icon;
use WebGUI::HTMLForm;
use WebGUI::International;
use WebGUI::Operation::Shared;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
@ -35,14 +37,14 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_deleteReplacement {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::SQL->write("delete from replacements where replacementId=$session{form}{replacementId}");
return www_listReplacements();
}
#-------------------------------------------------------------------
sub www_editReplacement {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my $data = WebGUI::SQL->getRow("replacements","replacementId",$session{form}{replacementId});
my $f = WebGUI::HTMLForm->new;
$f->hidden(
@ -73,7 +75,7 @@ sub www_editReplacement {
#-------------------------------------------------------------------
sub www_editReplacementSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::SQL->setRow("replacements","replacementId",{
replacementId=>$session{form}{replacementId},
searchFor=>$session{form}{searchFor},
@ -84,7 +86,7 @@ sub www_editReplacementSave {
#-------------------------------------------------------------------
sub www_listReplacements {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my $output = "<h1>".WebGUI::International::get(1053)."</h1>";
$output .= '<table>';
my $sth = WebGUI::SQL->read("select replacementId,searchFor from replacements order by searchFor");

3
lib/WebGUI/Operation/Root.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Operation::Root;
use Exporter;
use strict;
use Tie::CPHash;
use WebGUI::Grouping;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Operation::Shared;
@ -35,7 +36,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_listRoots {
return WebGUI::Privilege::adminOnly() unless(WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless(WebGUI::Grouping::isInGroup(3));
my ($output, $p, $sth, %data, @row, $i);
$output = helpIcon(28);
$output .= '<h1>'.WebGUI::International::get(408).'</h1>';

15
lib/WebGUI/Operation/Settings.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Operation::Settings;
use Exporter;
use strict qw(vars subs);
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -37,7 +38,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_editCompanyInformation {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f);
$output .= helpIcon(6);
$output .= '<h1>'.WebGUI::International::get(124).'</h1>';
@ -53,7 +54,7 @@ sub www_editCompanyInformation {
#-------------------------------------------------------------------
sub www_editContentSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, %htmlFilter, $f, $pages);
$pages = WebGUI::SQL->buildHashRef("select pageId,menuTitle from page order by menuTitle");
%htmlFilter = ('none'=>WebGUI::International::get(420), 'most'=>WebGUI::International::get(421),
@ -89,7 +90,7 @@ sub www_editContentSettings {
#-------------------------------------------------------------------
sub www_editMessagingSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f);
$output .= helpIcon(13);
$output .= '<h1>'.WebGUI::International::get(133).'</h1>';
@ -106,7 +107,7 @@ sub www_editMessagingSettings {
#-------------------------------------------------------------------
sub www_editMiscSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f);
$output .= helpIcon(24);
$output .= '<h1>'.WebGUI::International::get(140).'</h1>';
@ -145,7 +146,7 @@ sub www_editMiscSettings {
#-------------------------------------------------------------------
sub www_editUserSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $cmd, $html);
$output .= helpIcon(2);
$output .= '<h1>'.WebGUI::International::get(117).'</h1>';
@ -189,7 +190,7 @@ sub www_editUserSettings {
#-------------------------------------------------------------------
sub www_manageSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output);
$output .= helpIcon(12);
$output .= '<h1>'.WebGUI::International::get(143).'</h1>';
@ -207,7 +208,7 @@ sub www_manageSettings {
#-------------------------------------------------------------------
sub www_saveSettings {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($key, $value);
foreach $key (keys %{$session{form}}) {
$value = $session{form}{$key};

5
lib/WebGUI/Operation/Shared.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Operation::Shared;
use Exporter;
use strict;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Session;
use WebGUI::SQL;
@ -23,7 +24,7 @@ our @EXPORT = qw(&menuWrapper);
#-------------------------------------------------------------------
sub accountOptions {
my @array;
if (WebGUI::Privilege::isInGroup(12)) {
if (WebGUI::Grouping::isInGroup(12)) {
my %hash;
if ($session{var}{adminOn}) {
$hash{'options.display'} .= '<a href="'.WebGUI::URL::page('op=switchOffAdmin').'">'.WebGUI::International::get(12).'</a>';
@ -55,7 +56,7 @@ our @EXPORT = qw(&menuWrapper);
my %logout;
$logout{'options.display'} = '<a href="'.WebGUI::URL::page('op=logout').'">'.WebGUI::International::get(64).'</a>';
push(@array,\%logout);
if ($session{setting}{selfDeactivation} && !WebGUI::Privilege::isInGroup(3)){
if ($session{setting}{selfDeactivation} && !WebGUI::Grouping::isInGroup(3)){
my %hash;
$hash{'options.display'} = '<a href="'.WebGUI::URL::page('op=deactivateAccount').'">'.WebGUI::International::get(65).'</a>';
push(@array,\%hash);

13
lib/WebGUI/Operation/Statistics.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict;
use WebGUI::Cache;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::Icon;
use WebGUI::International;
use WebGUI::Operation::Shared;
@ -40,14 +41,14 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_killSession {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::Session::end($session{form}{sid});
return www_viewActiveSessions();
}
#-------------------------------------------------------------------
sub www_viewActiveSessions {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $p, @row, $i, $sth, %data);
tie %data, 'Tie::CPHash';
$output = '<h1>'.WebGUI::International::get(425).'</h1>';
@ -81,7 +82,7 @@ sub www_viewActiveSessions {
#-------------------------------------------------------------------
sub www_viewLoginHistory {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $p, @row, $i, $sth, %data);
tie %data, 'Tie::CPHash';
$output = '<h1>'.WebGUI::International::get(426).'</h1>';
@ -112,7 +113,7 @@ sub www_viewLoginHistory {
#-------------------------------------------------------------------
sub www_viewPageReport {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $count, $user, $data, $sth, %page, $pageId);
tie %page, "Tie::IxHash";
$output = '<h1>Page Statistics</h1>';
@ -155,7 +156,7 @@ sub www_viewPageReport {
#-------------------------------------------------------------------
sub www_viewStatistics {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $data);
my $url = "http://www.plainblack.com/downloads/latest-version.txt";
my $cache = WebGUI::Cache->new($url,"URL");
@ -200,7 +201,7 @@ sub www_viewStatistics {
#-------------------------------------------------------------------
sub www_viewTrafficReport {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $data);
$output = '<h1>Pages</h1>';
($data) = WebGUI::SQL->quickArray("select count(*) from pageStatistics where dateStamp>=".(time()-2592000));

4
lib/WebGUI/Operation/Style.pm
View file

@ -12,7 +12,9 @@ package WebGUI::Operation::Style;
use Exporter;
use strict;
use WebGUI::Grouping;
use WebGUI::Paginator;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::URL;
@ -42,7 +44,7 @@ sub www_unsetPersonalStyle {
#-------------------------------------------------------------------
sub www_listRoots {
return WebGUI::Privilege::adminOnly() unless(WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless(WebGUI::Grouping::isInGroup(3));
my ($output, $p, $sth, %data, @row, $i);
$output = helpIcon(28);
$output .= '<h1>'.WebGUI::International::get(408).'</h1>';

13
lib/WebGUI/Operation/Template.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Operation::Template;
use Exporter;
use strict;
use Tie::CPHash;
use WebGUI::Grouping;
use WebGUI::HTML;
use WebGUI::HTMLForm;
use WebGUI::Icon;
@ -53,7 +54,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_copyTemplate {
my (%template);
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
%template = WebGUI::SQL->quickHash("select * from template where templateId=$session{form}{tid} and namespace=".quote($session{form}{namespace}));
WebGUI::SQL->write("insert into template (templateId,name,template,namespace)
values ("._getNextTemplateId($session{form}{namespace}).",
@ -70,7 +71,7 @@ sub www_deleteTemplate {
my ($output);
if ($session{form}{tid} < 1000 && $session{form}{tid} > 0) {
return WebGUI::Privilege::vitalComponent();
} elsif (WebGUI::Privilege::isInGroup(8)) {
} elsif (WebGUI::Grouping::isInGroup(8)) {
$output .= helpIcon(35);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(502).'<p>';
@ -91,7 +92,7 @@ sub www_deleteTemplateConfirm {
my ($a, $pageId);
if ($session{form}{tid} < 1000 && $session{form}{tid} > 1000) {
return WebGUI::Privilege::vitalComponent();
} elsif (WebGUI::Privilege::isInGroup(8)) {
} elsif (WebGUI::Grouping::isInGroup(8)) {
if ($session{form}{namespace} eq "Page") {
$a = WebGUI::SQL->read("select * from page where templateId=".$session{form}{tid});
while (($pageId) = $a->array) {
@ -112,7 +113,7 @@ sub www_deleteTemplateConfirm {
sub www_editTemplate {
my ($output, $namespaces, %template, $f);
tie %template, 'Tie::CPHash';
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
if ($session{form}{tid} eq "new" || $session{form}{tid} eq "") {
if ($session{form}{namespace} eq "Page") {
$template{template} = "<table>\n <tr>\n <td>\n\n<tmpl_var page.position1>\n\n".
@ -155,7 +156,7 @@ sub www_editTemplate {
#-------------------------------------------------------------------
sub www_editTemplateSave {
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
if ($session{form}{tid} eq "new") {
$session{form}{tid} = _getNextTemplateId($session{form}{namespace});
WebGUI::SQL->write("insert into template (templateId,namespace) values
@ -180,7 +181,7 @@ sub www_editTemplateSave {
#-------------------------------------------------------------------
sub www_listTemplates {
my ($output, $sth, @data, @row, $i, $p, $where);
if (WebGUI::Privilege::isInGroup(8)) {
if (WebGUI::Grouping::isInGroup(8)) {
$where = "and namespace=".quote($session{form}{namespace}) if ($session{form}{namespace});
$output = helpIcon(33);
$output .= '<h1>'.WebGUI::International::get(506).'</h1>';

29
lib/WebGUI/Operation/Theme.pm
View file

@ -16,6 +16,7 @@ use Tie::IxHash;
use Tie::CPHash;
use WebGUI::Attachment;
use WebGUI::Collateral;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -62,7 +63,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_addThemeComponent {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my (@q, $output, $defaultList, $component, $f);
my $types = _getComponentTypes();
push(@q,{query=>"select collateralType,collateralId,name from collateral where collateralType='file' order by name",type=>"file"});
@ -103,7 +104,7 @@ sub www_addThemeComponent {
#-------------------------------------------------------------------
sub www_addThemeComponentSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my @ids = WebGUI::FormProcessor::selectList("id");
foreach my $id (@ids) {
$id =~ /^(.*?)\_(.*)/;
@ -118,7 +119,7 @@ sub www_addThemeComponentSave {
#-------------------------------------------------------------------
sub www_deleteTheme {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
return WebGUI::Privilege::vitalComponent() if ($session{form}{themeId} < 1000 && $session{form}{themeId} > 0);
my $output = helpIcon(64);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
@ -133,7 +134,7 @@ sub www_deleteTheme {
#-------------------------------------------------------------------
sub www_deleteThemeConfirm {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
return WebGUI::Privilege::vitalComponent() if ($session{form}{themeId} < 1000 && $session{form}{themeId} > 0);
my $theme = WebGUI::SQL->quickHashRef("select * from theme where themeId=".$session{form}{themeId});
unless ($theme->{original}) {
@ -158,7 +159,7 @@ sub www_deleteThemeConfirm {
#-------------------------------------------------------------------
sub www_deleteThemeComponent {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
return WebGUI::Privilege::vitalComponent() if ($session{form}{themeId} < 1000 && $session{form}{themeId} > 0);
my $output = helpIcon(4);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
@ -173,7 +174,7 @@ sub www_deleteThemeComponent {
#-------------------------------------------------------------------
sub www_deleteThemeComponentConfirm {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
return WebGUI::Privilege::vitalComponent() if ($session{form}{themeId} < 1000 && $session{form}{themeId} > 0);
WebGUI::SQL->write("delete from themeComponent where themeComponentId=".$session{form}{themeComponentId});
return www_editTheme();
@ -181,7 +182,7 @@ sub www_deleteThemeComponentConfirm {
#-------------------------------------------------------------------
sub www_editTheme {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my ($output, $theme, $f);
unless($session{form}{themeId} eq "new") {
$theme = WebGUI::SQL->quickHashRef("select * from theme where themeId=$session{form}{themeId}");
@ -242,7 +243,7 @@ sub www_editTheme {
#-------------------------------------------------------------------
sub www_editThemeSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
if ($session{form}{themeId} eq "new") {
$session{form}{themeId} = getNextId("themeId");
WebGUI::SQL->write("insert into theme (themeId,webguiVersion,original,versionNumber)
@ -260,7 +261,7 @@ sub www_editThemeSave {
#-------------------------------------------------------------------
sub www_exportTheme {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my $tempId = "theme".$session{form}{themeId};
my $propertyFile = WebGUI::Attachment->new("_theme.properties","temp",$tempId);
WebGUI::SQL->write("update theme set versionNumber=versionNumber+1, webguiVersion=".quote($WebGUI::VERSION)
@ -307,7 +308,7 @@ sub www_exportTheme {
#-------------------------------------------------------------------
sub www_importTheme {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my $output = helpIcon(63);
$output .= '<h1>'.WebGUI::International::get(927).'</h1>';
my $f = WebGUI::HTMLForm->new;
@ -326,7 +327,7 @@ sub www_importTheme {
#-------------------------------------------------------------------
sub www_importThemeValidate {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my $output = helpIcon(63);
$output .= '<h1>'.WebGUI::International::get(927).'</h1>';
my $a = WebGUI::Attachment->new("","temp");
@ -381,7 +382,7 @@ sub www_importThemeValidate {
#-------------------------------------------------------------------
sub www_importThemeSave {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my $propertiesFile = WebGUI::Attachment->new("_theme.properties","temp",$session{form}{extractionPoint});
my $theme = $propertiesFile->getHashref;
my $themeId = getNextId("themeId");
@ -421,7 +422,7 @@ sub www_importThemeSave {
#-------------------------------------------------------------------
sub www_listThemes {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my (@data, @row, $i, $p);
my $output = helpIcon(61);
$output .= '<h1>'.WebGUI::International::get(899).'</h1>';
@ -449,7 +450,7 @@ sub www_listThemes {
#-------------------------------------------------------------------
sub www_viewTheme {
return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(9));
return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(9));
my ($output, $theme, $f);
$theme = WebGUI::SQL->quickHashRef("select * from theme where themeId=$session{form}{themeId}");
$output .= '<h1>'.WebGUI::International::get(930).'</h1>';

27
lib/WebGUI/Operation/Trash.pm
View file

@ -14,6 +14,7 @@ use Exporter;
use strict qw(vars subs);
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::Icon;
use WebGUI::Operation::Shared;
use WebGUI::Paginator;
@ -121,7 +122,7 @@ sub _submenu {
if ($session{form}{systemTrash} ne "1") {
$menu{WebGUI::URL::page('op=emptyTrash')} = WebGUI::International::get(11);
}
if ( ($session{setting}{sharedTrash} ne "1") && (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedTrash} ne "1") && (WebGUI::Grouping::isInGroup(3)) ) {
$menu{WebGUI::URL::page('op=manageTrash&systemTrash=1')} = WebGUI::International::get(964);
if ($session{form}{systemTrash} eq "1") {
$menu{WebGUI::URL::page('op=emptyTrash&systemTrash=1')} = WebGUI::International::get(967);
@ -133,9 +134,9 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_cutTrashItem {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
if ($session{form}{wid} ne "") {
if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Privilege::isInGroup(3)) ) ) {
if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Grouping::isInGroup(3)) ) ) {
my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject "
."where wobjectId=" .$session{form}{wid});
return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId});
@ -149,7 +150,7 @@ sub www_cutTrashItem {
} elsif ($session{form}{pageId} ne "") {
my $page = WebGUI::Page->getPage($session{form}{pageId});
if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Privilege::isInGroup(3)) ) ) {
if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Grouping::isInGroup(3)) ) ) {
my ($bufferUserId) = $page->get("bufferUserId");
return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId});
}
@ -165,7 +166,7 @@ sub www_cutTrashItem {
#-------------------------------------------------------------------
sub www_deleteTrashItem {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($output);
if ($session{form}{wid} ne "") {
$output .= helpIcon(14);
@ -188,9 +189,9 @@ sub www_deleteTrashItem {
#-------------------------------------------------------------------
sub www_deleteTrashItemConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
if ($session{form}{wid} ne "") {
if ( ($session{setting}{sharedTrash} eq "1") || (WebGUI::Privilege::isInGroup(3)) ) {
if ( ($session{setting}{sharedTrash} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
_purgeWobject($session{form}{wid});
} else {
my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject "
@ -202,7 +203,7 @@ sub www_deleteTrashItemConfirm {
} elsif ($session{form}{pageId} ne "") {
my $page = WebGUI::Page->getPage($session{form}{pageId});
unless ( ($session{setting}{sharedTrash} eq "1") || (WebGUI::Privilege::isInGroup(3)) ) {
unless ( ($session{setting}{sharedTrash} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
my ($bufferUserId) = $page->get("bufferUserId");
return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId});
}
@ -221,7 +222,7 @@ sub www_deleteTrashItemConfirm {
#-------------------------------------------------------------------
sub www_emptyTrash {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($output);
$output = helpIcon(46);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
@ -241,12 +242,12 @@ sub www_emptyTrash {
#-------------------------------------------------------------------
sub www_emptyTrashConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($allUsers, $page, $currentPage, $currentWobjectPage);
if ($session{setting}{sharedTrash} eq "1") {
$allUsers = 1;
} elsif ($session{form}{systemTrash} eq "1") {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
$allUsers = 1;
} else {
$allUsers = 0;
@ -271,7 +272,7 @@ sub www_emptyTrashConfirm {
#-------------------------------------------------------------------
sub www_manageTrash {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup(4));
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup(4));
my ($sth, @data, @row, @sorted_row, $i, $p, $allUsers);
my $output = helpIcon(66);
@ -281,7 +282,7 @@ sub www_manageTrash {
$allUsers = 1;
$output .= '<h1>'. WebGUI::International::get(962) .'</h1>';
} elsif ($session{form}{systemTrash} eq "1") {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
$allUsers = 1;
$output .= '<h1>'. WebGUI::International::get(965) .'</h1>';
} else {

40
lib/WebGUI/Operation/User.pm
View file

@ -38,7 +38,7 @@ our @EXPORT = qw(&www_editUserKarma &www_editUserKarmaSave &www_editUserGroup &w
sub _submenu {
my ($output, %menu);
tie %menu, 'Tie::IxHash';
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$menu{WebGUI::URL::page("op=addUser")} = WebGUI::International::get(169);
unless ($session{form}{op} eq "listUsers"
|| $session{form}{op} eq "addUser"
@ -63,7 +63,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_addUser {
my ($output, $f, $cmd, $html, %status);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3) || WebGUI::Privilege::isInGroup(11));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3) || WebGUI::Grouping::isInGroup(11));
$output .= helpIcon(5);
$output .= '<h1>'.WebGUI::International::get(163).'</h1>';
$output .= WebGUI::Form::_javascriptFile("swapLayers.js");
@ -79,7 +79,7 @@ sub www_addUser {
$f->text("username",WebGUI::International::get(50),$session{form}{username});
$f->email("email",WebGUI::International::get(56));
if(WebGUI::Privilege::isInGroup(3)){
if(WebGUI::Grouping::isInGroup(3)){
tie %status, 'Tie::IxHash';
%status = (
Active =>WebGUI::International::get(817),
@ -123,7 +123,7 @@ sub www_addUser {
#-------------------------------------------------------------------
sub www_addUserSave {
my (@groups, $uid, $u);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3) || WebGUI::Privilege::isInGroup(11));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3) || WebGUI::Grouping::isInGroup(11));
($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
return www_addUser if ($uid);
@ -139,13 +139,13 @@ sub www_addUserSave {
@groups = $session{cgi}->param('groups');
$u->addToGroups(\@groups);
$u->profileField("email",$session{form}{email});
return _submenu(WebGUI::International::get(978)) if(!WebGUI::Privilege::isInGroup(3));
return _submenu(WebGUI::International::get(978)) if(!WebGUI::Grouping::isInGroup(3));
return www_editUser();
}
#-------------------------------------------------------------------
sub www_addUserToGroupSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my (@groups, $u);
@groups = $session{cgi}->param('groups');
$u = WebGUI::User->new($session{form}{uid});
@ -155,7 +155,7 @@ sub www_addUserToGroupSave {
#-------------------------------------------------------------------
sub www_becomeUser {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::Session::end($session{var}{sessionId});
WebGUI::Session::start($session{form}{uid});
return "";
@ -163,7 +163,7 @@ sub www_becomeUser {
#-------------------------------------------------------------------
sub www_deleteGrouping {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
if (($session{user}{userId} == $session{form}{uid} || $session{form}{uid} == 3) && $session{form}{gid} == 3) {
return WebGUI::Privilege::vitalComponent();
}
@ -178,7 +178,7 @@ sub www_deleteGrouping {
#-------------------------------------------------------------------
sub www_deleteUser {
my ($output);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
if ($session{form}{uid} < 26) {
return WebGUI::Privilege::vitalComponent();
} else {
@ -195,7 +195,7 @@ sub www_deleteUser {
#-------------------------------------------------------------------
sub www_deleteUserConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($u);
if ($session{form}{uid} < 26) {
return WebGUI::Privilege::vitalComponent();
@ -208,7 +208,7 @@ sub www_deleteUserConfirm {
#-------------------------------------------------------------------
sub www_editGrouping {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my $output .= '<h1>'.WebGUI::International::get(370).'</h1>';
my $f = WebGUI::HTMLForm->new;
$f->hidden("op","editGroupingSave");
@ -231,7 +231,7 @@ sub www_editGrouping {
#-------------------------------------------------------------------
sub www_editGroupingSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::Grouping::userGroupExpireDate($session{form}{uid},$session{form}{gid},setToEpoch($session{form}{expireDate}));
WebGUI::Grouping::userGroupAdmin($session{form}{uid},$session{form}{gid},$session{form}{groupAdmin});
return www_editUserGroup();
@ -239,7 +239,7 @@ sub www_editGroupingSave {
#-------------------------------------------------------------------
sub www_editUser {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $u, $cmd, $html, %status);
$u = WebGUI::User->new($session{form}{uid});
$output .= WebGUI::Form::_javascriptFile("swapLayers.js");
@ -293,7 +293,7 @@ sub www_editUser {
#-------------------------------------------------------------------
sub www_editUserSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($error, $uid, $u);
($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
@ -314,7 +314,7 @@ sub www_editUserSave {
#-------------------------------------------------------------------
sub www_editUserGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $groups, $sth, %hash);
tie %hash, 'Tie::CPHash';
$output .= '<h1>'.WebGUI::International::get(372).'</h1>';
@ -355,7 +355,7 @@ sub www_editUserGroup {
#-------------------------------------------------------------------
sub www_editUserKarma {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $a, %user, %data, $method, $values, $category, $label, $default, $previousCategory);
$output = helpIcon(36);
$output .= '<h1>'.WebGUI::International::get(558).'</h1>';
@ -371,7 +371,7 @@ sub www_editUserKarma {
#-------------------------------------------------------------------
sub www_editUserKarmaSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($u);
$u = WebGUI::User->new($session{form}{uid});
$u->karma($session{form}{amount},$session{user}{username}." (".$session{user}{userId}.")",$session{form}{description});
@ -380,7 +380,7 @@ sub www_editUserKarmaSave {
#-------------------------------------------------------------------
sub www_editUserProfile {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output, $f, $a, %user, %data, $method, $values, $category, $label, $default, $previousCategory);
tie %data, 'Tie::CPHash';
$output = helpIcon(32);
@ -448,7 +448,7 @@ sub www_editUserProfile {
#-------------------------------------------------------------------
sub www_editUserProfileSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($a, %field, $u);
tie %field, 'Tie::CPHash';
$u = WebGUI::User->new($session{form}{uid});
@ -465,7 +465,7 @@ sub www_editUserProfileSave {
#-------------------------------------------------------------------
sub www_listUsers {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
WebGUI::Session::setScratch("userSearchKeyword",$session{form}{keyword});
WebGUI::Session::setScratch("userSearchStatus",$session{form}{status});
my ($output, $data, $f, $rows, $p, $search, %status, $selectedStatus);

79
lib/WebGUI/Page.pm
View file

@ -19,6 +19,7 @@ use HTML::Template;
use strict;
use Tie::IxHash;
use WebGUI::ErrorHandler;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::Persistent::Tree;
@ -47,6 +48,8 @@ The methods that do affect this hiearchy should be called in a object oriented c
Non OO functions
use WebGUI::Page;
$boolean = WebGUI::Page::canEdit();
$boolean = WebGUI::Page::canView();
$integer = WebGUI::Page::countTemplatePositions($templateId);
$html = WebGUI::Page::drawTemplate($templateId);
$html = WebGUI::Page::generate();
@ -162,6 +165,74 @@ sub add {
return $page;
}
#-------------------------------------------------------------------
=head2 canEdit ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canEdit {
my $pageId = shift || $session{page}{pageId};
my (%page);
tie %page, 'Tie::CPHash';
if ($pageId ne $session{page}{pageId}) {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$pageId");
} else {
%page = %{$session{page}};
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} else {
return WebGUI::Grouping::isInGroup($page{groupIdEdit});
}
}
#-------------------------------------------------------------------
=head2 canView ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns users that have the rights to edit this page.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canView {
my $pageId = shift || $session{page}{pageId};
my %page;
tie %page, 'Tie::CPHash';
if ($pageId eq $session{page}{pageId}) {
%page = %{$session{page}};
} else {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$pageId");
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif ($page{startDate} < WebGUI::DateTime::time() && $page{endDate} > WebGUI::DateTime::time() && WebGUI::Grouping::isInGroup($page{groupIdView})) {
return 1;
} else {
return canEditPage($pageId);
}
}
#-------------------------------------------------------------------
=head2 countTemplatePositions ( templateId )
@ -314,9 +385,9 @@ Generates the content of the page.
=cut
sub generate {
return WebGUI::Privilege::noAccess() unless (WebGUI::Privilege::canViewPage());
return WebGUI::Privilege::noAccess() unless (canView());
my %var;
$var{'page.canEdit'} = WebGUI::Privilege::canEditPage();
$var{'page.canEdit'} = canEdit();
$var{'page.controls'} = pageIcon()
.deleteIcon('op=deletePage')
.editIcon('op=editPage')
@ -369,8 +440,8 @@ sub generate {
my $w = eval{$cmd->new($wobject)};
WebGUI::ErrorHandler::fatalError("Couldn't instanciate wobject: ${$wobject}{namespace}. Root cause: ".$@) if($@);
push(@{$var{'position'.$wobject->{templatePosition}.'_loop'}},{
'wobject.canView'=>WebGUI::Privilege::canViewWobject($wobject->{wobjectId}),
'wobject.canEdit'=>WebGUI::Privilege::canEditWobject($wobject->{wobjectId}),
'wobject.canView'=>$w->canView,
'wobject.canEdit'=>$w->canEdit,
'wobject.controls'=>$wobjectToolbar,
'wobject.controls.drag'=>dragIcon(),
'wobject.namespace'=>$wobject->{namespace},

304
lib/WebGUI/Privilege.pm
View file

@ -15,16 +15,8 @@ package WebGUI::Privilege;
=cut
use strict;
use Tie::CPHash;
use WebGUI::DatabaseLink;
use WebGUI::DateTime;
use WebGUI::Group;
use WebGUI::Grouping;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::URL;
=head1 NAME
@ -38,10 +30,7 @@ This package provides access to the WebGUI security system and security messages
use WebGUI::Privilege;
$html = WebGUI::Privilege::adminOnly();
$boolean = WebGUI::Privilege::canEditPage();
$boolean = WebGUI::Privilege::canViewPage();
$html = WebGUI::Privilege::insufficient();
$boolean = WebGUI::Privilege::isInGroup($groupId);
$html = WebGUI::Privilege::noAccess();
$html = WebGUI::Privilege::notMember();
$html = WebGUI::Privilege::vitalComponent();
@ -76,142 +65,6 @@ sub adminOnly {
return $output;
}
#-------------------------------------------------------------------
=head2 canEditPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canEditPage {
my (%page);
tie %page, 'Tie::CPHash';
if ($_[0] ne "") {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$_[0]");
} else {
%page = %{$session{page}};
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdEdit})) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 canEditWobject ( wobjectId )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=over
=item wobjectId
The unique identifier for the wobject that you wish to check the privileges on.
=back
=cut
sub canEditWobject {
my (%wobject);
tie %wobject, 'Tie::CPHash';
return canEditPage() if ($session{page}{wobjectPrivileges} != 1 || $_[0] eq "new");
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from wobject where wobjectId=".quote($_[0]));
if ($session{user}{userId} == $wobject{ownerId}) {
return 1;
} elsif (isInGroup($wobject{groupIdEdit})) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 canViewPage ( [ pageId ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this page.
=over
=item pageId
The unique identifier for the page that you wish to check the privileges on. Defaults to the current page id.
=back
=cut
sub canViewPage {
my (%page, $inDateRange);
tie %page, 'Tie::CPHash';
if ($_[0] eq "") {
%page = %{$session{page}};
} else {
%page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$_[0]");
}
if ($page{startDate} < time() && $page{endDate} > time()) {
$inDateRange = 1;
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
} elsif (isInGroup($page{groupIdView}) && $inDateRange) {
return 1;
} elsif (canEditPage($_[0])) {
return 1;
} else {
return 0;
}
}
#-------------------------------------------------------------------
=head2 canViewWobject ( wobjectId )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins and users that have the rights to edit this wobject.
=over
=item wobjectId
The unique identifier for the wobject that you wish to check the privileges on.
=back
=cut
sub canViewWobject {
my (%wobject);
tie %wobject, 'Tie::CPHash';
return canViewPage() unless ($session{page}{wobjectPrivileges} == 1);
%wobject = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from wobject where wobjectId=".quote($_[0]));
if ($wobject{startDate} < time() && $wobject{endDate} > time()) {
if ($session{user}{userId} == $wobject{ownerId}) {
return 1;
} elsif (isInGroup($wobject{groupIdView})) {
return 1;
} elsif (canEditWobject($_[0])) {
return 1;
} else {
return 0;
}
}else{
return 0;
}
}
#-------------------------------------------------------------------
@ -238,163 +91,6 @@ sub insufficient {
return $output;
}
#-------------------------------------------------------------------
=head2 isInGroup ( [ groupId [ , userId ] ] )
Returns a boolean (0|1) value signifying that the user has the required privileges. Always returns true for Admins.
=over
=item groupId
The group that you wish to verify against the user. Defaults to group with Id 3 (the Admin group).
=item userId
The user that you wish to verify against the group. Defaults to the currently logged in user.
=back
=cut
sub isInGroup {
my ($gid, $uid, @data, %group, $groupId);
($gid, $uid) = @_;
$uid = $session{user}{userId} if ($uid eq "");
unless (defined $gid) {
$gid = 3;
}
### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal.
if ($gid == 7) {
return 1;
}
if ($gid == 1) {
if ($uid == 1) {
return 1;
} else {
return 0;
}
}
if ($gid==2 && $uid != 1) {
return 1;
}
### Use session to cache multiple lookups of the same group.
if ($session{isInGroup}{$gid}{$uid} == 1) {
return 1;
} elsif ($session{isInGroup}{$gid}{$uid} eq "0") {
return 0;
}
### Lookup the actual groupings.
my $groups = WebGUI::Grouping::getGroupsForUser($uid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = 1;
}
if ($session{isInGroup}{$gid}{$uid} == 1) {
return 1;
}
### Get data for auxillary checks.
tie %group, 'Tie::CPHash';
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId='$gid'");
### Check IP Address
if ($group{ipFilter} ne "") {
$group{ipFilter} =~ s/\t//g;
$group{ipFilter} =~ s/\r//g;
$group{ipFilter} =~ s/\n//g;
$group{ipFilter} =~ s/\s//g;
$group{ipFilter} =~ s/\./\\\./g;
my @ips = split(";",$group{ipFilter});
foreach my $ip (@ips) {
if ($session{env}{REMOTE_ADDR} =~ /^$ip/) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check Scratch Variables
if ($group{scratchFilter} ne "") {
$group{scratchFilter} =~ s/\t//g;
$group{scratchFilter} =~ s/\r//g;
$group{scratchFilter} =~ s/\n//g;
$group{scratchFilter} =~ s/\s//g;
my @vars = split(";",$group{scratchFilter});
foreach my $var (@vars) {
my ($name, $value) = split(/\=/,$var);
if ($session{scratch}{$name} eq $value) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
}
### Check karma levels.
if ($session{setting}{useKarma}) {
my $karma;
if ($uid == $session{user}{userId}) {
$karma = $session{user}{karma};
} else {
($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
}
if ($karma >= $group{karmaThreshold}) {
$session{isInGroup}{$gid}{$uid} = 1;
return 1;
}
}
### Check external database
if ($group{dbQuery} ne "" && $group{databaseLinkId}) {
# skip if not logged in and query contains a User macro
unless ($group{dbQuery} =~ /\^User/i && $uid == 1) {
my $dbLink = WebGUI::DatabaseLink->new($group{databaseLinkId});
my $dbh = $dbLink->dbh;
if (defined $dbh) {
if ($group{dbQuery} =~ /select 1/i) {
$group{dbQuery} = WebGUI::Macro::process($group{dbQuery});
my $sth = WebGUI::SQL->unconditionalRead($group{dbQuery},$dbh);
unless ($sth->errorCode < 1) {
WebGUI::ErrorHandler::warn("There was a problem with the database query for group ID $gid.");
} else {
my ($result) = $sth->array;
if ($result == 1) {
$session{isInGroup}{$gid}{$uid} = 1;
if ($group{dbCacheTimeout} > 0) {
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]);
WebGUI::Grouping::addUsersToGroups([$uid],[$gid],$group{dbCacheTimeout});
}
} else {
$session{isInGroup}{$gid}{$uid} = 0;
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]) if ($group{dbCacheTimeout} > 0);
}
}
$sth->finish;
} else {
WebGUI::ErrorHandler::warn("Database query for group ID $gid must use 'select 1'");
}
$dbLink->disconnect;
return 1 if ($session{isInGroup}{$gid}{$uid});
}
}
}
### Check for groups of groups.
$groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
foreach (@{$groups}) {
$session{isInGroup}{$_}{$uid} = isInGroup($_, $uid);
if ($session{isInGroup}{$_}{$uid}) {
$session{isInGroup}{$gid}{$uid} = 1; # cache current group also so we don't have to do the group in group check again
return 1;
}
}
$session{isInGroup}{$gid}{$uid} = 0;
return 0;
}
#-------------------------------------------------------------------

232
lib/WebGUI/Wobject.pm
View file

@ -20,6 +20,7 @@ use strict qw(subs vars);
use Tie::IxHash;
use WebGUI::DateTime;
use WebGUI::FormProcessor;
use WebGUI::Grouping;
use WebGUI::HTML;
use WebGUI::HTMLForm;
use WebGUI::Icon;
@ -27,6 +28,7 @@ use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Node;
use WebGUI::Page;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::SQL;
use WebGUI::TabForm;
@ -74,6 +76,45 @@ sub _getNextSequenceNumber {
return ($sequenceNumber+1);
}
#-------------------------------------------------------------------
=head2 canEdit ( )
Returns a boolean (0|1) value signifying that the user has the required privileges.
=cut
sub canEdit {
my $self = shift;
return WebGUI::Page::canEdit() if ($session{page}{wobjectPrivileges} != 1 || $self->get("wobjectId") eq "new");
if ($session{user}{userId} == $self->get("ownerId")) {
return 1;
} else {
return WebGUI::Grouping::isInGroup($self->get("groupIdEdit"));
}
}
#-------------------------------------------------------------------
=head2 canView ( )
Returns a boolean (0|1) value signifying that the user has the required privileges. Returns true for users that have the rights to edit this wobject.
=cut
sub canView {
my $self = shift;
return WebGUI::Page::canView() unless ($session{page}{wobjectPrivileges} == 1);
if ($session{user}{userId} == $self->get("ownerId")) {
return 1;
} elsif ($self->get("startDate") < WebGUI::DateTime::time() && $self->get("endDate") > WebGUI::DateTime::time() && WebGUI::Grouping::isInGroup($self->get("groupIdView"))) {
return 1;
} else {
return $self->canEdit;
}
}
#-------------------------------------------------------------------
=head2 confirm ( message, yesURL, [ , noURL, vitalComparison ] )
@ -1024,8 +1065,9 @@ NOTE: Should never need to be overridden or extended.
=cut
sub www_copy {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->duplicate;
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
$self->duplicate;
return "";
}
@ -1040,16 +1082,17 @@ NOTE: Should never need to be overridden or extended.
=cut
sub www_createShortcut {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
my $w = WebGUI::Wobject::WobjectProxy->new({wobjectId=>"new",namespace=>"WobjectProxy"});
$w->set({
pageId=>2,
templatePosition=>1,
title=>$_[0]->getValue("title"),
proxiedNamespace=>$_[0]->get("namespace"),
proxiedWobjectId=>$_[0]->get("wobjectId"),
title=>$self->getValue("title"),
proxiedNamespace=>$self->get("namespace"),
proxiedWobjectId=>$self->get("wobjectId"),
bufferUserId=>$session{user}{userId},
bufferDate=>time(),
bufferDate=>WebGUI::DateTime::time(),
bufferPrevId=>$session{page}{pageId}
});
return "";
@ -1064,12 +1107,13 @@ Moves this instance to the clipboard.
=cut
sub www_cut {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->set({
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
$self->set({
pageId=>2,
templatePosition=>1,
bufferUserId=>$session{user}{userId},
bufferDate=>time(),
bufferDate=>WebGUI::DateTime::time(),
bufferPrevId=>$session{page}{pageId}
});
_reorderWobjects($session{page}{pageId});
@ -1085,14 +1129,15 @@ Prompts a user to confirm whether they wish to delete this instance.
=cut
sub www_delete {
my $self = shift;
my ($output);
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
if ($self->canEdit) {
$output = helpIcon(14);
$output .= '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(43);
$output .= '<p>';
$output .= '<div align="center"><a href="'.WebGUI::URL::page('func=deleteConfirm&wid='.
$_[0]->get("wobjectId")).'">';
$self->get("wobjectId")).'">';
$output .= WebGUI::International::get(44);
$output .= '</a>';
$output .= '&nbsp;&nbsp;&nbsp;&nbsp;<a href="'.WebGUI::URL::page().'">';
@ -1113,13 +1158,14 @@ Moves this instance to the trash.
=cut
sub www_deleteConfirm {
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
$_[0]->set({pageId=>3, templatePosition=>1,
my $self = shift;
if ($self->canEdit) {
$self->set({pageId=>3, templatePosition=>1,
bufferUserId=>$session{user}{userId},
bufferDate=>time(),
bufferDate=>WebGUI::DateTime::time(),
bufferPrevId=>$session{page}{pageId}});
WebGUI::ErrorHandler::audit("moved Wobject ".$_[0]->{_property}{wobjectId}." to the trash.");
_reorderWobjects($_[0]->get("pageId"));
WebGUI::ErrorHandler::audit("moved Wobject ".$self->{_property}{wobjectId}." to the trash.");
_reorderWobjects($self->get("pageId"));
return "";
} else {
return WebGUI::Privilege::insufficient();
@ -1135,10 +1181,11 @@ Displays a confirmation message relating to the deletion of a file.
=cut
sub www_deleteFile {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return $_[0]->confirm(WebGUI::International::get(728),
WebGUI::URL::page('func=deleteFileConfirm&wid='.$_[0]->get("wobjectId").'&file='.$session{form}{file}),
WebGUI::URL::page('func=edit&wid='.$_[0]->get("wobjectId"))
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
return $self->confirm(WebGUI::International::get(728),
WebGUI::URL::page('func=deleteFileConfirm&wid='.$self->get("wobjectId").'&file='.$session{form}{file}),
WebGUI::URL::page('func=edit&wid='.$self->get("wobjectId"))
);
}
@ -1151,9 +1198,10 @@ Deletes a file from this instance.
=cut
sub www_deleteFileConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
$_[0]->set({$session{form}{file}=>''});
return $_[0]->www_edit();
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
$self->set({$session{form}{file}=>''});
return $self->www_edit();
}
#-------------------------------------------------------------------
@ -1185,21 +1233,22 @@ An id this namespace of the WebGUI international system. This message will be re
=cut
sub www_edit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my $self = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
$session{page}{useAdminStyle} = 1;
my ($self, @p) = @_;
my ($properties, $layout, $privileges, $heading, $helpId, $headingId) =
rearrange([qw(properties layout privileges heading helpId headingId)], @p);
my ($f, $startDate, $displayTitle, $templatePosition, $endDate);
if ($_[0]->get("wobjectId") eq "new") {
if ($self->get("wobjectId") eq "new") {
$displayTitle = 1;
} else {
$displayTitle = $_[0]->get("displayTitle");
$displayTitle = $self->get("displayTitle");
}
my $title = $_[0]->get("title") || $_[0]->name;
$templatePosition = $_[0]->get("templatePosition") || 1;
$startDate = $_[0]->get("startDate") || $session{page}{startDate};
$endDate = $_[0]->get("endDate") || $session{page}{endDate};
my $title = $self->get("title") || $self->name;
$templatePosition = $self->get("templatePosition") || 1;
$startDate = $self->get("startDate") || $session{page}{startDate};
$endDate = $self->get("endDate") || $session{page}{endDate};
my %tabs;
tie %tabs, 'Tie::IxHash';
%tabs = (
@ -1215,18 +1264,18 @@ sub www_edit {
uiLevel=>6
}
);
if ($_[0]->{_useDiscussion}) {
if ($self->{_useDiscussion}) {
$tabs{discussion} = {
label=>WebGUI::International::get(892),
uiLevel=>5
};
}
$f = WebGUI::TabForm->new(\%tabs);
$f->hidden({name=>"wid",value=>$_[0]->get("wobjectId")});
$f->hidden({name=>"namespace",value=>$_[0]->get("namespace")}) if ($_[0]->get("wobjectId") eq "new");
$f->hidden({name=>"wid",value=>$self->get("wobjectId")});
$f->hidden({name=>"namespace",value=>$self->get("namespace")}) if ($self->get("wobjectId") eq "new");
$f->hidden({name=>"func",value=>"editSave"});
$f->getTab("properties")->readOnly(
-value=>$_[0]->get("wobjectId"),
-value=>$self->get("wobjectId"),
-label=>WebGUI::International::get(499),
-uiLevel=>3
);
@ -1237,11 +1286,11 @@ sub www_edit {
-value=>$displayTitle,
-uiLevel=>5
);
if ($_[0]->{_useTemplate}) {
if ($self->{_useTemplate}) {
$f->getTab("layout")->template(
-value=>$_[0]->getValue("templateId"),
-namespace=>$_[0]->get("namespace"),
-afterEdit=>'func=edit&amp;wid='.$_[0]->get("wobjectId")."&amp;namespace=".$_[0]->get("namespace")
-value=>$self->getValue("templateId"),
-namespace=>$self->get("namespace"),
-afterEdit=>'func=edit&amp;wid='.$self->get("wobjectId")."&amp;namespace=".$self->get("namespace")
);
}
$f->getTab("layout")->selectList(
@ -1265,30 +1314,30 @@ sub www_edit {
-uiLevel=>6
);
my $subtext;
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$subtext = ' &nbsp; <a href="'.WebGUI::URL::page('op=listUsers').'">'.WebGUI::International::get(7).'</a>';
} else {
$subtext = "";
}
if ($session{page}{wobjectPrivileges}) {
my $clause;
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
my $contentManagers = WebGUI::Grouping::getUsersInGroup(4,1);
push (@$contentManagers, $session{user}{userId});
$clause = "userId in (".join(",",@$contentManagers).")";
} else {
$clause = "userId=".$_[0]->getValue("ownerId");
$clause = "userId=".$self->getValue("ownerId");
}
my $users = WebGUI::SQL->buildHashRef("select userId,username from users where $clause order by username");
$f->getTab("privileges")->selectList(
-name=>"ownerId",
-options=>$users,
-label=>WebGUI::International::get(108),
-value=>[$_[0]->getValue("ownerId")],
-value=>[$self->getValue("ownerId")],
-subtext=>$subtext,
-uiLevel=>6
);
if (WebGUI::Privilege::isInGroup(3)) {
if (WebGUI::Grouping::isInGroup(3)) {
$subtext = ' &nbsp; <a href="'.WebGUI::URL::page('op=listGroups').'">'.WebGUI::International::get(5).'</a>';
} else {
$subtext = "";
@ -1296,43 +1345,43 @@ sub www_edit {
$f->getTab("privileges")->group(
-name=>"groupIdView",
-label=>WebGUI::International::get(872),
-value=>[$_[0]->getValue("groupIdView")],
-value=>[$self->getValue("groupIdView")],
-subtext=>$subtext,
-uiLevel=>6
);
$f->getTab("privileges")->group(
-name=>"groupIdEdit",
-label=>WebGUI::International::get(871),
-value=>[$_[0]->getValue("groupIdEdit")],
-value=>[$self->getValue("groupIdEdit")],
-subtext=>$subtext,
-excludeGroups=>[1,7],
-uiLevel=>6
);
} else {
$f->hidden({name=>"ownerId",value=>$_[0]->getValue("ownerId")});
$f->hidden({name=>"groupIdView",value=>$_[0]->getValue("groupIdView")});
$f->hidden({name=>"groupIdEdit",value=>$_[0]->getValue("groupIdEdit")});
$f->hidden({name=>"ownerId",value=>$self->getValue("ownerId")});
$f->hidden({name=>"groupIdView",value=>$self->getValue("groupIdView")});
$f->hidden({name=>"groupIdEdit",value=>$self->getValue("groupIdEdit")});
}
$f->getTab("properties")->HTMLArea(
-name=>"description",
-label=>WebGUI::International::get(85),
-value=>$_[0]->get("description")
-value=>$self->get("description")
);
$f->getTab("properties")->raw($properties);
$f->getTab("layout")->raw($layout);
$f->getTab("privileges")->raw($privileges);
if ($_[0]->{_useDiscussion}) {
if ($self->{_useDiscussion}) {
$f->getTab("discussion")->yesNo(
-name=>"allowDiscussion",
-label=>WebGUI::International::get(894),
-value=>$_[0]->get("allowDiscussion"),
-value=>$self->get("allowDiscussion"),
-uiLevel=>5
);
$f->getTab("discussion")->raw(WebGUI::Forum::UI::forumProperties($_[0]->get("forumId")));
$f->getTab("discussion")->raw(WebGUI::Forum::UI::forumProperties($self->get("forumId")));
}
my $output;
$output = helpIcon($helpId,$_[0]->get("namespace")) if ($helpId);
$heading = WebGUI::International::get($headingId,$_[0]->get("namespace")) if ($headingId);
$output = helpIcon($helpId,$self->get("namespace")) if ($helpId);
$heading = WebGUI::International::get($headingId,$self->get("namespace")) if ($headingId);
$output .= '<h1>'.$heading.'</h1>' if ($heading);
return $output.$f->print;
}
@ -1356,28 +1405,30 @@ A hash reference of extra properties to set.
=cut
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my $self = shift;
my $extras = shift;
return WebGUI::Privilege::insufficient() unless ($self->canEdit);
my %set;
foreach my $key (keys %{$_[0]->{_wobjectProperties}}) {
foreach my $key (keys %{$self->{_wobjectProperties}}) {
my $temp = WebGUI::FormProcessor::process(
$key,
$_[0]->{_wobjectProperties}{$key}{fieldType},
$_[0]->{_wobjectProperties}{$key}{defaultValue}
$self->{_wobjectProperties}{$key}{fieldType},
$self->{_wobjectProperties}{$key}{defaultValue}
);
$set{$key} = $temp if (defined $temp);
}
$set{title} = $session{form}{title} || $_[0]->name;
foreach my $key (keys %{$_[0]->{_extendedProperties}}) {
$set{title} = $session{form}{title} || $self->name;
foreach my $key (keys %{$self->{_extendedProperties}}) {
my $temp = WebGUI::FormProcessor::process(
$key,
$_[0]->{_extendedProperties}{$key}{fieldType},
$_[0]->{_extendedProperties}{$key}{defaultValue}
$self->{_extendedProperties}{$key}{fieldType},
$self->{_extendedProperties}{$key}{defaultValue}
);
$set{$key} = $temp if (defined $temp);
}
%set = (%set, %{$_[1]});
$set{forumId} = WebGUI::Forum::UI::forumPropertiesSave() if ($_[0]->{_useDiscussion});
$_[0]->set(\%set);
%set = (%set, %{$extras});
$set{forumId} = WebGUI::Forum::UI::forumPropertiesSave() if ($self->{_useDiscussion});
$self->set(\%set);
return "";
}
@ -1390,9 +1441,10 @@ Moves this instance to the bottom of the page.
=cut
sub www_moveBottom {
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
$_[0]->set({sequenceNumber=>99999});
_reorderWobjects($_[0]->get("pageId"));
my $self = shift;
if ($self->canEdit) {
$self->set({sequenceNumber=>99999});
_reorderWobjects($self->get("pageId"));
return "";
} else {
return WebGUI::Privilege::insufficient();
@ -1409,14 +1461,15 @@ Moves this instance down one spot on the page.
sub www_moveDown {
my ($wid, $thisSeq);
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$_[0]->get("wobjectId"));
($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$_[0]->get("pageId")
my $self = shift;
if ($self->canEdit) {
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$self->get("wobjectId"));
($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$self->get("pageId")
." and sequenceNumber=".($thisSeq+1));
if ($wid ne "") {
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber+1 where wobjectId=".$_[0]->get("wobjectId"));
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber+1 where wobjectId=".$self->get("wobjectId"));
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber-1 where wobjectId=$wid");
_reorderWobjects($_[0]->get("pageId"));
_reorderWobjects($self->get("pageId"));
}
return "";
} else {
@ -1433,9 +1486,10 @@ Moves this instance to the top of the page.
=cut
sub www_moveTop {
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
$_[0]->set({sequenceNumber=>0});
_reorderWobjects($_[0]->get("pageId"));
my $self = shift;
if ($self->canEdit) {
$self->set({sequenceNumber=>0});
_reorderWobjects($self->get("pageId"));
return "";
} else {
return WebGUI::Privilege::insufficient();
@ -1451,15 +1505,16 @@ Moves this instance up one spot on the page.
=cut
sub www_moveUp {
my $self = shift;
my ($wid, $thisSeq);
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$_[0]->get("wobjectId"));
($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$_[0]->get("pageId")
if ($self->canEdit) {
($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$self->get("wobjectId"));
($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$self->get("pageId")
." and sequenceNumber=".($thisSeq-1));
if ($wid ne "") {
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber-1 where wobjectId=".$_[0]->get("wobjectId"));
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber-1 where wobjectId=".$self->get("wobjectId"));
WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber+1 where wobjectId=$wid");
_reorderWobjects($_[0]->get("pageId"));
_reorderWobjects($self->get("pageId"));
}
return "";
} else {
@ -1476,8 +1531,9 @@ Moves this instance from the clipboard to the current page.
=cut
sub www_paste {
my $self = shift;
my ($output, $nextSeq);
if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
if ($self->canEdit) {
($nextSeq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from wobject where pageId=$session{page}{pageId}");
$nextSeq += 1;
WebGUI::SQL->write("UPDATE wobject SET "
@ -1485,7 +1541,7 @@ sub www_paste {
."templatePosition=1, "
."sequenceNumber=". $nextSeq .", "
."bufferUserId=NULL, bufferDate=NULL, bufferPrevId=NULL "
."WHERE wobjectId=".$_[0]->get("wobjectId"));
."WHERE wobjectId=".$self->get("wobjectId"));
return "";
} else {
return WebGUI::Privilege::insufficient();
@ -1501,10 +1557,10 @@ The default display mechanism for any wobject. This web method MUST be overridde
=cut
sub www_view {
my ($output);
$output = $_[0]->displayTitle;
$output .= $_[0]->description;
return $output;
my $self = shift;
return WebGUI::Privilege::insufficient unless ($self->canView);
return $self->displayTitle.$self->description;
}
1;

36
lib/WebGUI/Wobject/DataForm.pm
View file

@ -240,7 +240,7 @@ sub getRecordTemplateVars {
my $self = shift;
my $var = shift;
$var->{error_loop} = [] unless (exists $var->{error_loop});
$var->{canEdit} = (WebGUI::Privilege::canEditWobject($self->get("wobjectId")));
$var->{canEdit} = ($self->canEdit);
$var->{"entryList.url"} = WebGUI::URL::page('func=view&entryId=list&wid='.$self->get("wobjectId"));
$var->{"entryList.label"} = WebGUI::International::get(86,$self->get("namespace"));
$var->{"export.tab.url"} = WebGUI::URL::page('func=exportTab&wid='.$self->get("wobjectId"));
@ -450,7 +450,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteEntry {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my $entryId = $session{form}{entryId};
WebGUI::SQL->write("delete from DataForm_entry where DataForm_entryId=".quote($entryId));
$session{form}{entryId} = 'list';
@ -459,14 +459,14 @@ sub www_deleteEntry {
#-------------------------------------------------------------------
sub www_deleteField {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(19,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteFieldConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid}));
}
#-------------------------------------------------------------------
sub www_deleteFieldConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("DataForm_field","DataForm_fieldId",$session{form}{fid});
$_[0]->reorderCollateral("DataForm_field","DataForm_fieldId");
return "";
@ -474,14 +474,14 @@ sub www_deleteFieldConfirm {
#-------------------------------------------------------------------
sub www_deleteTab {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(100,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteTabConfirm&wid='.$_[0]->get("wobjectId").'&tid='.$session{form}{tid}));
}
#-------------------------------------------------------------------
sub www_deleteTabConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("DataForm_tab","DataForm_tabId",$session{form}{tid});
$_[0]->deleteCollateral("DataForm_field","DataForm_tabId",$session{form}{tid});
$_[0]->reorderCollateral("DataForm_tab","DataForm_tabId");
@ -542,7 +542,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->SUPER::www_editSave();
if ($session{form}{wid} eq "new") {
$_[0]->setCollateral("DataForm_field","DataForm_fieldId",{
@ -601,7 +601,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editField {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, %field, $f, %fieldStatus,$tab);
tie %field, 'Tie::CPHash';
@ -695,7 +695,7 @@ sub www_editField {
#-------------------------------------------------------------------
sub www_editFieldSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{name} = $session{form}{label} if ($session{form}{name} eq "");
$session{form}{tid} = "0" if ($session{form}{tid} eq "");
$session{form}{name} = WebGUI::URL::urlize($session{form}{name});
@ -724,7 +724,7 @@ sub www_editFieldSave {
#-------------------------------------------------------------------
sub www_editTab {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, %tab, $f);
tie %tab, 'Tie::CPHash';
@ -767,7 +767,7 @@ sub www_editTab {
#-------------------------------------------------------------------
sub www_editTabSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{name} = $session{form}{label} if ($session{form}{name} eq "");
$session{form}{name} = WebGUI::URL::urlize($session{form}{name});
$session{form}{name} =~ s/\-//g;
@ -786,7 +786,7 @@ sub www_editTabSave {
#-------------------------------------------------------------------
sub www_exportTab {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{header}{filename} = WebGUI::URL::urlize($_[0]->get("title")).".tab";
$session{header}{mimetype} = "text/plain";
my %fields = WebGUI::SQL->buildHash("select DataForm_fieldId,name from DataForm_field where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber");
@ -809,28 +809,28 @@ sub www_exportTab {
#-------------------------------------------------------------------
sub www_moveFieldDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("DataForm_field","DataForm_fieldId",$session{form}{fid},"DataForm_tabId",$session{form}{tid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFieldUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("DataForm_field","DataForm_fieldId",$session{form}{fid},"DataForm_tabId",$session{form}{tid});
return "";
}
#-------------------------------------------------------------------
sub www_moveTabRight {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("DataForm_tab","DataForm_tabId",$session{form}{tid});
return "";
}
#-------------------------------------------------------------------
sub www_moveTabLeft {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("DataForm_tab","DataForm_tabId",$session{form}{tid});
return "";
}
@ -892,8 +892,8 @@ sub www_process {
#-------------------------------------------------------------------
sub www_view {
my $var;
$var->{entryId} = $session{form}{entryId} if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
$var->{entryId} = $session{form}{entryId} if ($_[0]->canEdit);
if ($var->{entryId} eq "list" && $_[0]->canEdit) {
return $_[0]->processTemplate($_[0]->get("listTemplateId"),$_[0]->getListTemplateVars,"DataForm/List");
}
# add Tab StyleSheet and JavaScript

10
lib/WebGUI/Wobject/EventsCalendar.pm
View file

@ -126,7 +126,7 @@ sub purge {
#-------------------------------------------------------------------
sub www_deleteEvent {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($output);
$output = '<h1>'.WebGUI::International::get(42).'</h1>';
$output .= WebGUI::International::get(75,$_[0]->get("namespace")).'<p><blockquote>';
@ -143,7 +143,7 @@ sub www_deleteEvent {
#-------------------------------------------------------------------
sub www_deleteEventConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
if ($session{form}{rid} > 0) {
$_[0]->deleteCollateral("EventsCalendar_event","EventsCalendar_recurringId",$session{form}{rid});
} else {
@ -241,7 +241,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editEvent {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my (%recursEvery, $special, $output, $f, %event);
tie %event, 'Tie::CPHash';
@ -306,7 +306,7 @@ sub www_editEvent {
#-------------------------------------------------------------------
sub www_editEventSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my (@startDate, @endDate, $until, @eventId, $i, $recurringEventId);
$startDate[0] = WebGUI::FormProcessor::dateTime("startDate");
$startDate[0] = time() unless ($startDate[0] > 0);
@ -547,7 +547,7 @@ sub www_viewEvent {
$var{"end.label"} = WebGUI::International::get(15,$_[0]->get("namespace"));
$var{"end.date"} = epochToHuman($event{endDate},"%z");
$var{"end.time"} = epochToHuman($event{endDate},"%Z");
$var{canEdit} = WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"));
$var{canEdit} = $_[0]->canEdit;
$var{"edit.url"} = WebGUI::URL::page('func=editEvent&eid='.$session{form}{eid}.'&wid='.$session{form}{wid});
$var{"edit.label"} = WebGUI::International::get(575);
$var{"delete.url"} = WebGUI::URL::page('func=deleteEvent&eid='.$session{form}{eid}.'&wid='

23
lib/WebGUI/Wobject/FileManager.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Wobject::FileManager;
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -131,7 +132,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteFile {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->setCollateral("FileManager_file","FileManager_fileId",
{$session{form}{file}=>'',FileManager_fileId=>$session{form}{did}},0,0);
return $_[0]->www_editDownload();
@ -139,14 +140,14 @@ sub www_deleteFile {
#-------------------------------------------------------------------
sub www_deleteDownload {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(12,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteDownloadConfirm&wid='.$session{form}{wid}.'&did='.$session{form}{did}));
}
#-------------------------------------------------------------------
sub www_deleteDownloadConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($output, $file);
$file = WebGUI::Attachment->new("",$session{form}{wid},$session{form}{did});
$file->deleteNode;
@ -160,7 +161,7 @@ sub www_download {
my (%download, $file);
tie %download,'Tie::CPHash';
%download = WebGUI::SQL->quickHash("select * from FileManager_file where FileManager_fileId=$session{form}{did}");
if (WebGUI::Privilege::isInGroup($download{groupToView})) {
if (WebGUI::Grouping::isInGroup($download{groupToView})) {
if ($session{form}{alternateVersion} == 1) {
$file = WebGUI::Attachment->new($download{alternateVersion1},
$session{form}{wid},
@ -209,7 +210,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->SUPER::www_editSave();
if ($session{form}{proceed} eq "addFile") {
$session{form}{did} = "new";
@ -221,7 +222,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editDownload {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $file, $f);
$file = $_[0]->getCollateral("FileManager_file","FileManager_fileId",$session{form}{did});
@ -271,7 +272,7 @@ sub www_editDownload {
#-------------------------------------------------------------------
sub www_editDownloadSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($file, %files);
$files{FileManager_fileId} = $_[0]->setCollateral("FileManager_file", "FileManager_fileId", {
FileManager_fileId => $session{form}{did},
@ -308,7 +309,7 @@ sub www_editDownloadSave {
#-------------------------------------------------------------------
sub www_moveDownloadDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
$_[0]->moveCollateralUp("FileManager_file","FileManager_fileId",$session{form}{did});
@ -317,7 +318,7 @@ sub www_moveDownloadDown {
#-------------------------------------------------------------------
sub www_moveDownloadUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sortDirection","-delete-");
WebGUI::Session::setScratch($_[0]->get("namespace").".".$_[0]->get("wobjectId").".sort","-delete-");
$_[0]->moveCollateralDown("FileManager_file","FileManager_fileId",$session{form}{did});
@ -357,13 +358,13 @@ sub www_view {
$p = WebGUI::Paginator->new($url,$numResults);
$p->setDataByQuery($sql);
$files = $p->getPageData;
my $canEditWobject = (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")) || WebGUI::Privilege::canEditPage());
my $canEditWobject = ($_[0]->canEdit);
foreach $file (@$files) {
$file1 = WebGUI::Attachment->new($file->{downloadFile},$_[0]->get("wobjectId"),$file->{FileManager_fileId});
$file2 = WebGUI::Attachment->new($file->{alternateVersion1},$_[0]->get("wobjectId"),$file->{FileManager_fileId});
$file3 = WebGUI::Attachment->new($file->{alternateVersion2},$_[0]->get("wobjectId"),$file->{FileManager_fileId});
push (@fileloop,{
"file.canView"=>(WebGUI::Privilege::isInGroup($file->{groupToView}) || $canEditWobject),
"file.canView"=>(WebGUI::Grouping::isInGroup($file->{groupToView}) || $canEditWobject),
"file.controls"=>deleteIcon('func=deleteDownload&wid='.$_[0]->get("wobjectId")
.'&did='.$file->{FileManager_fileId}).editIcon('func=editDownload&wid='.$_[0]->get("wobjectId")
.'&did='.$file->{FileManager_fileId}).moveUpIcon('func=moveDownloadUp&wid='

12
lib/WebGUI/Wobject/MessageBoard.pm
View file

@ -137,14 +137,14 @@ sub purge {
#-------------------------------------------------------------------
sub www_deleteForum {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(76,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteForumConfirm&wid='.$_[0]->get("wobjectId").'&forumId='.$session{form}{forumId}));
}
#-------------------------------------------------------------------
sub www_deleteForumConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from MessageBoard_forums where forumId=".$session{form}{forumId});
unless ($inUseElsewhere > 1) {
my $forum = WebGUI::Forum->new($session{form}{forumId});
@ -166,7 +166,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editForum {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my $forumMeta;
if ($session{form}{forumId} ne "new") {
@ -199,7 +199,7 @@ sub www_editForum {
#-------------------------------------------------------------------
sub www_editForumSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my $forumId = WebGUI::Forum::UI::forumPropertiesSave();
if ($session{form}{forumId} eq "new") {
my ($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from MessageBoard_forums where wobjectId=".$_[0]->get("wobjectId"));
@ -216,14 +216,14 @@ sub www_editForumSave {
#-------------------------------------------------------------------
sub www_moveForumDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("MessageBoard_forums","forumId",$session{form}{forumId});
return "";
}
#-------------------------------------------------------------------
sub www_moveForumUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("MessageBoard_forums","forumId",$session{form}{forumId});
return "";
}

7
lib/WebGUI/Wobject/Poll.pm
View file

@ -14,6 +14,7 @@ package WebGUI::Wobject::Poll;
use strict;
use Tie::CPHash;
use WebGUI::Form;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -223,7 +224,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_resetVotes {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("Poll_answer","wobjectId",$_[0]->get("wobjectId"));
return "";
}
@ -234,7 +235,7 @@ sub www_view {
$var{question} = $_[0]->get("question");
if ($_[0]->get("active") eq "0") {
$showPoll = 0;
} elsif (WebGUI::Privilege::isInGroup($_[0]->get("voteGroup"),$session{user}{userId})) {
} elsif (WebGUI::Grouping::isInGroup($_[0]->get("voteGroup"),$session{user}{userId})) {
if ($_[0]->_hasVoted()) {
$showPoll = 0;
} else {
@ -277,7 +278,7 @@ sub www_view {
#-------------------------------------------------------------------
sub www_vote {
my $u;
if ($session{form}{answer} ne "" && WebGUI::Privilege::isInGroup($_[0]->get("voteGroup"),$session{user}{userId}) && !($_[0]->_hasVoted())) {
if ($session{form}{answer} ne "" && WebGUI::Grouping::isInGroup($_[0]->get("voteGroup"),$session{user}{userId}) && !($_[0]->_hasVoted())) {
WebGUI::SQL->write("insert into Poll_answer values (".$_[0]->get("wobjectId").",
".quote($session{form}{answer}).", $session{user}{userId}, '$session{env}{REMOTE_ADDR}')");
if ($session{setting}{useKarma}) {

62
lib/WebGUI/Wobject/Product.pm
View file

@ -163,7 +163,7 @@ sub purge {
#-------------------------------------------------------------------
sub www_addAccessory {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $f, $accessory, @usedAccessories);
$output = helpIcon(4,$_[0]->get("namespace"));
@ -185,7 +185,7 @@ sub www_addAccessory {
#-------------------------------------------------------------------
sub www_addAccessorySave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($seq);
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory
@ -201,7 +201,7 @@ sub www_addAccessorySave {
#-------------------------------------------------------------------
sub www_addRelated {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($output, $f, $related, @usedRelated);
$output = helpIcon(5,$_[0]->get("namespace"));
$output .= '<h1>'.WebGUI::International::get(19,$_[0]->get("namespace")).'</h1>';
@ -222,7 +222,7 @@ sub www_addRelated {
#-------------------------------------------------------------------
sub www_addRelatedSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($seq);
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related
where wobjectId=".$_[0]->get("wobjectId"));
@ -237,7 +237,7 @@ sub www_addRelatedSave {
#-------------------------------------------------------------------
sub www_deleteAccessory {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(
WebGUI::International::get(2,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteAccessoryConfirm&wid='.$_[0]->get("wobjectId").'&aid='.$session{form}{aid})
@ -246,7 +246,7 @@ sub www_deleteAccessory {
#-------------------------------------------------------------------
sub www_deleteAccessoryConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::SQL->write("delete from Product_accessory where wobjectId=".$_[0]->get("wobjectId")." and accessoryWobjectId=".quote($session{form}{aid}));
$_[0]->reorderCollateral("Product_accessory","accessoryWobjectId");
return "";
@ -254,7 +254,7 @@ sub www_deleteAccessoryConfirm {
#-------------------------------------------------------------------
sub www_deleteBenefit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(
WebGUI::International::get(48,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteBenefitConfirm&wid='.$_[0]->get("wobjectId").'&bid='.$session{form}{bid})
@ -263,7 +263,7 @@ sub www_deleteBenefit {
#-------------------------------------------------------------------
sub www_deleteBenefitConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
$_[0]->reorderCollateral("Product_benefit","Product_benefitId");
return "";
@ -271,7 +271,7 @@ sub www_deleteBenefitConfirm {
#-------------------------------------------------------------------
sub www_deleteFeature {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(
WebGUI::International::get(3,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteFeatureConfirm&wid='.$_[0]->get("wobjectId").'&fid='.$session{form}{fid})
@ -280,7 +280,7 @@ sub www_deleteFeature {
#-------------------------------------------------------------------
sub www_deleteFeatureConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("Product_feature","Product_featureId",$session{form}{fid});
$_[0]->reorderCollateral("Product_feature","Product_featureId");
return "";
@ -288,7 +288,7 @@ sub www_deleteFeatureConfirm {
#-------------------------------------------------------------------
sub www_deleteRelated {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(
WebGUI::International::get(4,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteRelatedConfirm&wid='.$_[0]->get("wobjectId").'&rid='.$session{form}{rid})
@ -297,7 +297,7 @@ sub www_deleteRelated {
#-------------------------------------------------------------------
sub www_deleteRelatedConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::SQL->write("delete from Product_related where wobjectId=".$_[0]->get("wobjectId")." and relatedWobjectId=".quote($session{form}{rid}));
$_[0]->reorderCollateral("Product_related","relatedWobjectId");
return "";
@ -305,7 +305,7 @@ sub www_deleteRelatedConfirm {
#-------------------------------------------------------------------
sub www_deleteSpecification {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(
WebGUI::International::get(5,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteSpecificationConfirm&wid='.$_[0]->get("wobjectId").'&sid='.$session{form}{sid})
@ -314,7 +314,7 @@ sub www_deleteSpecification {
#-------------------------------------------------------------------
sub www_deleteSpecificationConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->deleteCollateral("Product_specification","Product_specificationId",$session{form}{sid});
$_[0]->reorderCollateral("Product_specification","Product_specificationId");
return "";
@ -348,7 +348,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
my ($file, %property);
$_[0]->SUPER::www_editSave() if ($_[0]->get("wobjectId") eq "new");
$file = WebGUI::Attachment->new("",$_[0]->get("wobjectId"));
@ -375,7 +375,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editBenefit {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $data, $f, $benefits);
$data = $_[0]->getCollateral("Product_benefit","Product_benefitId",$session{form}{bid});
@ -395,7 +395,7 @@ sub www_editBenefit {
#-------------------------------------------------------------------
sub www_editBenefitSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{benefit} = $session{form}{benefit_new} if ($session{form}{benefit_new} ne "");
$_[0]->setCollateral("Product_benefit", "Product_benefitId", {
Product_benefitId => $session{form}{bid},
@ -411,7 +411,7 @@ sub www_editBenefitSave {
#-------------------------------------------------------------------
sub www_editFeature {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $data, $f, $features);
$data = $_[0]->getCollateral("Product_feature","Product_featureId",$session{form}{fid});
@ -431,7 +431,7 @@ sub www_editFeature {
#-------------------------------------------------------------------
sub www_editFeatureSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{feature} = $session{form}{feature_new} if ($session{form}{feature_new} ne "");
$_[0]->setCollateral("Product_feature", "Product_featureId", {
Product_featureId => $session{form}{fid},
@ -447,7 +447,7 @@ sub www_editFeatureSave {
#-------------------------------------------------------------------
sub www_editSpecification {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $data, $f, $hashRef);
$data = $_[0]->getCollateral("Product_specification","Product_specificationId",$session{form}{sid});
@ -470,7 +470,7 @@ sub www_editSpecification {
#-------------------------------------------------------------------
sub www_editSpecificationSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{name} = $session{form}{name_new} if ($session{form}{name_new} ne "");
$session{form}{units} = $session{form}{units_new} if ($session{form}{units_new} ne "");
$_[0]->setCollateral("Product_specification", "Product_specificationId", {
@ -489,70 +489,70 @@ sub www_editSpecificationSave {
#-------------------------------------------------------------------
sub www_moveAccessoryDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Product_related","accessoryWobjectId",$session{form}{aid});
return "";
}
#-------------------------------------------------------------------
sub www_moveAccessoryUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Product_accessory","accessoryWobjectId",$session{form}{aid});
return "";
}
#-------------------------------------------------------------------
sub www_moveBenefitDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Product_benefit","Product_benefitId",$session{form}{bid});
return "";
}
#-------------------------------------------------------------------
sub www_moveBenefitUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Product_benefit","Product_benefitId",$session{form}{bid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFeatureDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Product_feature","Product_featureId",$session{form}{fid});
return "";
}
#-------------------------------------------------------------------
sub www_moveFeatureUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Product_feature","Product_featureId",$session{form}{fid});
return "";
}
#-------------------------------------------------------------------
sub www_moveRelatedDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Product_related","relatedWobjectId",$session{form}{rid});
return "";
}
#-------------------------------------------------------------------
sub www_moveRelatedUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Product_related","relatedWobjectId",$session{form}{rid});
return "";
}
#-------------------------------------------------------------------
sub www_moveSpecificationDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Product_specification","Product_specificationId",$session{form}{sid});
return "";
}
#-------------------------------------------------------------------
sub www_moveSpecificationUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Product_specification","Product_specificationId",$session{form}{sid});
return "";
}

55
lib/WebGUI/Wobject/Survey.pm
View file

@ -13,6 +13,7 @@ package WebGUI::Wobject::Survey;
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::Icon;
use WebGUI::International;
@ -158,7 +159,7 @@ sub getIp {
sub getMenuVars {
my $self = shift;
my %var;
$var{'user.canViewReports'} = (WebGUI::Privilege::isInGroup($self->get("groupToViewReports")));
$var{'user.canViewReports'} = (WebGUI::Grouping::isInGroup($self->get("groupToViewReports")));
$var{'delete.all.responses.url'} = WebGUI::URL::page('func=deleteAllResponses&wid='.$self->get("wobjectId"));
$var{'delete.all.responses.label'} = WebGUI::International::get(73,$self->get("namespace"));
$var{'export.answers.url'} = WebGUI::URL::page('func=exportAnswers&wid='.$self->get("wobjectId"));
@ -427,7 +428,7 @@ sub uiLevel {
#-------------------------------------------------------------------
sub www_deleteAnswer {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(45,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteAnswerConfirm&wid='.$_[0]->get("wobjectId").'&aid='
.$session{form}{aid}.'&qid='.$session{form}{qid}));
@ -435,7 +436,7 @@ sub www_deleteAnswer {
#-------------------------------------------------------------------
sub www_deleteAnswerConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_answerId=".quote($session{form}{aid}));
$_[0]->deleteCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
$_[0]->reorderCollateral("Survey_answer","Survey_answerId","Survey_id");
@ -444,14 +445,14 @@ sub www_deleteAnswerConfirm {
#-------------------------------------------------------------------
sub www_deleteQuestion {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
return $_[0]->confirm(WebGUI::International::get(44,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteQuestionConfirm&wid='.$_[0]->get("wobjectId").'&qid='.$session{form}{qid}));
}
#-------------------------------------------------------------------
sub www_deleteQuestionConfirm {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
WebGUI::SQL->write("delete from Survey_answer where Survey_questionId=".quote($session{form}{qid}));
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_questionId=".quote($session{form}{qid}));
$_[0]->deleteCollateral("Survey_question","Survey_questionId",$session{form}{qid});
@ -461,14 +462,14 @@ sub www_deleteQuestionConfirm {
#-------------------------------------------------------------------
sub www_deleteResponse {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
return $_[0]->confirm(WebGUI::International::get(72,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteResponseConfirm&amp;wid='.$_[0]->get("wobjectId").'&responseId='.$session{form}{responseId}));
}
#-------------------------------------------------------------------
sub www_deleteResponseConfirm {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
WebGUI::SQL->write("delete from Survey_response where Survey_responseId=".quote($session{form}{responseId}));
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_responseId=".quote($session{form}{responseId}));
return $_[0]->www_viewGradebook;
@ -476,14 +477,14 @@ sub www_deleteResponseConfirm {
#-------------------------------------------------------------------
sub www_deleteAllResponses {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
return $_[0]->confirm(WebGUI::International::get(74,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteAllResponsesConfirm&wid='.$_[0]->get("wobjectId")));
}
#-------------------------------------------------------------------
sub www_deleteAllResponsesConfirm {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
WebGUI::SQL->write("delete from Survey_response where Survey_id=".$_[0]->get("Survey_id"));
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_id=".$_[0]->get("Survey_id"));
return "";
@ -567,7 +568,7 @@ sub www_edit {
#-------------------------------------------------------------------
sub www_editSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->SUPER::www_editSave();
if ($session{form}{proceed} eq "addQuestion") {
$session{form}{qid} = "new";
@ -578,7 +579,7 @@ sub www_editSave {
#-------------------------------------------------------------------
sub www_editAnswer {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($question, $output, $f, $answer);
$answer = $_[0]->getCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
@ -634,7 +635,7 @@ sub www_editAnswer {
#-------------------------------------------------------------------
sub www_editAnswerSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->setCollateral("Survey_answer", "Survey_answerId", {
Survey_answerId => $session{form}{aid},
Survey_questionId => $session{form}{qid},
@ -656,7 +657,7 @@ sub www_editAnswerSave {
#-------------------------------------------------------------------
sub www_editQuestion {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{page}{useAdminStyle} = 1;
my ($output, $f, $question, $answerFieldType, $sth, %data);
tie %data, 'Tie::CPHash';
@ -736,7 +737,7 @@ sub www_editQuestion {
#-------------------------------------------------------------------
sub www_editQuestionSave {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$session{form}{qid} = $_[0]->setCollateral("Survey_question", "Survey_questionId", {
question=>$session{form}{question},
Survey_questionId=>$session{form}{qid},
@ -778,7 +779,7 @@ sub www_editQuestionSave {
#-------------------------------------------------------------------
sub www_exportAnswers {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
$session{header}{filename} = WebGUI::URL::escape($_[0]->get("title")."_answers.tab");
$session{header}{mimetype} = "text/tab";
return WebGUI::SQL->quickTab("select * from Survey_answer where Survey_id=".$_[0]->get("Survey_id"));
@ -786,7 +787,7 @@ sub www_exportAnswers {
#-------------------------------------------------------------------
sub www_exportComposite {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
$session{header}{filename} = WebGUI::URL::escape($_[0]->get("title")."_composite.tab");
$session{header}{mimetype} = "text/tab";
return WebGUI::SQL->quickTab("select b.question, c.response, a.userId, a.username, a.ipAddress, c.comment, c.dateOfResponse from Survey_response a
@ -797,7 +798,7 @@ sub www_exportComposite {
#-------------------------------------------------------------------
sub www_exportQuestions {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
$session{header}{filename} = WebGUI::URL::escape($_[0]->get("title")."_questions.tab");
$session{header}{mimetype} = "text/tab";
return WebGUI::SQL->quickTab("select * from Survey_question where Survey_id=".$_[0]->get("Survey_id"));
@ -805,7 +806,7 @@ sub www_exportQuestions {
#-------------------------------------------------------------------
sub www_exportResponses {
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports")));
$session{header}{filename} = WebGUI::URL::escape($_[0]->get("title")."_responses.tab");
$session{header}{mimetype} = "text/tab";
return WebGUI::SQL->quickTab("select * from Survey_response where Survey_id=".$_[0]->get("Survey_id"));
@ -813,28 +814,28 @@ sub www_exportResponses {
#-------------------------------------------------------------------
sub www_moveAnswerDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
return $_[0]->www_editQuestion;
}
#-------------------------------------------------------------------
sub www_moveAnswerUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Survey_answer","Survey_answerId",$session{form}{aid},"Survey_id");
return $_[0]->www_editQuestion;
}
#-------------------------------------------------------------------
sub www_moveQuestionDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
return $_[0]->www_edit;
}
#-------------------------------------------------------------------
sub www_moveQuestionUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("Survey_question","Survey_questionId",$session{form}{qid},"Survey_id");
return $_[0]->www_edit;
}
@ -842,7 +843,7 @@ sub www_moveQuestionUp {
#-------------------------------------------------------------------
sub www_respond {
my $self = shift;
return "" unless (WebGUI::Privilege::isInGroup($self->get("groupToTakeSurvey")));
return "" unless (WebGUI::Grouping::isInGroup($self->get("groupToTakeSurvey")));
my $varname = $self->getResponseIdString;
return "" unless ($session{scratch}{$varname});
my $userId = ($self->get("anonymous")) ? substr(md5_hex($session{user}{userId}),0,8) : $session{user}{userId};
@ -890,7 +891,7 @@ sub www_view {
$var->{'question.edit_loop'} = \@edit;
}
$sth->finish;
$var->{'user.canTakeSurvey'} = WebGUI::Privilege::isInGroup($self->get("groupToTakeSurvey"));
$var->{'user.canTakeSurvey'} = WebGUI::Grouping::isInGroup($self->get("groupToTakeSurvey"));
if ($var->{'user.canTakeSurvey'}) {
$var->{'response.Id'} = $self->getResponseId();
$var->{'response.Count'} = $self->getResponseCount;
@ -940,7 +941,7 @@ sub www_view {
#-------------------------------------------------------------------
sub www_viewGradebook {
my $self = shift;
return "" unless (WebGUI::Privilege::isInGroup($self->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($self->get("groupToViewReports")));
my $var = $self->getMenuVars;
$var->{title} = WebGUI::International::get(71,$self->get("namespace"));
my $p = WebGUI::Paginator->new(WebGUI::URL::page('func=viewGradebook&wid='.$self->get("wobjectId")));
@ -976,7 +977,7 @@ sub www_viewGradebook {
#-------------------------------------------------------------------
sub www_viewIndividualSurvey {
my $self = shift;
return "" unless (WebGUI::Privilege::isInGroup($self->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($self->get("groupToViewReports")));
my $var = $self->getMenuVars;
$var->{'title'} = WebGUI::International::get(70,$self->get("namespace"));
$var->{'delete.url'} = WebGUI::URL::page('func=deleteResponse&amp;wid='.$self->get("wobjectId").'&amp;responseId='.$session{form}{responseId});
@ -1033,7 +1034,7 @@ sub www_viewIndividualSurvey {
#-------------------------------------------------------------------
sub www_viewStatisticalOverview {
my $self = shift;
return "" unless (WebGUI::Privilege::isInGroup($self->get("groupToViewReports")));
return "" unless (WebGUI::Grouping::isInGroup($self->get("groupToViewReports")));
my $var = $self->getMenuVars;
$var->{title} = WebGUI::International::get(58,$self->get("namespace"));
my $p = WebGUI::Paginator->new(WebGUI::URL::page('func=viewStatisticalOverview&wid='.$self->get("wobjectId")));

37
lib/WebGUI/Wobject/USS.pm
View file

@ -16,6 +16,7 @@ use WebGUI::Attachment;
use WebGUI::DateTime;
use WebGUI::Forum;
use WebGUI::Forum::UI;
use WebGUI::Grouping;
use WebGUI::HTML;
use WebGUI::HTMLForm;
use WebGUI::Icon;
@ -236,7 +237,7 @@ sub status {
sub www_approveSubmission {
my (%submission);
tie %submission, 'Tie::CPHash';
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
if (WebGUI::Grouping::isInGroup(4,$session{user}{userId}) || WebGUI::Grouping::isInGroup(3,$session{user}{userId})) {
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
WebGUI::SQL->write("update USS_submission set status='Approved' where USS_submissionId=".quote($session{form}{sid}));
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
@ -251,7 +252,7 @@ sub www_approveSubmission {
#-------------------------------------------------------------------
sub www_deleteFile {
my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=$session{form}{sid}");
if ($owner == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) {
$_[0]->setCollateral("USS_submission","USS_submissionId",{
$session{form}{file}=>'',
USS_submissionId=>$session{form}{sid}
@ -265,7 +266,7 @@ sub www_deleteFile {
#-------------------------------------------------------------------
sub www_deleteSubmission {
my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=$session{form}{sid}");
if ($owner == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) {
return $_[0]->confirm(WebGUI::International::get(17,$_[0]->get("namespace")),
WebGUI::URL::page('func=deleteSubmissionConfirm&wid='.$session{form}{wid}.'&sid='.$session{form}{sid}));
} else {
@ -276,7 +277,7 @@ sub www_deleteSubmission {
#-------------------------------------------------------------------
sub www_deleteSubmissionConfirm {
my ($owner, $forumId) = WebGUI::SQL->quickArray("select userId,forumId from USS_submission where USS_submissionId=$session{form}{sid}");
if ($owner == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) {
my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from USS_submission where forumId=".$forumId);
unless ($inUseElsewhere > 1) {
my $forum = WebGUI::Forum->new($forumId);
@ -295,7 +296,7 @@ sub www_deleteSubmissionConfirm {
sub www_denySubmission {
my (%submission);
tie %submission, 'Tie::CPHash';
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
if (WebGUI::Grouping::isInGroup(4,$session{user}{userId}) || WebGUI::Grouping::isInGroup(3,$session{user}{userId})) {
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
WebGUI::SQL->write("update USS_submission set status='Denied' where USS_submissionId=".quote($session{form}{sid}));
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
@ -403,9 +404,9 @@ sub www_editSubmission {
$submission->{contentType} = "mixed";
$var{'submission.isNew'} = 1;
}
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"))
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToContribute"))
|| $submission->{userId} == $session{user}{userId}
|| WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove")));
|| WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove")));
$var{'link.header.label'} = WebGUI::International::get(90,$_[0]->get("namespace"));
$var{'question.header.label'} = WebGUI::International::get(84,$_[0]->get("namespace"));
$var{'submission.header.label'} = WebGUI::International::get(19,$_[0]->get("namespace"));
@ -571,8 +572,8 @@ sub www_editSubmissionSave {
$submission = $_[0]->getCollateral("USS_submission","USS_submissionId",$session{form}{sid});
if ($submission->{userId} == $session{user}{userId}
|| ($submission->{USS_submissionId} eq "new"
&& WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute")))
|| WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
&& WebGUI::Grouping::isInGroup($_[0]->get("groupToContribute")))
|| WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) {
if ($session{form}{sid} eq "new") {
my $forum = WebGUI::Forum->create({
masterForumId=>$_[0]->get("forumId"),
@ -609,7 +610,7 @@ sub www_editSubmissionSave {
$file->save("attachment");
$hash{attachment} = $file->getFilename if ($file->getFilename ne "");
unless ($_[0]->get("defaultStatus") eq "Approved") {
unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove")) ) {
unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove")) ) {
$hash{status} = $_[0]->get("defaultStatus");
WebGUI::MessageLog::addInternationalizedEntry('',$_[0]->get("groupToApprove"),
WebGUI::URL::page('func=viewSubmission&wid='.$_[0]->get("wobjectId").'&sid='.
@ -627,14 +628,14 @@ sub www_editSubmissionSave {
#-------------------------------------------------------------------
sub www_moveSubmissionDown {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralDown("USS_submission","USS_submissionId",$session{form}{sid}, "USS_id", $_[0]->get("USS_id"));
return "";
}
#-------------------------------------------------------------------
sub www_moveSubmissionUp {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit);
$_[0]->moveCollateralUp("USS_submission","USS_submissionId",$session{form}{sid}, "USS_id", $_[0]->get("USS_id"));
return "";
}
@ -646,7 +647,7 @@ sub www_view {
$numResults = $_[0]->get("submissionsPerPage");
$var{"readmore.label"} = WebGUI::International::get(46,$_[0]->get("namespace"));
$var{"responses.label"} = WebGUI::International::get(57,$_[0]->get("namespace"));
$var{canPost} = WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"));
$var{canPost} = WebGUI::Grouping::isInGroup($_[0]->get("groupToContribute"));
$var{"post.url"} = WebGUI::URL::page('func=editSubmission&sid=new&wid='.$_[0]->get("wobjectId"));
$var{"post.label"} = WebGUI::International::get(20,$_[0]->get("namespace"));
$var{"addquestion.label"} = WebGUI::International::get(83,$_[0]->get("namespace"));
@ -664,7 +665,7 @@ sub www_view {
} else {
$constraints = "(status='Approved' or (userId=$session{user}{userId} and userId<>1))";
}
$var{canModerate} = WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"),$session{user}{userId});
$var{canModerate} = WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"),$session{user}{userId});
$var{"title.label"} = WebGUI::International::get(99);
$var{"thumbnail.label"} = WebGUI::International::get(52,$_[0]->get("namespace"));
$var{"date.label"} = WebGUI::International::get(13,$_[0]->get("namespace"));
@ -806,7 +807,7 @@ sub www_viewSubmission {
return "" unless ($submission->{USS_submissionId});
return "" unless ($submission->{status} eq 'Approved' ||
($submission->{userId} == $session{user}{userId} && $session{user}{userId} != 1) ||
WebGUI::Privilege::isInGroup($_[0]->getValue("groupToApprove")));
WebGUI::Grouping::isInGroup($_[0]->getValue("groupToApprove")));
my $callback = WebGUI::URL::page("func=viewSubmission&amp;wid=".$_[0]->get("wobjectId")."&amp;sid=".$submission->{USS_submissionId});
if ($session{form}{forumOp} ne "" && $session{form}{forumOp} ne "viewForum") {
return WebGUI::Forum::UI::forumOp({
@ -834,7 +835,7 @@ sub www_viewSubmission {
$var{"status.status"} = status($submission->{status});
$var{"views.label"} = WebGUI::International::get(514);
$var{"views.count"} = $submission->{views};
$var{canPost} = WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"));
$var{canPost} = WebGUI::Grouping::isInGroup($_[0]->get("groupToContribute"));
$var{"post.url"} = WebGUI::URL::page('func=editSubmission&sid=new&wid='.$_[0]->get("wobjectId"));
$var{"post.label"} = WebGUI::International::get(20,$_[0]->get("namespace"));
@data = WebGUI::SQL->quickArray("select max(USS_submissionId) from USS_submission
@ -849,12 +850,12 @@ sub www_viewSubmission {
$var{"next.more"} = ($data[0] ne "");
$var{"next.url"} = WebGUI::URL::page('func=viewSubmission&sid='.$data[0].'&wid='.$session{form}{wid});
$var{"next.label"} = WebGUI::International::get(59,$_[0]->get("namespace"));
$var{canEdit} = (($submission->{userId} == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) && $session{user}{userId} != 1);
$var{canEdit} = (($submission->{userId} == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) && $session{user}{userId} != 1);
$var{"delete.url"} = WebGUI::URL::page('func=deleteSubmission&wid='.$session{form}{wid}.'&sid='.$session{form}{sid});
$var{"delete.label"} = WebGUI::International::get(37,$_[0]->get("namespace"));
$var{"edit.url"} = WebGUI::URL::page('func=editSubmission&wid='.$session{form}{wid}.'&sid='.$session{form}{sid});
$var{"edit.label"} = WebGUI::International::get(27,$_[0]->get("namespace"));
$var{canChangeStatus} = WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"),$session{user}{userId});
$var{canChangeStatus} = WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"),$session{user}{userId});
$var{"approve.url"} = WebGUI::URL::page('func=approveSubmission&wid='.$session{form}{wid}.'&sid='.$session{form}{sid}.'&mlog='.$session{form}{mlog});
$var{"approve.label"} = WebGUI::International::get(572);
$var{"leave.url"} = WebGUI::URL::page('op=viewMessageLog');