Index: branches/unlabeled/unlabeled-1.64.2/kernel/units/general/cat_event_handler.php
===================================================================
diff -u -r5833 -r5858
--- branches/unlabeled/unlabeled-1.64.2/kernel/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5833)
+++ branches/unlabeled/unlabeled-1.64.2/kernel/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5858)
@@ -45,6 +45,41 @@
$this->Application->StoreVar('m_cat_id', $root_category);
}
+ if ($event->Name == 'OnEdit' || $event->Name == 'OnSave') {
+ // check each id from selected individually and only if all are allowed proceed next
+ if ($event->Name == 'OnEdit') {
+ $selected_ids = implode(',', $this->StoreSelectedIDs($event));
+ }
+ else {
+ $selected_ids = $this->Application->RecallVar($event->getPrefixSpecial().'_selected_ids');
+ }
+
+ $id_field = $this->Application->getUnitOption($event->Prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($event->Prefix, 'TableName');
+ $sql = 'SELECT '.$id_field.', CreatedById, ci.CategoryId
+ FROM '.$table_name.' item_table
+ LEFT JOIN '.$this->Application->getUnitOption('ci', 'TableName').' ci ON ci.ItemResourceId = item_table.ResourceId
+ WHERE '.$id_field.' IN ('.$selected_ids.') AND (ci.PrimaryCat = 1)';
+ $items = $this->Conn->Query($sql, $id_field);
+
+ $perm_value = true;
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ foreach ($items as $item_id => $item_data) {
+
+ if ($perm_helper->ModifyCheckPermission($item_data['CreatedById'], $item_data['CategoryId'], $event->Prefix) == 0) {
+ // one of items selected has no permission
+ $perm_value = false;
+ break;
+ }
+ }
+
+ if (!$perm_value) {
+ $event->status = erPERM_FAIL;
+ }
+
+ return $perm_value;
+ }
+
return parent::CheckPermission($event);
}
@@ -1679,6 +1714,63 @@
$object->SetDBField($cached_field, $this->Conn->GetOne($sql));
}
}
+
+ /**
+ * Saves item beeing edited into temp table
+ *
+ * @param kEvent $event
+ */
+ function OnPreSave(&$event)
+ {
+ parent::OnPreSave($event);
+ $use_pending_editing = $this->Application->getUnitOption($event->Prefix, 'UsePendingEditing');
+ if ($event->status == erSUCCESS && $use_pending_editing) {
+ // decision: clone or not clone
+
+ $object =& $event->getObject();
+ if ($object->GetID() == 0 || $object->GetDBField('OrgId') > 0) {
+ // new items or cloned items shouldn't be cloned again
+ return true;
+ }
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ if ($perm_helper->ModifyCheckPermission($object->GetDBField('CreatedById'), $object->GetDBField('CategoryId'), $event->Prefix) == 2) {
+
+ // 1. clone original item
+ $temp_handler =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler');
+ $cloned_ids = $temp_handler->CloneItems($event->Prefix, $event->Special, Array($object->GetID()), null, null, null, true);
+
+ // 2. put cloned id to OrgId field of item being cloned
+ $sql = 'UPDATE '.$object->TableName.'
+ SET OrgId = '.$object->GetID().'
+ WHERE '.$object->IDField.' = '.$cloned_ids[0];
+ $this->Conn->Query($sql);
+
+ // 3. substitute id of item being cloned with clone id
+ $this->Application->SetVar($event->getPrefixSpecial().'_id', $cloned_ids[0]);
+ $selected_ids = explode(',', $this->Application->RecallVar($event->getPrefixSpecial().'_selected_ids'));
+ $selected_ids[ array_search($object->GetID(), $selected_ids) ] = $cloned_ids[0];
+ $this->Application->StoreVar($event->getPrefixSpecial().'_selected_ids', implode(',', $selected_ids));
+
+ // 4. delete original item from temp table
+ $temp_handler->DeleteItems($event->Prefix, $event->Special, Array($object->GetID()));
+ }
+ }
+ }
+
+ /**
+ * Sets default expiration based on module setting
+ *
+ * @param kEvent $event
+ */
+ function OnPreCreate(&$event)
+ {
+ parent::OnPreCreate($event);
+
+ if ($event->status == erSUCCESS) {
+ $object =& $event->getObject();
+ $object->SetDBField('CreatedById', $this->Application->GetVar('u_id'));
+ }
+ }
}
Index: branches/unlabeled/unlabeled-1.64.2/core/units/general/cat_event_handler.php
===================================================================
diff -u -r5833 -r5858
--- branches/unlabeled/unlabeled-1.64.2/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5833)
+++ branches/unlabeled/unlabeled-1.64.2/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5858)
@@ -45,6 +45,41 @@
$this->Application->StoreVar('m_cat_id', $root_category);
}
+ if ($event->Name == 'OnEdit' || $event->Name == 'OnSave') {
+ // check each id from selected individually and only if all are allowed proceed next
+ if ($event->Name == 'OnEdit') {
+ $selected_ids = implode(',', $this->StoreSelectedIDs($event));
+ }
+ else {
+ $selected_ids = $this->Application->RecallVar($event->getPrefixSpecial().'_selected_ids');
+ }
+
+ $id_field = $this->Application->getUnitOption($event->Prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($event->Prefix, 'TableName');
+ $sql = 'SELECT '.$id_field.', CreatedById, ci.CategoryId
+ FROM '.$table_name.' item_table
+ LEFT JOIN '.$this->Application->getUnitOption('ci', 'TableName').' ci ON ci.ItemResourceId = item_table.ResourceId
+ WHERE '.$id_field.' IN ('.$selected_ids.') AND (ci.PrimaryCat = 1)';
+ $items = $this->Conn->Query($sql, $id_field);
+
+ $perm_value = true;
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ foreach ($items as $item_id => $item_data) {
+
+ if ($perm_helper->ModifyCheckPermission($item_data['CreatedById'], $item_data['CategoryId'], $event->Prefix) == 0) {
+ // one of items selected has no permission
+ $perm_value = false;
+ break;
+ }
+ }
+
+ if (!$perm_value) {
+ $event->status = erPERM_FAIL;
+ }
+
+ return $perm_value;
+ }
+
return parent::CheckPermission($event);
}
@@ -1679,6 +1714,63 @@
$object->SetDBField($cached_field, $this->Conn->GetOne($sql));
}
}
+
+ /**
+ * Saves item beeing edited into temp table
+ *
+ * @param kEvent $event
+ */
+ function OnPreSave(&$event)
+ {
+ parent::OnPreSave($event);
+ $use_pending_editing = $this->Application->getUnitOption($event->Prefix, 'UsePendingEditing');
+ if ($event->status == erSUCCESS && $use_pending_editing) {
+ // decision: clone or not clone
+
+ $object =& $event->getObject();
+ if ($object->GetID() == 0 || $object->GetDBField('OrgId') > 0) {
+ // new items or cloned items shouldn't be cloned again
+ return true;
+ }
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ if ($perm_helper->ModifyCheckPermission($object->GetDBField('CreatedById'), $object->GetDBField('CategoryId'), $event->Prefix) == 2) {
+
+ // 1. clone original item
+ $temp_handler =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler');
+ $cloned_ids = $temp_handler->CloneItems($event->Prefix, $event->Special, Array($object->GetID()), null, null, null, true);
+
+ // 2. put cloned id to OrgId field of item being cloned
+ $sql = 'UPDATE '.$object->TableName.'
+ SET OrgId = '.$object->GetID().'
+ WHERE '.$object->IDField.' = '.$cloned_ids[0];
+ $this->Conn->Query($sql);
+
+ // 3. substitute id of item being cloned with clone id
+ $this->Application->SetVar($event->getPrefixSpecial().'_id', $cloned_ids[0]);
+ $selected_ids = explode(',', $this->Application->RecallVar($event->getPrefixSpecial().'_selected_ids'));
+ $selected_ids[ array_search($object->GetID(), $selected_ids) ] = $cloned_ids[0];
+ $this->Application->StoreVar($event->getPrefixSpecial().'_selected_ids', implode(',', $selected_ids));
+
+ // 4. delete original item from temp table
+ $temp_handler->DeleteItems($event->Prefix, $event->Special, Array($object->GetID()));
+ }
+ }
+ }
+
+ /**
+ * Sets default expiration based on module setting
+ *
+ * @param kEvent $event
+ */
+ function OnPreCreate(&$event)
+ {
+ parent::OnPreCreate($event);
+
+ if ($event->status == erSUCCESS) {
+ $object =& $event->getObject();
+ $object->SetDBField('CreatedById', $this->Application->GetVar('u_id'));
+ }
+ }
}
Index: branches/unlabeled/unlabeled-1.11.2/kernel/units/general/cat_tag_processor.php
===================================================================
diff -u -r5802 -r5858
--- branches/unlabeled/unlabeled-1.11.2/kernel/units/general/cat_tag_processor.php (.../cat_tag_processor.php) (revision 5802)
+++ branches/unlabeled/unlabeled-1.11.2/kernel/units/general/cat_tag_processor.php (.../cat_tag_processor.php) (revision 5858)
@@ -2,6 +2,19 @@
class kCatDBTagProcessor extends kDBTagProcessor {
+ /**
+ * Permission Helper
+ *
+ * @var kPermissionsHelper
+ */
+ var $PermHelper = null;
+
+ function kCatDBTagProcessor()
+ {
+ parent::kDBTagProcessor();
+ $this->PermHelper = $this->Application->recallObject('PermissionsHelper');
+ }
+
function ItemIcon($params)
{
$object =& $this->Application->recallObject($this->getPrefixSpecial(),$this->Prefix, $params);
@@ -190,6 +203,20 @@
}
return $category_path;
}
+
+ /**
+ * Allows to determine if original value should be shown
+ *
+ * @param Array $params
+ * @return bool
+ */
+ function DisplayOriginal($params)
+ {
+ // original id found & greather then zero + show original
+ $display_original = isset($params['display_original']) && $params['display_original'];
+ return $display_original && $this->Application->GetVar($this->Prefix.'.original_id');
+ }
+
}
?>
\ No newline at end of file
Index: branches/unlabeled/unlabeled-1.73.2/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r5856 -r5858
--- branches/unlabeled/unlabeled-1.73.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 5856)
+++ branches/unlabeled/unlabeled-1.73.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 5858)
@@ -65,7 +65,6 @@
}
}
-
$section = $event->getSection();
if (!preg_match('/^CATEGORY:(.*)/', $section)) {
// only if not category item events
@@ -114,14 +113,14 @@
'OnMassMoveUp' => Array('self' => 'advanced:move_up|add|edit', 'subitem' => 'advanced:move_up|add|edit'),
'OnMassMoveDown' => Array('self' => 'advanced:move_down|add|edit', 'subitem' => 'advanced:move_down|add|edit'),
- 'OnPreCreate' => Array('self' => 'add'),
- 'OnEdit' => Array('self' => 'edit'),
+ 'OnPreCreate' => Array('self' => 'add|add.pending'),
+ 'OnEdit' => Array('self' => 'edit|edit.pending'),
// theese event do not harm, but just in case check them too :)
- 'OnCancelEdit' => Array('self' => 'add|edit'),
+ 'OnCancelEdit' => Array('self' => 'add|add.pending|edit|edit.pending'),
'OnCancel' => Array('self' => 'add|edit', 'subitem' => 'add|edit'),
'OnSetSorting' => Array('self' => 'view', 'subitem' => 'view'),
@@ -229,6 +228,9 @@
// this smells... needs to be refactored
$first_id = getArrayValue($ret,0);
if (($first_id === false) && ($event->getEventParam('raise_warnings') == 1)) {
+ if ($this->Application->isDebugMode()) {
+ $this->Application->Debugger->appendTrace();
+ }
trigger_error('Requested ID for prefix '.$event->getPrefixSpecial().' not passed',E_USER_NOTICE);
}
$this->Application->SetVar($event->getPrefixSpecial(true).'_id', $first_id);
@@ -991,7 +993,12 @@
$temp =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler');
if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
- $temp->SaveEdit($event->getEventParam('master_ids') ? $event->getEventParam('master_ids') : Array());
+ $live_ids = $temp->SaveEdit($event->getEventParam('master_ids') ? $event->getEventParam('master_ids') : Array());
+ if ($live_ids) {
+ // ensure, that newly created item ids are avalable as if they were selected from grid
+ // NOTE: only works if main item has subitems !!!
+ $this->Application->StoreVar($event->getPrefixSpecial().'_selected_ids', implode(',', $live_ids));
+ }
}
$this->clearSelectedIDs($event);
@@ -1028,6 +1035,7 @@
*/
function isNewItemCreate(&$event)
{
+ $event->setEventParam('raise_warnings', 0);
$item_id = $this->getPassedID($event);
return ($item_id == '') ? true : false;
}
Index: branches/unlabeled/unlabeled-1.13.2/kernel/units/config_search/config_search_event_handler.php
===================================================================
diff -u -r4760 -r5858
--- branches/unlabeled/unlabeled-1.13.2/kernel/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 4760)
+++ branches/unlabeled/unlabeled-1.13.2/kernel/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 5858)
@@ -60,7 +60,7 @@
}
/**
- * Enter description here...
+ * [HOOK] Enter description here...
*
* @param kEvent $event
*/
@@ -75,12 +75,11 @@
$object =& $event->getObject( Array('skip_autoload' => true) );
$custom_id = $custom_field->GetID();
- if ($custom_id) {
+ if ($object->GetDBField('CustomFieldId') != $custom_id) {
$object->Load($custom_id, 'CustomFieldId');
- $object->SetDBField('CustomFieldId', $custom_id); // for cloning only
}
-
- $cf_search = Array();
+
+ $cf_search = Array();
$cf_search['DisplayOrder'] = $custom_field->GetDBField('DisplayOrder');
$cf_search['ElementType'] = $custom_field->GetDBField('ElementType');
$cf_search['DisplayName'] = $custom_field->GetDBField('FieldLabel');
@@ -96,6 +95,7 @@
$cf_search['ModuleName'] = $this->Conn->GetOne($sql);
$object->SetFieldsFromHash($cf_search);
+ $object->SetDBField('CustomFieldId', $custom_id);
$result = $object->isLoaded() ? $object->Update() : $object->Create();
}
Index: branches/unlabeled/unlabeled-1.11.2/core/units/general/cat_tag_processor.php
===================================================================
diff -u -r5802 -r5858
--- branches/unlabeled/unlabeled-1.11.2/core/units/general/cat_tag_processor.php (.../cat_tag_processor.php) (revision 5802)
+++ branches/unlabeled/unlabeled-1.11.2/core/units/general/cat_tag_processor.php (.../cat_tag_processor.php) (revision 5858)
@@ -2,6 +2,19 @@
class kCatDBTagProcessor extends kDBTagProcessor {
+ /**
+ * Permission Helper
+ *
+ * @var kPermissionsHelper
+ */
+ var $PermHelper = null;
+
+ function kCatDBTagProcessor()
+ {
+ parent::kDBTagProcessor();
+ $this->PermHelper = $this->Application->recallObject('PermissionsHelper');
+ }
+
function ItemIcon($params)
{
$object =& $this->Application->recallObject($this->getPrefixSpecial(),$this->Prefix, $params);
@@ -190,6 +203,20 @@
}
return $category_path;
}
+
+ /**
+ * Allows to determine if original value should be shown
+ *
+ * @param Array $params
+ * @return bool
+ */
+ function DisplayOriginal($params)
+ {
+ // original id found & greather then zero + show original
+ $display_original = isset($params['display_original']) && $params['display_original'];
+ return $display_original && $this->Application->GetVar($this->Prefix.'.original_id');
+ }
+
}
?>
\ No newline at end of file
Index: branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -r5516 -r5858
--- branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5516)
+++ branches/unlabeled/unlabeled-1.17.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5858)
@@ -130,7 +130,7 @@
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
- $perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
+ $perm_mapping = Array('add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY', 'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW');
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
@@ -142,8 +142,6 @@
$id = $event_handler->getPassedID($event);
}
- $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
@@ -155,19 +153,26 @@
}
else {
// item being edited -> check by it's primary category permissions
- $sql = 'SELECT ci.CategoryId
+ $sql = 'SELECT ci.CategoryId, main_table.CreatedById
FROM '.$table_name.' main_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
- $category_id = $this->Conn->GetOne($sql);
+ $item_info = $this->Conn->GetRow($sql);
+ $category_id = $item_info['CategoryId'];
+ $owner_id = $item_info['CreatedById'];
}
- if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
+ $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+
+ if (substr($event->Name, 0, 9) == 'OnPreSave') {
if ($event_handler->isNewItemCreate($event)) {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id);
}
else {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id) ||
+ $this->ModifyCheckPermission($owner_id, $category_id, $top_prefix);
}
}
@@ -349,9 +354,7 @@
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
- $cat_hierarchy = explode('|', $cat_hierarchy);
- array_shift($cat_hierarchy);
- array_pop($cat_hierarchy);
+ $cat_hierarchy = explode('|', substr($cat_hierarchy, 1, -1));
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
@@ -372,6 +375,40 @@
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
+
+ /**
+ * Allows to check MODIFY & OWNER.MODFY +/- PENDING permission combinations on item
+ *
+ * @param int $owner_id user_id, that is owner of the item
+ * @param int $category_id primary category of item
+ * @param string $prefix prefix of item
+ * @return int {0 - no MODIFY permission, 1 - has MODIFY permission, 2 - has MODIFY.PENDING permission}
+ */
+ function ModifyCheckPermission($owner_id, $category_id, $prefix)
+ {
+ $perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
+
+ $live_modify = $this->CheckPermission($perm_prefix.'.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+
+ if ($owner_id == $this->Application->GetVar('u_id')) {
+ // user is item's OWNER -> check this permissions first
+ $live_modify = $this->CheckPermission($perm_prefix.'.OWNER.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.OWNER.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+ }
+
+ return 0;
+ }
}
?>
\ No newline at end of file
Index: branches/unlabeled/unlabeled-1.32.2/core/units/general/cat_dbitem.php
===================================================================
diff -u -r5820 -r5858
--- branches/unlabeled/unlabeled-1.32.2/core/units/general/cat_dbitem.php (.../cat_dbitem.php) (revision 5820)
+++ branches/unlabeled/unlabeled-1.32.2/core/units/general/cat_dbitem.php (.../cat_dbitem.php) (revision 5858)
@@ -29,7 +29,7 @@
$this->SetDBField('ResourceId', $this->Application->NextResourceId());
$this->SetDBField('Modified', adodb_mktime() );
- if ($this->mode != 't') {
+ if ($this->mode != 't' && !$this->Application->IsAdmin()) {
$this->SetDBField('CreatedById', $this->Application->GetVar('u_id'));
}
@@ -39,18 +39,15 @@
}
$ret = parent::Create();
- if($ret)
- {
- if ( $this->Application->IsTempTable($this->TableName) ) {
- $table = $this->Application->GetTempName(TABLE_PREFIX.'CategoryItems');
- }
- else {
- $table = TABLE_PREFIX.'CategoryItems';
- }
- $cat_id = $this->Application->GetVar('m_cat_id');
- $query = 'INSERT INTO '.$table.' (CategoryId,ItemResourceId,PrimaryCat,ItemPrefix,Filename)
- VALUES ('.$cat_id.','.$this->GetField('ResourceId').',1,'.$this->Conn->qstr($this->Prefix).','.$this->Conn->qstr($this->GetDBField('Filename')).')';
- $this->Conn->Query($query);
+ if ($ret) {
+ $fields_hash = Array(
+ 'CategoryId' => $this->Application->GetVar('m_cat_id'),
+ 'ItemResourceId' => $this->GetField('ResourceId'),
+ 'PrimaryCat' => 1,
+ 'ItemPrefix' => $this->Prefix,
+ 'Filename' => $this->GetDBField('Filename'),
+ );
+ $this->Conn->doInsert($fields_hash, $this->CategoryItemsTable());
}
return $ret;
}
@@ -69,15 +66,33 @@
$ret = parent::Update($id, $system_update);
if ($ret) {
- $table = $this->Application->IsTempTable($this->TableName) ? $this->Application->GetTempName(TABLE_PREFIX.'CategoryItems') : TABLE_PREFIX.'CategoryItems';
$filename = $this->useFilenames ? $this->GetDBField('Filename') : '';
- $this->Conn->Query('UPDATE '.$table.' SET Filename = '.$this->Conn->qstr($filename).' WHERE ItemResourceId = '.$this->GetDBField('ResourceId'));
+ $sql = 'UPDATE '.$this->CategoryItemsTable().'
+ SET Filename = '.$this->Conn->qstr($filename).'
+ WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
+ $this->Conn->Query($sql);
}
unset($this->VirtualFields['ResourceId']);
return $ret;
}
+ /**
+ * Returns CategoryItems table based on current item mode (temp/live)
+ *
+ * @return string
+ */
+ function CategoryItemsTable()
+ {
+ $table = TABLE_PREFIX.'CategoryItems';
+ if ($this->Application->IsTempTable($this->TableName)) {
+ $table = $this->Application->GetTempName($table);
+ }
+
+ return $table;
+ }
+
+
function checkFilename()
{
if( !$this->GetDBField('AutomaticFilename') )
@@ -147,7 +162,7 @@
}
// We need to delete CategoryItems record when deleting product
- function Delete($id=null)
+ function Delete($id = null)
{
if( isset($id) ) {
$this->setID($id);
@@ -156,7 +171,8 @@
$ret = parent::Delete();
if ($ret) {
- $query = 'DELETE FROM '.TABLE_PREFIX.'CategoryItems WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
+ $query = ' DELETE FROM '.$this->CategoryItemsTable().'
+ WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
$this->Conn->Query($query);
}
Index: branches/unlabeled/unlabeled-1.13.2/core/units/config_search/config_search_event_handler.php
===================================================================
diff -u -r4760 -r5858
--- branches/unlabeled/unlabeled-1.13.2/core/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 4760)
+++ branches/unlabeled/unlabeled-1.13.2/core/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 5858)
@@ -60,7 +60,7 @@
}
/**
- * Enter description here...
+ * [HOOK] Enter description here...
*
* @param kEvent $event
*/
@@ -75,12 +75,11 @@
$object =& $event->getObject( Array('skip_autoload' => true) );
$custom_id = $custom_field->GetID();
- if ($custom_id) {
+ if ($object->GetDBField('CustomFieldId') != $custom_id) {
$object->Load($custom_id, 'CustomFieldId');
- $object->SetDBField('CustomFieldId', $custom_id); // for cloning only
}
-
- $cf_search = Array();
+
+ $cf_search = Array();
$cf_search['DisplayOrder'] = $custom_field->GetDBField('DisplayOrder');
$cf_search['ElementType'] = $custom_field->GetDBField('ElementType');
$cf_search['DisplayName'] = $custom_field->GetDBField('FieldLabel');
@@ -96,6 +95,7 @@
$cf_search['ModuleName'] = $this->Conn->GetOne($sql);
$object->SetFieldsFromHash($cf_search);
+ $object->SetDBField('CustomFieldId', $custom_id);
$result = $object->isLoaded() ? $object->Update() : $object->Create();
}
Index: branches/unlabeled/unlabeled-1.4.2/kernel/units/stylesheets/stylesheets_event_handler.php
===================================================================
diff -u -r5560 -r5858
--- branches/unlabeled/unlabeled-1.4.2/kernel/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 5560)
+++ branches/unlabeled/unlabeled-1.4.2/kernel/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 5858)
@@ -4,7 +4,7 @@
{
/**
- * Compile stylesheet file based on theme definitions
+ * [HOOK] Compile stylesheet file based on theme definitions
*
* @param kEvent $event
*/
Index: branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php
===================================================================
diff -u -r5516 -r5858
--- branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5516)
+++ branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5858)
@@ -130,7 +130,7 @@
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
- $perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
+ $perm_mapping = Array('add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY', 'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW');
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
@@ -142,8 +142,6 @@
$id = $event_handler->getPassedID($event);
}
- $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
@@ -155,19 +153,26 @@
}
else {
// item being edited -> check by it's primary category permissions
- $sql = 'SELECT ci.CategoryId
+ $sql = 'SELECT ci.CategoryId, main_table.CreatedById
FROM '.$table_name.' main_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
- $category_id = $this->Conn->GetOne($sql);
+ $item_info = $this->Conn->GetRow($sql);
+ $category_id = $item_info['CategoryId'];
+ $owner_id = $item_info['CreatedById'];
}
- if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
+ $item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+
+ if (substr($event->Name, 0, 9) == 'OnPreSave') {
if ($event_handler->isNewItemCreate($event)) {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id);
}
else {
- return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) ||
+ $this->CheckPermission($item_prefix.'.ADD.PENDING', 0, $category_id) ||
+ $this->ModifyCheckPermission($owner_id, $category_id, $top_prefix);
}
}
@@ -349,9 +354,7 @@
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
- $cat_hierarchy = explode('|', $cat_hierarchy);
- array_shift($cat_hierarchy);
- array_pop($cat_hierarchy);
+ $cat_hierarchy = explode('|', substr($cat_hierarchy, 1, -1));
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
@@ -372,6 +375,40 @@
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
+
+ /**
+ * Allows to check MODIFY & OWNER.MODFY +/- PENDING permission combinations on item
+ *
+ * @param int $owner_id user_id, that is owner of the item
+ * @param int $category_id primary category of item
+ * @param string $prefix prefix of item
+ * @return int {0 - no MODIFY permission, 1 - has MODIFY permission, 2 - has MODIFY.PENDING permission}
+ */
+ function ModifyCheckPermission($owner_id, $category_id, $prefix)
+ {
+ $perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
+
+ $live_modify = $this->CheckPermission($perm_prefix.'.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+
+ if ($owner_id == $this->Application->GetVar('u_id')) {
+ // user is item's OWNER -> check this permissions first
+ $live_modify = $this->CheckPermission($perm_prefix.'.OWNER.MODIFY', ptCATEGORY, $category_id);
+ if ($live_modify) {
+ return 1;
+ }
+ else if ($this->CheckPermission($perm_prefix.'.OWNER.MODIFY.PENDING', ptCATEGORY, $category_id)) {
+ return 2;
+ }
+ }
+
+ return 0;
+ }
}
?>
\ No newline at end of file
Index: branches/unlabeled/unlabeled-1.18.2/core/kernel/db/dblist.php
===================================================================
diff -u -r5845 -r5858
--- branches/unlabeled/unlabeled-1.18.2/core/kernel/db/dblist.php (.../dblist.php) (revision 5845)
+++ branches/unlabeled/unlabeled-1.18.2/core/kernel/db/dblist.php (.../dblist.php) (revision 5858)
@@ -417,8 +417,8 @@
if (!empty($group)) $q .= ' GROUP BY ' . $group;
if (!empty($having)) $q .= ' HAVING ' . $having;
if ( !$for_counting && !empty($order) ) $q .= ' ORDER BY ' . $order;
-
- return str_replace('%1$s',$this->TableName,$q);
+
+ return $this->replaceModePrefix( str_replace('%1$s', $this->TableName, $q) );
}
/**
Index: branches/unlabeled/unlabeled-1.32.2/kernel/units/general/cat_dbitem.php
===================================================================
diff -u -r5820 -r5858
--- branches/unlabeled/unlabeled-1.32.2/kernel/units/general/cat_dbitem.php (.../cat_dbitem.php) (revision 5820)
+++ branches/unlabeled/unlabeled-1.32.2/kernel/units/general/cat_dbitem.php (.../cat_dbitem.php) (revision 5858)
@@ -29,7 +29,7 @@
$this->SetDBField('ResourceId', $this->Application->NextResourceId());
$this->SetDBField('Modified', adodb_mktime() );
- if ($this->mode != 't') {
+ if ($this->mode != 't' && !$this->Application->IsAdmin()) {
$this->SetDBField('CreatedById', $this->Application->GetVar('u_id'));
}
@@ -39,18 +39,15 @@
}
$ret = parent::Create();
- if($ret)
- {
- if ( $this->Application->IsTempTable($this->TableName) ) {
- $table = $this->Application->GetTempName(TABLE_PREFIX.'CategoryItems');
- }
- else {
- $table = TABLE_PREFIX.'CategoryItems';
- }
- $cat_id = $this->Application->GetVar('m_cat_id');
- $query = 'INSERT INTO '.$table.' (CategoryId,ItemResourceId,PrimaryCat,ItemPrefix,Filename)
- VALUES ('.$cat_id.','.$this->GetField('ResourceId').',1,'.$this->Conn->qstr($this->Prefix).','.$this->Conn->qstr($this->GetDBField('Filename')).')';
- $this->Conn->Query($query);
+ if ($ret) {
+ $fields_hash = Array(
+ 'CategoryId' => $this->Application->GetVar('m_cat_id'),
+ 'ItemResourceId' => $this->GetField('ResourceId'),
+ 'PrimaryCat' => 1,
+ 'ItemPrefix' => $this->Prefix,
+ 'Filename' => $this->GetDBField('Filename'),
+ );
+ $this->Conn->doInsert($fields_hash, $this->CategoryItemsTable());
}
return $ret;
}
@@ -69,15 +66,33 @@
$ret = parent::Update($id, $system_update);
if ($ret) {
- $table = $this->Application->IsTempTable($this->TableName) ? $this->Application->GetTempName(TABLE_PREFIX.'CategoryItems') : TABLE_PREFIX.'CategoryItems';
$filename = $this->useFilenames ? $this->GetDBField('Filename') : '';
- $this->Conn->Query('UPDATE '.$table.' SET Filename = '.$this->Conn->qstr($filename).' WHERE ItemResourceId = '.$this->GetDBField('ResourceId'));
+ $sql = 'UPDATE '.$this->CategoryItemsTable().'
+ SET Filename = '.$this->Conn->qstr($filename).'
+ WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
+ $this->Conn->Query($sql);
}
unset($this->VirtualFields['ResourceId']);
return $ret;
}
+ /**
+ * Returns CategoryItems table based on current item mode (temp/live)
+ *
+ * @return string
+ */
+ function CategoryItemsTable()
+ {
+ $table = TABLE_PREFIX.'CategoryItems';
+ if ($this->Application->IsTempTable($this->TableName)) {
+ $table = $this->Application->GetTempName($table);
+ }
+
+ return $table;
+ }
+
+
function checkFilename()
{
if( !$this->GetDBField('AutomaticFilename') )
@@ -147,7 +162,7 @@
}
// We need to delete CategoryItems record when deleting product
- function Delete($id=null)
+ function Delete($id = null)
{
if( isset($id) ) {
$this->setID($id);
@@ -156,7 +171,8 @@
$ret = parent::Delete();
if ($ret) {
- $query = 'DELETE FROM '.TABLE_PREFIX.'CategoryItems WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
+ $query = ' DELETE FROM '.$this->CategoryItemsTable().'
+ WHERE ItemResourceId = '.$this->GetDBField('ResourceId');
$this->Conn->Query($query);
}
Index: branches/unlabeled/unlabeled-1.7.2/core/admin_templates/stylesheets/stylesheets_list.tpl
===================================================================
diff -u -r5290 -r5858
--- branches/unlabeled/unlabeled-1.7.2/core/admin_templates/stylesheets/stylesheets_list.tpl (.../stylesheets_list.tpl) (revision 5290)
+++ branches/unlabeled/unlabeled-1.7.2/core/admin_templates/stylesheets/stylesheets_list.tpl (.../stylesheets_list.tpl) (revision 5858)
@@ -63,7 +63,7 @@
-