1
0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 11:50:30 +02:00

EONE-20 (Bug)

This commit is contained in:
secretr
2010-03-11 11:56:23 +00:00
parent 6a3c400f54
commit 868ec3466e
3 changed files with 133 additions and 95 deletions

View File

@@ -2,16 +2,14 @@
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Copyright (C) 2008-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - User classes
*
* $Source: /cvs_backup/e107_0.8/e107_admin/userclass2.php,v $
* $Revision$
* $Date$
* $Author$
* $URL$
* $Id$
*
*/
@@ -49,42 +47,52 @@ $uc = new uclass_manager;
$message = '';
/**
* @todo user_class::isEditableClass() thinks public (0) is editable?!
* @param integer $class_id
* @param boolean $redirect
* @return boolean
*/
function check_allowed($class_id, $redirect = true)
{
$e107 = e107::getInstance();
if (!isset($e107->user_class->class_tree[$class_id]))
$uc = e107::getUserClass();
if (!isset($uc->class_tree[$class_id]) || (!getperms('0') && !check_class($uc->class_tree[$class_id]['userclass_editclass'])))
{
if(!$redirect) return false;
header('location:'.SITEURL);
exit;
}
if (!getperms('0') && !check_class($e107->user_class->class_tree[$class_id]['userclass_editclass']))
// fix public (0) case here for now
if(!$class_id || !$uc->isEditableClass($class_id))
{
if(!$redirect) return false;
header("location:".SITEURL);
e107::getMessage()->addSession('You can\'t edit system user classes!', E_MESSAGE_ERROR);
header('location:'.e_SELF);
exit;
}
return true;
}
if (e_QUERY)
{
$uc_qs = explode(".", e_QUERY);
// BC - SO MUCH BAD, never do this at home!!!
if(isset($_GET['action']))
{
$uc_qs = array($_GET['action'], $_GET['id']);
}
else $uc_qs = explode(".", e_QUERY);
}
$action = varset($uc_qs[0]);
$params = varset($uc_qs[1],'');
e107::setRegistry('pageParams', $uc_qs);
//AJAX request check is already made by the API
if(e_AJAX_REQUEST)
{
$class_num = intval(varset($uc_qs[2],0));
if(!$class_num && isset($_POST['edit']))
{
$params = 'edit';
$class_num = intval(varset($_POST['existing'],0));
}
if ($params == 'edit')
$class_num = intval($params);
if ($action == 'edit')
{
require_once(e_HANDLER.'js_helper.php');
$jshelper = new e_jshelper();
@@ -93,7 +101,7 @@ if(e_AJAX_REQUEST)
//This will raise an error
//'Access denied' is the message which will be thrown
//by the JS AJAX handler
e_jshelper::sendAjaxError('403', 'Access denied. Form update failed!');
e_jshelper::sendAjaxError('403', 'Access denied. '.UCSLAN_90);
}
elseif($sql->db_Select('userclass_classes', '*', "userclass_id='".$class_num."' "))
{
@@ -121,24 +129,18 @@ if(e_AJAX_REQUEST)
$jshelper->addResponseAction('element-invoke-by-id', array('hide' => 'userclass_type_groups', 'show' => 'userclass_type_standard'));
}
unset($row['userclass_accum']);
$row['createclass'] = UCSLAN_14; //update the submit button value
$row['existing'] = $class_num; //required when user tree is clicked
//icon
$row['iconview'] = $row['userclass_icon'] ? e_IMAGE_ABS.'userclasses/'.$row['userclass_icon'] : e_IMAGE_ABS."generic/blank.gif";
$row['uc_icon_select'] = $row['userclass_icon']; //icons select box
//Send the prefered response type
//$jshelper->sendJSONResponse('fill-form', $row);
$jshelper->addResponseAction('fill-form', $row);
$jshelper->sendResponse('XML');
// $jshelper->sendResponse('JSON'); - another option (tested) - faster transfer!
}
else
{
e_jshelper::sendAjaxError('500', 'Database read error!');
}
exit;
}
exit;
}
/*
@@ -342,7 +344,7 @@ if(!e_QUERY || $action == 'list')
$uc->show_existing();
}
if(varset($_GET['id']) && varset($_GET['action'])=='edit')
if(isset($_GET['id']) && $_GET['action'] == 'edit')
{
$action = 'config';
$_POST['existing'] = $_GET['id'];
@@ -494,10 +496,6 @@ if($params == 'edit')
// $text .= "&nbsp;&nbsp;<input class='button' type='submit' id='updatecancel' name='updatecancel' value='".LAN_CANCEL."' />";
$text .= "
<input type='hidden' name='userclass_id' value='{$userclass_id}' />
<script type='text/javascript'>
//just in case...
\$('updatecancel').show();
</script>
";
}
else
@@ -809,12 +807,13 @@ function userclass2_adminlog($msg_num='00', $woffle='')
function userclass2_adminmenu()
{
if (e_QUERY)
{
$tmp = explode(".", e_QUERY);
// $action = $tmp[0];
}
$action = varsettrue($tmp[0],'list');
$tmp = array();
if (e_QUERY)
{
$tmp = explode(".", e_QUERY);
}
$action = vartrue($tmp[0],'list');
if(isset($_GET['action']) && 'edit' == $_GET['action']) $action = 'config';
$var['list']['text'] = LAN_MANAGE;
$var['list']['link'] = 'userclass2.php';
@@ -832,24 +831,24 @@ function userclass2_adminmenu()
$var['initial']['text'] = UCSLAN_38;
$var['initial']['link'] ='userclass2.php?initial';
if (check_class(e_UC_MAINADMIN))
{
$var['options']['text'] = UCSLAN_50;
$var['options']['link'] ='userclass2.php?options';
if (defined('UC_DEBUG_OPTS'))
if (check_class(e_UC_MAINADMIN))
{
$var['debug']['text'] = UCSLAN_27;
$var['debug']['link'] ='userclass2.php?debug';
$var['options']['text'] = UCSLAN_50;
$var['options']['link'] ='userclass2.php?options';
$var['test']['text'] = 'Test functions';
$var['test']['link'] ="userclass2.php?test";
if (defined('UC_DEBUG_OPTS'))
{
$var['debug']['text'] = UCSLAN_27;
$var['debug']['link'] ='userclass2.php?debug';
$var['specials']['text'] = 'Special tests';
$var['specials']['link'] ="userclass2.php?special";
$var['test']['text'] = 'Test functions';
$var['test']['link'] ="userclass2.php?test";
$var['specials']['text'] = 'Special tests';
$var['specials']['link'] ="userclass2.php?special";
}
}
}
show_admin_menu(UCSLAN_51, $action, $var);
show_admin_menu(UCSLAN_51, $action, $var);
}
@@ -935,6 +934,7 @@ require_once('footer.php');
function headerjs()
{
$params = e107::getRegistry('pageParams');
/*
* e107Ajax.fillForm demonstration
* Open Firebug console for Ajax transaction details
@@ -942,35 +942,62 @@ function headerjs()
*/
$script_js = "<script type=\"text/javascript\">
//<![CDATA[
";
//Click observer
document.observe('click', (function(event){
var target = (event.findElement('a.userclass_edit') || event.findElement('input#edit'));
if (target) {
event.stop();
// Edit mode only
if($params[0] == 'edit')
{
$script_js .= "
e107.runOnLoad( function() {
document.observe('click', (function(event){
var target = event.findElement('a.userclass_edit');
if (target) {
event.stop();
//show cancel button in edit mod only
\$('updatecancel').show();
// non-editable user class
if('#' == target.readAttribute('href')) return;
//If link is clicked use it's href as a target
$('classForm').fillForm($(document.body), { handler: target.readAttribute('href') });
}
}));
//If link is clicked use it's href as a target
$('classForm').fillForm($(document.body), { handler: target.readAttribute('href') });
}
}));
});
//Observe fillForm errors
e107Event.register('ajax_fillForm_error', function(transport) {
//memo.error object contains the error message
//error handling will be extended in the near future
alert(transport.memo.error.message);
});
//run on e107 init finished (dom is loaded)
e107.runOnLoad( function() {
\$('updatecancel').hide(); //hide cancel button onload
});
/*//Click observer
document.observe('click', (function(event){
var target = (event.findElement('a.userclass_edit') || event.findElement('input#edit'));
if (target) {
event.stop();
//Observe fillForm errors
e107Event.register('ajax_fillForm_error', function(transport) {
//memo.error object contains the error message
//error handling will be extended in the near future
alert(transport.memo.error.message);
});
//show cancel button in edit mod only
\$('updatecancel').show();
//If link is clicked use it's href as a target
$('classForm').fillForm($(document.body), { handler: target.readAttribute('href') });
}
}));
//run on e107 init finished (dom is loaded)
e107.runOnLoad( function() {
\$('updatecancel').hide(); //hide cancel button onload
});
//Observe fillForm errors
e107Event.register('ajax_fillForm_error', function(transport) {
//memo.error object contains the error message
//error handling will be extended in the near future
alert(transport.memo.error.message);
});*/
";
}
$script_js .= "
function setGroupStatus(dropdown)
{
var temp1 = document.getElementById('userclass_type_standard');
@@ -990,12 +1017,11 @@ function setGroupStatus(dropdown)
//]]>
</script>\n";
if (!e_QUERY) return $script_js;
$qs = explode('.',e_QUERY);
if ($qs[0] != 'membs') return $script_js;
if ($params[0] != 'membs') return $script_js;
// We only want this JS on the class membership selection page
// XXX memebs action is deprecated now, remove this script?
$script_js .= "<script type=\"text/javascript\">
//<![CDATA[
// Inspiration (and some of the code) from a script by Sean Geraty - Web Site: http://www.freewebs.com/sean_geraty/

View File

@@ -8,14 +8,12 @@
*
* User class functions
*
* $Source: /cvs_backup/e107_0.8/e107_handlers/userclass_class.php,v $
* $Revision$
* $Date$
* $Author$
* $URL$
* $Id$
*/
/**
*
*
* @package e107
* @subpackage e107_handlers
* @version $Id$;
@@ -49,7 +47,7 @@ define('e_UC_BOTS',246); // Reserved to identify search bots
define('e_UC_SPECIAL_BASE',243); // Assign class IDs 243 and above for fixed/special purposes
define('e_UC_SPECIAL_END',255); // Highest 'special' class
define('UC_ICON_DIR',e_IMAGE.'generic/'); // Directory for the icons used in the admin tree displays
define('UC_ICON_DIR',e_IMAGE_ABS.'generic/'); // Directory for the icons used in the admin tree displays
define('e_UC_BLANK','-1');
define('UC_TYPE_STD', '0');
@@ -57,9 +55,10 @@ define('UC_TYPE_GROUP', '1');
define('UC_CACHE_TAG', 'nomd5_classtree');
// FIXME - get rid of deprecated 'var' declarations, decide what should be public and what protected
class user_class
{
var $class_tree; // Simple array, filled with current tree. Additional field class_children is an array of child user classes (by ID)
public $class_tree; // Simple array, filled with current tree. Additional field class_children is an array of child user classes (by ID)
var $class_parents; // Array of class IDs of 'parent' (i.e. top level) classes
var $fixed_classes = array(); // The 'predefined' core classes (constants beginning 'e_UC_')
@@ -238,7 +237,7 @@ class user_class
/**
/**
* Combines the selected editable classes into the main class list for a user.
* @param array|string $combined - the complete list of current class memberships
* @param array|string $possible - the classes which are being edited
@@ -406,7 +405,7 @@ class user_class
/**
/**
* Generate an ordered array classid=>classname - used for dropdown and check box lists
*
* @param string $optlist - comma-separated list of classes/class types to include (see uc_dropdown for details)
@@ -834,7 +833,7 @@ class user_class
********* NOT TESTED **********
*
***** NOT SURE WHETHER THIS IS REALLY A USER OR A USER CLASS FUNCTION *****
* @param string $classList - comma separated list of classes
* @param string $classList - comma separated list of classes
* @param string $fieldList - comma separated list of fields to be returned. `user_id` is always returned as the key of the array entry
* @param boolean $includeAncestors - if TRUE, also looks for classes in the hierarchy; otherwise checks exactly the classes passed
* @param string $orderBy - optional field name to define the order of entries in the results array
@@ -861,7 +860,7 @@ class user_class
//========================================================================
// Functions from previous userclass_class handler
//========================================================================
// Implemented for backwards compatibility/convenience.
// Implemented for backwards compatibility/convenience.
// ************** DEPRECATED - use new class-based functions
// Refer to the corresponding class-based functions for full details
@@ -1020,7 +1019,7 @@ class user_class_admin extends user_class
}
/*
/*
* Internal function, called recursively to rebuild the permissions tree where rights increase going down the tree
* If the permissions change, sets the 'change_flag' to force rewrite to DB (by other code)
* @param integer $parent is the class number being processed.
@@ -1187,7 +1186,18 @@ class user_class_admin extends user_class
if ($this->graph_debug) $name_line .= "[vis:".$this->class_tree[$listnum]['userclass_visibility'].", edit:".$this->class_tree[$listnum]['userclass_editclass']."] = ".$this->class_tree[$listnum]['userclass_accum']." Children: ".implode(',',$this->class_tree[$listnum]['class_children']);
// Next (commented out) line gives a 'conventional' link
//$ret .= "<img src='".UC_ICON_DIR."topicon.png' alt='class icon' /><a style='text-decoration: none' class='userclass_edit' href='".e_ADMIN_ABS."userclass2.php?config.edit.{$this->class_tree[$listnum]['userclass_id']}'>".$name_line."</a></div>";
$ret .= "<img src='".UC_ICON_DIR."topicon.png' alt='class icon' /><a style='text-decoration: none' class='userclass_edit' href='".e_SELF."?action=edit&amp;id={$this->class_tree[$listnum]['userclass_id']}'>".$name_line."</a></div>";
if($this->isEditableClass($this->class_tree[$listnum]['userclass_id']))
{
$url = e_SELF.'?action=edit&amp;id='.$this->class_tree[$listnum]['userclass_id'];
$onc = '';
}
else
{
$url = '#';
$onc = " onclick=\"alert('".str_replace("'", "\\'", (stripslashes(UCSLAN_90)))."'); return false;\"";
}
$ret .= "<img src='".UC_ICON_DIR."topicon.png' alt='class icon' /><a style='text-decoration: none' class='userclass_edit'{$onc} href='{$url}'>".$name_line."</a></div>";
//$ret .= "<img src='".UC_ICON_DIR."topicon.png' alt='class icon' />
//<span style='cursor:pointer; vertical-align: bottom' onclick=\"javascript: document.location.href='".e_ADMIN."userclass2.php?config.edit.{$this->class_tree[$listnum]['userclass_id']}'\">".$name_line."</span></div>";
// vertical-align: middle doesn't work! Nor does text-top
@@ -1223,16 +1233,18 @@ class user_class_admin extends user_class
/** Create graphical class tree, including clickable liks to expand/contract branches.
* @param boolean $show_debug - TRUE to display additional information against each class
* @return string - text for display
/**
* Create graphical class tree, including clickable links to expand/contract branches.
* @param boolean $show_debug - TRUE to display additional information against each class
* @return string - text for display
*/
public function show_graphical_tree($show_debug=FALSE)
{
$this->graph_debug = $show_debug;
$indent_images = array();
$ret = "<div class='uclass_tree' style='height:16px'>
$ret = "
<div class='uclass_tree' style='height:16px'>
<img src='".UC_ICON_DIR."topicon.png' alt='class icon' style='vertical-align: bottom' />
<span style='top:3px'></span>
</div>"; // Just a generic icon here to provide a visual anchor

View File

@@ -98,7 +98,7 @@ define('UCSLAN_86', 'Some settings not allowed for admin classes - they have bee
define('UCSLAN_87', 'Recently joined users');
define('UCSLAN_88', 'Identified search bots');
define('UCSLAN_89', 'Checked classes are members of the group');
define('UCSLAN_90', '');
define('UCSLAN_90', 'You can\'t edit system user classes!');
define('UCSLAN_91', '');