Commit d925549a authored by sylvieg's avatar sylvieg

[FIX]perm: give the info about the object to get_perm_object to check special perms

parent 8f410062
......@@ -69,7 +69,7 @@ class Comp_wiki {
switch($for) {
case 'view':
$wiki_page_name=$this->mypagewin->getParam('config');
$ps = $tikilib->get_perm_object($wiki_page_name, 'wiki page', false);
$ps = $tikilib->get_perm_object($wiki_page_name, 'wiki page', '', false);
return (isset($ps['tiki_p_view']) && ($ps['tiki_p_view'] == 'y'));
default:
return false;
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/lib/mypage/mypagelib.php,v 1.83 2007-10-08 14:41:28 niclone Exp $
// $Header: /cvsroot/tikiwiki/tiki/lib/mypage/mypagelib.php,v 1.84 2007-10-10 17:44:39 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
......@@ -334,7 +334,7 @@ class MyPage {
$res=$tikilib->query($query, $r, $limit, $offset);
while ($line = $res->fetchRow()) {
// $line['perms'] = $tikilib->get_perm_object($line['id'], 'mypage', false);
// $line['perms'] = $tikilib->get_perm_object($line['id'], 'mypage', '', false);
$pages[]=$line;
}
......@@ -434,7 +434,7 @@ class MyPage {
$this->id=0;
return $this->lasterror=new MyError(MYERROR_ENOENT, "MyPage not found");
}
$this->perms = $tikilib->get_perm_object($this->id, 'mypage', false);
$this->perms = $tikilib->get_perm_object($this->id, 'mypage', '', false);
// if ($this->perms['tiki_p_view_mypage'] != 'y' && !($this->perms['tiki_p_edit_own_mypage'] == 'y' && $this->id_users == $this->getParam('id_users'))) {
// return $this->lasterror=new MyError(MYERROR_EACCESS, tra('You do not have permissions to view the page'));
// }
......
<?php
// CVS: $Id: structlib.php,v 1.91 2007-10-05 15:14:34 sylvieg Exp $
// CVS: $Id: structlib.php,v 1.92 2007-10-10 17:44:42 sylvieg Exp $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER['SCRIPT_NAME'],basename(__FILE__)) !== false) {
header('location: index.php');
......@@ -246,7 +246,8 @@ class StructLib extends TikiLib {
$aux['flag'] = 'L';
$aux['user'] = $is_locked;
}
$perms = $tikilib->get_perm_object($struct_info['pageName'], 'wiki page', false);
$perms = $tikilib->get_perm_object($struct_info['pageName'], 'wiki page', '', false);
$aux['editable'] = $perms['tiki_p_edit'];
$aux['viewable'] = $perms['tiki_p_view'];
$ret[] = $aux;
......
<?php
// CVS: $Id: tikilib.php,v 1.793 2007-10-07 20:13:29 nyloth Exp $
// CVS: $Id: tikilib.php,v 1.794 2007-10-10 17:44:38 sylvieg Exp $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__)) !== false) {
header("location: index.php");
......@@ -3763,7 +3763,7 @@ function add_pageview() {
* TODO: all the objectType
* global = true set the global perm and smarty var, otherwise return an array of perms
*/
function get_perm_object($objectId, $objectType, $global=true) {
function get_perm_object($objectId, $objectType, $info='', $global=true) {
global $tiki_p_admin, $user, $feature_categories, $userlib, $smarty;
$ret = array();
if (empty($objectId)) {
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/lib/wiki-plugins/wikiplugin_trackerlist.php,v 1.37 2007-07-11 14:22:14 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/lib/wiki-plugins/wikiplugin_trackerlist.php,v 1.38 2007-10-10 17:44:43 sylvieg Exp $
//
// TODO :
// ----------
......@@ -23,9 +23,10 @@ function wikiplugin_trackerlist($data, $params) {
} else {
$smarty->assign('trackerId', $trackerId);
$tracker_info = $trklib->get_tracker($trackerId);
if ($tiki_p_admin != 'y') {
$perms = $tikilib->get_perm_object($trackerId, 'tracker', false);
$perms = $tikilib->get_perm_object($trackerId, 'tracker', $tracker_info, false);
if ($perms['tiki_p_view_trackers'] != 'y')
return;
$smarty->assign_by_ref('perms', $perms);
......@@ -39,7 +40,6 @@ function wikiplugin_trackerlist($data, $params) {
$listfields = split(':',$fields);
}
$tracker_info = $trklib->get_tracker($trackerId);
if ($t = $trklib->get_tracker_options($trackerId))
$tracker_info = array_merge($tracker_info, $t);
$smarty->assign_by_ref('tracker_info', $tracker_info);
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-editpage.php,v 1.177 2007-10-05 15:40:00 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-editpage.php,v 1.178 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -548,7 +548,7 @@ $smarty->assign('show_page','n');
$smarty->assign('comments_show','n');
// Permissions
$tikilib->get_perm_object($page, 'wiki page', true);
$tikilib->get_perm_object($page, 'wiki page', $info, true);
if (!( $tiki_p_edit == 'y' || ($wiki_creator_admin == 'y' && $user && $info['creator'] == $user) || $isUserPage )) {
$smarty->assign('msg', tra("Permission denied you cannot edit this page"));
$smarty->display("error.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-file_archives.php,v 1.7 2007-03-20 21:05:52 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-file_archives.php,v 1.8 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -20,7 +20,9 @@ if (empty($_REQUEST['fileId']) || !($fileInfo = $filegallib->get_file_info($_REQ
die;
}
$tikilib->get_perm_object($fileInfo['galleryId'], 'file gallery', true);
$gal_info = $tikilib->get_file_gallery($fileInfo['galleryId']);
$tikilib->get_perm_object($fileInfo['galleryId'], 'file gallery', $gal_info, true);
if (!($tiki_p_admin_file_galleries == 'y' || $tiki_p_view_file_gallery == 'y')) {
$smarty->assign('msg', tra("Permission denied you cannot edit this file"));
......@@ -28,8 +30,6 @@ if (!($tiki_p_admin_file_galleries == 'y' || $tiki_p_view_file_gallery == 'y'))
die;
}
$gal_info = $tikilib->get_file_gallery($fileInfo['galleryId']);
if (!empty($_REQUEST['remove'])) {
check_ticket('list-archives');
if (!($removeInfo = $filegallib->get_file_info($_REQUEST['remove']))) {
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-file_galleries.php,v 1.53 2007-09-21 16:12:55 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-file_galleries.php,v 1.54 2007-10-10 17:44:37 sylvieg Exp $
require_once('tiki-setup.php');
include_once('lib/filegals/filegallib.php');
......@@ -12,9 +12,12 @@
if(!isset($_REQUEST["galleryId"])) {
$_REQUEST["galleryId"]=0;
$info = '';
} else {
$info = $filegallib->get_file_gallery_info($_REQUEST["galleryId"]);
}
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', true);
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', $info, true);
if ((isset($tiki_p_list_file_galleries) && $tiki_p_list_file_galleries != 'y') || (!isset($tiki_p_list_file_galleries) && $tiki_p_view_file_gallery != 'y')) {
$smarty->assign('msg',tra("Permission denied you cannot view this section"));
......@@ -114,7 +117,6 @@
$smarty->assign('edit_mode','y');
$smarty->assign('edited','y');
if($_REQUEST["galleryId"]>0) {
$info = $filegallib->get_file_gallery_info($_REQUEST["galleryId"]);
//$smarty->assign_by_ref('theme',$info["theme"]);
$smarty->assign_by_ref('name',$info["name"]);
......@@ -180,7 +182,6 @@
}
// If the user can create a gallery then check if he can edit THIS gallery
if($_REQUEST["galleryId"]>0) {
$info = $filegallib->get_file_gallery_info($_REQUEST["galleryId"]);
if(!$user || $info["user"]!=$user) {
$smarty->assign('msg',tra("Permission denied you cannot edit this gallery"));
$smarty->display("error.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-index.php,v 1.193 2007-10-05 14:12:17 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-index.php,v 1.194 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -240,7 +240,7 @@ if($wiki_creator_admin == 'y') {
require_once('tiki-pagesetup.php');
$tikilib->get_perm_object($page, 'wiki page', true);
$tikilib->get_perm_object($page, 'wiki page', $info, true);
// Now check permissions to access this page
if($tiki_p_view != 'y') {
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-list_file_gallery.php,v 1.46 2007-08-29 14:15:26 sept_7 Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-list_file_gallery.php,v 1.47 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -37,7 +37,7 @@ $podCastGallery = $filegallib->isPodCastGallery($_REQUEST['galleryId'], $gal_inf
$smarty->assign('individual', 'n');
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', true);
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', $gal_info, true);
if ($userlib->object_has_one_permission($_REQUEST["galleryId"], 'file gallery')) {
$smarty->assign('individual', 'y');
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-upload_file.php,v 1.63 2007-09-20 20:03:51 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-upload_file.php,v 1.64 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -30,9 +30,10 @@ if (!empty($_REQUEST['fileId'])) {
$smarty->display('error.tpl');
die;
}
$gal_info = $tikilib->get_file_gallery((int)$_REQUEST["galleryId"]);
}
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', true);
$tikilib->get_perm_object($_REQUEST["galleryId"], 'file gallery', $gal_info, true);
if (!empty($_REQUEST['galleryId'])) { // perms of the gallery can overwrite general perms
$smarty->assign('individual', 'n');
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-view_tracker.php,v 1.137 2007-10-10 12:57:33 sylvieg Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-view_tracker.php,v 1.138 2007-10-10 17:44:37 sylvieg Exp $
// Copyright (c) 2002-2007, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -34,7 +34,14 @@ if (!isset($_REQUEST["trackerId"])) {
die;
}
$tikilib->get_perm_object($trackerId, 'tracker');
$tracker_info = $trklib->get_tracker($_REQUEST["trackerId"]);
if (empty($tracker_info)) {
$smarty->assign('msg', tra("No tracker indicated"));
$smarty->display("error.tpl");
die;
}
$tikilib->get_perm_object($trackerId, 'tracker', $tracker_info);
if (!empty($_REQUEST['show']) && $_REQUEST['show'] == 'view') {
$cookietab = '1';
......@@ -74,12 +81,6 @@ if (isset($_REQUEST['my'])) {
}
}
$tracker_info = $trklib->get_tracker($_REQUEST["trackerId"]);
if (empty($tracker_info)) {
$smarty->assign('msg', tra("No tracker indicated"));
$smarty->display("error.tpl");
die;
}
if ($t = $trklib->get_tracker_options($_REQUEST["trackerId"]))
$tracker_info = array_merge($tracker_info,$t);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment