X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=RooTrait.php;h=3f0f4d4f4a677c5d6f0f51d7c9bf31aba8a03f36;hb=81f602e2c25f2b9baf5c0a4b56e4ec614f410909;hp=26057e6d88ae95a26527a8f348545d553676ddcd;hpb=19b401db854fe3dc887cc57d594f6d16173a67c6;p=Pman.Core diff --git a/RooTrait.php b/RooTrait.php index 26057e6d..3f0f4d4f 100644 --- a/RooTrait.php +++ b/RooTrait.php @@ -68,15 +68,6 @@ trait Pman_Core_RooTrait { } - function checkDebugPost() - { - return (!empty($_GET['_post']) || !empty($_GET['_debug_post'])) && - $this->authUser && - method_exists($this->authUser,'groups') && - in_array('Administrators', $this->authUser->groups('name')); - - } - function dataObject($tab) { if (is_array($this->validTables) && !in_array($tab, $this->validTables)) { @@ -94,262 +85,265 @@ trait Pman_Core_RooTrait { return $x; } - /* - * From Pman.php - */ - - static $permitError = false; - - function onPearError($err) + function selectSingle($x, $id, $req=false) { - static $reported = false; - if ($reported) { - return; - } - - if (Pman::$permitError) { - - return; + $_columns = !empty($req['_columns']) ? explode(',', $req['_columns']) : false; + + if (!is_array($id) && empty($id)) { - } - - $reported = true; - $out = $err->toString(); - - $ret = array(); - $n = 0; - - foreach($err->backtrace as $b) { - $ret[] = @$b['file'] . '(' . @$b['line'] . ')@' . @$b['class'] . '::' . @$b['function']; - if ($n > 20) { - break; + if (method_exists($x, 'toRooSingleArray')) { + $this->jok($x->toRooSingleArray($this->authUser, $req)); } - $n++; - } - //convert the huge backtrace into something that is readable.. - $out .= "\n" . implode("\n", $ret); - - print_R($out);exit; - - $this->jerr($out); - - } - - function jok($str) - { - if ($this->transObj ) { - $this->transObj->query( connection_aborted() ? 'ROLLBACK' : 'COMMIT'); + + if (method_exists($x, 'toRooArray')) { + $this->jok($x->toRooArray($req)); + } + + $this->jok($x->toArray()); } - $cli = HTML_FlexyFramework::get()->cli; + $this->loadMap($x, array( + 'columns' => $_columns, + )); - if ($cli) { - echo "OK: " .$str . "\n"; - exit; + if ($req !== false) { + $this->setFilters($x, $req); } - require_once 'Services/JSON.php'; - $json = new Services_JSON(); - - $retHTML = isset($_SERVER['CONTENT_TYPE']) && - preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']); - if ($retHTML){ - if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') { - $retHTML = false; + if (is_array($id)) { + // lookup... + $x->setFrom($req['lookup'] ); + $x->limit(1); + if (!$x->find(true)) { + if (!empty($id['_id'])) { + // standardize this? + $this->jok($x->toArray()); + } + $this->jok(false); } - } else { - $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO'; + + } else if (!$x->get($id)) { + $this->jerr("selectSingle: no such record ($id)"); } - if ($retHTML) { - header('Content-type: text/html'); - echo "
"; - // encode html characters so they can be read.. - echo str_replace(array('<','>'), array('\u003c','\u003e'), - $json->encodeUnsafe(array('success'=> true, 'data' => $str))); - echo ""; - exit; + // ignore perms if comming from update/insert - as it's already done... + if ($req !== false && !$this->checkPerm($x,'S')) { + $this->jerr("PERMISSION DENIED - si"); + } + // different symantics on all these calls?? + if (method_exists($x, 'toRooSingleArray')) { + $this->jok($x->toRooSingleArray($this->authUser, $req)); + } + if (method_exists($x, 'toRooArray')) { + $this->jok($x->toRooArray($req)); } + $this->jok($x->toArray()); - echo $json->encode(array('success'=> true, 'data' => $str)); - exit; } + var $cols = array(); - function jerr($str, $errors=array(), $content_type = false) + function loadMap($do, $cfg =array()) { - if ($this->transObj) { - $this->transObj->query('ROLLBACK'); - } + $onlycolumns = !empty($cfg['columns']) ? $cfg['columns'] : false; + $distinct = !empty($cfg['distinct']) ? $cfg['distinct'] : false; + $excludecolumns = !empty($cfg['exclude']) ? $cfg['exclude'] : array(); + + $excludecolumns[] = 'passwd'; // we never expose passwords + + $ret = $do->autoJoin(array( + 'include' => $onlycolumns, + 'exclude' => $excludecolumns, + 'distinct' => $distinct + )); + + $this->countWhat = $ret['count']; + $this->cols = $ret['cols']; + $this->colsJname = $ret['join_names']; + + return; - return $this->jerror('ERROR', $str,$errors,$content_type); } - function jerror($type, $str, $errors=array(), $content_type = false) // standard error reporting.. + function setFilters($x, $q) { - if ($type !== false) { - $this->addEvent($type, false, $str); - } - - $cli = HTML_FlexyFramework::get()->cli; - if ($cli) { - echo "ERROR: " .$str . "\n"; - exit; + if (method_exists($x, 'applyFilters')) { + // DB_DataObject::debugLevel(1); + if (false === $x->applyFilters($q, $this->authUser, $this)) { + return; + } } + $q_filtered = array(); - - if ($content_type == 'text/plain') { - header('Content-Disposition: attachment; filename="error.txt"'); - header('Content-type: '. $content_type); - echo "ERROR: " .$str . "\n"; - exit; - } - - require_once 'Services/JSON.php'; - $json = new Services_JSON(); - - $retHTML = isset($_SERVER['CONTENT_TYPE']) && - preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']); - - if ($retHTML){ - if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') { - $retHTML = false; + $keys = $x->keys(); + // var_dump($keys);exit; + foreach($q as $key=>$val) { + + if (in_array($key,$keys) && !is_array($val)) { + + $x->$key = $val; + } + + // handles name[]=fred&name[]=brian => name in ('fred', 'brian'). + // value is an array.. + if (is_array($val) ) { + + $pref = ''; + + if ($key[0] == '!') { + $pref = '!'; + $key = substr($key,1); + } + + if (!in_array( $key, array_keys($this->cols))) { + continue; + } + + // support a[0] a[1] ..... => whereAddIn( + $ar = array(); + $quote = false; + foreach($val as $k=>$v) { + if (!is_numeric($k)) { + $ar = array(); + break; + } + // FIXME: note this is not typesafe for anything other than mysql.. + + if (!is_numeric($v) || !is_long($v)) { + $quote = true; + } + $ar[] = $v; + + } + if (count($ar)) { + + + $x->whereAddIn($pref . ( + isset($this->colsJname[$key]) ? + $this->colsJname[$key] : + ($x->tableName(). '.'.$key)), + $ar, $quote ? 'string' : 'int'); + } + + continue; + } + + + // handles !name=fred => name not equal fred. + if ($key[0] == '!' && in_array(substr($key, 1), array_keys($this->cols))) { + + $key = substr($key, 1) ; + + $x->whereAdd( ( + isset($this->colsJname[$key]) ? + $this->colsJname[$key] : + $x->tableName(). '.'.$key ) . ' != ' . + (is_numeric($val) ? $val : "'". $x->escape($val) . "'") + ); + continue; + } - } else { - $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO'; - } - - if ($retHTML) { - header('Content-type: text/html'); - echo ""; - echo $json->encodeUnsafe(array( - 'success'=> false, - 'errorMsg' => $str, - 'message' => $str, // compate with exeption / loadexception. - 'errors' => $errors ? $errors : true, // used by forms to flag errors. - 'authFailure' => !empty($errors['authFailure']), - )); - echo ""; - exit; - } - - if (isset($_REQUEST['_debug'])) { - echo ''.htmlspecialchars(print_r(array( - 'success'=> false, - 'data'=> array(), - 'errorMsg' => $str, - 'message' => $str, // compate with exeption / loadexception. - 'errors' => $errors ? $errors : true, // used by forms to flag errors. - 'authFailure' => !empty($errors['authFailure']), - ),true)); - exit; + switch($key) { + + // Events and remarks -- fixme - move to events/remarsk... + case 'on_id': // where TF is this used... + if (!empty($q['query']['original'])) { + // DB_DataObject::debugLevel(1); + $o = (int) $q['query']['original']; + $oid = (int) $val; + $x->whereAdd("(on_id = $oid OR + on_id IN ( SELECT distinct(id) FROM Documents WHERE original = $o ) + )"); + continue; + + } + $x->on_id = $val; + + default: + if (strlen($val) && $key[0] != '_') { + $q_filtered[$key] = $val; + } + + // subjoined columns = check the values. + // note this is not typesafe for anything other than mysql.. + + if (isset($this->colsJname[$key])) { + $quote = false; + if (!is_numeric($val) || !is_long($val)) { + $quote = true; + } + $x->whereAdd( "{$this->colsJname[$key]} = " . ($quote ? "'". $x->escape($val) ."'" : $val)); + + } + + + continue; + } + } + if (!empty($q_filtered)) { + $x->setFrom($q_filtered); } - echo $json->encode(array( - 'success'=> false, - 'data'=> array(), - 'errorMsg' => $str, - 'message' => $str, // compate with exeption / loadexception. - 'errors' => $errors ? $errors : true, // used by forms to flag errors. - 'authFailure' => !empty($errors['authFailure']), - )); - - exit; + if (!empty($q['query']['name'])) { + if (in_array( 'name', array_keys($x->table()))) { + $x->whereAdd($x->tableName().".name LIKE '". $x->escape($q['query']['name']) . "%'"); + } + } } - function jdata($ar,$total=false, $extra=array(), $cachekey = false) + + /* + * From Pman.php + */ + + static $permitError = false; + + function onPearError($err) { - // should do mobile checking??? - if ($total == false) { - $total = count($ar); - } - $extra= $extra ? $extra : array(); - require_once 'Services/JSON.php'; - $json = new Services_JSON(); - - $retHTML = isset($_SERVER['CONTENT_TYPE']) && - preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']); - - if ($retHTML){ - if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') { - $retHTML = false; - } - } else { - $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO'; + static $reported = false; + if ($reported) { + return; } - if ($retHTML) { + if (self::$permitError) { + + return; - header('Content-type: text/html'); - echo ""; - // encode html characters so they can be read.. - echo str_replace(array('<','>'), array('\u003c','\u003e'), - $json->encodeUnsafe(array('success' => true, 'total'=> $total, 'data' => $ar) + $extra)); - echo ""; - exit; } + $reported = true; + $out = $err->toString(); - // see if trimming will help... - if (!empty($_REQUEST['_pman_short'])) { - $nar = array(); - - foreach($ar as $as) { - $add = array(); - foreach($as as $k=>$v) { - if (is_string($v) && !strlen(trim($v))) { - continue; - } - $add[$k] = $v; - } - $nar[] = $add; - } - $ar = $nar; - - } - - - $ret = $json->encode(array('success' => true, 'total'=> $total, 'data' => $ar) + $extra); + $ret = array(); + $n = 0; - if (!empty($cachekey)) { - - $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json'; - if (!file_exists(dirname($fn))) { - mkdir(dirname($fn), 0777,true); + foreach($err->backtrace as $b) { + $ret[] = @$b['file'] . '(' . @$b['line'] . ')@' . @$b['class'] . '::' . @$b['function']; + if ($n > 20) { + break; } - file_put_contents($fn, $ret); - } - echo $ret; - exit; - } - - /** a daily cache **/ - function jdataCache($cachekey) - { - $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json'; - if (file_exists($fn)) { - header('Content-type: application/json'); - echo file_get_contents($fn); - exit; + $n++; } - return false; + //convert the huge backtrace into something that is readable.. + $out .= "\n" . implode("\n", $ret); + + print_R($out);exit; + + $this->jerr($out); } function addEvent($act, $obj = false, $remarks = '') { - if (!empty(HTML_FlexyFramework::get()->Pman['disable_events'])) { return; } - $au = $this->getAuthUser(); - $e = DB_DataObject::factory('Events'); $e->init($act,$obj,$remarks); @@ -363,26 +357,35 @@ trait Pman_Core_RooTrait { $wa->notifyEvent($e); // trigger any actions.. } - $e->onInsert(isset($_REQUEST) ? $_REQUEST : array() , $this); return $e; } - function getAuthUser() + function checkPerm($obj, $lvl, $req= null) { - if (!empty($this->authUser)) { - return $this->authUser; + if (!method_exists($obj, 'checkPerm')) { + return true; } - $ff = HTML_FlexyFramework::get(); - $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable']; - - $u = DB_DataObject::factory( $tbl ); - if (!$u->isAuth()) { - return false; + if ($obj->checkPerm($lvl, $this->authUser, $req)) { + return true; } - $this->authUser =$u->getAuthUser(); - return $this->authUser ; + + return false; } + + function hasPerm($name, $lvl) // do we have a permission + { + static $pcache = array(); + $au = $this->getAuthUser(); + return $au && $au->hasPerm($name, $lvl); + + } + + function getAuthUser() + { + die('Get auth user is not implement.'); + } + }