}
- function checkDebugPost()
- {
- return (!empty($_GET['_post']) || !empty($_GET['_debug_post'])) &&
- $this->authUser &&
- method_exists($this->authUser,'groups') &&
- in_array('Administrators', $this->authUser->groups('name'));
-
- }
-
function dataObject($tab)
{
if (is_array($this->validTables) && !in_array($tab, $this->validTables)) {
return $x;
}
+ function selectSingle($x, $id, $req=false)
+ {
+ $_columns = !empty($req['_columns']) ? explode(',', $req['_columns']) : false;
+
+ if (!is_array($id) && empty($id)) {
+
+ if (method_exists($x, 'toRooSingleArray')) {
+ $this->jok($x->toRooSingleArray($this->authUser, $req));
+ }
+
+ if (method_exists($x, 'toRooArray')) {
+ $this->jok($x->toRooArray($req));
+ }
+
+ $this->jok($x->toArray());
+ }
+
+ $this->loadMap($x, array(
+ 'columns' => $_columns,
+ ));
+
+ if ($req !== false) {
+ $this->setFilters($x, $req);
+ }
+
+ if (is_array($id)) {
+ // lookup...
+ $x->setFrom($req['lookup'] );
+ $x->limit(1);
+ if (!$x->find(true)) {
+ if (!empty($id['_id'])) {
+ // standardize this?
+ $this->jok($x->toArray());
+ }
+ $this->jok(false);
+ }
+
+ } else if (!$x->get($id)) {
+ $this->jerr("selectSingle: no such record ($id)");
+ }
+
+ // ignore perms if comming from update/insert - as it's already done...
+ if ($req !== false && !$this->checkPerm($x,'S')) {
+ $this->jerr("PERMISSION DENIED - si");
+ }
+ // different symantics on all these calls??
+ if (method_exists($x, 'toRooSingleArray')) {
+ $this->jok($x->toRooSingleArray($this->authUser, $req));
+ }
+ if (method_exists($x, 'toRooArray')) {
+ $this->jok($x->toRooArray($req));
+ }
+
+ $this->jok($x->toArray());
+
+
+ }
+
+ var $cols = array();
+
+ function loadMap($do, $cfg =array())
+ {
+ $onlycolumns = !empty($cfg['columns']) ? $cfg['columns'] : false;
+ $distinct = !empty($cfg['distinct']) ? $cfg['distinct'] : false;
+ $excludecolumns = !empty($cfg['exclude']) ? $cfg['exclude'] : array();
+
+ $excludecolumns[] = 'passwd'; // we never expose passwords
+
+ $ret = $do->autoJoin(array(
+ 'include' => $onlycolumns,
+ 'exclude' => $excludecolumns,
+ 'distinct' => $distinct
+ ));
+
+ $this->countWhat = $ret['count'];
+ $this->cols = $ret['cols'];
+ $this->colsJname = $ret['join_names'];
+
+ return;
+
+ }
+
+ function setFilters($x, $q)
+ {
+ if (method_exists($x, 'applyFilters')) {
+ // DB_DataObject::debugLevel(1);
+ if (false === $x->applyFilters($q, $this->authUser, $this)) {
+ return;
+ }
+ }
+ $q_filtered = array();
+
+ $keys = $x->keys();
+ // var_dump($keys);exit;
+ foreach($q as $key=>$val) {
+
+ if (in_array($key,$keys) && !is_array($val)) {
+
+ $x->$key = $val;
+ }
+
+ // handles name[]=fred&name[]=brian => name in ('fred', 'brian').
+ // value is an array..
+ if (is_array($val) ) {
+
+ $pref = '';
+
+ if ($key[0] == '!') {
+ $pref = '!';
+ $key = substr($key,1);
+ }
+
+ if (!in_array( $key, array_keys($this->cols))) {
+ continue;
+ }
+
+ // support a[0] a[1] ..... => whereAddIn(
+ $ar = array();
+ $quote = false;
+ foreach($val as $k=>$v) {
+ if (!is_numeric($k)) {
+ $ar = array();
+ break;
+ }
+ // FIXME: note this is not typesafe for anything other than mysql..
+
+ if (!is_numeric($v) || !is_long($v)) {
+ $quote = true;
+ }
+ $ar[] = $v;
+
+ }
+ if (count($ar)) {
+
+
+ $x->whereAddIn($pref . (
+ isset($this->colsJname[$key]) ?
+ $this->colsJname[$key] :
+ ($x->tableName(). '.'.$key)),
+ $ar, $quote ? 'string' : 'int');
+ }
+
+ continue;
+ }
+
+
+ // handles !name=fred => name not equal fred.
+ if ($key[0] == '!' && in_array(substr($key, 1), array_keys($this->cols))) {
+
+ $key = substr($key, 1) ;
+
+ $x->whereAdd( (
+ isset($this->colsJname[$key]) ?
+ $this->colsJname[$key] :
+ $x->tableName(). '.'.$key ) . ' != ' .
+ (is_numeric($val) ? $val : "'". $x->escape($val) . "'")
+ );
+ continue;
+
+ }
+
+ switch($key) {
+
+ // Events and remarks -- fixme - move to events/remarsk...
+ case 'on_id': // where TF is this used...
+ if (!empty($q['query']['original'])) {
+ // DB_DataObject::debugLevel(1);
+ $o = (int) $q['query']['original'];
+ $oid = (int) $val;
+ $x->whereAdd("(on_id = $oid OR
+ on_id IN ( SELECT distinct(id) FROM Documents WHERE original = $o )
+ )");
+ continue 2;
+
+ }
+ $x->on_id = $val;
+
+
+ default:
+ if (strlen($val) && $key[0] != '_') {
+ $q_filtered[$key] = $val;
+ }
+
+ // subjoined columns = check the values.
+ // note this is not typesafe for anything other than mysql..
+
+ if (isset($this->colsJname[$key])) {
+ $quote = false;
+ if (!is_numeric($val) || !is_long($val)) {
+ $quote = true;
+ }
+ $x->whereAdd( "{$this->colsJname[$key]} = " . ($quote ? "'". $x->escape($val) ."'" : $val));
+
+ }
+
+
+ continue 2;
+ }
+ }
+ if (!empty($q_filtered)) {
+ $x->setFrom($q_filtered);
+ }
+
+ if (!empty($q['query']['name'])) {
+ if (in_array( 'name', array_keys($x->table()))) {
+ $x->whereAdd($x->tableName().".name LIKE '". $x->escape($q['query']['name']) . "%'");
+ }
+ }
+
+ }
+
+
/*
* From Pman.php
*/
return;
}
- if (Pman::$permitError) {
+ if (self::$permitError) {
return;
}
- function jok($str)
+ function addEvent($act, $obj = false, $remarks = '')
{
- if ($this->transObj ) {
- $this->transObj->query( connection_aborted() ? 'ROLLBACK' : 'COMMIT');
- }
-
- $cli = HTML_FlexyFramework::get()->cli;
-
- if ($cli) {
- echo "OK: " .$str . "\n";
- exit;
+ if (!empty(HTML_FlexyFramework::get()->Pman['disable_events'])) {
+ return;
}
- require_once 'Services/JSON.php';
- $json = new Services_JSON();
- $retHTML = isset($_SERVER['CONTENT_TYPE']) &&
- preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']);
+ $e = DB_DataObject::factory('Events');
+ $e->init($act,$obj,$remarks);
+
+ $e->event_when = date('Y-m-d H:i:s');
- if ($retHTML){
- if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') {
- $retHTML = false;
- }
- } else {
- $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO';
- }
+ $eid = $e->insert();
- if ($retHTML) {
- header('Content-type: text/html');
- echo "<HTML><HEAD></HEAD><BODY>";
- // encode html characters so they can be read..
- echo str_replace(array('<','>'), array('\u003c','\u003e'),
- $json->encodeUnsafe(array('success'=> true, 'data' => $str)));
- echo "</BODY></HTML>";
- exit;
+ // fixme - this should be in onInsert..
+ $wa = DB_DataObject::factory('core_watch');
+ if (method_exists($wa,'notifyEvent')) {
+ $wa->notifyEvent($e); // trigger any actions..
}
+ $e->onInsert(isset($_REQUEST) ? $_REQUEST : array() , $this);
- echo $json->encode(array('success'=> true, 'data' => $str));
-
- exit;
- }
-
-
- function jerr($str, $errors=array(), $content_type = false)
- {
- if ($this->transObj) {
- $this->transObj->query('ROLLBACK');
- }
+ return $e;
- return $this->jerror('ERROR', $str,$errors,$content_type);
}
- function jerror($type, $str, $errors=array(), $content_type = false) // standard error reporting..
+ function checkPerm($obj, $lvl, $req= null)
{
- if ($type !== false) {
- $this->addEvent($type, false, $str);
- }
-
- $cli = HTML_FlexyFramework::get()->cli;
- if ($cli) {
- echo "ERROR: " .$str . "\n";
- exit;
+ if (!method_exists($obj, 'checkPerm')) {
+ return true;
}
-
-
- if ($content_type == 'text/plain') {
- header('Content-Disposition: attachment; filename="error.txt"');
- header('Content-type: '. $content_type);
- echo "ERROR: " .$str . "\n";
- exit;
- }
-
- require_once 'Services/JSON.php';
- $json = new Services_JSON();
-
- $retHTML = isset($_SERVER['CONTENT_TYPE']) &&
- preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']);
-
- if ($retHTML){
- if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') {
- $retHTML = false;
- }
- } else {
- $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO';
+ if ($obj->checkPerm($lvl, $this->authUser, $req)) {
+ return true;
}
- if ($retHTML) {
- header('Content-type: text/html');
- echo "<HTML><HEAD></HEAD><BODY>";
- echo $json->encodeUnsafe(array(
- 'success'=> false,
- 'errorMsg' => $str,
- 'message' => $str, // compate with exeption / loadexception.
-
- 'errors' => $errors ? $errors : true, // used by forms to flag errors.
- 'authFailure' => !empty($errors['authFailure']),
- ));
- echo "</BODY></HTML>";
- exit;
- }
-
- if (isset($_REQUEST['_debug'])) {
- echo '<PRE>'.htmlspecialchars(print_r(array(
- 'success'=> false,
- 'data'=> array(),
- 'errorMsg' => $str,
- 'message' => $str, // compate with exeption / loadexception.
- 'errors' => $errors ? $errors : true, // used by forms to flag errors.
- 'authFailure' => !empty($errors['authFailure']),
- ),true));
- exit;
-
- }
-
- echo $json->encode(array(
- 'success'=> false,
- 'data'=> array(),
- 'errorMsg' => $str,
- 'message' => $str, // compate with exeption / loadexception.
- 'errors' => $errors ? $errors : true, // used by forms to flag errors.
- 'authFailure' => !empty($errors['authFailure']),
- ));
-
- exit;
-
+ return false;
}
- function jdata($ar,$total=false, $extra=array(), $cachekey = false)
+ function hasPerm($name, $lvl) // do we have a permission
{
- // should do mobile checking???
- if ($total == false) {
- $total = count($ar);
- }
- $extra= $extra ? $extra : array();
- require_once 'Services/JSON.php';
- $json = new Services_JSON();
-
- $retHTML = isset($_SERVER['CONTENT_TYPE']) &&
- preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']);
-
- if ($retHTML){
- if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') {
- $retHTML = false;
- }
- } else {
- $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO';
- }
-
- if ($retHTML) {
-
- header('Content-type: text/html');
- echo "<HTML><HEAD></HEAD><BODY>";
- // encode html characters so they can be read..
- echo str_replace(array('<','>'), array('\u003c','\u003e'),
- $json->encodeUnsafe(array('success' => true, 'total'=> $total, 'data' => $ar) + $extra));
- echo "</BODY></HTML>";
- exit;
- }
+ static $pcache = array();
+ $au = $this->getAuthUser();
+ return $au && $au->hasPerm($name, $lvl);
-
- // see if trimming will help...
- if (!empty($_REQUEST['_pman_short'])) {
- $nar = array();
-
- foreach($ar as $as) {
- $add = array();
- foreach($as as $k=>$v) {
- if (is_string($v) && !strlen(trim($v))) {
- continue;
- }
- $add[$k] = $v;
- }
- $nar[] = $add;
- }
- $ar = $nar;
-
- }
-
-
- $ret = $json->encode(array('success' => true, 'total'=> $total, 'data' => $ar) + $extra);
-
- if (!empty($cachekey)) {
-
- $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json';
- if (!file_exists(dirname($fn))) {
- mkdir(dirname($fn), 0777,true);
- }
- file_put_contents($fn, $ret);
- }
- echo $ret;
- exit;
}
-
-
- /** a daily cache **/
- function jdataCache($cachekey)
+ function getAuthUser()
{
- $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json';
- if (file_exists($fn)) {
- header('Content-type: application/json');
- echo file_get_contents($fn);
- exit;
- }
- return false;
-
+ die('Get auth user is not implement.');
}
+
}
projects / Pman.Core / blobdiff