X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=blobdiff_plain;f=RooTrait.php;h=9a929f1ec7a527cfc29d6683860cac046aa4266d;hp=e4c5e1cef557efd475c9c3e845588a0832676961;hb=586e4eb470252d837ba18b67e4c3c1702131fd1d;hpb=d64db8e9570ce8a1e7270fc7abbcf538e4d49acf diff --git a/RooTrait.php b/RooTrait.php index e4c5e1ce..9a929f1e 100644 --- a/RooTrait.php +++ b/RooTrait.php @@ -68,15 +68,6 @@ trait Pman_Core_RooTrait { } - function checkDebugPost() - { - return (!empty($_GET['_post']) || !empty($_GET['_debug_post'])) && - $this->authUser && - method_exists($this->authUser,'groups') && - in_array('Administrators', $this->authUser->groups('name')); - - } - function dataObject($tab) { if (is_array($this->validTables) && !in_array($tab, $this->validTables)) { @@ -94,6 +85,218 @@ trait Pman_Core_RooTrait { return $x; } + function selectSingle($x, $id, $req=false) + { + $_columns = !empty($req['_columns']) ? explode(',', $req['_columns']) : false; + + if (!is_array($id) && empty($id)) { + + if (method_exists($x, 'toRooSingleArray')) { + $this->jok($x->toRooSingleArray($this->authUser, $req)); + } + + if (method_exists($x, 'toRooArray')) { + $this->jok($x->toRooArray($req)); + } + + $this->jok($x->toArray()); + } + + $this->loadMap($x, array( + 'columns' => $_columns, + )); + + if ($req !== false) { + $this->setFilters($x, $req); + } + + if (is_array($id)) { + // lookup... + $x->setFrom($req['lookup'] ); + $x->limit(1); + if (!$x->find(true)) { + if (!empty($id['_id'])) { + // standardize this? + $this->jok($x->toArray()); + } + $this->jok(false); + } + + } else if (!$x->get($id)) { + $this->jerr("selectSingle: no such record ($id)"); + } + + // ignore perms if comming from update/insert - as it's already done... + if ($req !== false && !$this->checkPerm($x,'S')) { + $this->jerr("PERMISSION DENIED - si"); + } + // different symantics on all these calls?? + if (method_exists($x, 'toRooSingleArray')) { + $this->jok($x->toRooSingleArray($this->authUser, $req)); + } + if (method_exists($x, 'toRooArray')) { + $this->jok($x->toRooArray($req)); + } + + $this->jok($x->toArray()); + + + } + + var $cols = array(); + + function loadMap($do, $cfg =array()) + { + $onlycolumns = !empty($cfg['columns']) ? $cfg['columns'] : false; + $distinct = !empty($cfg['distinct']) ? $cfg['distinct'] : false; + $excludecolumns = !empty($cfg['exclude']) ? $cfg['exclude'] : array(); + + $excludecolumns[] = 'passwd'; // we never expose passwords + + $ret = $do->autoJoin(array( + 'include' => $onlycolumns, + 'exclude' => $excludecolumns, + 'distinct' => $distinct + )); + + $this->countWhat = $ret['count']; + $this->cols = $ret['cols']; + $this->colsJname = $ret['join_names']; + + return; + + } + + function setFilters($x, $q) + { + if (method_exists($x, 'applyFilters')) { + // DB_DataObject::debugLevel(1); + if (false === $x->applyFilters($q, $this->authUser, $this)) { + return; + } + } + $q_filtered = array(); + + $keys = $x->keys(); + // var_dump($keys);exit; + foreach($q as $key=>$val) { + + if (in_array($key,$keys) && !is_array($val)) { + + $x->$key = $val; + } + + // handles name[]=fred&name[]=brian => name in ('fred', 'brian'). + // value is an array.. + if (is_array($val) ) { + + $pref = ''; + + if ($key[0] == '!') { + $pref = '!'; + $key = substr($key,1); + } + + if (!in_array( $key, array_keys($this->cols))) { + continue; + } + + // support a[0] a[1] ..... => whereAddIn( + $ar = array(); + $quote = false; + foreach($val as $k=>$v) { + if (!is_numeric($k)) { + $ar = array(); + break; + } + // FIXME: note this is not typesafe for anything other than mysql.. + + if (!is_numeric($v) || !is_long($v)) { + $quote = true; + } + $ar[] = $v; + + } + if (count($ar)) { + + + $x->whereAddIn($pref . ( + isset($this->colsJname[$key]) ? + $this->colsJname[$key] : + ($x->tableName(). '.'.$key)), + $ar, $quote ? 'string' : 'int'); + } + + continue; + } + + + // handles !name=fred => name not equal fred. + if ($key[0] == '!' && in_array(substr($key, 1), array_keys($this->cols))) { + + $key = substr($key, 1) ; + + $x->whereAdd( ( + isset($this->colsJname[$key]) ? + $this->colsJname[$key] : + $x->tableName(). '.'.$key ) . ' != ' . + (is_numeric($val) ? $val : "'". $x->escape($val) . "'") + ); + continue; + + } + + switch($key) { + + // Events and remarks -- fixme - move to events/remarsk... + case 'on_id': // where TF is this used... + if (!empty($q['query']['original'])) { + // DB_DataObject::debugLevel(1); + $o = (int) $q['query']['original']; + $oid = (int) $val; + $x->whereAdd("(on_id = $oid OR + on_id IN ( SELECT distinct(id) FROM Documents WHERE original = $o ) + )"); + continue 2; + + } + $x->on_id = $val; + + + default: + if (strlen($val) && $key[0] != '_') { + $q_filtered[$key] = $val; + } + + // subjoined columns = check the values. + // note this is not typesafe for anything other than mysql.. + + if (isset($this->colsJname[$key])) { + $quote = false; + if (!is_numeric($val) || !is_long($val)) { + $quote = true; + } + $x->whereAdd( "{$this->colsJname[$key]} = " . ($quote ? "'". $x->escape($val) ."'" : $val)); + + } + + + continue 2; + } + } + if (!empty($q_filtered)) { + $x->setFrom($q_filtered); + } + + if (!empty($q['query']['name'])) { + if (in_array( 'name', array_keys($x->table()))) { + $x->whereAdd($x->tableName().".name LIKE '". $x->escape($q['query']['name']) . "%'"); + } + } + + } + + /* * From Pman.php */ @@ -107,7 +310,7 @@ trait Pman_Core_RooTrait { return; } - if (Pman::$permitError) { + if (self::$permitError) { return; @@ -135,211 +338,54 @@ trait Pman_Core_RooTrait { } - function jok($str) + function addEvent($act, $obj = false, $remarks = '') { - if ($this->transObj ) { - $this->transObj->query( connection_aborted() ? 'ROLLBACK' : 'COMMIT'); - } - - $cli = HTML_FlexyFramework::get()->cli; - - if ($cli) { - echo "OK: " .$str . "\n"; - exit; + if (!empty(HTML_FlexyFramework::get()->Pman['disable_events'])) { + return; } - require_once 'Services/JSON.php'; - $json = new Services_JSON(); - $retHTML = isset($_SERVER['CONTENT_TYPE']) && - preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']); + $e = DB_DataObject::factory('Events'); + $e->init($act,$obj,$remarks); + + $e->event_when = date('Y-m-d H:i:s'); - if ($retHTML){ - if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') { - $retHTML = false; - } - } else { - $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO'; - } + $eid = $e->insert(); - if ($retHTML) { - header('Content-type: text/html'); - echo ""; - // encode html characters so they can be read.. - echo str_replace(array('<','>'), array('\u003c','\u003e'), - $json->encodeUnsafe(array('success'=> true, 'data' => $str))); - echo ""; - exit; + // fixme - this should be in onInsert.. + $wa = DB_DataObject::factory('core_watch'); + if (method_exists($wa,'notifyEvent')) { + $wa->notifyEvent($e); // trigger any actions.. } + $e->onInsert(isset($_REQUEST) ? $_REQUEST : array() , $this); - echo $json->encode(array('success'=> true, 'data' => $str)); - - exit; - } - - - function jerr($str, $errors=array(), $content_type = false) - { - if ($this->transObj) { - $this->transObj->query('ROLLBACK'); - } + return $e; - return $this->jerror('ERROR', $str,$errors,$content_type); } - function jerror($type, $str, $errors=array(), $content_type = false) // standard error reporting.. + function checkPerm($obj, $lvl, $req= null) { - if ($type !== false) { - $this->addEvent($type, false, $str); - } - - $cli = HTML_FlexyFramework::get()->cli; - if ($cli) { - echo "ERROR: " .$str . "\n"; - exit; + if (!method_exists($obj, 'checkPerm')) { + return true; } - - - if ($content_type == 'text/plain') { - header('Content-Disposition: attachment; filename="error.txt"'); - header('Content-type: '. $content_type); - echo "ERROR: " .$str . "\n"; - exit; - } - - require_once 'Services/JSON.php'; - $json = new Services_JSON(); - - $retHTML = isset($_SERVER['CONTENT_TYPE']) && - preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']); - - if ($retHTML){ - if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') { - $retHTML = false; - } - } else { - $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO'; + if ($obj->checkPerm($lvl, $this->authUser, $req)) { + return true; } - if ($retHTML) { - header('Content-type: text/html'); - echo ""; - echo $json->encodeUnsafe(array( - 'success'=> false, - 'errorMsg' => $str, - 'message' => $str, // compate with exeption / loadexception. - - 'errors' => $errors ? $errors : true, // used by forms to flag errors. - 'authFailure' => !empty($errors['authFailure']), - )); - echo ""; - exit; - } - - if (isset($_REQUEST['_debug'])) { - echo '
'.htmlspecialchars(print_r(array(
-                'success'=> false, 
-                'data'=> array(), 
-                'errorMsg' => $str,
-                'message' => $str, // compate with exeption / loadexception.
-                'errors' => $errors ? $errors : true, // used by forms to flag errors.
-                'authFailure' => !empty($errors['authFailure']),
-            ),true));
-            exit;
-                
-        }
-        
-        echo $json->encode(array(
-            'success'=> false, 
-            'data'=> array(), 
-            'errorMsg' => $str,
-            'message' => $str, // compate with exeption / loadexception.
-            'errors' => $errors ? $errors : true, // used by forms to flag errors.
-            'authFailure' => !empty($errors['authFailure']),
-        ));
-        
-        exit;
-        
+        return false;
     }
     
-    function jdata($ar,$total=false, $extra=array(), $cachekey = false)
+    function hasPerm($name, $lvl)  // do we have a permission
     {
-        // should do mobile checking???
-        if ($total == false) {
-            $total = count($ar);
-        }
-        $extra=  $extra ? $extra : array();
-        require_once 'Services/JSON.php';
-        $json = new Services_JSON();
-        
-        $retHTML = isset($_SERVER['CONTENT_TYPE']) && 
-                preg_match('#multipart/form-data#i', $_SERVER['CONTENT_TYPE']);
-        
-        if ($retHTML){
-            if (isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] == 'NO') {
-                $retHTML = false;
-            }
-        } else {
-            $retHTML = isset($_REQUEST['returnHTML']) && $_REQUEST['returnHTML'] !='NO';
-        }
-        
-        if ($retHTML) {
-            
-            header('Content-type: text/html');
-            echo "";
-            // encode html characters so they can be read..
-            echo  str_replace(array('<','>'), array('\u003c','\u003e'),
-                        $json->encodeUnsafe(array('success' =>  true, 'total'=> $total, 'data' => $ar) + $extra));
-            echo "";
-            exit;
-        }
+        static $pcache = array();
+        $au = $this->getAuthUser();
+        return $au && $au->hasPerm($name, $lvl);
         
-        
-        // see if trimming will help...
-        if (!empty($_REQUEST['_pman_short'])) {
-            $nar = array();
-            
-            foreach($ar as $as) {
-                $add = array();
-                foreach($as as $k=>$v) {
-                    if (is_string($v) && !strlen(trim($v))) {
-                        continue;
-                    }
-                    $add[$k] = $v;
-                }
-                $nar[] = $add;
-            }
-            $ar = $nar;
-              
-        }
-        
-      
-        $ret =  $json->encode(array('success' =>  true, 'total'=> $total, 'data' => $ar) + $extra);  
-        
-        if (!empty($cachekey)) {
-            
-            $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json';
-            if (!file_exists(dirname($fn))) {
-                mkdir(dirname($fn), 0777,true);
-            }
-            file_put_contents($fn, $ret);
-        }
-        echo $ret;
-        exit;
     }
     
-    
-    
-    /** a daily cache **/
-    function jdataCache($cachekey)
+    function getAuthUser()
     {
-        $fn = ini_get('session.save_path') . '/json-cache'.date('/Y/m/d').'.'. $cachekey . '.cache.json';
-        if (file_exists($fn)) {
-            header('Content-type: application/json');
-            echo file_get_contents($fn);
-            exit;
-        }
-        return false;
-        
+        die('Get auth user is not implement.');
     }
+    
 }