[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.206,1.207
dhaun at geeklog.net
dhaun at geeklog.net
Sun Mar 16 05:25:30 EST 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory internal.geeklog.net:/tmp/cvs-serv24463
Modified Files:
lib-common.php
Log Message:
Introduced function COM_getPermSQL() which returns an SQL expression to check for proper (Geeklog-style) permissions to an object (story, topic, ...).
Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.206
retrieving revision 1.207
diff -C2 -d -r1.206 -r1.207
*** lib-common.php 15 Mar 2003 18:24:57 -0000 1.206
--- lib-common.php 16 Mar 2003 10:25:28 -0000 1.207
***************
*** 1140,1144 ****
$select_set = explode( ',',$tmp );
! $result = DB_query( "SELECT * FROM {$_TABLES['topics']} ORDER BY $select_set[$sortcol]" );
$nrows = DB_numRows( $result );
--- 1140,1145 ----
$select_set = explode( ',',$tmp );
! $result = DB_query( "SELECT * FROM {$_TABLES['topics']}" . COM_getPermSQL()
! . " ORDER BY $select_set[$sortcol]" );
$nrows = DB_numRows( $result );
***************
*** 1146,1161 ****
{
$A = DB_fetchArray( $result );
! $access = SEC_hasAccess( $A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'] );
! if( $access > 0 )
! {
! $retval .= '<option value="' . $A[0] . '"';
!
! if( $A[0] == $selected )
! {
! $retval .= ' selected';
! }
! $retval .= '>' . stripslashes( $A[1] ) . '</option>' . LB;
}
}
--- 1147,1158 ----
{
$A = DB_fetchArray( $result );
! $retval .= '<option value="' . $A[0] . '"';
! if( $A[0] == $selected )
! {
! $retval .= ' selected';
}
+
+ $retval .= '>' . stripslashes( $A[1] ) . '</option>' . LB;
}
***************
*** 1791,1817 ****
$page, $newstories;
! $groupList = '';
! if (!empty ($_USER['uid'])) {
! foreach ($_GROUPS as $grp) {
! $groupList .= $grp . ',';
! }
! $groupList = substr ($groupList, 0, -1);
! }
! $permsql = '';
! if (!empty ($_USER['uid'])) {
! $permsql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR "
! . "(group_id IN ($groupList) AND perm_group >= 2) OR "
! . "(perm_members >= 2) OR ";
! }
! $permsql .= "(perm_anon >= 2)";
!
! $sql = "SELECT tid,topic,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE ({$permsql}) ";
if( $_CONF['sortmethod'] == 'alpha' )
{
! $sql .= "ORDER BY topic ASC";
}
else
{
! $sql .= "ORDER BY sortnum";
}
$result = DB_query( $sql );
--- 1788,1799 ----
$page, $newstories;
! $sql = "SELECT tid,topic,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']}" . COM_getPermSQL();
if( $_CONF['sortmethod'] == 'alpha' )
{
! $sql .= " ORDER BY topic ASC";
}
else
{
! $sql .= " ORDER BY sortnum";
}
$result = DB_query( $sql );
***************
*** 1846,1850 ****
if( $_CONF['showstorycount'] )
{
! $rcount = DB_query( "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid = '{$A['tid']}') AND ({$permsql})" );
$T = DB_fetchArray( $rcount );
$retval .= $T['count'];
--- 1828,1832 ----
if( $_CONF['showstorycount'] )
{
! $rcount = DB_query( "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid = '{$A['tid']}')" . COM_getPermSQL( 'AND' ));
$T = DB_fetchArray( $rcount );
$retval .= $T['count'];
***************
*** 1876,1880 ****
if( $_CONF['showstorycount'] )
{
! $rcount = DB_query( "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid = '{$A['tid']}') AND ({$permsql})" );
$T = DB_fetchArray( $rcount );
$retval .= $T['count'];
--- 1858,1862 ----
if( $_CONF['showstorycount'] )
{
! $rcount = DB_query( "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid = '{$A['tid']}')" . COM_getPermSQL( 'AND' ));
$T = DB_fetchArray( $rcount );
$retval .= $T['count'];
***************
*** 1989,1993 ****
. '<input type="submit" value="' . $LANG01[58] . '">' . LB
. '</form>' . $LANG01[59] . LB
! . COM_endBlock(COM_getBlockTemplate( 'user_block', 'footer' ));
}
--- 1971,1975 ----
. '<input type="submit" value="' . $LANG01[58] . '">' . LB
. '</form>' . $LANG01[59] . LB
! . COM_endBlock( COM_getBlockTemplate( 'user_block', 'footer' ));
}
***************
*** 3124,3128 ****
* @param string $date Last time the headlines were imported
* @see function COM_rdfImport
! * @return bool "true" if the block was updated, "false" if not
*/
--- 3106,3110 ----
* @param string $date Last time the headlines were imported
* @see function COM_rdfImport
! * @return void
*/
***************
*** 3572,3583 ****
$cur_day = strftime( "%D", time() );
- $groups = SEC_getUserGroups( $U['uuid'] );
- $groupList = '';
- foreach( $groups as $grp )
- {
- $groupList .= $grp . ',';
- }
- $groupList = substr( $groupList, 0, -1 );
-
$storysql = "SELECT sid,uid,date AS day,title,introtext,bodytext "
. "FROM {$_TABLES['stories']} "
--- 3554,3557 ----
***************
*** 3603,3611 ****
else // get all topics this user has access to
{
! $topicsql = "SELECT tid FROM {$_TABLES['topics']} WHERE "
! . "(owner_id = {$U['uuid']} AND perm_owner >= 2) OR "
! . "(group_id IN ($groupList) AND perm_group >= 2) OR "
! . "(perm_members >= 2) OR "
! . "(perm_anon >= 2)";
$tresult = DB_query( $topicsql );
$trows = DB_numRows( $tresult );
--- 3577,3582 ----
else // get all topics this user has access to
{
! $topicsql = "SELECT tid FROM {$_TABLES['topics']}"
! . COM_getPermSQL( 'WHERE', $U['uuid'] );
$tresult = DB_query( $topicsql );
$trows = DB_numRows( $tresult );
***************
*** 3626,3632 ****
}
! $storysql .= " AND ((owner_id = {$U['uuid']} AND perm_owner >= 2) OR "
! . "(group_id IN ($groupList) AND perm_group >= 2) OR "
! . "(perm_members >= 2) OR (perm_anon >= 2))";
$stories = DB_query( $storysql );
--- 3597,3601 ----
}
! $storysql .= COM_getPermSQL( 'AND', $U['uuid'] );
$stories = DB_query( $storysql );
***************
*** 3722,3737 ****
global $_TABLES, $_CONF, $LANG01, $_USER, $_GROUPS, $page, $newstories;
- $groupList = '';
-
- if( !empty( $_USER['uid'] ))
- {
- foreach( $_GROUPS as $grp )
- {
- $groupList .= $grp . ',';
- }
-
- $groupList = substr( $groupList, 0, -1 );
- }
-
$retval .= COM_startBlock( $title, $help, COM_getBlockTemplate( 'whats_new_block', 'header' ));
--- 3691,3694 ----
***************
*** 3739,3753 ****
{
// Find the newest stories
! $nesql = '';
!
! if( !empty( $_USER['uid'] ))
! {
! $nesql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR ";
! $nesql .= "(group_id IN ($groupList) AND perm_group >= 2) OR ";
! $nesql .= "(perm_members >= 2) OR ";
! }
!
! $nesql .= "(perm_anon >= 2)";
! $sql = "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0) AND (" . $nesql . ")";
$result = DB_query( $sql );
$A = DB_fetchArray( $result );
--- 3696,3700 ----
{
// Find the newest stories
! $sql = "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getPermSQL( 'AND' );
$result = DB_query( $sql );
$A = DB_fetchArray( $result );
***************
*** 3806,3842 ****
$retval .= '<b>' . $LANG01[83] . '</b> <small>' . $LANG01[85] . '</small><br>';
- $stsql = '';
$stwhere = '';
if( !empty( $_USER['uid'] ))
{
- $stsql .= "({$_TABLES['stories']}.owner_id = {$_USER['uid']} AND {$_TABLES['stories']}.perm_owner >= 2) OR ";
- $stsql .= "({$_TABLES['stories']}.group_id IN ($groupList) AND {$_TABLES['stories']}.perm_group >= 2) OR ";
- $stsql .= "({$_TABLES['stories']}.perm_members >= 2) OR ";
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
! $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL) OR ";
}
- $stsql .= "({$_TABLES['stories']}.perm_anon >= 2)";
- $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
-
- $posql = '';
$powhere = '';
if( !empty( $_USER['uid'] ))
{
- $posql .= "({$_TABLES['pollquestions']}.owner_id = {$_USER['uid']} AND {$_TABLES['pollquestions']}.perm_owner >= 2) OR ";
- $posql .= "({$_TABLES['pollquestions']}.group_id IN ($groupList) AND {$_TABLES['pollquestions']}.perm_group >= 2) OR ";
- $posql .= "({$_TABLES['pollquestions']}.perm_members >= 2) OR ";
$powhere .= "({$_TABLES['pollquestions']}.owner_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_owner IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.group_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_group IS NOT NULL) OR ";
! $powhere .= "({$_TABLES['pollquestions']}.perm_members IS NOT NULL) OR ";
}
! $posql .= "({$_TABLES['pollquestions']}.perm_anon >= 2)";
! $powhere .= "({$_TABLES['pollquestions']}.perm_anon IS NOT NULL)";
!
! $sql = "SELECT DISTINCT count(*) AS dups, type, question, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, qid, max({$_TABLES['comments']}.date) as lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid) AND ({$stsql})) LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid) AND (({$posql}))) WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere})) OR (({$powhere}))) GROUP BY {$_TABLES['comments']}.sid ORDER BY 7 DESC LIMIT 15";
$result = DB_query( $sql );
--- 3753,3783 ----
$retval .= '<b>' . $LANG01[83] . '</b> <small>' . $LANG01[85] . '</small><br>';
$stwhere = '';
if( !empty( $_USER['uid'] ))
{
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
! $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)";
! }
! else
! {
! $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
}
$powhere = '';
if( !empty( $_USER['uid'] ))
{
$powhere .= "({$_TABLES['pollquestions']}.owner_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_owner IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.group_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_group IS NOT NULL) OR ";
! $powhere .= "({$_TABLES['pollquestions']}.perm_members IS NOT NULL)";
! }
! else
! {
! $powhere .= "({$_TABLES['pollquestions']}.perm_anon IS NOT NULL)";
}
! $sql = "SELECT DISTINCT count(*) AS dups, type, question, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, qid, max({$_TABLES['comments']}.date) as lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL( 'AND', 0, 2, $_TABLES['stories'] ) . ") LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid)" . COM_getPermSQL( 'AND', 0, 2, $_TABLES['pollquestions'] ) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere})) OR (({$powhere}))) GROUP BY {$_TABLES['comments']}.sid ORDER BY 7 DESC LIMIT 15";
$result = DB_query( $sql );
***************
*** 3915,3931 ****
$retval .= '<b>' . $LANG01[84] . '</b> <small>' . $LANG01[87] . '</small><br>';
! $lisql = '';
! if( !empty( $_USER['uid'] ))
! {
! $lisql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR ";
! $lisql .= "(group_id IN ($groupList) AND perm_group >= 2) OR ";
! $lisql .= '(perm_members >= 2) OR ';
! }
!
! $lisql .= '(perm_anon >= 2)';
!
! $sql = "SELECT lid,title,url FROM {$_TABLES['links']} "
! . "WHERE $lisql "
! . 'ORDER BY lid DESC LIMIT 15';
$foundone = 0;
$now = time();
--- 3856,3861 ----
$retval .= '<b>' . $LANG01[84] . '</b> <small>' . $LANG01[87] . '</small><br>';
! $sql = "SELECT lid,title,url FROM {$_TABLES['links']}"
! . COM_getPermSQL() . ' ORDER BY lid DESC LIMIT 15';
$foundone = 0;
$now = time();
***************
*** 4680,4683 ****
--- 4610,4677 ----
return( $related );
}
+
+ /**
+ * Return SQL expression to check for permissions.
+ *
+ * Creates part of an SQL expression that can be used to request items with the
+ * standard set of Geeklog permissions.
+ *
+ * @param string $type part of the SQL expr. e.g. 'WHERE', 'AND'
+ * @param int $u_id user id or 0 = current user
+ * @param int $access access to check for (2=read, 3=r&write)
+ * @param string $table table name if ambiguous (e.g. in JOINs)
+ * @return string SQL expression string (may be empty)
+ */
+ function COM_getPermSQL( $type = 'WHERE', $u_id = 0, $access = 2, $table = '' )
+ {
+ global $_USER, $_GROUPS;
+
+ if( !empty( $table ))
+ {
+ $table .= '.';
+ }
+
+ if( $u_id <= 0 )
+ {
+ $uid = $_USER['uid'];
+ $GROUPS = $_GROUPS;
+ }
+ else
+ {
+ $uid = $u_id;
+ $GROUPS = SEC_getUserGroups( $uid );
+ }
+
+ if( SEC_inGroup( 'Root', $uid ))
+ {
+ return '';
+ }
+
+ $sql = ' ' . $type . ' (';
+
+ if( $uid > 1 )
+ {
+ $sql .= "(({$table}owner_id = '{$uid}') AND ({$table}perm_owner >= $access)) OR ";
+
+ $groupList = '';
+ foreach( $GROUPS as $grp )
+ {
+ $groupList .= $grp . ',';
+ }
+ $groupList = substr( $groupList, 0, -1 );
+ $sql .= "(({$table}group_id IN ($groupList)) AND ({$table}perm_group >= $access)) OR ";
+
+ $sql .= "({$table}perm_members >= $access)";
+ }
+ else
+ {
+ $sql .= "{$table}perm_anon >= $access";
+ }
+
+ $sql .= ')';
+
+ return $sql;
+ }
+
/**
More information about the geeklog-cvs
mailing list