Ignore:
Timestamp:
Sep 15, 2012, 2:39:38 PM (12 years ago)
Author:
mistic100
Message:

check AP restrictions and user.forbidden_cetegories

Location:
extensions/linked_pages
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • extensions/linked_pages/include/functions.inc.php

    r17882 r17925  
    2323function linked_pages_loc_end_index()
    2424{
    25   global $page, $user, $template;
     25  global $page, $user, $template, $conf;
    2626 
    27 
    2827  if ( isset($page['section']) and $page['section']=='categories' and isset($page['category']) )
    2928  {
     29    $where_clauses = array('category_id = '.$page['category']['id']);
     30   
     31    if (!is_admin())
     32    {
     33      if ($conf['AP']['language_perm'])
     34      {
     35        $where_clauses[] = '(ap.lang = NULL OR ap.lang = "'.$user['language'].'")';
     36      }
     37      if ($conf['AP']['level_perm'])
     38      {
     39        $where_clauses[] = 'ap.level <= '.$user['level'];
     40      }
     41      if ($conf['AP']['user_perm'])
     42      {
     43        $where_clauses[] = 'ap.users LIKE "%'.$user['status'].'%"';
     44      }
     45      if ($conf['AP']['group_perm'])
     46      {
     47        $query = '
     48SELECT group_id
     49  FROM '.USER_GROUP_TABLE.'
     50  WHERE user_id = '.$user['id'].'
     51;';
     52        $user_groups = array_from_query($query, 'group_id');
     53      }
     54    }
     55   
    3056    $query = '
    3157SELECT
     
    3460    ap.title,
    3561    ap.standalone,
    36     ap.permalink
     62    ap.permalink,
     63    ap.groups
    3764  FROM '.LINKEDPAGES_TABLE.' AS lp
    3865    INNER JOIN '.ADD_PAGES_TABLE.' AS ap
    3966    ON lp.page_id = ap.id
    40   WHERE category_id = '.$page['category']['id'].'
     67  WHERE
     68    '.implode("\n    AND ", $where_clauses).'
    4169  ORDER BY lp.pos
    4270;';
     
    5078    while ($row = pwg_db_fetch_assoc($result))
    5179    {
    52       if ( isset($row['lang']) and $row['lang'] != $user['language'] ) return;
     80      if ( !is_admin() and $conf['AP']['group_perm'] and !empty($row['groups']) )
     81      {
     82        $authorized = false;
     83        foreach (explode(',',$row['groups']) as $group_id)
     84        {
     85          if (in_array($group_id, $user_groups))
     86          {
     87            $authorized = true;
     88            break;
     89          }
     90        }
     91        if (!$authorized) continue;
     92      }
     93       
     94     
    5395      $row['U_PAGE'] = make_index_url(array('section'=>'page')).'/'.(isset($row['permalink']) ? $row['permalink'] : $row['page_id']);
    5496      $row['TITLE'] = trigger_event('AP_render_title', $row['title']);
     
    62104  else if ( isset($page['section']) and $page['section']=='additional_page' and isset($page['additional_page']) )
    63105  {
     106    $where_clauses = array('page_id = '.$page['additional_page']['id']);
     107   
     108    if (!is_admin())
     109    {
     110      $where_clauses[] = 'lp.category_id NOT IN('.$user['forbidden_categories'].')';
     111    }
     112   
    64113    $query = '
    65114SELECT
     
    70119    INNER JOIN '.CATEGORIES_TABLE.' AS cat
    71120    ON lp.category_id = cat.id
    72   WHERE page_id = '.$page['additional_page']['id'].'
     121  WHERE
     122    '.implode("\n    AND ", $where_clauses).'
    73123  ORDER BY lp.pos
    74124;';

  • extensions/linked_pages/main.inc.php

    r17888 r17925  
    1616// | Define plugin constants                                               |
    1717// +-----------------------------------------------------------------------+
    18 define('LINKEDPAGES_PATH' ,   PHPWG_PLUGINS_PATH . 'linked_pages/');
     18defined('LINKEDPAGES_ID') or define('LINKEDPAGES_ID', basename(dirname(__FILE__)));
     19define('LINKEDPAGES_PATH' ,   PHPWG_PLUGINS_PATH . LINKEDPAGES_ID . '/');
    1920define('LINKEDPAGES_TABLE',   $prefixeTable . 'linked_pages');
    20 define('LINKEDPAGES_ADMIN',   get_root_url() . 'admin.php?page=plugin-linked_pages');
     21define('LINKEDPAGES_ADMIN',   get_root_url() . 'admin.php?page=plugin-' . LINKEDPAGES_ID);
    2122define('LINKEDPAGES_VERSION', '1.0.0');
    2223
     
    5152 
    5253  if (
    53     $pwg_loaded_plugins['linked_pages']['version'] == 'auto' or
    54     version_compare($pwg_loaded_plugins['linked_pages']['version'], LINKEDPAGES_VERSION, '<')
     54    $pwg_loaded_plugins[LINKEDPAGES_ID]['version'] == 'auto' or
     55    version_compare($pwg_loaded_plugins[LINKEDPAGES_ID]['version'], LINKEDPAGES_VERSION, '<')
    5556  )
    5657  {
     
    5859    linked_pages_install();
    5960   
    60     if ($pwg_loaded_plugins['linked_pages']['version'] != 'auto')
     61    if ($pwg_loaded_plugins[LINKEDPAGES_ID]['version'] != 'auto')
    6162    {
    6263      $query = '
    6364UPDATE '. PLUGINS_TABLE .'
    6465SET version = "'. LINKEDPAGES_VERSION .'"
    65 WHERE id = "linked_pages"';
     66WHERE id = "'. LINKEDPAGES_ID .'"';
    6667      pwg_query($query);
    6768     
    68       $pwg_loaded_plugins['linked_pages']['version'] = LINKEDPAGES_VERSION;
     69      $pwg_loaded_plugins[LINKEDPAGES_ID]['version'] = LINKEDPAGES_VERSION;
    6970     
    7071      if (defined('IN_ADMIN'))
    7172      {
    72         $_SESSION['page_infos'][] = 'Skeleton updated to version '. LINKEDPAGES_VERSION;
     73        $_SESSION['page_infos'][] = 'Linked Pages updated to version '. LINKEDPAGES_VERSION;
    7374      }
    7475    }

  • extensions/linked_pages/maintain.inc.php

    r17882 r17925  
    22if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
    33
    4 include_once(PHPWG_PLUGINS_PATH . 'linked_pages/include/install.inc.php');
     4defined('LINKEDPAGES_ID') or define('LINKEDPAGES_ID', basename(dirname(__FILE__)));
     5include_once(PHPWG_PLUGINS_PATH . LINKEDPAGES_ID '/include/install.inc.php');
    56
    67
Note: See TracChangeset for help on using the changeset viewer.