Changeset 18 for base.php

Timestamp:

Oct 21, 2008, 4:15:52 PM (16 years ago)

Author:

george

Message:

• Upraveno: Prozatím jednoduché oprávnění pro čtení a zápis k jednotlivým seznamům.
• Přidáno: Typ GPS souřadnice.
• Opraveno: Převod přes hašovací funkci SHA1 u typu Password.
• Upraveno: Možnost vybrat variantu Žádný u odkazů.
• Opraveno: Součinost modulu User s časovou databázovou strukturou.

File:

• base.php (modified) (17 diffs)

base.php

@@ -5 +5 @@
   global $Database, $Types, $Config;
 
-  //if(!CheckPermission('Read', $List['Id'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
+  if(!CheckPermission('Read', $List['ItemId']))
+  {
+    if($Column != '') return('');
+    else return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
+  }
 
   if($Title == '') $Output = '<div>'.$List['Title'].'</div>';
@@ -33 +37 @@
   if(array_key_exists('OrderColumn', $_GET))
   {
-    if($_SESSION['OrderColumn'] == $_GET['OrderColumn']) // Same column => reverse orded
+    if($_SESSION['OrderColumn'] == $_GET['OrderColumn']) // Same column => reverse order
       $_SESSION['OrderDirection'] = ($_SESSION['OrderDirection'] + 1) % 2;
     if($_SESSION['OrderTable'] != $List['TableName']) // Different table => set ascending order
@@ -65 +69 @@
       }
     }
-    $Output .= '<td><a href="?Action=ViewItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/view.png" alt="Zobrazit" title="Zobrazit"></a> <a href="?Action=EditItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/edit.png" alt="Editovat" title="Editovat"></a> <a href="?Action=DeleteItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/delete.png" alt="Smazat" title="Smazat"></a></td></tr>';
+    $Output .= '<td>';
+    if(CheckPermission('Read', $List['ItemId'])) $Output .= '<a href="?Action=ViewItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/view.png" alt="Zobrazit" title="Zobrazit"></a>';
+    if(CheckPermission('Write', $List['ItemId'])) $Output .= ' <a href="?Action=EditItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/edit.png" alt="Editovat" title="Editovat"></a>';
+    if(CheckPermission('Write', $List['ItemId'])) $Output .= ' <a href="?Action=DeleteItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'"><img border="0" src="images/delete.png" alt="Smazat" title="Smazat"></a>';
+    $Output .= '</td></tr>';
   }
   $Output .= '</table>';
   $PageList = PagesList($Page, $TotalItemCount);
   if(strlen($PageList) != 0) $Output .= $PageList.'<br />';
-  $Output .= ' <a href="?Action=AddItem&amp;Table='.$List['TableName'].$ColumnSelection.'">Přidat</a> '.$FullListLink;
+  if(CheckPermission('Write', $List['ItemId'])) $Output .= ' <a href="?Action=AddItem&amp;Table='.$List['TableName'].$ColumnSelection.'">Přidat</a> '.$FullListLink;
   return($Output);
 }
@@ -86 +94 @@
       $Output .= '<th><a href="?OrderColumn='.$Item['Name'].'">'.$Item['TextBefore'].'</a></th>';
   }
-  $Output .= '<th><a href="?OrderColumn=Author">Autor</a></th><th><a href="?OrderColumn=CreationTime">Čas vytvoření</a></th><th>Akce</th></tr>';
+  $Output .= '<th><a href="?OrderColumn=Author">Autor</a></th><th><a href="?OrderColumn=CreationTime">Čas vytvoření</a></th><th><a href="?OrderColumn=CreationTime">Čas odstranění</a></th><th>Akce</th></tr>';
 
   $Where = ' AND (ItemId='.$Id.')';
@@ -127 +135 @@
       }
     }
-    echo($TypeNames['PointerOneToUser']);
-    $Item = array('Name' => 'Author', 'Type' => $TypeNames['PointerOneToUser']);
+    //print_r($TypeNames);
+    //print_r($Types);
+    $Item = array('Name' => 'Author', 'Type' => $TypeNames['PointerToUser']);
+    //print_r($Item);
     $ItemType = explode('|', $Types[$Item['Type']]['Parameters']);
     $Type = $Types[$ItemType[0]];
@@ -136 +146 @@
     $Output .= '<td>'.$Value.'</td>';
 
-    $Output .= '<td>'.$DbRow['CreationTime'].'</td>';
+    $Output .= '<td>'.$DbRow['CreationTime'].'</td><td>'.$DbRow['DeletionTime'].'</td>';
     $Output .= '<td><a href="?Action=ViewItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['Id'].'"><img border="0" src="images/view.png" alt="Zobrazit" title="Zobrazit"></a></td></tr>';
   }
@@ -149 +159 @@
   global $Database, $Types;
 
+  if(!CheckPermission('Write', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $DbResult = $Database->select($List['TableName'], '*', 'ItemId='.$Id.' ORDER BY Id DESC LIMIT 1');
   while($DbRow = $DbResult->fetch_array())
@@ -184 +195 @@
   global $Database, $Types, $System, $LogActionType;
 
+  if(!CheckPermission('Write', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $DbResult = $Database->select($List['TableName'], '*', 'ItemId='.$Id.' ORDER BY Id DESC LIMIT 1');
   while($DbRow = $DbResult->fetch_array())
@@ -220 +232 @@
   global $Database, $Types;
 
+  if(!CheckPermission('Write', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $DefinitionItems = array();
   $AfterTableOutput = '';
@@ -260 +273 @@
   global $Database, $Types, $System, $LogActionType;
 
+  if(!CheckPermission('Write', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $DefinitionItems = array();
   $AfterTableOutput = '';
@@ -298 +312 @@
   global $Database, $Types, $Lists;
 
+  if(!CheckPermission('Read', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $Output = '';
   $DbResult = $Database->select($List['TableName'], '*', 'ItemId='.$Id.' ORDER BY Id DESC LIMIT 1');
@@ -317 +332 @@
     );
     $Output .= $Form->ShowReadOnlyForm();
-    $Output .= '<a href="?Action=EditItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'">Editovat</a> ';
+    if(CheckPermission('Write', $List['ItemId'])) $Output .= '<a href="?Action=EditItem&amp;Table='.$List['TableName'].'&amp;Item='.$DbRow['ItemId'].'">Editovat</a> ';
 
     if(($Column != '') and ($ColumnValue != 0))
@@ -344 +359 @@
   global $Database, $Lists, $System, $LogActionType;
 
+  if(!CheckPermission('Write', $List['ItemId'])) return(SystemMessage('Řízení přístupu', 'Nemáte dostatečná oprávnění'));
   $System->Modules['Log']->Add($List['Id'], $Id, $LogActionType['Delete']);
   $System->Modules['DatabaseList']->DeleteItem($List['TableName'], $Id);
@@ -359 +375 @@
   while($DbRow = $DbResult->fetch_assoc())
   {
-    $Output .= '<strong>'.$DbRow['Name'].'</strong><br />';
+    $Group = '';
     $DbResult2 = $Database->query('SELECT t1.* FROM `SystemList` AS t1 LEFT JOIN `SystemList` AS t2 ON t1.ItemId=t2.ItemId AND t1.Id < t2.Id WHERE (t2.ItemId IS NULL) AND (t1.DeletionTime IS NULL) AND (t1.`Menu` = '.$DbRow['ItemId'].')');
     while($DbRow2 = $DbResult2->fetch_assoc())
     {
-      //if(($List['System'] == $System) and ($List['VisibleInMenu'] == 1))
-      //if(CheckPermission('Read', $List['Id']))
-      $Output .= '<a href="?Action=ShowList&amp;Table='.$DbRow2['TableName'].'">'.$DbRow2['Title'].'</a><br />';
-    }
-    $Output .= '<br />';
+      if(CheckPermission('Read', $DbRow2['ItemId']))
+        $Group .= '<a href="?Action=ShowList&amp;Table='.$DbRow2['TableName'].'">'.$DbRow2['Title'].'</a><br />';
+    }
+    if($Group != '')
+      $Output .= '<strong>'.$DbRow['Name'].'</strong><br />'.$Group.'<br />';
   }
   $Output .= '<br />';
@@ -440 +456 @@
     $List = array(
      'Id' => $DbRow['Id'],
+     'ItemId' => $DbRow['ItemId'],
      'TableName' => $DbRow['TableName'],
      'Title' => $DbRow['Title'],
-     'System' => $DbRow['System'],
-     'VisibleInMenu' => $DbRow['VisibleInMenu'],
      'Items' => $Items,
     );
@@ -513 +528 @@
   global $Database, $System;
 
-  $DbResult = $Database->query('SELECT t1.* FROM `Permission` AS t1 LEFT JOIN `Permission` AS t2 ON t1.ItemId=t2.ItemId AND t1.Id < t2.Id WHERE (t2.ItemId IS NULL) AND t1.PermissionGroup = (SELECT PermissionGroup.Id FROM PermissionGroup WHERE PermissionGroup.Id=(SELECT User.PermissionGroup FROM User WHERE User.ItemId='.$System->Modules['User']->User['Id'].' ORDER BY User.Id DESC LIMIT 1) ORDER BY PermissionGroup.Id DESC LIMIT 1) AND t1.DeletionTime IS NULL AND t1.List='.$ListId);
+  $Result = FALSE;
+  //return(TRUE);
+  $DbResult = $Database->query('SELECT t1.* FROM `Permission` AS t1 LEFT JOIN `Permission` AS t2 ON t1.ItemId=t2.ItemId AND t1.Id < t2.Id WHERE (t2.ItemId IS NULL) AND t1.PermissionGroup = (SELECT PermissionGroup.Id FROM PermissionGroup WHERE PermissionGroup.Id=(SELECT User.PermissionGroup FROM User WHERE User.ItemId='.$System->Modules['User']->User['ItemId'].' ORDER BY User.Id DESC LIMIT 1) ORDER BY PermissionGroup.Id DESC LIMIT 1) AND t1.DeletionTime IS NULL AND t1.List='.$ListId);
   if($DbResult->num_rows > 0)
   {
@@ -519 +536 @@
     switch($DbRow['Right'])
     {
-      case 0: return(array('Read' => FALSE, 'Write' => FALSE));
-      case 1: return(array('Read' => TRUE, 'Write' => FALSE));
-      case 2: return(array('Read' => TRUE, 'Write' => TRUE));
-    }
-  }
+      case 0: $Privileges = array('Read' => FALSE, 'Write' => FALSE); break;
+      case 1: $Privileges = array('Read' => TRUE, 'Write' => FALSE); break;
+      case 2: $Privileges = array('Read' => TRUE, 'Write' => TRUE); break;
+    }
+    $Result = $Privileges[$Right];
+  }
+  //print_r($Privileges);
+  //echo($DbRow['Right'].' '.$Result.'<br>');
+  return($Result);
 }