This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||
2 | |||
3 | namespace XoopsModules\Publisher; |
||
4 | |||
5 | /* |
||
6 | You may not change or alter any portion of this comment or credits |
||
7 | of supporting developers from this source code or any supporting source code |
||
8 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
9 | |||
10 | This program is distributed in the hope that it will be useful, |
||
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
13 | */ |
||
14 | |||
15 | /** |
||
16 | * Publisher class |
||
17 | * |
||
18 | * @copyright XOOPS Project (https://xoops.org) |
||
19 | * @license https://www.fsf.org/copyleft/gpl.html GNU public license |
||
20 | * @since 1.0 |
||
21 | * @author trabis <[email protected]> |
||
22 | * @author The SmartFactory <www.smartfactory.ca> |
||
23 | */ |
||
24 | |||
25 | /** @var Helper $this- >helper */ |
||
26 | |||
27 | //require_once \dirname(__DIR__) . '/include/common.php'; |
||
28 | |||
29 | /** |
||
30 | * Class PermissionHandler |
||
31 | */ |
||
32 | class PermissionHandler extends \XoopsObjectHandler |
||
33 | { |
||
34 | /** |
||
35 | * @var Helper |
||
36 | */ |
||
37 | public $helper; |
||
38 | |||
39 | public function __construct(\XoopsDatabase $db = null, Helper $helper = null) |
||
40 | { |
||
41 | $this->helper = $helper ?? Helper::getInstance(); |
||
42 | } |
||
43 | |||
44 | /** |
||
45 | * Returns permissions for a certain type |
||
46 | * |
||
47 | * @param string $gpermName "global", "forum" or "topic" (should perhaps have "post" as well - but I don't know) |
||
48 | * @param int $id id of the item (forum, topic or possibly post) to get permissions for |
||
49 | * |
||
50 | * @return array |
||
51 | */ |
||
52 | public function getGrantedGroupsById($gpermName, $id) |
||
53 | { |
||
54 | static $items; |
||
55 | if (isset($items[$gpermName][$id])) { |
||
56 | return $items[$gpermName][$id]; |
||
57 | } |
||
58 | $groups = []; |
||
59 | $criteria = new \CriteriaCompo(); |
||
60 | $criteria->add( |
||
61 | new \Criteria( |
||
62 | 'gperm_modid', $this->helper->getModule() |
||
63 | ->getVar('mid') |
||
64 | ) |
||
65 | ); |
||
66 | $criteria->add(new \Criteria('gperm_name', $gpermName)); |
||
67 | $criteria->add(new \Criteria('gperm_itemid', $id)); |
||
68 | //Instead of calling groupperm handler and get objects, we will save some memory and do it our way |
||
69 | /** @var \XoopsMySQLDatabase $db */ |
||
70 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
71 | $limit = $start = 0; |
||
72 | $sql = 'SELECT gperm_groupid FROM ' . $db->prefix('group_permission'); |
||
73 | if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) { |
||
0 ignored issues
–
show
introduced
by
![]() |
|||
74 | $sql .= ' ' . $criteria->renderWhere(); |
||
75 | $limit = $criteria->getLimit(); |
||
76 | $start = $criteria->getStart(); |
||
77 | } |
||
78 | $result = $db->query($sql, $limit, $start); |
||
79 | /** @var array $myrow */ |
||
80 | while (false !== ($myrow = $db->fetchArray($result))) { |
||
81 | $groups[$myrow['gperm_groupid']] = $myrow['gperm_groupid']; |
||
82 | } |
||
83 | $items[$gpermName][$id] = $groups; |
||
84 | |||
85 | return $groups; |
||
86 | } |
||
87 | |||
88 | /** |
||
89 | * Returns permissions for a certain type |
||
90 | * |
||
91 | * @param string $gpermName "global", "forum" or "topic" (should perhaps have "post" as well - but I don't know) |
||
92 | * |
||
93 | * @return array |
||
94 | */ |
||
95 | public function getGrantedItems($gpermName) |
||
96 | { |
||
97 | static $items; |
||
98 | if (isset($items[$gpermName])) { |
||
99 | return $items[$gpermName]; |
||
100 | } |
||
101 | |||
102 | $ret = []; |
||
103 | //Instead of calling groupperm handler and get objects, we will save some memory and do it our way |
||
104 | $criteria = new \CriteriaCompo(new \Criteria('gperm_name', $gpermName)); |
||
105 | $criteria->add( |
||
106 | new \Criteria( |
||
107 | 'gperm_modid', $this->helper->getModule() |
||
108 | ->getVar('mid') |
||
109 | ) |
||
110 | ); |
||
111 | |||
112 | //Get user's groups |
||
113 | $groups = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [XOOPS_GROUP_ANONYMOUS]; |
||
114 | $criteria2 = new \CriteriaCompo(); |
||
115 | foreach ($groups as $gid) { |
||
116 | $criteria2->add(new \Criteria('gperm_groupid', $gid), 'OR'); |
||
117 | } |
||
118 | $criteria->add($criteria2); |
||
119 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
120 | $sql = 'SELECT gperm_itemid FROM ' . $db->prefix('group_permission'); |
||
121 | $sql .= ' ' . $criteria->renderWhere(); |
||
122 | $result = $db->query($sql, 0, 0); |
||
123 | while (false !== ($myrow = $db->fetchArray($result))) { |
||
124 | $ret[$myrow['gperm_itemid']] = (int)$myrow['gperm_itemid']; |
||
125 | } |
||
126 | $items[$gpermName] = $ret; |
||
127 | |||
128 | return $ret; |
||
129 | } |
||
130 | |||
131 | /** |
||
132 | * @param string $gpermName |
||
133 | * @param int $id |
||
134 | * |
||
135 | * @return bool |
||
136 | */ |
||
137 | public function isGranted($gpermName, $id) |
||
138 | { |
||
139 | if (!$id) { |
||
140 | return false; |
||
141 | } |
||
142 | $permissions = $this->getGrantedItems($gpermName); |
||
143 | |||
144 | return !empty($permissions) && isset($permissions[$id]); |
||
145 | } |
||
146 | |||
147 | /** |
||
148 | * Saves permissions for the selected category |
||
149 | * saveCategoryPermissions() |
||
150 | * |
||
151 | * @param array $groups : group with granted permission |
||
152 | * @param int $itemId : itemid on which we are setting permissions for Categories and Forums |
||
153 | * @param string $permName : name of the permission |
||
154 | * |
||
155 | * @return bool : TRUE if the no errors occured |
||
156 | */ |
||
157 | public function saveItemPermissions($groups, $itemId, $permName) |
||
158 | { |
||
159 | $result = true; |
||
160 | $moduleId = $this->helper->getModule() |
||
161 | ->getVar('mid'); |
||
162 | /** @var \XoopsGroupPermHandler $grouppermHandler */ |
||
163 | $grouppermHandler = \xoops_getHandler('groupperm'); |
||
164 | // First, if the permissions are already there, delete them |
||
165 | $grouppermHandler->deleteByModule($moduleId, $permName, $itemId); |
||
166 | // Save the new permissions |
||
167 | if (\count($groups) > 0) { |
||
168 | foreach ($groups as $groupId) { |
||
169 | echo $groupId . '-'; |
||
170 | echo $grouppermHandler->addRight($permName, $itemId, $groupId, $moduleId); |
||
171 | } |
||
172 | } |
||
173 | |||
174 | return $result; |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * Delete all permission for a specific item |
||
179 | * deletePermissions() |
||
180 | * |
||
181 | * @param int $itemId : id of the item for which to delete the permissions |
||
182 | * @param string $gpermName |
||
183 | * |
||
184 | * @return bool : TRUE if the no errors occured |
||
185 | */ |
||
186 | public function deletePermissions($itemId, $gpermName) |
||
187 | { |
||
188 | $result = true; |
||
189 | $grouppermHandler = \xoops_getHandler('groupperm'); |
||
190 | $grouppermHandler->deleteByModule( |
||
191 | $this->helper->getModule() |
||
192 | ->getVar('mid'), $gpermName, $itemId |
||
193 | ); |
||
194 | |||
195 | return $result; |
||
196 | } |
||
197 | } |
||
198 |