|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace phpMyFAQ\Permission; |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* The large permission class provides section rights for groups and users. |
|
7
|
|
|
* |
|
8
|
|
|
* |
|
9
|
|
|
* |
|
10
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public License, |
|
11
|
|
|
* v. 2.0. If a copy of the MPL was not distributed with this file, You can |
|
12
|
|
|
* obtain one at http://mozilla.org/MPL/2.0/. |
|
13
|
|
|
* |
|
14
|
|
|
* @package phpMyFAQ |
|
15
|
|
|
* @author Lars Tiedemann <[email protected]> |
|
16
|
|
|
* @author Thorsten Rinne <[email protected]> |
|
17
|
|
|
* @copyright 2005-2019 phpMyFAQ Team |
|
18
|
|
|
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 |
|
19
|
|
|
* @link https://www.phpmyfaq.de |
|
20
|
|
|
* @since 2005-09-17 |
|
21
|
|
|
*/ |
|
22
|
|
|
|
|
23
|
|
|
use phpMyFAQ\Configuration; |
|
24
|
|
|
use phpMyFAQ\Db; |
|
25
|
|
|
use phpMyFAQ\User\CurrentUser; |
|
26
|
|
|
|
|
27
|
|
|
if (!defined('IS_VALID_PHPMYFAQ')) { |
|
28
|
|
|
exit(); |
|
29
|
|
|
} |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* The large permission class is not yet implemented in phpMyFAQ. |
|
33
|
|
|
* |
|
34
|
|
|
* @package phpMyFAQ |
|
35
|
|
|
* @author Lars Tiedemann <[email protected]> |
|
36
|
|
|
* @author Thorsten Rinne <[email protected]> |
|
37
|
|
|
* @copyright 2005-2019 phpMyFAQ Team |
|
38
|
|
|
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 |
|
39
|
|
|
* @link https://www.phpmyfaq.de |
|
40
|
|
|
* @since 2005-09-17 |
|
41
|
|
|
*/ |
|
42
|
|
|
class LargePermission extends MediumPermission |
|
43
|
|
|
{ |
|
44
|
|
|
/** |
|
45
|
|
|
* Default data for new sections. |
|
46
|
|
|
* |
|
47
|
|
|
* @var array |
|
48
|
|
|
*/ |
|
49
|
|
|
public $defaultSectionData = [ |
|
50
|
|
|
'name' => 'DEFAULT_SECTION', |
|
51
|
|
|
'description' => 'Short section description.', |
|
52
|
|
|
]; |
|
53
|
|
|
|
|
54
|
|
|
/** |
|
55
|
|
|
* Constructor. |
|
56
|
|
|
* |
|
57
|
|
|
* @param Configuration $config |
|
58
|
|
|
*/ |
|
59
|
|
|
public function __construct(Configuration $config) |
|
60
|
|
|
{ |
|
61
|
|
|
parent::__construct($config); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* Returns true, if the user given by $userId owns the right |
|
66
|
|
|
* specified by $right in a section. It does not matter if |
|
67
|
|
|
* the user owns this right as a user-right or because of a |
|
68
|
|
|
* group-membership in a section. The parameter $right may |
|
69
|
|
|
* be a right-ID (recommended for performance) or a right-name. |
|
70
|
|
|
* |
|
71
|
|
|
* @param int $userId |
|
72
|
|
|
* @param mixed $right |
|
73
|
|
|
* |
|
74
|
|
|
* @return bool |
|
75
|
|
|
*/ |
|
76
|
|
View Code Duplication |
public function checkRight($userId, $right) |
|
|
|
|
|
|
77
|
|
|
{ |
|
78
|
|
|
$user = new CurrentUser($this->config); |
|
79
|
|
|
$user->getUserById($userId); |
|
80
|
|
|
|
|
81
|
|
|
if ($user->isSuperAdmin()) { |
|
82
|
|
|
return true; |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
// get right id |
|
86
|
|
|
if (!is_numeric($right) && is_string($right)) { |
|
87
|
|
|
$right = $this->getRightId($right); |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
// check user right, group right and section right |
|
91
|
|
|
if ( |
|
92
|
|
|
$this->checkUserSectionRight($userId, $right) || |
|
93
|
|
|
$this->checkUserGroupRight($userId, $right) || |
|
94
|
|
|
$this->checkUserRight($userId, $right) |
|
95
|
|
|
) { |
|
96
|
|
|
return true; |
|
97
|
|
|
} |
|
98
|
|
|
return false; |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
/** |
|
102
|
|
|
* Returns true if the user $userId owns the right $rightId |
|
103
|
|
|
* because of a section membership, otherwise false. |
|
104
|
|
|
* |
|
105
|
|
|
* @param int $userId |
|
106
|
|
|
* @param int $rightId |
|
107
|
|
|
* |
|
108
|
|
|
* @return bool |
|
109
|
|
|
*/ |
|
110
|
|
|
public function checkUserSectionRight($userId, $rightId) |
|
111
|
|
|
{ |
|
112
|
|
|
if ($userId < 0 || !is_numeric($userId) || $rightId < 0 || !is_numeric($rightId)) { |
|
113
|
|
|
return false; |
|
114
|
|
|
} |
|
115
|
|
|
$select = sprintf(' |
|
116
|
|
|
SELECT |
|
117
|
|
|
fgr.right_id |
|
118
|
|
|
FROM |
|
119
|
|
|
%sfaquser_group fug |
|
120
|
|
|
LEFT JOIN |
|
121
|
|
|
%sfaqgroup_right fgr |
|
122
|
|
|
ON |
|
123
|
|
|
fgr.group_id = fug.group_id |
|
124
|
|
|
WHERE |
|
125
|
|
|
fug.user_id = %d |
|
126
|
|
|
AND |
|
127
|
|
|
fgr.right_id = %d |
|
128
|
|
|
', |
|
129
|
|
|
DB::getTablePrefix(), |
|
130
|
|
|
DB::getTablePrefix(), |
|
131
|
|
|
$userId, |
|
132
|
|
|
$rightId |
|
133
|
|
|
); |
|
134
|
|
|
|
|
135
|
|
|
$res = $this->config->getDb()->query($select); |
|
136
|
|
|
if (!$res) { |
|
137
|
|
|
return false; |
|
138
|
|
|
} |
|
139
|
|
|
if ($this->config->getDb()->numRows($res) > 0) { |
|
140
|
|
|
return true; |
|
141
|
|
|
} |
|
142
|
|
|
return false; |
|
143
|
|
|
} |
|
144
|
|
|
|
|
145
|
|
|
/** |
|
146
|
|
|
* Adds a new section to the database and returns the ID of the |
|
147
|
|
|
* new section. The associative array $sectionData contains the |
|
148
|
|
|
* data for the new section. |
|
149
|
|
|
* |
|
150
|
|
|
* @param array $sectionData Array of section data |
|
151
|
|
|
* |
|
152
|
|
|
* @return int |
|
153
|
|
|
*/ |
|
154
|
|
View Code Duplication |
public function addSection(Array $sectionData) |
|
|
|
|
|
|
155
|
|
|
{ |
|
156
|
|
|
// check if section already exists |
|
157
|
|
|
if ($this->getSectionId($sectionData['name']) > 0) { |
|
158
|
|
|
return 0; |
|
159
|
|
|
} |
|
160
|
|
|
|
|
161
|
|
|
$nextId = $this->config->getDb()->nextId(Db::getTablePrefix().'faqsections', 'id'); |
|
162
|
|
|
$sectionData = $this->checkSectionData($sectionData); |
|
163
|
|
|
$insert = sprintf(" |
|
164
|
|
|
INSERT INTO |
|
165
|
|
|
%sfaqsections |
|
166
|
|
|
(id, name, description) |
|
167
|
|
|
VALUES |
|
168
|
|
|
(%d, '%s', '%s')", |
|
169
|
|
|
Db::getTablePrefix(), |
|
170
|
|
|
$nextId, |
|
171
|
|
|
$sectionData['name'], |
|
172
|
|
|
$sectionData['description'] |
|
173
|
|
|
); |
|
174
|
|
|
|
|
175
|
|
|
$res = $this->config->getDb()->query($insert); |
|
176
|
|
|
if (!$res) { |
|
177
|
|
|
return 0; |
|
178
|
|
|
} |
|
179
|
|
|
|
|
180
|
|
|
return $nextId; |
|
181
|
|
|
} |
|
182
|
|
|
|
|
183
|
|
|
/** |
|
184
|
|
|
* Changes the section data of the given section. |
|
185
|
|
|
* |
|
186
|
|
|
* @param int $sectionId |
|
187
|
|
|
* @param array $sectionData |
|
188
|
|
|
* @return bool |
|
189
|
|
|
*/ |
|
190
|
|
View Code Duplication |
public function changeSection($sectionId, Array $sectionData) |
|
|
|
|
|
|
191
|
|
|
{ |
|
192
|
|
|
$checkedData = $this->checkSectionData($sectionData); |
|
193
|
|
|
$set = ''; |
|
194
|
|
|
$comma = ''; |
|
195
|
|
|
|
|
196
|
|
|
foreach ($sectionData as $key => $val) { |
|
197
|
|
|
$set .= $comma.$key." = '".$this->config->getDb()->escape($checkedData[$key])."'"; |
|
198
|
|
|
$comma = ",\n "; |
|
199
|
|
|
} |
|
200
|
|
|
|
|
201
|
|
|
$update = sprintf(' |
|
202
|
|
|
UPDATE |
|
203
|
|
|
%sfaqsections |
|
204
|
|
|
SET |
|
205
|
|
|
%s |
|
206
|
|
|
WHERE |
|
207
|
|
|
id = %d', |
|
208
|
|
|
Db::getTablePrefix(), |
|
209
|
|
|
$set, |
|
210
|
|
|
$sectionId |
|
211
|
|
|
); |
|
212
|
|
|
|
|
213
|
|
|
$res = $this->config->getDb()->query($update); |
|
214
|
|
|
|
|
215
|
|
|
if (!$res) { |
|
216
|
|
|
return false; |
|
217
|
|
|
} |
|
218
|
|
|
|
|
219
|
|
|
return true; |
|
220
|
|
|
} |
|
221
|
|
|
|
|
222
|
|
|
/** |
|
223
|
|
|
* Checks the given associative array $sectionData. If a |
|
224
|
|
|
* parameter is incorrect or is missing, it will be replaced |
|
225
|
|
|
* by the default values in $this->defaultSectionData. |
|
226
|
|
|
* Returns the corrected $sectionData associative array. |
|
227
|
|
|
* |
|
228
|
|
|
* @param array $sectionData |
|
229
|
|
|
* @return array |
|
230
|
|
|
*/ |
|
231
|
|
|
public function checkSectionData(Array $sectionData) |
|
232
|
|
|
{ |
|
233
|
|
View Code Duplication |
if (!isset($sectionData['name']) || !is_string($sectionData['name'])) { |
|
234
|
|
|
$sectionData['name'] = $this->defaultSectionData['name']; |
|
235
|
|
|
} |
|
236
|
|
View Code Duplication |
if (!isset($sectionData['description']) || !is_string($sectionData['description'])) { |
|
237
|
|
|
$sectionData['description'] = $this->defaultSectionData['description']; |
|
238
|
|
|
} |
|
239
|
|
|
|
|
240
|
|
|
return $sectionData; |
|
241
|
|
|
} |
|
242
|
|
|
|
|
243
|
|
|
/** |
|
244
|
|
|
* Removes the section given by $sectionId from the database. |
|
245
|
|
|
* Returns true on success, otherwise false. |
|
246
|
|
|
* |
|
247
|
|
|
* @param int $sectionId |
|
248
|
|
|
* @return bool |
|
249
|
|
|
*/ |
|
250
|
|
View Code Duplication |
public function deleteSection($sectionId) |
|
|
|
|
|
|
251
|
|
|
{ |
|
252
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId)) { |
|
253
|
|
|
return false; |
|
254
|
|
|
} |
|
255
|
|
|
|
|
256
|
|
|
$delete = sprintf(' |
|
257
|
|
|
DELETE FROM |
|
258
|
|
|
%sfaqsections |
|
259
|
|
|
WHERE |
|
260
|
|
|
id = %d', |
|
261
|
|
|
Db::getTablePrefix(), |
|
262
|
|
|
$sectionId |
|
263
|
|
|
); |
|
264
|
|
|
|
|
265
|
|
|
$res = $this->config->getDb()->query($delete); |
|
266
|
|
|
if (!$res) { |
|
267
|
|
|
return false; |
|
268
|
|
|
} |
|
269
|
|
|
|
|
270
|
|
|
$delete = sprintf(' |
|
271
|
|
|
DELETE FROM |
|
272
|
|
|
%sfaqsection_group |
|
273
|
|
|
WHERE |
|
274
|
|
|
section_id = %d', |
|
275
|
|
|
Db::getTablePrefix(), |
|
276
|
|
|
$sectionId |
|
277
|
|
|
); |
|
278
|
|
|
|
|
279
|
|
|
$res = $this->config->getDb()->query($delete); |
|
280
|
|
|
if (!$res) { |
|
281
|
|
|
return false; |
|
282
|
|
|
} |
|
283
|
|
|
|
|
284
|
|
|
$delete = sprintf(' |
|
285
|
|
|
DELETE FROM |
|
286
|
|
|
%sfaqsection_news |
|
287
|
|
|
WHERE |
|
288
|
|
|
section_id = %d', |
|
289
|
|
|
Db::getTablePrefix(), |
|
290
|
|
|
$sectionId |
|
291
|
|
|
); |
|
292
|
|
|
|
|
293
|
|
|
$res = $this->config->getDb()->query($delete); |
|
294
|
|
|
if (!$res) { |
|
295
|
|
|
return false; |
|
296
|
|
|
} |
|
297
|
|
|
|
|
298
|
|
|
return true; |
|
299
|
|
|
} |
|
300
|
|
|
|
|
301
|
|
|
/** |
|
302
|
|
|
* Returns true if the user given by $userId is a member of |
|
303
|
|
|
* the section specified by $sectionId, otherwise false. |
|
304
|
|
|
* |
|
305
|
|
|
* @param int $userId |
|
306
|
|
|
* @param int $sectionId |
|
307
|
|
|
* @return bool |
|
308
|
|
|
*/ |
|
309
|
|
|
public function isSectionMember($userId, $sectionId) |
|
310
|
|
|
{ |
|
311
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId) || $userId <= 0 || !is_numeric($userId)) { |
|
312
|
|
|
return false; |
|
313
|
|
|
} |
|
314
|
|
|
|
|
315
|
|
|
$select = sprintf(' |
|
316
|
|
|
SELECT |
|
317
|
|
|
fsg.user_id |
|
318
|
|
|
FROM |
|
319
|
|
|
%sfaqsection_group fsg |
|
320
|
|
|
LEFT JOIN |
|
321
|
|
|
%sfaquser_group fug |
|
322
|
|
|
ON |
|
323
|
|
|
fug.group_id = fsg.group_id |
|
324
|
|
|
WHERE |
|
325
|
|
|
fug.user_id = %d |
|
326
|
|
|
AND fsg.section_id = %d |
|
327
|
|
|
', |
|
328
|
|
|
Db::getTablePrefix(), |
|
329
|
|
|
Db::getTablePrefix(), |
|
330
|
|
|
$sectionId, |
|
331
|
|
|
$userId |
|
332
|
|
|
); |
|
333
|
|
|
|
|
334
|
|
|
$res = $this->config->getDb()->query($select); |
|
335
|
|
|
|
|
336
|
|
|
if ($this->config->getDb()->numRows($res) > 0) { |
|
337
|
|
|
return true; |
|
338
|
|
|
} |
|
339
|
|
|
|
|
340
|
|
|
return false; |
|
341
|
|
|
} |
|
342
|
|
|
|
|
343
|
|
|
/** |
|
344
|
|
|
* Returns an array that contains the user IDs of all members |
|
345
|
|
|
* of the section $sectionId. |
|
346
|
|
|
* |
|
347
|
|
|
* @param int $sectionId |
|
348
|
|
|
* @return array |
|
349
|
|
|
*/ |
|
350
|
|
|
public function getSectionMembers($sectionId) |
|
351
|
|
|
{ |
|
352
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId)) { |
|
353
|
|
|
return []; |
|
354
|
|
|
} |
|
355
|
|
|
|
|
356
|
|
|
$select = sprintf(' |
|
357
|
|
|
SELECT |
|
358
|
|
|
fsg.user_id |
|
359
|
|
|
FROM |
|
360
|
|
|
%sfaqsection_group fsg |
|
361
|
|
|
LEFT JOIN |
|
362
|
|
|
%sfaquser_group fug |
|
363
|
|
|
ON |
|
364
|
|
|
fug.group_id = fsg.group_id |
|
365
|
|
|
WHERE |
|
366
|
|
|
fsg.section_id = %d |
|
367
|
|
|
', |
|
368
|
|
|
Db::getTablePrefix(), |
|
369
|
|
|
Db::getTablePrefix(), |
|
370
|
|
|
$sectionId |
|
371
|
|
|
); |
|
372
|
|
|
|
|
373
|
|
|
$res = $this->config->getDb()->query($select); |
|
374
|
|
|
|
|
375
|
|
|
$result = []; |
|
376
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
377
|
|
|
$result[] = $row['user_id']; |
|
378
|
|
|
} |
|
379
|
|
|
|
|
380
|
|
|
return $result; |
|
381
|
|
|
} |
|
382
|
|
|
|
|
383
|
|
|
/** |
|
384
|
|
|
* Returns an array that contains the group IDs of all groups |
|
385
|
|
|
* of the section $sectionId. |
|
386
|
|
|
* |
|
387
|
|
|
* @param int $sectionId |
|
388
|
|
|
* @return array |
|
389
|
|
|
*/ |
|
390
|
|
View Code Duplication |
public function getSectionGroups($sectionId) |
|
|
|
|
|
|
391
|
|
|
{ |
|
392
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId)) { |
|
393
|
|
|
return []; |
|
394
|
|
|
} |
|
395
|
|
|
|
|
396
|
|
|
$select = sprintf(' |
|
397
|
|
|
SELECT |
|
398
|
|
|
%sfaqsection_group.group_id |
|
399
|
|
|
FROM |
|
400
|
|
|
%sfaqsection_group |
|
401
|
|
|
WHERE |
|
402
|
|
|
%sfaqsection_group.section_id = %d |
|
403
|
|
|
', |
|
404
|
|
|
Db::getTablePrefix(), |
|
405
|
|
|
Db::getTablePrefix(), |
|
406
|
|
|
Db::getTablePrefix(), |
|
407
|
|
|
$sectionId |
|
408
|
|
|
); |
|
409
|
|
|
|
|
410
|
|
|
$res = $this->config->getDb()->query($select); |
|
411
|
|
|
|
|
412
|
|
|
$result = []; |
|
413
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
414
|
|
|
$result[] = $row['group_id']; |
|
415
|
|
|
} |
|
416
|
|
|
|
|
417
|
|
|
return $result; |
|
418
|
|
|
} |
|
419
|
|
|
|
|
420
|
|
|
/** |
|
421
|
|
|
* Adds a new group $groupId to the section $sectionId. |
|
422
|
|
|
* Returns true on success, otherwise false. |
|
423
|
|
|
* |
|
424
|
|
|
* @param int $groupId |
|
425
|
|
|
* @param int $sectionId |
|
426
|
|
|
* @return bool |
|
427
|
|
|
*/ |
|
428
|
|
|
public function addGroupToSection($groupId, $sectionId) |
|
429
|
|
|
{ |
|
430
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId) | $groupId <= 0 || !is_numeric($groupId)) { |
|
431
|
|
|
return false; |
|
432
|
|
|
} |
|
433
|
|
|
|
|
434
|
|
|
$select = sprintf(' |
|
435
|
|
|
SELECT |
|
436
|
|
|
group_id |
|
437
|
|
|
FROM |
|
438
|
|
|
%sfaqsection_group |
|
439
|
|
|
WHERE |
|
440
|
|
|
section_id = %d |
|
441
|
|
|
AND |
|
442
|
|
|
group_id = %d |
|
443
|
|
|
', |
|
444
|
|
|
Db::getTablePrefix(), |
|
445
|
|
|
$sectionId, |
|
446
|
|
|
$groupId |
|
447
|
|
|
); |
|
448
|
|
|
|
|
449
|
|
|
$res = $this->config->getDb()->query($select); |
|
450
|
|
|
|
|
451
|
|
|
if ($this->config->getDb()->numRows($res) > 0) { |
|
452
|
|
|
return false; |
|
453
|
|
|
} |
|
454
|
|
|
|
|
455
|
|
|
$insert = sprintf(' |
|
456
|
|
|
INSERT INTO |
|
457
|
|
|
%sfaqsection_group |
|
458
|
|
|
(section_id, group_id) |
|
459
|
|
|
VALUES |
|
460
|
|
|
(%d, %d)', |
|
461
|
|
|
Db::getTablePrefix(), |
|
462
|
|
|
$sectionId, |
|
463
|
|
|
$groupId |
|
464
|
|
|
); |
|
465
|
|
|
|
|
466
|
|
|
$res = $this->config->getDb()->query($insert); |
|
467
|
|
|
if (!$res) { |
|
468
|
|
|
return false; |
|
469
|
|
|
} |
|
470
|
|
|
|
|
471
|
|
|
return true; |
|
472
|
|
|
} |
|
473
|
|
|
|
|
474
|
|
|
/** |
|
475
|
|
|
* Removes all groups from the section $sectionId. |
|
476
|
|
|
* Returns true on success, otherwise false. |
|
477
|
|
|
* |
|
478
|
|
|
* @param int $sectionId |
|
479
|
|
|
* @return bool |
|
480
|
|
|
*/ |
|
481
|
|
View Code Duplication |
public function removeAllGroupsFromSection($sectionId) |
|
|
|
|
|
|
482
|
|
|
{ |
|
483
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId)) { |
|
484
|
|
|
return false; |
|
485
|
|
|
} |
|
486
|
|
|
|
|
487
|
|
|
$delete = sprintf(' |
|
488
|
|
|
DELETE FROM |
|
489
|
|
|
%sfaqsection_group |
|
490
|
|
|
WHERE |
|
491
|
|
|
section_id = %d', |
|
492
|
|
|
DB::getTablePrefix(), |
|
493
|
|
|
$sectionId |
|
494
|
|
|
); |
|
495
|
|
|
|
|
496
|
|
|
$res = $this->config->getDb()->query($delete); |
|
497
|
|
|
if (!$res) { |
|
498
|
|
|
return false; |
|
499
|
|
|
} |
|
500
|
|
|
|
|
501
|
|
|
return true; |
|
502
|
|
|
} |
|
503
|
|
|
|
|
504
|
|
|
/** |
|
505
|
|
|
* Removes a group $groupId from the section $sectionId. |
|
506
|
|
|
* Returns true on success, otherwise false. |
|
507
|
|
|
* |
|
508
|
|
|
* @param int $groupId |
|
509
|
|
|
* @param int $sectionId |
|
510
|
|
|
* @return bool |
|
511
|
|
|
*/ |
|
512
|
|
|
public function removeGroupFromSection($groupId, $sectionId) |
|
513
|
|
|
{ |
|
514
|
|
|
if ($sectionId <= 0 || !is_numeric($sectionId) | $groupId <= 0 || !is_numeric($groupId)) { |
|
515
|
|
|
return false; |
|
516
|
|
|
} |
|
517
|
|
|
|
|
518
|
|
|
$delete = sprintf(' |
|
519
|
|
|
DELETE FROM |
|
520
|
|
|
%sfaqsection_group |
|
521
|
|
|
WHERE |
|
522
|
|
|
group_id = %d |
|
523
|
|
|
AND |
|
524
|
|
|
section_id = %d', |
|
525
|
|
|
Db::getTablePrefix(), |
|
526
|
|
|
$sectionId, |
|
527
|
|
|
$groupId |
|
528
|
|
|
); |
|
529
|
|
|
|
|
530
|
|
|
$res = $this->config->getDb()->query($delete); |
|
531
|
|
|
if (!$res) { |
|
532
|
|
|
return false; |
|
533
|
|
|
} |
|
534
|
|
|
|
|
535
|
|
|
return true; |
|
536
|
|
|
} |
|
537
|
|
|
|
|
538
|
|
|
/** |
|
539
|
|
|
* Returns the ID of the section that has the name $name. Returns |
|
540
|
|
|
* 0 if the section name cannot be found. |
|
541
|
|
|
* |
|
542
|
|
|
* @param string $name |
|
543
|
|
|
* @return int |
|
544
|
|
|
*/ |
|
545
|
|
|
public function getSectionId($name) |
|
546
|
|
|
{ |
|
547
|
|
|
$select = sprintf(' |
|
548
|
|
|
SELECT |
|
549
|
|
|
id |
|
550
|
|
|
FROM |
|
551
|
|
|
%sfaqsections |
|
552
|
|
|
WHERE |
|
553
|
|
|
name = %s', |
|
554
|
|
|
Db::getTablePrefix(), |
|
555
|
|
|
$name |
|
556
|
|
|
); |
|
557
|
|
|
|
|
558
|
|
|
$res = $this->config->getDb()->query($select); |
|
559
|
|
|
if ($this->config->getDb()->numRows($res) != 1) { |
|
560
|
|
|
return 0; |
|
561
|
|
|
} |
|
562
|
|
|
$row = $this->config->getDb()->fetchArray($res); |
|
563
|
|
|
|
|
564
|
|
|
return $row['id']; |
|
565
|
|
|
} |
|
566
|
|
|
|
|
567
|
|
|
/** |
|
568
|
|
|
* Returns an associative array with the section data of the section |
|
569
|
|
|
* $sectionId. |
|
570
|
|
|
* |
|
571
|
|
|
* @param int $sectionId |
|
572
|
|
|
* @return array |
|
573
|
|
|
*/ |
|
574
|
|
|
public function getSectionData($sectionId) |
|
575
|
|
|
{ |
|
576
|
|
|
$select = sprintf(' |
|
577
|
|
|
SELECT |
|
578
|
|
|
* |
|
579
|
|
|
FROM |
|
580
|
|
|
%sfaqsections |
|
581
|
|
|
WHERE |
|
582
|
|
|
id = %d', |
|
583
|
|
|
Db::getTablePrefix(), |
|
584
|
|
|
$sectionId |
|
585
|
|
|
); |
|
586
|
|
|
|
|
587
|
|
|
$res = $this->config->getDb()->query($select); |
|
588
|
|
|
if ($this->config->getDb()->numRows($res) != 1) { |
|
589
|
|
|
return 0; |
|
590
|
|
|
} |
|
591
|
|
|
$row = $this->config->getDb()->fetchArray($res); |
|
592
|
|
|
|
|
593
|
|
|
return $row; |
|
594
|
|
|
} |
|
595
|
|
|
|
|
596
|
|
|
/** |
|
597
|
|
|
* Returns an array with the IDs of all sections stored in the |
|
598
|
|
|
* database if no user ID is passed. |
|
599
|
|
|
* @param int $userId |
|
600
|
|
|
* @return array |
|
601
|
|
|
*/ |
|
602
|
|
|
public function getAllSections($userId = 1) |
|
603
|
|
|
{ |
|
604
|
|
|
if ($userId != 1) { |
|
605
|
|
|
return $this->getUserSections($userId); |
|
606
|
|
|
} |
|
607
|
|
|
|
|
608
|
|
|
$select = sprintf('SELECT * FROM %sfaqsections', Db::getTablePrefix()); |
|
609
|
|
|
|
|
610
|
|
|
$res = $this->config->getDb()->query($select); |
|
611
|
|
|
if (!$res || $this->config->getDb()->numRows($res) < 1) { |
|
612
|
|
|
return []; |
|
613
|
|
|
} |
|
614
|
|
|
$result = []; |
|
615
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
616
|
|
|
$result[] = $row['id']; |
|
617
|
|
|
} |
|
618
|
|
|
|
|
619
|
|
|
return $result; |
|
620
|
|
|
} |
|
621
|
|
|
|
|
622
|
|
|
/** |
|
623
|
|
|
* Returns an array that contains the IDs of all sections in which |
|
624
|
|
|
* the user $userId is a member. |
|
625
|
|
|
* |
|
626
|
|
|
* @param int $userId |
|
627
|
|
|
* @return array |
|
628
|
|
|
*/ |
|
629
|
|
|
public function getUserSections($userId) |
|
630
|
|
|
{ |
|
631
|
|
|
if ($userId <= 0 || !is_numeric($userId)) { |
|
632
|
|
|
return [-1]; |
|
633
|
|
|
} |
|
634
|
|
|
|
|
635
|
|
|
$select = sprintf(' |
|
636
|
|
|
SELECT |
|
637
|
|
|
fsg.section_id |
|
638
|
|
|
FROM |
|
639
|
|
|
%sfaqsection_group fsg |
|
640
|
|
|
LEFT JOIN |
|
641
|
|
|
%sfaquser_group fug |
|
642
|
|
|
ON |
|
643
|
|
|
fug.group_id = fsg.group_id |
|
644
|
|
|
WHERE |
|
645
|
|
|
fug.user_id = %d', |
|
646
|
|
|
Db::getTablePrefix(), |
|
647
|
|
|
Db::getTablePrefix(), |
|
648
|
|
|
$userId |
|
649
|
|
|
); |
|
650
|
|
|
|
|
651
|
|
|
$res = $this->config->getDb()->query($select); |
|
652
|
|
|
|
|
653
|
|
|
if ($this->config->getDb()->numRows($res) < 1) { |
|
654
|
|
|
return [-1]; |
|
655
|
|
|
} |
|
656
|
|
|
$result = []; |
|
657
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
658
|
|
|
$result[] = $row['section_id']; |
|
659
|
|
|
} |
|
660
|
|
|
|
|
661
|
|
|
return $result; |
|
662
|
|
|
} |
|
663
|
|
|
|
|
664
|
|
|
/** |
|
665
|
|
|
* Returns an array that contains the right-IDs of all rights |
|
666
|
|
|
* the user $userId owns. User-rights and the rights the user |
|
667
|
|
|
* owns because of a section membership are taken into account. |
|
668
|
|
|
* |
|
669
|
|
|
* @param int $userId |
|
670
|
|
|
* @return array |
|
671
|
|
|
*/ |
|
672
|
|
|
public function getAllUserRights($userId) |
|
673
|
|
|
{ |
|
674
|
|
|
if ($userId <= 0 || !is_numeric($userId)) { |
|
675
|
|
|
return []; |
|
676
|
|
|
} |
|
677
|
|
|
$userRights = $this->getUserRights($userId); |
|
678
|
|
|
$groupRights = $this->getUserGroupRights($userId); |
|
679
|
|
|
$sectionRights = $this->getUserSectionRights($userId); |
|
680
|
|
|
|
|
681
|
|
|
return array_unique(array_merge($userRights, $groupRights, $sectionRights)); |
|
682
|
|
|
} |
|
683
|
|
|
|
|
684
|
|
|
/** |
|
685
|
|
|
* Removes the group $groupId from all sections. |
|
686
|
|
|
* Returns true on success, otherwise false. |
|
687
|
|
|
* |
|
688
|
|
|
* @param int $groupId |
|
689
|
|
|
* @return bool |
|
690
|
|
|
*/ |
|
691
|
|
View Code Duplication |
public function removeGroupFromAllSections($groupId) |
|
|
|
|
|
|
692
|
|
|
{ |
|
693
|
|
|
if ($groupId < 1 || !is_numeric($groupId)) { |
|
694
|
|
|
return false; |
|
695
|
|
|
} |
|
696
|
|
|
|
|
697
|
|
|
$delete = sprintf(' |
|
698
|
|
|
DELETE FROM |
|
699
|
|
|
%sfaqsection_group |
|
700
|
|
|
WHERE |
|
701
|
|
|
group_id = %s', |
|
702
|
|
|
DB::getTablePrefix(), |
|
703
|
|
|
$groupId |
|
704
|
|
|
); |
|
705
|
|
|
|
|
706
|
|
|
$res = $this->config->getDb()->query($delete); |
|
707
|
|
|
if (!$res) { |
|
708
|
|
|
return false; |
|
709
|
|
|
} |
|
710
|
|
|
return true; |
|
711
|
|
|
} |
|
712
|
|
|
|
|
713
|
|
|
/** |
|
714
|
|
|
* Returns an array that contains the IDs of all rights the user |
|
715
|
|
|
* $userId owns because of a section membership. |
|
716
|
|
|
* |
|
717
|
|
|
* @param int $userId |
|
718
|
|
|
* @return array |
|
719
|
|
|
*/ |
|
720
|
|
|
public function getUserSectionRights($userId) |
|
721
|
|
|
{ |
|
722
|
|
|
if ($userId < 1 || !is_numeric($userId)) { |
|
723
|
|
|
return []; |
|
724
|
|
|
} |
|
725
|
|
|
$select = sprintf(' |
|
726
|
|
|
SELECT |
|
727
|
|
|
right_id |
|
728
|
|
|
FROM |
|
729
|
|
|
%sfaquser_group fug |
|
730
|
|
|
LEFT JOIN |
|
731
|
|
|
%sfaqgroup_right fgr |
|
732
|
|
|
ON |
|
733
|
|
|
fgr.group_id = fug.group_id |
|
734
|
|
|
WHERE |
|
735
|
|
|
fug.user_id = %d', |
|
736
|
|
|
DB::getTablePrefix(), |
|
737
|
|
|
DB::getTablePrefix(), |
|
738
|
|
|
$userId |
|
739
|
|
|
); |
|
740
|
|
|
|
|
741
|
|
|
$res = $this->config->getDb()->query($select); |
|
742
|
|
|
if (!$res) { |
|
743
|
|
|
return []; |
|
744
|
|
|
} |
|
745
|
|
|
$result = []; |
|
746
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
747
|
|
|
array_push($result, $row['right_id']); |
|
748
|
|
|
} |
|
749
|
|
|
return $result; |
|
750
|
|
|
} |
|
751
|
|
|
|
|
752
|
|
|
/** |
|
753
|
|
|
* Returns the name of the section $sectionId. |
|
754
|
|
|
* |
|
755
|
|
|
* @param int $sectionId |
|
756
|
|
|
* @return string |
|
757
|
|
|
*/ |
|
758
|
|
View Code Duplication |
public function getSectionName($sectionId) |
|
|
|
|
|
|
759
|
|
|
{ |
|
760
|
|
|
if (!is_numeric($sectionId) || $sectionId < 1) { |
|
761
|
|
|
return '-'; |
|
762
|
|
|
} |
|
763
|
|
|
$select = sprintf(' |
|
764
|
|
|
SELECT |
|
765
|
|
|
name |
|
766
|
|
|
FROM |
|
767
|
|
|
%sfaqsections |
|
768
|
|
|
WHERE |
|
769
|
|
|
id = %d', |
|
770
|
|
|
DB::getTablePrefix(), |
|
771
|
|
|
$sectionId |
|
772
|
|
|
); |
|
773
|
|
|
$res = $this->config->getDb()->query($select); |
|
774
|
|
|
if ($this->config->getDb()->numRows($res) != 1) { |
|
775
|
|
|
return '-'; |
|
776
|
|
|
} |
|
777
|
|
|
$row = $this->config->getDb()->fetchArray($res); |
|
778
|
|
|
|
|
779
|
|
|
return $row['name']; |
|
780
|
|
|
} |
|
781
|
|
|
|
|
782
|
|
|
/** |
|
783
|
|
|
* Adds a new category $categoryId to the section $sectionId. |
|
784
|
|
|
* Returns true on success, otherwise false. |
|
785
|
|
|
* |
|
786
|
|
|
* @param int $categoryId |
|
787
|
|
|
* @param int $sectionId |
|
788
|
|
|
* @return bool |
|
789
|
|
|
*/ |
|
790
|
|
View Code Duplication |
public function addCategoryToSection($categoryId, $sectionId) |
|
|
|
|
|
|
791
|
|
|
{ |
|
792
|
|
|
if (!is_numeric($categoryId) || $categoryId < 1 || !is_numeric($sectionId) || $sectionId < 1) { |
|
793
|
|
|
return false; |
|
794
|
|
|
} |
|
795
|
|
|
$insert = sprintf(' |
|
796
|
|
|
INSERT INTO |
|
797
|
|
|
%sfaqsection_category |
|
798
|
|
|
(category_id, section_id) |
|
799
|
|
|
VALUES |
|
800
|
|
|
(%s,%s)', |
|
801
|
|
|
DB::getTablePrefix(), |
|
802
|
|
|
$categoryId, |
|
803
|
|
|
$sectionId |
|
804
|
|
|
); |
|
805
|
|
|
$res = $this->config->getDb()->query($insert); |
|
806
|
|
|
if (!$res) { |
|
807
|
|
|
return false; |
|
808
|
|
|
} |
|
809
|
|
|
return true; |
|
810
|
|
|
} |
|
811
|
|
|
|
|
812
|
|
|
/** |
|
813
|
|
|
* Removes a category $categoryId to the section $sectionId. |
|
814
|
|
|
* Returns true on success, otherwise false. |
|
815
|
|
|
* |
|
816
|
|
|
* @param int $categoryId |
|
817
|
|
|
* @param int $sectionId |
|
818
|
|
|
* @return bool |
|
819
|
|
|
*/ |
|
820
|
|
View Code Duplication |
public function removeCategoryFromSection($categoryId, $sectionId) |
|
|
|
|
|
|
821
|
|
|
{ |
|
822
|
|
|
if (!is_numeric($categoryId) || $categoryId < 1 || !is_numeric($sectionId) || $sectionId < 1) { |
|
823
|
|
|
return false; |
|
824
|
|
|
} |
|
825
|
|
|
$delete = sprintf(' |
|
826
|
|
|
DELETE FROM |
|
827
|
|
|
%sfaqsection_category |
|
828
|
|
|
WHERE |
|
829
|
|
|
category_id = %d |
|
830
|
|
|
AND |
|
831
|
|
|
section_id = %d', |
|
832
|
|
|
DB::getTablePrefix(), |
|
833
|
|
|
$categoryId, |
|
834
|
|
|
$sectionId |
|
835
|
|
|
); |
|
836
|
|
|
$res = $this->config->getDb()->query($delete); |
|
837
|
|
|
if (!$res) { |
|
838
|
|
|
return false; |
|
839
|
|
|
} |
|
840
|
|
|
return true; |
|
841
|
|
|
} |
|
842
|
|
|
|
|
843
|
|
|
/** |
|
844
|
|
|
* Returns an array that contains the category IDs of all categories |
|
845
|
|
|
* of the section $sectionId. |
|
846
|
|
|
* |
|
847
|
|
|
* @param int $sectionId |
|
848
|
|
|
* @return array |
|
849
|
|
|
*/ |
|
850
|
|
|
public function getSectionCategories($sectionId) |
|
851
|
|
|
{ |
|
852
|
|
|
if (!is_numeric($sectionId) || $sectionId < 1) { |
|
853
|
|
|
return []; |
|
854
|
|
|
} |
|
855
|
|
|
$select = sprintf(' |
|
856
|
|
|
SELECT |
|
857
|
|
|
category_id |
|
858
|
|
|
FROM |
|
859
|
|
|
%sfaqsection_category |
|
860
|
|
|
WHERE |
|
861
|
|
|
section_id = %d', |
|
862
|
|
|
DB::getTablePrefix(), |
|
863
|
|
|
$sectionId |
|
864
|
|
|
); |
|
865
|
|
|
$res = $this->config->getDb()->query($select); |
|
866
|
|
|
$result = []; |
|
867
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
868
|
|
|
$result[] = $row['category_id']; |
|
869
|
|
|
} |
|
870
|
|
|
return $result; |
|
871
|
|
|
} |
|
872
|
|
|
|
|
873
|
|
|
/** |
|
874
|
|
|
* Removes the category $categoryId from all sections. |
|
875
|
|
|
* Returns true on success, otherwise false. |
|
876
|
|
|
* |
|
877
|
|
|
* @param int $categoryId |
|
878
|
|
|
* @return bool |
|
879
|
|
|
*/ |
|
880
|
|
View Code Duplication |
public function removeCategoryFromAllSections($categoryId) |
|
|
|
|
|
|
881
|
|
|
{ |
|
882
|
|
|
if (!is_numeric($categoryId) || $categoryId < 1) { |
|
883
|
|
|
return false; |
|
884
|
|
|
} |
|
885
|
|
|
$delete = sprintf(' |
|
886
|
|
|
DELETE FROM |
|
887
|
|
|
%sfaqsection_category |
|
888
|
|
|
WHERE |
|
889
|
|
|
category_id = %d', |
|
890
|
|
|
DB::getTablePrefix(), |
|
891
|
|
|
$categoryId |
|
892
|
|
|
); |
|
893
|
|
|
$res = $this->config->getDb()->query($delete); |
|
894
|
|
|
if (!$res) { |
|
895
|
|
|
return false; |
|
896
|
|
|
} |
|
897
|
|
|
return true; |
|
898
|
|
|
} |
|
899
|
|
|
|
|
900
|
|
|
/** |
|
901
|
|
|
* Adds a new news $newsId to the section $sectionId. |
|
902
|
|
|
* Returns true on success, otherwise false. |
|
903
|
|
|
* |
|
904
|
|
|
* @param int $newsId |
|
905
|
|
|
* @param int $sectionId |
|
906
|
|
|
* @return bool |
|
907
|
|
|
*/ |
|
908
|
|
View Code Duplication |
public function addNewsToSection($newsId, $sectionId) |
|
|
|
|
|
|
909
|
|
|
{ |
|
910
|
|
|
if (!is_numeric($newsId) || $newsId < 1 || !is_numeric($sectionId) || $sectionId < 1) { |
|
911
|
|
|
return false; |
|
912
|
|
|
} |
|
913
|
|
|
$insert = sprintf(' |
|
914
|
|
|
INSERT INTO |
|
915
|
|
|
%sfaqsection_news |
|
916
|
|
|
(news_id, section_id) |
|
917
|
|
|
VALUES |
|
918
|
|
|
(%s,%s)', |
|
919
|
|
|
DB::getTablePrefix(), |
|
920
|
|
|
$newsId, |
|
921
|
|
|
$sectionId |
|
922
|
|
|
); |
|
923
|
|
|
$res = $this->config->getDb()->query($insert); |
|
924
|
|
|
if (!$res) { |
|
925
|
|
|
return false; |
|
926
|
|
|
} |
|
927
|
|
|
return true; |
|
928
|
|
|
} |
|
929
|
|
|
|
|
930
|
|
|
/** |
|
931
|
|
|
* Removes a news $newsId from the section $sectionId. |
|
932
|
|
|
* Returns true on success, otherwise false. |
|
933
|
|
|
* |
|
934
|
|
|
* @param int $newsId |
|
935
|
|
|
* @param int $sectionId |
|
936
|
|
|
* @return bool |
|
937
|
|
|
*/ |
|
938
|
|
View Code Duplication |
public function removeNewsFromSection($newsId, $sectionId) |
|
|
|
|
|
|
939
|
|
|
{ |
|
940
|
|
|
if (!is_numeric($newsId) || $newsId < 1 || !is_numeric($sectionId) || $sectionId < 1) { |
|
941
|
|
|
return false; |
|
942
|
|
|
} |
|
943
|
|
|
$delete = sprintf(' |
|
944
|
|
|
DELETE FROM |
|
945
|
|
|
%sfaqsection_news |
|
946
|
|
|
WHERE |
|
947
|
|
|
news_id = %d |
|
948
|
|
|
AND |
|
949
|
|
|
section_id = %d', |
|
950
|
|
|
DB::getTablePrefix(), |
|
951
|
|
|
$newsId, |
|
952
|
|
|
$sectionId |
|
953
|
|
|
); |
|
954
|
|
|
$res = $this->config->getDb()->query($delete); |
|
955
|
|
|
if (!$res) { |
|
956
|
|
|
return false; |
|
957
|
|
|
} |
|
958
|
|
|
return true; |
|
959
|
|
|
} |
|
960
|
|
|
|
|
961
|
|
|
/** |
|
962
|
|
|
* Returns an array that contains the news IDs of all news |
|
963
|
|
|
* of the section $sectionId. |
|
964
|
|
|
* |
|
965
|
|
|
* @param int $sectionId |
|
966
|
|
|
* @return array |
|
967
|
|
|
*/ |
|
968
|
|
|
public function getSectionNews($sectionId) |
|
969
|
|
|
{ |
|
970
|
|
|
if (!is_numeric($sectionId) || $sectionId < 1) { |
|
971
|
|
|
return []; |
|
972
|
|
|
} |
|
973
|
|
|
$select = sprintf(' |
|
974
|
|
|
SELECT |
|
975
|
|
|
news_id |
|
976
|
|
|
FROM |
|
977
|
|
|
%sfaqsection_news |
|
978
|
|
|
WHERE |
|
979
|
|
|
section_id = %d', |
|
980
|
|
|
DB::getTablePrefix(), |
|
981
|
|
|
$sectionId |
|
982
|
|
|
); |
|
983
|
|
|
$res = $this->config->getDb()->query($select); |
|
984
|
|
|
$result = []; |
|
985
|
|
|
while ($row = $this->config->getDb()->fetchArray($res)) { |
|
986
|
|
|
$result[] = $row['news_id']; |
|
987
|
|
|
} |
|
988
|
|
|
return $result; |
|
989
|
|
|
} |
|
990
|
|
|
|
|
991
|
|
|
/** |
|
992
|
|
|
* Removes the news $newsId from all sections. |
|
993
|
|
|
* Returns true on success, otherwise false. |
|
994
|
|
|
* |
|
995
|
|
|
* @param int $newsId |
|
996
|
|
|
* @return bool |
|
997
|
|
|
*/ |
|
998
|
|
View Code Duplication |
public function removeNewsFromAllSections($newsId) |
|
|
|
|
|
|
999
|
|
|
{ |
|
1000
|
|
|
if (!is_numeric($newsId) || $newsId < 1) { |
|
1001
|
|
|
return false; |
|
1002
|
|
|
} |
|
1003
|
|
|
$delete = sprintf(' |
|
1004
|
|
|
DELETE FROM |
|
1005
|
|
|
%sfaqsection_news |
|
1006
|
|
|
WHERE |
|
1007
|
|
|
news_id = %d', |
|
1008
|
|
|
DB::getTablePrefix(), |
|
1009
|
|
|
$newsId |
|
1010
|
|
|
); |
|
1011
|
|
|
$res = $this->config->getDb()->query($delete); |
|
1012
|
|
|
if (!$res) { |
|
1013
|
|
|
return false; |
|
1014
|
|
|
} |
|
1015
|
|
|
return true; |
|
1016
|
|
|
} |
|
1017
|
|
|
|
|
1018
|
|
|
} |
|
1019
|
|
|
|
thorsten /
phpMyFAQ
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.