From 47dffa09f4abf8476b3b86e452b24c91327b6269 Mon Sep 17 00:00:00 2001 From: Seth Date: Mon, 4 Oct 2021 00:11:50 -0400 Subject: [PATCH] Add CSRF to lightbox access endpoints --- app/controllers/LightboxController.php | 2719 +++++++++-------- app/helpers/utilityHelpers.php | 5 +- .../views/Classroom/form_set_info_html.php | 2 + .../views/Lightbox/form_set_info_html.php | 2 + .../views/Lightbox/form_share_set_html.php | 3 +- .../views/Lightbox/form_user_group_html.php | 3 +- .../views/Lightbox/set_access_html.php | 10 +- 7 files changed, 1380 insertions(+), 1364 deletions(-) diff --git a/app/controllers/LightboxController.php b/app/controllers/LightboxController.php index ae926f8103..8a9cc9c3bb 100644 --- a/app/controllers/LightboxController.php +++ b/app/controllers/LightboxController.php @@ -26,1450 +26,1459 @@ * ---------------------------------------------------------------------- */ - require_once(__CA_LIB_DIR__."/ApplicationError.php"); - require_once(__CA_LIB_DIR__."/Datamodel.php"); - require_once(__CA_APP_DIR__.'/helpers/accessHelpers.php'); - require_once(__CA_MODELS_DIR__."/ca_objects.php"); - require_once(__CA_MODELS_DIR__."/ca_sets.php"); - require_once(__CA_MODELS_DIR__."/ca_user_groups.php"); - require_once(__CA_MODELS_DIR__."/ca_sets_x_user_groups.php"); - require_once(__CA_MODELS_DIR__."/ca_sets_x_users.php"); - require_once(__CA_APP_DIR__."/controllers/FindController.php"); - require_once(__CA_LIB_DIR__."/GeographicMap.php"); - require_once(__CA_LIB_DIR__.'/Parsers/ZipStream.php'); - require_once(__CA_LIB_DIR__.'/Logging/Downloadlog.php'); - - class LightboxController extends FindController { - # ------------------------------------------------------- - /** - * @var array - */ - protected $opa_access_values; - - /** - * @var array - */ - protected $opa_user_groups; - - /** - * @var - */ - protected $ops_lightbox_display_name; - - /** - * @var - */ - protected $ops_lightbox_display_name_plural; - - /** - * @var - */ - protected $opb_is_login_redirect = false; - - /** - * @var string - */ - protected $ops_tablename = 'ca_objects'; - - /** - * - */ - protected $ops_view_prefix = 'Lightbox'; - protected $ops_description_attribute; - - # ------------------------------------------------------- - /** - * @param RequestHTTP $po_request - * @param ResponseHTTP $po_response - * @param null $pa_view_paths - * @throws ApplicationException - */ - public function __construct(&$po_request, &$po_response, $pa_view_paths=null) { - parent::__construct($po_request, $po_response, $pa_view_paths); - - // Catch disabled lightbox - if ($this->request->config->get('disable_lightbox') && $this->request->config->get('disable_classroom')) { - throw new ApplicationException('Lightbox/classroom is not enabled'); - } - if (!($this->request->isLoggedIn())) { - $this->response->setRedirect(caNavUrl($this->request, "", "LoginReg", "LoginForm")); - $this->opb_is_login_redirect = true; - return; - } - - $t_user_groups = new ca_user_groups(); - $this->opa_user_groups = $t_user_groups->getGroupList("name", "desc", $this->request->getUserID()); - $this->view->setVar("user_groups", $this->opa_user_groups); - - $this->opo_config = caGetLightboxConfig(); - caSetPageCSSClasses(array("sets", "lightbox")); - - $va_lightboxDisplayName = caGetLightboxDisplayName($this->opo_config); - $this->view->setVar('set_config', $this->opo_config); - - $this->ops_lightbox_display_name = $va_lightboxDisplayName["singular"]; - $this->ops_lightbox_display_name_plural = $va_lightboxDisplayName["plural"]; - $this->ops_description_attribute = ($this->opo_config->get("lightbox_set_description_element_code") ? $this->opo_config->get("lightbox_set_description_element_code") : "description"); - $this->view->setVar('description_attribute', $this->ops_description_attribute); - - - parent::setTableSpecificViewVars(); - } - # ------------------------------------------------------- - /** - * - */ - function index($pa_options = null) { - if($this->opb_is_login_redirect) { return; } +require_once(__CA_LIB_DIR__."/ApplicationError.php"); +require_once(__CA_LIB_DIR__."/Datamodel.php"); +require_once(__CA_APP_DIR__.'/helpers/accessHelpers.php'); +require_once(__CA_MODELS_DIR__."/ca_objects.php"); +require_once(__CA_MODELS_DIR__."/ca_sets.php"); +require_once(__CA_MODELS_DIR__."/ca_user_groups.php"); +require_once(__CA_MODELS_DIR__."/ca_sets_x_user_groups.php"); +require_once(__CA_MODELS_DIR__."/ca_sets_x_users.php"); +require_once(__CA_APP_DIR__."/controllers/FindController.php"); +require_once(__CA_LIB_DIR__."/GeographicMap.php"); +require_once(__CA_LIB_DIR__.'/Parsers/ZipStream.php'); +require_once(__CA_LIB_DIR__.'/Logging/Downloadlog.php'); - - $va_lightbox_displayname = caGetLightboxDisplayName(); - $this->view->setVar('lightbox_displayname', $va_lightbox_displayname["singular"]); - $this->view->setVar('lightbox_displayname_plural', $va_lightbox_displayname["plural"]); - - # Get sets for display - $t_sets = new ca_sets(); - $va_read_sets = $t_sets->getSetsForUser(array("table" => "ca_objects", "user_id" => $this->request->getUserID(), "checkAccess" => $this->opa_access_values, "access" => (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1, "parents_only" => true)); - $va_write_sets = $t_sets->getSetsForUser(array("table" => "ca_objects", "user_id" => $this->request->getUserID(), "checkAccess" => $this->opa_access_values, "parents_only" => true)); - - # Remove write sets from the read array - $va_read_sets = array_diff_key($va_read_sets, $va_write_sets); - - $this->view->setVar("read_sets", $va_read_sets); - $this->view->setVar("write_sets", $va_write_sets); - - $va_set_ids = array_merge(array_keys($va_read_sets), array_keys($va_write_sets)); - $this->view->setVar("set_ids", $va_set_ids); - - # Get set change log - $va_set_change_log = $t_sets->getSetChangeLog($va_set_ids); - if(is_array($va_set_change_log) && sizeof($va_set_change_log)){ - $va_set_change_log = array_slice($va_set_change_log, 0, 50); - } - $this->view->setVar("activity", $va_set_change_log); - - MetaTagManager::setWindowTitle($this->request->config->get("app_display_name").$this->request->config->get("page_title_delimiter").ucfirst($this->ops_lightbox_display_name)); - - $this->render(caGetOption("view", $pa_options, "Lightbox/set_list_html.php")); - } - # ------------------------------------------------------ - /** - * - */ - function setDetail($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - $this->request->setParameter('callback', null); - unset($_REQUEST['callback']); - - AssetLoadManager::register("mediaViewer"); - - $o_context = new ResultContext($this->request, 'ca_objects', 'sets', 'lightbox'); - $o_context->setAsLastFind(); - - $this->view->setVar('browse', $o_browse = caGetBrowseInstance("ca_objects")); - $this->view->setVar("browse_type", "caLightbox"); // this is only used when loading hierarchy facets and is a way to get around needing a browse type to pull the table in FindController - - $this->view->setVar('view', $ps_view = caCheckLightboxView(array('request' => $this->request))); - $this->view->setVar('views', $va_views = $this->opo_config->getAssoc("views")); - $va_view_info = $va_views[$ps_view]; - - // - // User must at least have read access to the set - // - if (!($t_set = $this->_getSet(__CA_SET_READ_ACCESS__))) { $this->Index(); return; } - - $vn_set_id = $t_set->get("set_id"); - $this->view->setVar("set", $t_set); - - $qr_comments = $t_set->getComments(null, null, array('returnAs' => 'searchResult')); - - $this->view->setVar("comments", $qr_comments); - $this->view->setVar("commentCountDisplay", $qr_comments ? (($vn_comment_count = $qr_comments->numHits())." ".(($vn_comment_count == 1) ? _t("comment") : _t("comments"))) : 0); - - // - // Load existing browse if key is specified - // - if ($ps_cache_key = $this->request->getParameter('key', pString)) { - $o_browse->reload($ps_cache_key); - } - - // - // Clear criteria if required - // - - if ($vs_remove_criterion = $this->request->getParameter('removeCriterion', pString)) { - $o_browse->removeCriteria($vs_remove_criterion, array($this->request->getParameter('removeID', pString))); +class LightboxController extends FindController { + # ------------------------------------------------------- + /** + * @var array + */ + protected $opa_access_values; + + /** + * @var array + */ + protected $opa_user_groups; + + /** + * @var + */ + protected $ops_lightbox_display_name; + + /** + * @var + */ + protected $ops_lightbox_display_name_plural; + + /** + * @var + */ + protected $opb_is_login_redirect = false; + + /** + * @var string + */ + protected $ops_tablename = 'ca_objects'; + + /** + * + */ + protected $ops_view_prefix = 'Lightbox'; + protected $ops_description_attribute; + + # ------------------------------------------------------- + /** + * @param RequestHTTP $po_request + * @param ResponseHTTP $po_response + * @param null $pa_view_paths + * @throws ApplicationException + */ + public function __construct(&$po_request, &$po_response, $pa_view_paths=null) { + parent::__construct($po_request, $po_response, $pa_view_paths); + + // Catch disabled lightbox + if ($this->request->config->get('disable_lightbox') && $this->request->config->get('disable_classroom')) { + throw new ApplicationException('Lightbox/classroom is not enabled'); + } + if (!($this->request->isLoggedIn())) { + $this->response->setRedirect(caNavUrl($this->request, "", "LoginReg", "LoginForm")); + $this->opb_is_login_redirect = true; + return; + } + + $t_user_groups = new ca_user_groups(); + $this->opa_user_groups = $t_user_groups->getGroupList("name", "desc", $this->request->getUserID()); + $this->view->setVar("user_groups", $this->opa_user_groups); + + $this->opo_config = caGetLightboxConfig(); + caSetPageCSSClasses(array("sets", "lightbox")); + + $va_lightboxDisplayName = caGetLightboxDisplayName($this->opo_config); + $this->view->setVar('set_config', $this->opo_config); + + $this->ops_lightbox_display_name = $va_lightboxDisplayName["singular"]; + $this->ops_lightbox_display_name_plural = $va_lightboxDisplayName["plural"]; + $this->ops_description_attribute = ($this->opo_config->get("lightbox_set_description_element_code") ? $this->opo_config->get("lightbox_set_description_element_code") : "description"); + $this->view->setVar('description_attribute', $this->ops_description_attribute); + + + parent::setTableSpecificViewVars(); + } + # ------------------------------------------------------- + /** + * + */ + function index($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + + + $va_lightbox_displayname = caGetLightboxDisplayName(); + $this->view->setVar('lightbox_displayname', $va_lightbox_displayname["singular"]); + $this->view->setVar('lightbox_displayname_plural', $va_lightbox_displayname["plural"]); + + # Get sets for display + $t_sets = new ca_sets(); + $va_read_sets = $t_sets->getSetsForUser(array("table" => "ca_objects", "user_id" => $this->request->getUserID(), "checkAccess" => $this->opa_access_values, "access" => (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1, "parents_only" => true)); + $va_write_sets = $t_sets->getSetsForUser(array("table" => "ca_objects", "user_id" => $this->request->getUserID(), "checkAccess" => $this->opa_access_values, "parents_only" => true)); + + # Remove write sets from the read array + $va_read_sets = array_diff_key($va_read_sets, $va_write_sets); + + $this->view->setVar("read_sets", $va_read_sets); + $this->view->setVar("write_sets", $va_write_sets); + + $va_set_ids = array_merge(array_keys($va_read_sets), array_keys($va_write_sets)); + $this->view->setVar("set_ids", $va_set_ids); + + # Get set change log + $va_set_change_log = $t_sets->getSetChangeLog($va_set_ids); + if(is_array($va_set_change_log) && sizeof($va_set_change_log)){ + $va_set_change_log = array_slice($va_set_change_log, 0, 50); + } + $this->view->setVar("activity", $va_set_change_log); + + MetaTagManager::setWindowTitle($this->request->config->get("app_display_name").$this->request->config->get("page_title_delimiter").ucfirst($this->ops_lightbox_display_name)); + + $this->render(caGetOption("view", $pa_options, "Lightbox/set_list_html.php")); + } + # ------------------------------------------------------ + /** + * + */ + function setDetail($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + $this->request->setParameter('callback', null); + unset($_REQUEST['callback']); + + AssetLoadManager::register("mediaViewer"); + + $o_context = new ResultContext($this->request, 'ca_objects', 'sets', 'lightbox'); + $o_context->setAsLastFind(); + + $this->view->setVar('browse', $o_browse = caGetBrowseInstance("ca_objects")); + $this->view->setVar("browse_type", "caLightbox"); // this is only used when loading hierarchy facets and is a way to get around needing a browse type to pull the table in FindController + + $this->view->setVar('view', $ps_view = caCheckLightboxView(array('request' => $this->request))); + $this->view->setVar('views', $va_views = $this->opo_config->getAssoc("views")); + $va_view_info = $va_views[$ps_view]; + + // + // User must at least have read access to the set + // + if (!($t_set = $this->_getSet(__CA_SET_READ_ACCESS__))) { $this->Index(); return; } + + $vn_set_id = $t_set->get("set_id"); + $this->view->setVar("set", $t_set); + + $qr_comments = $t_set->getComments(null, null, array('returnAs' => 'searchResult')); + + $this->view->setVar("comments", $qr_comments); + $this->view->setVar("commentCountDisplay", $qr_comments ? (($vn_comment_count = $qr_comments->numHits())." ".(($vn_comment_count == 1) ? _t("comment") : _t("comments"))) : 0); + + // + // Load existing browse if key is specified + // + if ($ps_cache_key = $this->request->getParameter('key', pString)) { + $o_browse->reload($ps_cache_key); + } + + // + // Clear criteria if required + // + + if ($vs_remove_criterion = $this->request->getParameter('removeCriterion', pString)) { + $o_browse->removeCriteria($vs_remove_criterion, array($this->request->getParameter('removeID', pString))); + } + + if ((bool)$this->request->getParameter('clear', pInteger)) { + // Clear all refine critera but *not* underlying _search criterion + $va_criteria = $o_browse->getCriteria(); + foreach($va_criteria as $vs_criterion => $va_criterion_info) { + if ($vs_criterion == '_search') { continue; } + $o_browse->removeCriteria($vs_criterion, array_keys($va_criterion_info)); } + } + + // + // Return filtering facets + // + if ($this->request->getParameter('getFacet', pInteger) && $vs_facet = $this->request->getParameter('facet', pString)) { + $this->view->setVar('facet_name', $vs_facet); + $this->view->setVar('key', $o_browse->getBrowseID()); + $va_facet_info = $o_browse->getInfoForFacet($vs_facet); + $this->view->setVar('facet_info', $va_facet_info); - if ((bool)$this->request->getParameter('clear', pInteger)) { - // Clear all refine critera but *not* underlying _search criterion - $va_criteria = $o_browse->getCriteria(); - foreach($va_criteria as $vs_criterion => $va_criterion_info) { - if ($vs_criterion == '_search') { continue; } - $o_browse->removeCriteria($vs_criterion, array_keys($va_criterion_info)); - } + // pull in different views based on format for facet - alphabetical, list, hierarchy + switch($va_facet_info["group_mode"]){ + case "alphabetical": + case "list": + default: + $this->view->setVar('facet_content', $o_browse->getFacetContent($vs_facet, array("checkAccess" => $this->opa_access_values))); + $this->render("Browse/list_facet_html.php"); + break; + case "hierarchical": + $this->render("Browse/hierarchy_facet_html.php"); + break; } - - // - // Return filtering facets - // - if ($this->request->getParameter('getFacet', pInteger) && $vs_facet = $this->request->getParameter('facet', pString)) { - $this->view->setVar('facet_name', $vs_facet); - $this->view->setVar('key', $o_browse->getBrowseID()); - $va_facet_info = $o_browse->getInfoForFacet($vs_facet); - $this->view->setVar('facet_info', $va_facet_info); - - // pull in different views based on format for facet - alphabetical, list, hierarchy - switch($va_facet_info["group_mode"]){ - case "alphabetical": - case "list": - default: - $this->view->setVar('facet_content', $o_browse->getFacetContent($vs_facet, array("checkAccess" => $this->opa_access_values))); - $this->render("Browse/list_facet_html.php"); - break; - case "hierarchical": - $this->render("Browse/hierarchy_facet_html.php"); - break; + return; + } + + // + // Add criteria and execute + // + $vs_search_expression = "ca_sets.set_id:{$vn_set_id}"; + if (($o_browse->numCriteria() == 0) && $vs_search_expression) { + $o_browse->addCriteria("_search", array($vs_search_expression)); + } + if ($vs_facet = $this->request->getParameter('facet', pString)) { + $o_browse->addCriteria($vs_facet, array($this->request->getParameter('id', pString))); + } + + // + // Sorting + // + $vb_sort_changed = false; + if(!$ps_secondary_sort = $this->request->getParameter("secondary_sort", pString)){ + $ps_secondary_sort = $o_context->getCurrentSecondarySort(); + } + $va_config_sort = $this->opo_config->getAssoc("sortBy"); + if(!is_array($va_config_sort)){ + $va_config_sort = array(); + } + $va_sort_by = array_merge(array(_t('Set order') => "ca_set_items.rank/{$vn_set_id}"), $va_config_sort); + + if (!($ps_sort = urldecode($this->request->getParameter("sort", pString)))) { + if (!$ps_sort && !($ps_sort = $o_context->getCurrentSort())) { + if(is_array($va_sort_by)) { + $ps_sort = array_shift(array_keys($va_sort_by)); + $vb_sort_changed = true; } - return; } - - // - // Add criteria and execute - // - $vs_search_expression = "ca_sets.set_id:{$vn_set_id}"; - if (($o_browse->numCriteria() == 0) && $vs_search_expression) { - $o_browse->addCriteria("_search", array($vs_search_expression)); - } - if ($vs_facet = $this->request->getParameter('facet', pString)) { - $o_browse->addCriteria($vs_facet, array($this->request->getParameter('id', pString))); + }else{ + $vb_sort_changed = true; + } + if($vb_sort_changed){ + // set the default sortDirection if available + $va_sort_direction = $this->opo_config->getAssoc("sortDirection"); + if($ps_sort_direction = $va_sort_direction[$ps_sort]){ + $o_context->setCurrentSortDirection($ps_sort_direction); } - - // - // Sorting - // - $vb_sort_changed = false; - if(!$ps_secondary_sort = $this->request->getParameter("secondary_sort", pString)){ - $ps_secondary_sort = $o_context->getCurrentSecondarySort(); - } - $va_config_sort = $this->opo_config->getAssoc("sortBy"); - if(!is_array($va_config_sort)){ - $va_config_sort = array(); + $ps_secondary_sort = ""; + } + if (!($ps_sort_direction = $this->request->getParameter("direction", pString))) { + if (!($ps_sort_direction = $o_context->getCurrentSortDirection())) { + $ps_sort_direction = 'asc'; } - $va_sort_by = array_merge(array(_t('Set order') => "ca_set_items.rank/{$vn_set_id}"), $va_config_sort); - - if (!($ps_sort = urldecode($this->request->getParameter("sort", pString)))) { - if (!$ps_sort && !($ps_sort = $o_context->getCurrentSort())) { - if(is_array($va_sort_by)) { - $ps_sort = array_shift(array_keys($va_sort_by)); - $vb_sort_changed = true; - } - } - }else{ - $vb_sort_changed = true; - } - if($vb_sort_changed){ - // set the default sortDirection if available - $va_sort_direction = $this->opo_config->getAssoc("sortDirection"); - if($ps_sort_direction = $va_sort_direction[$ps_sort]){ - $o_context->setCurrentSortDirection($ps_sort_direction); - } - $ps_secondary_sort = ""; - } - if (!($ps_sort_direction = $this->request->getParameter("direction", pString))) { - if (!($ps_sort_direction = $o_context->getCurrentSortDirection())) { - $ps_sort_direction = 'asc'; - } - } - - $o_context->setCurrentSort($ps_sort); - $o_context->setCurrentSecondarySort($ps_secondary_sort); - $o_context->setCurrentSortDirection($ps_sort_direction); - - $this->view->setVar('sortBy', is_array($va_sort_by) ? $va_sort_by : null); - $this->view->setVar('sortBySelect', $vs_sort_by_select = (is_array($va_sort_by) ? caHTMLSelect("sort", $va_sort_by, array('id' => "sort"), array("value" => $ps_sort)) : '')); - $this->view->setVar('sort', $ps_sort); - $va_secondary_sort_by = $this->opo_config->getAssoc("secondarySortBy"); - $this->view->setVar('secondarySortBy', is_array($va_secondary_sort_by) ? $va_secondary_sort_by : null); - $this->view->setVar('secondarySortBySelect', $vs_secondary_sort_by_select = (is_array($va_secondary_sort_by) ? caHTMLSelect("secondary_sort", $va_secondary_sort_by, array('id' => "secondary_sort"), array("value" => $ps_secondary_sort)) : '')); - $this->view->setVar('secondarySort', $ps_secondary_sort); - $this->view->setVar('sortDirection', $ps_sort_direction); - - $va_browse_options = array('checkAccess' => $this->opa_access_values, 'no_cache' => true); + } + + $o_context->setCurrentSort($ps_sort); + $o_context->setCurrentSecondarySort($ps_secondary_sort); + $o_context->setCurrentSortDirection($ps_sort_direction); + + $this->view->setVar('sortBy', is_array($va_sort_by) ? $va_sort_by : null); + $this->view->setVar('sortBySelect', $vs_sort_by_select = (is_array($va_sort_by) ? caHTMLSelect("sort", $va_sort_by, array('id' => "sort"), array("value" => $ps_sort)) : '')); + $this->view->setVar('sort', $ps_sort); + $va_secondary_sort_by = $this->opo_config->getAssoc("secondarySortBy"); + $this->view->setVar('secondarySortBy', is_array($va_secondary_sort_by) ? $va_secondary_sort_by : null); + $this->view->setVar('secondarySortBySelect', $vs_secondary_sort_by_select = (is_array($va_secondary_sort_by) ? caHTMLSelect("secondary_sort", $va_secondary_sort_by, array('id' => "secondary_sort"), array("value" => $ps_secondary_sort)) : '')); + $this->view->setVar('secondarySort', $ps_secondary_sort); + $this->view->setVar('sortDirection', $ps_sort_direction); + + $va_browse_options = array('checkAccess' => $this->opa_access_values, 'no_cache' => true); - $o_browse->execute(array_merge($va_browse_options, array('strictPhraseSearching' => true, 'checkAccess' => $this->opa_access_values, 'request' => $this->request))); + $o_browse->execute(array_merge($va_browse_options, array('strictPhraseSearching' => true, 'checkAccess' => $this->opa_access_values, 'request' => $this->request))); - if ($ps_view !== 'timelineData') { - // - // Facets - // - if ($vs_facet_group = $this->opo_config->get("setFacetGroup")) { - $o_browse->setFacetGroup($vs_facet_group); - } - $va_available_facet_list = $this->opo_config->get("availableFacets"); - $va_facets = $o_browse->getInfoForAvailableFacets(['checkAccess' => $this->opa_access_values, 'request' => $this->request,]); - if(is_array($va_available_facet_list) && sizeof($va_available_facet_list)) { - foreach($va_facets as $vs_facet_name => $va_facet_info) { - if (!in_array($vs_facet_name, $va_available_facet_list)) { - unset($va_facets[$vs_facet_name]); - } + if ($ps_view !== 'timelineData') { + // + // Facets + // + if ($vs_facet_group = $this->opo_config->get("setFacetGroup")) { + $o_browse->setFacetGroup($vs_facet_group); + } + $va_available_facet_list = $this->opo_config->get("availableFacets"); + $va_facets = $o_browse->getInfoForAvailableFacets(['checkAccess' => $this->opa_access_values, 'request' => $this->request,]); + if(is_array($va_available_facet_list) && sizeof($va_available_facet_list)) { + foreach($va_facets as $vs_facet_name => $va_facet_info) { + if (!in_array($vs_facet_name, $va_available_facet_list)) { + unset($va_facets[$vs_facet_name]); } - } + } + } + + foreach($va_facets as $vs_facet_name => $va_facet_info) { + $va_facets[$vs_facet_name]['content'] = $o_browse->getFacetContent($vs_facet_name, ['checkAccess' => $this->opa_access_values, 'request' => $this->request]); + } + + $this->view->setVar('facets', $va_facets); + + $this->view->setVar('key', $vs_key = $o_browse->getBrowseID()); + Session::setVar('lightbox_last_browse_id', $vs_key); - foreach($va_facets as $vs_facet_name => $va_facet_info) { - $va_facets[$vs_facet_name]['content'] = $o_browse->getFacetContent($vs_facet_name, ['checkAccess' => $this->opa_access_values, 'request' => $this->request]); + // + // Current criteria + // + $va_criteria = $o_browse->getCriteriaWithLabels(); + if (isset($va_criteria['_search']) && (isset($va_criteria['_search']['*']))) { + unset($va_criteria['_search']); + } + $va_criteria_for_display = array(); + foreach($va_criteria as $vs_facet_name => $va_criterion) { + $va_facet_info = $o_browse->getInfoForFacet($vs_facet_name); + foreach($va_criterion as $vn_criterion_id => $vs_criterion) { + $va_criteria_for_display[] = array('facet' => $va_facet_info['label_singular'], 'facet_name' => $vs_facet_name, 'value' => $vs_criterion, 'id' => $vn_criterion_id); } + } - $this->view->setVar('facets', $va_facets); + $this->view->setVar('criteria', $va_criteria_for_display); + } + // + // Results + // + $vs_combined_sort = $va_sort_by[$ps_sort]; - $this->view->setVar('key', $vs_key = $o_browse->getBrowseID()); - Session::setVar('lightbox_last_browse_id', $vs_key); - - // - // Current criteria - // - $va_criteria = $o_browse->getCriteriaWithLabels(); - if (isset($va_criteria['_search']) && (isset($va_criteria['_search']['*']))) { - unset($va_criteria['_search']); + if($ps_secondary_sort){ + $vs_combined_sort .= ";".$va_secondary_sort_by[$ps_secondary_sort]; + } + + $qr_res = $o_browse->getResults(array('sort' => $vs_combined_sort, 'sort_direction' => $ps_sort_direction)); + $this->view->setVar('result', $qr_res); + + if (($va_ids = $qr_res->getAllFieldValues('ca_objects.object_id')) && sizeof($va_ids)) { + // convert object result to set item result set + $this->view->setVar('setItemInfo', $t_set->rowIDsToItemIDs($va_ids, array('returnAsInfoArray' => true))); + } + + if (!($pn_hits_per_block = $this->request->getParameter("n", pString))) { + if (!($pn_hits_per_block = $o_context->getItemsPerPage())) { + $pn_hits_per_block = ($this->opo_config->get("defaultHitsPerBlock")) ? $this->opo_config->get("defaultHitsPerBlock") : 36; } - $va_criteria_for_display = array(); - foreach($va_criteria as $vs_facet_name => $va_criterion) { - $va_facet_info = $o_browse->getInfoForFacet($vs_facet_name); - foreach($va_criterion as $vn_criterion_id => $vs_criterion) { - $va_criteria_for_display[] = array('facet' => $va_facet_info['label_singular'], 'facet_name' => $vs_facet_name, 'value' => $vs_criterion, 'id' => $vn_criterion_id); - } + } + $o_context->getItemsPerPage($pn_hits_per_block); + $this->view->setVar('hits_per_block', $pn_hits_per_block); + $this->view->setVar('start', $vn_start = $this->request->getParameter('s', pInteger)); + + $o_context->setParameter('key', $vs_key); + + if (($vn_key_start = (int)$vn_start - 1000) < 0) { $vn_key_start = 0; } + $qr_res->seek($vn_key_start); + $o_context->setResultList($qr_res->getPrimaryKeyValues(1000)); + //if ($o_block_result_context) { $o_block_result_context->setResultList($qr_res->getPrimaryKeyValues(1000)); $o_block_result_context->saveContext();} + $qr_res->seek($vn_start); + + $o_context->saveContext(); + + // map + if ($ps_view === 'map') { + $va_opts = array('renderLabelAsLink' => false, 'request' => $this->request, 'color' => '#cc0000'); + + $va_opts['ajaxContentUrl'] = caNavUrl($this->request, '*', '*', 'AjaxGetMapItem', array('view' => $ps_view)); + + $o_map = new GeographicMap(caGetOption("width", $va_view_info, "100%"), caGetOption("height", $va_view_info, "600px")); + $o_map->mapFrom($qr_res, $va_view_info['data'], $va_opts); + $this->view->setVar('map', $o_map->render('HTML', array())); + } + + MetaTagManager::setWindowTitle($this->request->config->get("app_display_name").$this->request->config->get("page_title_delimiter").ucfirst($this->ops_lightbox_display_name).$this->request->config->get("page_title_delimiter").$t_set->getLabelForDisplay()); + switch($ps_view) { + case 'xlsx': + case 'pptx': + case 'pdf': + $this->_genExport($qr_res, $this->request->getParameter("export_format", pString), caGenerateDownloadFileName(caGetOption('pdfExportTitle', $va_browse_info, $vs_label = $t_set->get('ca_sets.preferred_labels.name')), ['t_subject' => $t_set]), $vs_label); + break; + case 'timelineData': + $this->view->setVar('view', 'timeline'); + $this->render("Lightbox/set_detail_timelineData_json.php"); + break; + default: + $this->render(caGetOption("view", $pa_options, "Lightbox/set_detail_html.php")); + break; + } + } + # ------------------------------------------------------ + /** + * + */ + function setForm($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + + // set_id is passed, so we're editing a set + if($this->request->getParameter('set_id', pInteger)){ + if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ + // pass name and description to populate form + $this->view->setVar("name", $t_set->getLabelForDisplay()); + $this->view->setVar("description", $t_set->get($this->ops_description_attribute)); + }else{ + throw new ApplicationException(_t("You do not have access to this lightbox")); } - - $this->view->setVar('criteria', $va_criteria_for_display); - } - // - // Results - // - $vs_combined_sort = $va_sort_by[$ps_sort]; - - if($ps_secondary_sort){ - $vs_combined_sort .= ";".$va_secondary_sort_by[$ps_secondary_sort]; + }else{ + $t_set = new ca_sets(); + } + $this->view->setVar("set", $t_set); + $this->render(caGetOption("view", $pa_options, "Lightbox/form_set_info_html.php")); + } + # ------------------------------------------------------ + /** + * + */ + function ajaxSaveSetInfo($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + if (!$this->request->isAjax()) { $this->response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + global $g_ui_locale_id; // current locale_id for user + $va_errors = array(); + + $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); + // set_id is passed through form, otherwise we're saving a new set + $t_set = ($this->request->getParameter('set_id', pInteger)) ? $this->_getSet(__CA_SET_EDIT_ACCESS__) : new ca_sets(); + + if(!$t_set->get("set_id") && ($pn_parent_id = $this->request->getParameter('parent_id', pInteger))){ + # --- if making a new reponse set, check there isn't already one for the user + $va_user_response_ids = $t_set->getSetResponseIds($this->request->getUserID(), $pn_parent_id); + if(is_array($va_user_response_ids) && sizeof($va_user_response_ids)){ + $va_errors[] = _t('Only one response allowed'); } - - $qr_res = $o_browse->getResults(array('sort' => $vs_combined_sort, 'sort_direction' => $ps_sort_direction)); - $this->view->setVar('result', $qr_res); + } + // check for errors + // set name - required + + if(!($ps_name = $this->purifier->purify($this->request->getParameter('name', pString)))){ + $va_errors[] = _t("Please enter the name of your %1", $vs_display_name); + } + $this->view->setVar("name", $ps_name); + + // set description - optional + $ps_description = $this->purifier->purify($this->request->getParameter($this->ops_description_attribute, pString)); + $this->view->setVar("description", $ps_description); - if (($va_ids = $qr_res->getAllFieldValues('ca_objects.object_id')) && sizeof($va_ids)) { - // convert object result to set item result set - $this->view->setVar('setItemInfo', $t_set->rowIDsToItemIDs($va_ids, array('returnAsInfoArray' => true))); - } - - if (!($pn_hits_per_block = $this->request->getParameter("n", pString))) { - if (!($pn_hits_per_block = $o_context->getItemsPerPage())) { - $pn_hits_per_block = ($this->opo_config->get("defaultHitsPerBlock")) ? $this->opo_config->get("defaultHitsPerBlock") : 36; - } - } - $o_context->getItemsPerPage($pn_hits_per_block); - $this->view->setVar('hits_per_block', $pn_hits_per_block); - $this->view->setVar('start', $vn_start = $this->request->getParameter('s', pInteger)); - - $o_context->setParameter('key', $vs_key); - - if (($vn_key_start = (int)$vn_start - 1000) < 0) { $vn_key_start = 0; } - $qr_res->seek($vn_key_start); - $o_context->setResultList($qr_res->getPrimaryKeyValues(1000)); - //if ($o_block_result_context) { $o_block_result_context->setResultList($qr_res->getPrimaryKeyValues(1000)); $o_block_result_context->saveContext();} - $qr_res->seek($vn_start); - - $o_context->saveContext(); - - // map - if ($ps_view === 'map') { - $va_opts = array('renderLabelAsLink' => false, 'request' => $this->request, 'color' => '#cc0000'); + $t_list = new ca_lists(); + $vn_set_type_user = $t_list->getItemIDFromList('set_types', $this->request->config->get('user_set_type')); - $va_opts['ajaxContentUrl'] = caNavUrl($this->request, '*', '*', 'AjaxGetMapItem', array('view' => $ps_view)); - - $o_map = new GeographicMap(caGetOption("width", $va_view_info, "100%"), caGetOption("height", $va_view_info, "600px")); - $o_map->mapFrom($qr_res, $va_view_info['data'], $va_opts); - $this->view->setVar('map', $o_map->render('HTML', array())); + $t_object = new ca_objects(); + $vn_object_table_num = $t_object->tableNum(); + + $vb_is_insert = false; + if(sizeof($va_errors) == 0){ + $t_set->setMode(ACCESS_WRITE); + if(strlen($vn_access = $this->request->getParameter('access', pInteger))) { + $t_set->set('access', $vn_access); + } else { + $t_set->set('access', (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1); } - - MetaTagManager::setWindowTitle($this->request->config->get("app_display_name").$this->request->config->get("page_title_delimiter").ucfirst($this->ops_lightbox_display_name).$this->request->config->get("page_title_delimiter").$t_set->getLabelForDisplay()); - switch($ps_view) { - case 'xlsx': - case 'pptx': - case 'pdf': - $this->_genExport($qr_res, $this->request->getParameter("export_format", pString), caGenerateDownloadFileName(caGetOption('pdfExportTitle', $va_browse_info, $vs_label = $t_set->get('ca_sets.preferred_labels.name')), ['t_subject' => $t_set]), $vs_label); - break; - case 'timelineData': - $this->view->setVar('view', 'timeline'); - $this->render("Lightbox/set_detail_timelineData_json.php"); - break; - default: - $this->render(caGetOption("view", $pa_options, "Lightbox/set_detail_html.php")); - break; - } - } - # ------------------------------------------------------ - /** - * - */ - function setForm($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - - // set_id is passed, so we're editing a set - if($this->request->getParameter('set_id', pInteger)){ - if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ - // pass name and description to populate form - $this->view->setVar("name", $t_set->getLabelForDisplay()); - $this->view->setVar("description", $t_set->get($this->ops_description_attribute)); - }else{ - throw new ApplicationException(_t("You do not have access to this lightbox")); - } + if($t_set->get("set_id")){ + // edit/add description + $t_set->replaceAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); + $t_set->update(); }else{ - $t_set = new ca_sets(); + $t_set->set('table_num', $vn_object_table_num); + $t_set->set('type_id', $vn_set_type_user); + $t_set->set('user_id', $this->request->getUserID()); + $t_set->set('set_code', $this->request->getUserID().'_'.time()); + $t_set->set('parent_id', $this->request->getParameter('parent_id', pInteger)); + // create new attribute + $t_set->addAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); + $t_set->insert(); + $vb_is_insert = true; } - $this->view->setVar("set", $t_set); - $this->render(caGetOption("view", $pa_options, "Lightbox/form_set_info_html.php")); - } - # ------------------------------------------------------ - /** - * - */ - function ajaxSaveSetInfo($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - if (!$this->request->isAjax()) { $this->response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); return; } - - global $g_ui_locale_id; // current locale_id for user - $va_errors = array(); - - $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); - // set_id is passed through form, otherwise we're saving a new set - $t_set = ($this->request->getParameter('set_id', pInteger)) ? $this->_getSet(__CA_SET_EDIT_ACCESS__) : new ca_sets(); - - if(!$t_set->get("set_id") && ($pn_parent_id = $this->request->getParameter('parent_id', pInteger))){ - # --- if making a new reponse set, check there isn't already one for the user - $va_user_response_ids = $t_set->getSetResponseIds($this->request->getUserID(), $pn_parent_id); - if(is_array($va_user_response_ids) && sizeof($va_user_response_ids)){ - $va_errors[] = _t('Only one response allowed'); - } - } - // check for errors - // set name - required - - if(!($ps_name = $this->purifier->purify($this->request->getParameter('name', pString)))){ - $va_errors[] = _t("Please enter the name of your %1", $vs_display_name); - } - $this->view->setVar("name", $ps_name); - - // set description - optional - $ps_description = $this->purifier->purify($this->request->getParameter($this->ops_description_attribute, pString)); - $this->view->setVar("description", $ps_description); - - $t_list = new ca_lists(); - $vn_set_type_user = $t_list->getItemIDFromList('set_types', $this->request->config->get('user_set_type')); - - $t_object = new ca_objects(); - $vn_object_table_num = $t_object->tableNum(); - - $vb_is_insert = false; - if(sizeof($va_errors) == 0){ - $t_set->setMode(ACCESS_WRITE); - if(strlen($vn_access = $this->request->getParameter('access', pInteger))) { - $t_set->set('access', $vn_access); - } else { - $t_set->set('access', (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1); - } - if($t_set->get("set_id")){ - // edit/add description - $t_set->replaceAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); - $t_set->update(); - }else{ - $t_set->set('table_num', $vn_object_table_num); - $t_set->set('type_id', $vn_set_type_user); - $t_set->set('user_id', $this->request->getUserID()); - $t_set->set('set_code', $this->request->getUserID().'_'.time()); - $t_set->set('parent_id', $this->request->getParameter('parent_id', pInteger)); - // create new attribute - $t_set->addAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); - $t_set->insert(); - $vb_is_insert = true; - } - if($t_set->numErrors()) { - $va_errors[] = join("; ", $t_set->getErrors()); - $this->view->setVar('errors', $va_errors); - $this->setForm(); - }else{ - // save name - if (sizeof($va_labels = caExtractValuesByUserLocale($t_set->getLabels(array($g_ui_locale_id), __CA_LABEL_TYPE_PREFERRED__)))) { - // edit label - foreach($va_labels as $vn_set_id => $va_label) { - $t_set->editLabel($va_label[0]['label_id'], array('name' => $ps_name), $g_ui_locale_id); - } - } else { - // add new label - $t_set->addLabel(array('name' => $ps_name), $g_ui_locale_id, null, true); - } - - // select the current set - $this->request->user->setVar('current_set_id', $t_set->get("set_id")); - - $this->view->setVar("message", _t('Saved %1', $vs_display_name)); - $vs_set_list_item_function = (string) caGetOption("set_list_item_function", $pa_options, "caLightboxSetListItem"); - $this->view->setVar('block', $vs_set_list_item_function($this->request, $t_set, $this->opa_access_values, array('write_access' => $vb_is_insert ? true : $this->view->getVar('write_access')))); - } - }else{ + if($t_set->numErrors()) { + $va_errors[] = join("; ", $t_set->getErrors()); $this->view->setVar('errors', $va_errors); - } - $this->view->setVar('set_id', $t_set->get("set_id")); - $this->view->setVar('is_insert', $vb_is_insert); - - $this->render("Lightbox/ajax_save_set_info_json.php"); - } - # ------------------------------------------------------ - /** - * - */ - function setAccess($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - // list of groups/users with access to set - $this->view->setVar("users", $t_set->getSetUsers()); - $this->view->setVar("user_groups", $t_set->getSetGroups()); - - $this->render(caGetOption("view", $pa_options, "Lightbox/set_access_html.php")); - } - # ------------------------------------------------------ - /** - * - */ - function saveGroupAccess() { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - // list of groups/users with access to set - $this->view->setVar("users", $t_set->getSetUsers()); - $this->view->setVar("user_groups", $t_set->getSetGroups()); - - $this->render("Lightbox/set_access_html.php"); - } - # ------------------------------------------------------ - /** - * - */ - function removeGroupAccess() { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $pn_group_id = $this->request->getParameter('group_id', pInteger); - $t_item = new ca_sets_x_user_groups(); - $t_item->load(array('set_id' => $t_set->get('set_id'), 'group_id' => $pn_group_id)); - if($t_item->get("relation_id")){ - $t_item->setMode(ACCESS_WRITE); - $t_item->delete(true); - if ($t_item->numErrors()) { - $this->view->setVar('errors', join("; ", $t_item->getErrors())); - }else{ - $this->view->setVar('message', _t("Removed group access to %1", $this->ops_lightbox_display_name)); + $this->setForm(); + }else{ + // save name + if (sizeof($va_labels = caExtractValuesByUserLocale($t_set->getLabels(array($g_ui_locale_id), __CA_LABEL_TYPE_PREFERRED__)))) { + // edit label + foreach($va_labels as $vn_set_id => $va_label) { + $t_set->editLabel($va_label[0]['label_id'], array('name' => $ps_name), $g_ui_locale_id); + } + } else { + // add new label + $t_set->addLabel(array('name' => $ps_name), $g_ui_locale_id, null, true); } + + // select the current set + $this->request->user->setVar('current_set_id', $t_set->get("set_id")); + + $this->view->setVar("message", _t('Saved %1', $vs_display_name)); + $vs_set_list_item_function = (string) caGetOption("set_list_item_function", $pa_options, "caLightboxSetListItem"); + $this->view->setVar('block', $vs_set_list_item_function($this->request, $t_set, $this->opa_access_values, array('write_access' => $vb_is_insert ? true : $this->view->getVar('write_access')))); + } + }else{ + $this->view->setVar('errors', $va_errors); + } + $this->view->setVar('set_id', $t_set->get("set_id")); + $this->view->setVar('is_insert', $vb_is_insert); + + $this->render("Lightbox/ajax_save_set_info_json.php"); + } + # ------------------------------------------------------ + /** + * + */ + function setAccess($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + + // list of groups/users with access to set + $this->view->setVar("users", $t_set->getSetUsers()); + $this->view->setVar("user_groups", $t_set->getSetGroups()); + + $this->render(caGetOption("view", $pa_options, "Lightbox/set_access_html.php")); + } + # ------------------------------------------------------ + /** + * + */ + function saveGroupAccess() { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + // list of groups/users with access to set + $this->view->setVar("users", $t_set->getSetUsers()); + $this->view->setVar("user_groups", $t_set->getSetGroups()); + + $this->render("Lightbox/set_access_html.php"); + } + # ------------------------------------------------------ + /** + * + */ + function removeGroupAccess() { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $pn_group_id = $this->request->getParameter('group_id', pInteger); + $t_item = new ca_sets_x_user_groups(); + $t_item->load(array('set_id' => $t_set->get('set_id'), 'group_id' => $pn_group_id)); + if($t_item->get("relation_id")){ + $t_item->setMode(ACCESS_WRITE); + $t_item->delete(true); + if ($t_item->numErrors()) { + $this->view->setVar('errors', join("; ", $t_item->getErrors())); }else{ - $this->view->setVar('errors', _t("invalid group/set id")); + $this->view->setVar('message', _t("Removed group access to %1", $this->ops_lightbox_display_name)); } - $this->setAccess(); - } - # ------------------------------------------------------ - /** - * - */ - function removeUserAccess() { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $pn_user_id = $this->request->getParameter('user_id', pInteger); - $t_item = new ca_sets_x_users(); - $t_item->load(array('set_id' => $t_set->get('set_id'), 'user_id' => $pn_user_id)); - if($t_item->get("relation_id")){ - $t_item->setMode(ACCESS_WRITE); - $t_item->delete(true); - if ($t_item->numErrors()) { - $this->view->setVar('errors', join("; ", $t_item->getErrors())); - }else{ - $this->view->setVar('message', _t("Removed user access to %1", $this->ops_lightbox_display_name)); - } + }else{ + $this->view->setVar('errors', _t("invalid group/set id")); + } + $this->setAccess(); + } + # ------------------------------------------------------ + /** + * + */ + function removeUserAccess() { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $pn_user_id = $this->request->getParameter('user_id', pInteger); + $t_item = new ca_sets_x_users(); + $t_item->load(array('set_id' => $t_set->get('set_id'), 'user_id' => $pn_user_id)); + if($t_item->get("relation_id")){ + $t_item->setMode(ACCESS_WRITE); + $t_item->delete(true); + if ($t_item->numErrors()) { + $this->view->setVar('errors', join("; ", $t_item->getErrors())); }else{ - $this->view->setVar('errors', _t("invalid user/set id")); + $this->view->setVar('message', _t("Removed user access to %1", $this->ops_lightbox_display_name)); } - $this->setAccess(); - } - # ------------------------------------------------------ - /** - * - */ - function editGroupAccess() { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $pn_group_id = $this->request->getParameter('group_id', pInteger); - $pn_access = $this->request->getParameter('access', pInteger); - $t_item = new ca_sets_x_user_groups(); - $t_item->load(array('set_id' => $t_set->get('set_id'), 'group_id' => $pn_group_id)); - if($t_item->get("relation_id") && $pn_access){ - $t_item->setMode(ACCESS_WRITE); - $t_item->set('access', $pn_access); - $t_item->update(); - if ($t_item->numErrors()) { - $this->view->setVar('errors', join("; ", $t_item->getErrors())); - }else{ - $this->view->setVar('message', _t("Changed group access to %1", $this->ops_lightbox_display_name)); - } + }else{ + $this->view->setVar('errors', _t("invalid user/set id")); + } + $this->setAccess(); + } + # ------------------------------------------------------ + /** + * + */ + function editGroupAccess() { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $pn_group_id = $this->request->getParameter('group_id', pInteger); + $pn_access = $this->request->getParameter('access', pInteger); + $t_item = new ca_sets_x_user_groups(); + $t_item->load(array('set_id' => $t_set->get('set_id'), 'group_id' => $pn_group_id)); + if($t_item->get("relation_id") && $pn_access){ + $t_item->setMode(ACCESS_WRITE); + $t_item->set('access', $pn_access); + $t_item->update(); + if ($t_item->numErrors()) { + $this->view->setVar('errors', join("; ", $t_item->getErrors())); }else{ - $this->view->setVar('errors', _t("invalid group/set id or access")); + $this->view->setVar('message', _t("Changed group access to %1", $this->ops_lightbox_display_name)); } - $this->setAccess(); - } - # ------------------------------------------------------ - /** - * - */ - function editUserAccess() { - if($this->opb_is_login_redirect) { return; } - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $pn_user_id = $this->request->getParameter('user_id', pInteger); - $pn_access = $this->request->getParameter('access', pInteger); - $t_item = new ca_sets_x_users(); - $t_item->load(array('set_id' => $t_set->get('set_id'), 'user_id' => $pn_user_id)); - if($t_item->get("relation_id") && $pn_access){ - $t_item->setMode(ACCESS_WRITE); - $t_item->set('access', $pn_access); - $t_item->update(); - if ($t_item->numErrors()) { - $this->view->setVar('errors', join("; ", $t_item->getErrors())); - }else{ - $this->view->setVar('message', _t("Changed user access to %1", $this->ops_lightbox_display_name)); - } + }else{ + $this->view->setVar('errors', _t("invalid group/set id or access")); + } + $this->setAccess(); + } + # ------------------------------------------------------ + /** + * + */ + function editUserAccess() { + if($this->opb_is_login_redirect) { return; } + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $pn_user_id = $this->request->getParameter('user_id', pInteger); + $pn_access = $this->request->getParameter('access', pInteger); + $t_item = new ca_sets_x_users(); + $t_item->load(array('set_id' => $t_set->get('set_id'), 'user_id' => $pn_user_id)); + if($t_item->get("relation_id") && $pn_access){ + $t_item->setMode(ACCESS_WRITE); + $t_item->set('access', $pn_access); + $t_item->update(); + if ($t_item->numErrors()) { + $this->view->setVar('errors', join("; ", $t_item->getErrors())); }else{ - $this->view->setVar('errors', _t("invalid user/set id or access")); + $this->view->setVar('message', _t("Changed user access to %1", $this->ops_lightbox_display_name)); } - $this->setAccess(); - } - # ------------------------------------------------------ - /** - * - */ - function shareSetForm($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - if(!$t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); - $this->view->setVar("display_name", $vs_display_name); - $this->render("Lightbox/form_share_set_html.php"); - } - # ------------------------------------------------------ - /** - * - */ - function saveShareSet($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - - if(!$t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); - $vs_display_name_plural = caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural); - $this->view->setVar("display_name", $vs_display_name); - $this->view->setVar("display_name_plural", $vs_display_name_plural); - $ps_user = $this->purifier->purify($this->request->getParameter('user', pString)); - // ps_user can be list of emails separated by comma - $va_users = explode(", ", $ps_user); - $pn_group_id = $this->request->getParameter('group_id', pInteger); - if(!$pn_group_id && !$ps_user){ - $va_errors["general"] = _t("Please select a user or group"); - } - $pn_access = $this->request->getParameter('access', pInteger); - if(!$pn_access){ - $va_errors["access"] = _t("Please select an access level"); - } - $vs_share_message = $this->purifier->purify($this->request->getParameter('share_message', pString)); - $this->view->setVar('share_message', $vs_share_message); - if(!is_array($va_errors) || (sizeof($va_errors) == 0)){ - if($pn_group_id){ - $t_sets_x_user_groups = new ca_sets_x_user_groups(); - if($t_sets_x_user_groups->load(array("set_id" => $t_set->get("set_id"), "group_id" => $pn_group_id))){ - $this->view->setVar("message", _t('Group already has access to the %1', $vs_display_name)); - $this->render("Form/reload_html.php"); + }else{ + $this->view->setVar('errors', _t("invalid user/set id or access")); + } + $this->setAccess(); + } + # ------------------------------------------------------ + /** + * + */ + function shareSetForm($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + if(!$t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + + $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); + $this->view->setVar("display_name", $vs_display_name); + $this->render("Lightbox/form_share_set_html.php"); + } + # ------------------------------------------------------ + /** + * + */ + function saveShareSet($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + + if(!$t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); + $vs_display_name_plural = caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural); + $this->view->setVar("display_name", $vs_display_name); + $this->view->setVar("display_name_plural", $vs_display_name_plural); + $ps_user = $this->purifier->purify($this->request->getParameter('user', pString)); + // ps_user can be list of emails separated by comma + $va_users = explode(", ", $ps_user); + $pn_group_id = $this->request->getParameter('group_id', pInteger); + if(!$pn_group_id && !$ps_user){ + $va_errors["general"] = _t("Please select a user or group"); + } + $pn_access = $this->request->getParameter('access', pInteger); + if(!$pn_access){ + $va_errors["access"] = _t("Please select an access level"); + } + $vs_share_message = $this->purifier->purify($this->request->getParameter('share_message', pString)); + $this->view->setVar('share_message', $vs_share_message); + if(!is_array($va_errors) || (sizeof($va_errors) == 0)){ + if($pn_group_id){ + $t_sets_x_user_groups = new ca_sets_x_user_groups(); + if($t_sets_x_user_groups->load(array("set_id" => $t_set->get("set_id"), "group_id" => $pn_group_id))){ + $this->view->setVar("message", _t('Group already has access to the %1', $vs_display_name)); + $this->render("Form/reload_html.php"); + }else{ + $t_sets_x_user_groups->setMode(ACCESS_WRITE); + $t_sets_x_user_groups->set('access', $pn_access); + $t_sets_x_user_groups->set('group_id', $pn_group_id); + $t_sets_x_user_groups->set('set_id', $t_set->get("set_id")); + $t_sets_x_user_groups->insert(); + if($t_sets_x_user_groups->numErrors()) { + $va_errors["general"] = join("; ", $t_sets_x_user_groups->getErrors()); + $this->view->setVar('errors', $va_errors); + $this->shareSetForm(); }else{ - $t_sets_x_user_groups->setMode(ACCESS_WRITE); - $t_sets_x_user_groups->set('access', $pn_access); - $t_sets_x_user_groups->set('group_id', $pn_group_id); - $t_sets_x_user_groups->set('set_id', $t_set->get("set_id")); - $t_sets_x_user_groups->insert(); - if($t_sets_x_user_groups->numErrors()) { - $va_errors["general"] = join("; ", $t_sets_x_user_groups->getErrors()); - $this->view->setVar('errors', $va_errors); - $this->shareSetForm(); - }else{ - $t_group = new ca_user_groups($pn_group_id); - $va_group_users = $t_group->getGroupUsers(); - if(sizeof($va_group_users)){ - // send email to each group user - // send email confirmation - $o_view = new View($this->request, array($this->request->getViewsDirectoryPath())); - $o_view->setVar("set", $t_set->getLabelForDisplay()); - $o_view->setVar("from_name", trim($this->request->user->get("fname")." ".$this->request->user->get("lname"))); - $o_view->setVar("display_name", $vs_display_name); - $o_view->setVar("display_name_plural", $vs_display_name_plural); - $o_view->setVar("share_message", $vs_share_message); - - # -- generate email subject line from template - $vs_subject_line = $o_view->render("mailTemplates/share_set_notification_subject.tpl"); - - # -- generate mail text from template - get both the text and the html versions - $vs_mail_message_text = $o_view->render("mailTemplates/share_set_notification.tpl"); - $vs_mail_message_html = $o_view->render("mailTemplates/share_set_notification_html.tpl"); + $t_group = new ca_user_groups($pn_group_id); + $va_group_users = $t_group->getGroupUsers(); + if(sizeof($va_group_users)){ + // send email to each group user + // send email confirmation + $o_view = new View($this->request, array($this->request->getViewsDirectoryPath())); + $o_view->setVar("set", $t_set->getLabelForDisplay()); + $o_view->setVar("from_name", trim($this->request->user->get("fname")." ".$this->request->user->get("lname"))); + $o_view->setVar("display_name", $vs_display_name); + $o_view->setVar("display_name_plural", $vs_display_name_plural); + $o_view->setVar("share_message", $vs_share_message); + + # -- generate email subject line from template + $vs_subject_line = $o_view->render("mailTemplates/share_set_notification_subject.tpl"); - foreach($va_group_users as $va_user_info){ - // don't send notification to self - if($this->request->user->get("user_id") != $va_user_info["user_id"]){ - caSendmail($va_user_info["email"], $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html); - } + # -- generate mail text from template - get both the text and the html versions + $vs_mail_message_text = $o_view->render("mailTemplates/share_set_notification.tpl"); + $vs_mail_message_html = $o_view->render("mailTemplates/share_set_notification_html.tpl"); + + foreach($va_group_users as $va_user_info){ + // don't send notification to self + if($this->request->user->get("user_id") != $va_user_info["user_id"]){ + caSendmail($va_user_info["email"], $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html); } - } - - - $this->view->setVar("message", _t('Shared %1 with group', $vs_display_name)); - $this->render("Form/reload_html.php"); - } + } + } + + + $this->view->setVar("message", _t('Shared %1 with group', $vs_display_name)); + $this->render("Form/reload_html.php"); } - }else{ - $va_error_emails = array(); - $va_success_emails = array(); - $va_error_emails_has_access = array(); - - foreach($va_users as $vs_user){ - // lookup the user/users - $t_user = ca_users::find(['email' => $vs_user, 'active' => 1, 'userclass' => ['<', 255]], ['returnAs' => 'firstModelInstance']); - if($t_user && ($vn_user_id = $t_user->get("user_id"))){ - $t_sets_x_users = new ca_sets_x_users(); - if(($vn_user_id == $t_set->get("user_id")) || ($t_sets_x_users->load(array("set_id" => $t_set->get("set_id"), "user_id" => $vn_user_id)))){ - $va_error_emails_has_access[] = $vs_user; + } + }else{ + $va_error_emails = array(); + $va_success_emails = array(); + $va_error_emails_has_access = array(); + + foreach($va_users as $vs_user){ + // lookup the user/users + $t_user = ca_users::find(['email' => $vs_user, 'active' => 1, 'userclass' => ['<', 255]], ['returnAs' => 'firstModelInstance']); + if($t_user && ($vn_user_id = $t_user->get("user_id"))){ + $t_sets_x_users = new ca_sets_x_users(); + if(($vn_user_id == $t_set->get("user_id")) || ($t_sets_x_users->load(array("set_id" => $t_set->get("set_id"), "user_id" => $vn_user_id)))){ + $va_error_emails_has_access[] = $vs_user; + }else{ + $t_sets_x_users->setMode(ACCESS_WRITE); + $t_sets_x_users->set('access', $pn_access); + $t_sets_x_users->set('user_id', $vn_user_id); + $t_sets_x_users->set('set_id', $t_set->get("set_id")); + $t_sets_x_users->insert(); + if($t_sets_x_users->numErrors()) { + $va_errors["general"] = _t("There were errors while sharing this %1 with %2", $vs_display_name, $vs_user).join("; ", $t_sets_x_users->getErrors()); + $this->view->setVar('errors', $va_errors); + $this->shareSetForm(); }else{ - $t_sets_x_users->setMode(ACCESS_WRITE); - $t_sets_x_users->set('access', $pn_access); - $t_sets_x_users->set('user_id', $vn_user_id); - $t_sets_x_users->set('set_id', $t_set->get("set_id")); - $t_sets_x_users->insert(); - if($t_sets_x_users->numErrors()) { - $va_errors["general"] = _t("There were errors while sharing this %1 with %2", $vs_display_name, $vs_user).join("; ", $t_sets_x_users->getErrors()); - $this->view->setVar('errors', $va_errors); - $this->shareSetForm(); - }else{ - $va_success_emails[] = $vs_user; - $va_success_emails_info[] = array("email" => $vs_user, "name" => trim($t_user->get("fname")." ".$t_user->get("lname"))); - } + $va_success_emails[] = $vs_user; + $va_success_emails_info[] = array("email" => $vs_user, "name" => trim($t_user->get("fname")." ".$t_user->get("lname"))); } - }else{ - $va_error_emails[] = $vs_user; } - } - if((sizeof($va_error_emails)) || (sizeof($va_error_emails_has_access))){ - $va_user_errors = array(); - if(sizeof($va_error_emails)){ - $va_user_errors[] = _t("The following email(s) you entered do not belong to a registered user: ").implode(", ", $va_error_emails); - } - if(sizeof($va_error_emails_has_access)){ - $va_user_errors[] = _t("The following email(s) you entered already have access to this %1: ", $vs_display_name).implode(", ", $va_error_emails_has_access); - } - if(sizeof($va_success_emails)){ - $this->view->setVar('message', _t('Shared %1 with: ', $vs_display_name).implode(", ", $va_success_emails)); - } - $va_errors["user"] = implode("
", $va_user_errors); - $this->view->setVar('errors', $va_errors); - $this->shareSetForm(); }else{ - $this->view->setVar("message", _t('Shared %1 with: ', $vs_display_name).implode(", ", $va_success_emails)); - $this->render("Form/reload_html.php"); - } - if(is_array($va_success_emails_info) && sizeof($va_success_emails_info)){ - // send email to user - // send email confirmation - $o_view = new View($this->request, array($this->request->getViewsDirectoryPath())); - $o_view->setVar("set", $t_set->getLabelForDisplay()); - $o_view->setVar("from_name", trim($this->request->user->get("fname")." ".$this->request->user->get("lname"))); - $o_view->setVar("display_name", $vs_display_name); - $o_view->setVar("display_name_plural", $vs_display_name_plural); - $o_view->setVar("share_message", $vs_share_message); - - # -- generate email subject line from template - $vs_subject_line = $o_view->render("mailTemplates/share_set_notification_subject.tpl"); - - # -- generate mail text from template - get both the text and the html versions - $vs_mail_message_text = $o_view->render("mailTemplates/share_set_notification.tpl"); - $vs_mail_message_html = $o_view->render("mailTemplates/share_set_notification_html.tpl"); - - foreach($va_success_emails as $vs_email){ - caSendmail($vs_email, $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html); - } + $va_error_emails[] = $vs_user; } } - }else{ - $this->view->setVar('errors', $va_errors); - $this->shareSetForm(); - } - } - # ------------------------------------------------------ - /** - * - */ - function userGroupList() { - if($this->opb_is_login_redirect) { return; } - - $this->render("Lightbox/user_group_list_html.php"); - } - # ------------------------------------------------------ - /** - * - */ - function userGroupForm($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - - $t_user_group = new ca_user_groups(); - $this->view->setVar("user_group",$t_user_group); - $this->view->setVar("user_group_heading", caGetOption("user_group_heading", $pa_options, _t("User Group"))); - $this->render("Lightbox/form_user_group_html.php"); - } - # ------------------------------------------------------ - /** - * - */ - function saveUserGroup($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - - global $g_ui_locale_id; // current locale_id for user - $va_errors = array(); - - $vs_user_group_terminology = caGetOption("user_group_terminology", $pa_options, _t("user group")); - - $t_user_group = new ca_user_groups(); - if($pn_group_id = $this->request->getParameter('group_id', pInteger)){ - $t_user_group->load($pn_group_id); - if($t_user_group->get("user_id") != $this->request->getUserId()){ - throw new ApplicationException(_t("You do not have access to this user group")); - } - } - - // check for errors - // group name - required - $ps_name = $this->purifier->purify($this->request->getParameter('name', pString)); - if(!$ps_name){ - $va_errors["name"] = _t("Please enter the name of your %1", $vs_user_group_terminology); - }else{ - $this->view->setVar("name", $ps_name); - } - // user group description - optional - $ps_description = $this->purifier->purify($this->request->getParameter('description', pString)); - $this->view->setVar("description", $ps_description); - - if(sizeof($va_errors) == 0){ - $t_user_group->setMode(ACCESS_WRITE); - $t_user_group->set('name', $ps_name); - $t_user_group->set('description', $ps_description); - if($t_user_group->get("group_id")){ - $t_user_group->update(); - }else{ - $t_user_group->set('user_id', $this->request->getUserID()); - $t_user_group->set('code', 'lb_'.$this->request->getUserID().'_'.time()); - $t_user_group->set('for_public_use', 1); - $t_user_group->insert(); - if($t_user_group->get("group_id")){ - $t_user_group->addUsers($this->request->getUserID()); + if((sizeof($va_error_emails)) || (sizeof($va_error_emails_has_access))){ + $va_user_errors = array(); + if(sizeof($va_error_emails)){ + $va_user_errors[] = _t("The following email(s) you entered do not belong to a registered user: ").implode(", ", $va_error_emails); } - } - if($t_user_group->numErrors()) { - $va_errors["general"] = join("; ", $t_user_group->getErrors()); + if(sizeof($va_error_emails_has_access)){ + $va_user_errors[] = _t("The following email(s) you entered already have access to this %1: ", $vs_display_name).implode(", ", $va_error_emails_has_access); + } + if(sizeof($va_success_emails)){ + $this->view->setVar('message', _t('Shared %1 with: ', $vs_display_name).implode(", ", $va_success_emails)); + } + $va_errors["user"] = implode("
", $va_user_errors); $this->view->setVar('errors', $va_errors); - $this->userGroupForm(); + $this->shareSetForm(); }else{ - // add current user to group - $this->view->setVar("message", _t('Saved %1.', $vs_user_group_terminology)); - $this->render("Form/reload_html.php"); + $this->view->setVar("message", _t('Shared %1 with: ', $vs_display_name).implode(", ", $va_success_emails)); + $this->render("Form/reload_html.php"); + } + if(is_array($va_success_emails_info) && sizeof($va_success_emails_info)){ + // send email to user + // send email confirmation + $o_view = new View($this->request, array($this->request->getViewsDirectoryPath())); + $o_view->setVar("set", $t_set->getLabelForDisplay()); + $o_view->setVar("from_name", trim($this->request->user->get("fname")." ".$this->request->user->get("lname"))); + $o_view->setVar("display_name", $vs_display_name); + $o_view->setVar("display_name_plural", $vs_display_name_plural); + $o_view->setVar("share_message", $vs_share_message); + + # -- generate email subject line from template + $vs_subject_line = $o_view->render("mailTemplates/share_set_notification_subject.tpl"); + + # -- generate mail text from template - get both the text and the html versions + $vs_mail_message_text = $o_view->render("mailTemplates/share_set_notification.tpl"); + $vs_mail_message_html = $o_view->render("mailTemplates/share_set_notification_html.tpl"); + + foreach($va_success_emails as $vs_email){ + caSendmail($vs_email, $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html); + } } - }else{ - $this->view->setVar('errors', $va_errors); - $this->userGroupForm(); - } - } - # ------------------------------------------------------ - /** - * - */ - function ajaxListComments() { - if($this->opb_is_login_redirect) { return; } - - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - - $ps_tablename = $this->request->getParameter('type', pString); - - // check this is a valid table to have comments in the lightbox - if(!in_array($ps_tablename, array("ca_sets", "ca_set_items"))){ - throw new ApplicationException(_t("Invalid type")); - } - - // load table - if (!($t_item = Datamodel::getInstance($ps_tablename))) { - throw new ApplicationException(_t("Invalid type")); - } - $pn_item_id = $this->request->getParameter($t_item->primaryKey(), pInteger); - if (!$t_item->load($pn_item_id)) { - throw new ApplicationException(_t("Item does not exist")); - } - - $this->view->setVar("access_values", $this->opa_access_values); - $this->view->setVar("set", $t_set); - $this->view->setVar("tablename", $ps_tablename); - $this->view->setVar("item_id", $pn_item_id); - $this->view->setVar("comments", $qr_comments = $t_item->getComments(null, null, array('returnAs' => 'searchResult'))); - - $this->render("Lightbox/ajax_comments.php"); - } - # ------------------------------------------------------ - /** - * - */ - function ajaxAddComment() { - if($this->opb_is_login_redirect) { return; } - if (!caValidateCSRFToken($this->request)) { - throw new ApplicationException(_t("Invalid CSRF token")); } + }else{ + $this->view->setVar('errors', $va_errors); + $this->shareSetForm(); + } + } + # ------------------------------------------------------ + /** + * + */ + function userGroupList() { + if($this->opb_is_login_redirect) { return; } - // when close is set to true, will make the form view disappear after saving form - - $va_errors = array(); - $vn_count = null; - $vs_message = null; - - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } else { - $ps_comment_type = $this->request->getParameter('type', pString); - - // check this is a valid table to have comments in the lightbox - if(!in_array($ps_comment_type, array("ca_sets", "ca_set_items"))){ - $va_errors[] = _t("Invalid type: %1", $ps_comment_type); - } else { - // load table - $t_item = Datamodel::getInstance($ps_comment_type, true); - $pn_id = $this->request->getParameter('id', pInteger); - if (!$t_item->load($pn_id)) { - $va_errors[] = _t("Invalid id: %1", $pn_id); - } elseif(!($ps_comment = $this->purifier->purify($this->request->getParameter('comment', pString)))) { - $va_errors[] = _t("Please enter a comment"); - } elseif($t_comment = $t_item->addComment($ps_comment, null, $this->request->getUserID(), null, null, null, 1, $this->request->getUserID(), array("purify" => true))){ - // pass user's id as moderator - all set comments should be made public, it's a private space and comments should not need to be moderated - $vs_message = _t("Saved comment"); - - $this->view->setVar('comment', $ps_comment); - $this->view->setVar('comment_id', $t_comment->getPrimaryKey()); - $this->view->setVar('author', $t_comment->get('ca_users.fname').' '.$t_comment->get('ca_users.lname').' '.$t_comment->get('ca_item_comments.created_on')); - - $this->view->setVar('is_writeable', $this->view->getVar('write_access')); - $this->view->setVar('is_author', true); - $vs_rendered_comment = $this->render("Lightbox/set_comment_html.php", true); - $vn_count = (int)$t_comment->getItem()->getNumComments(); - - } else { - $va_errors[] = _t("There were errors adding your comment: ".join("; ", $t_item->getErrors())); - } - } - } - - $this->view->setVar("type", $ps_comment_type); - $this->view->setVar("set_id", $pn_id); - $this->view->setVar("message", $vs_message); - $this->view->setVar("comment", $vs_rendered_comment); - $this->view->setVar("comment_count", $vn_count); - $this->view->setVar("comment_count_display", $vn_count." ".(($vn_count == 1) ? _t("comment") : _t("comments"))); - $this->view->setVar("errors", $va_errors); - $this->render("Lightbox/ajax_add_comment_json.php"); - } - # ------------------------------------------------------ - /** - * - */ - function ajaxDeleteComment() { - if($this->opb_is_login_redirect) { return; } - if (!caValidateCSRFToken($this->request)) { - throw new ApplicationException(_t("Invalid CSRF token")); - } - $va_errors = array(); - $vs_message = null; - $vn_count = null; - $pn_comment_id = null; - - if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { - $va_errors[] = _t('You do not have access to this lightbox'); - } else { - $t_comment = new ca_item_comments($pn_comment_id = $this->request->getParameter("comment_id", pInteger)); - - if ($t_comment->get("comment_id")) { - $vn_count = $t_comment->getItem()->getNumComments(); - - // check if user is owner of comment or has edit access to set comment was made on - if (($this->request->getUserID() != $t_comment->get("user_id")) && !$t_set->haveAccessToSet($this->request->getUserID(), __CA_SET_EDIT_ACCESS__)) { - $va_errors[] = _t('You do not have access to this comment'); - } else { - $t_comment->delete(true); - if ($t_comment->numErrors()) { - $va_errors = $t_comment->getErrors(); - } else { - $vn_count--; - $vs_message = _t("Removed comment"); - } - } - } else { - $va_errors[] = _t("Invalid comment_id"); - } - - } - $this->view->setVar("comment_id", $pn_comment_id); - $this->view->setVar("comment_count", $vn_count); - $this->view->setVar("comment_count_display", $vn_count." ".(($vn_count == 1) ? _t("comment") : _t("comments"))); - $this->view->setVar("message", $vs_message); - $this->view->setVar("errors", $va_errors); - $this->render("Lightbox/ajax_delete_comment_json.php"); - } - # ------------------------------------------------------- - /** - * - */ - public function deleteLightbox() { - if($this->opb_is_login_redirect) { return; } - if (!caValidateCSRFToken($this->request)) { - throw new ApplicationException(_t("Invalid CSRF token")); + $this->render("Lightbox/user_group_list_html.php"); + } + # ------------------------------------------------------ + /** + * + */ + function userGroupForm($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + + $t_user_group = new ca_user_groups(); + $this->view->setVar("user_group",$t_user_group); + $this->view->setVar("user_group_heading", caGetOption("user_group_heading", $pa_options, _t("User Group"))); + $this->render("Lightbox/form_user_group_html.php"); + } + # ------------------------------------------------------ + /** + * + */ + function saveUserGroup($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + global $g_ui_locale_id; // current locale_id for user + $va_errors = array(); + + $vs_user_group_terminology = caGetOption("user_group_terminology", $pa_options, _t("user group")); + + $t_user_group = new ca_user_groups(); + if($pn_group_id = $this->request->getParameter('group_id', pInteger)){ + $t_user_group->load($pn_group_id); + if($t_user_group->get("user_id") != $this->request->getUserId()){ + throw new ApplicationException(_t("You do not have access to this user group")); } - $va_errors = array(); - $vs_message = $vn_set_id = $vs_set_name = null; - - if ($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)) { - $vs_set_name = $t_set->getLabelForDisplay(); - $t_set->setMode(ACCESS_WRITE); - $t_set->delete(); - - if($t_set->numErrors()) { - $va_errors[] = _t("%1 could not be deleted: %2", $vs_set_name, join("; ", $t_set->getErrors())); - } else { - $vs_message = _t("%1 was deleted", $vs_set_name); - } - $vn_set_id = $t_set->get('set_id'); - } else { - throw new ApplicationException(_t("You do not have access to this lightbox")); - } - - $this->view->setVar('message', $vs_message); - $this->view->setVar('set_id', $vn_set_id); - $this->view->setVar('errors', $va_errors); - $this->view->setVar('name', $vs_set_name); - - $this->render("Lightbox/ajax_delete_set_json.php"); - } - # ------------------------------------------------------ - /** - * - */ - public function ajaxReorderItems() { - if($this->opb_is_login_redirect) { return; } - - if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ - - $this->view->setVar("set_id", $t_set->get("set_id")); - - $va_row_ids = array(); - $va_row_ids_raw = explode('&', $this->request->getParameter('row_ids', pString)); - foreach($va_row_ids_raw as $vn_row_id_raw){ - $va_row_ids[] = str_replace('row[]=', '', $vn_row_id_raw); + } + + // check for errors + // group name - required + $ps_name = $this->purifier->purify($this->request->getParameter('name', pString)); + if(!$ps_name){ + $va_errors["name"] = _t("Please enter the name of your %1", $vs_user_group_terminology); + }else{ + $this->view->setVar("name", $ps_name); + } + // user group description - optional + $ps_description = $this->purifier->purify($this->request->getParameter('description', pString)); + $this->view->setVar("description", $ps_description); + + if(sizeof($va_errors) == 0){ + $t_user_group->setMode(ACCESS_WRITE); + $t_user_group->set('name', $ps_name); + $t_user_group->set('description', $ps_description); + if($t_user_group->get("group_id")){ + $t_user_group->update(); + }else{ + $t_user_group->set('user_id', $this->request->getUserID()); + $t_user_group->set('code', 'lb_'.$this->request->getUserID().'_'.time()); + $t_user_group->set('for_public_use', 1); + $t_user_group->insert(); + if($t_user_group->get("group_id")){ + $t_user_group->addUsers($this->request->getUserID()); } - $va_errors = $t_set->reorderItems($va_row_ids, ['user_id' => $this->request->getUserID()]); + } + if($t_user_group->numErrors()) { + $va_errors["general"] = join("; ", $t_user_group->getErrors()); + $this->view->setVar('errors', $va_errors); + $this->userGroupForm(); }else{ - throw new ApplicationException(_t("You do not have access to this lightbox")); + // add current user to group + $this->view->setVar("message", _t('Saved %1.', $vs_user_group_terminology)); + $this->render("Form/reload_html.php"); } + }else{ $this->view->setVar('errors', $va_errors); - $this->render('Lightbox/ajax_reorder_items_json.php'); - } - # ------------------------------------------------------- - /** - * - */ - public function ajaxDeleteItem() { - if($this->opb_is_login_redirect) { return; } - if (!caValidateCSRFToken($this->request)) { - throw new ApplicationException(_t("Invalid CSRF token")); + $this->userGroupForm(); + } + } + # ------------------------------------------------------ + /** + * + */ + function ajaxListComments() { + if($this->opb_is_login_redirect) { return; } + + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + + $ps_tablename = $this->request->getParameter('type', pString); + + // check this is a valid table to have comments in the lightbox + if(!in_array($ps_tablename, array("ca_sets", "ca_set_items"))){ + throw new ApplicationException(_t("Invalid type")); + } + + // load table + if (!($t_item = Datamodel::getInstance($ps_tablename))) { + throw new ApplicationException(_t("Invalid type")); + } + $pn_item_id = $this->request->getParameter($t_item->primaryKey(), pInteger); + if (!$t_item->load($pn_item_id)) { + throw new ApplicationException(_t("Item does not exist")); + } + + $this->view->setVar("access_values", $this->opa_access_values); + $this->view->setVar("set", $t_set); + $this->view->setVar("tablename", $ps_tablename); + $this->view->setVar("item_id", $pn_item_id); + $this->view->setVar("comments", $qr_comments = $t_item->getComments(null, null, array('returnAs' => 'searchResult'))); + + $this->render("Lightbox/ajax_comments.php"); + } + # ------------------------------------------------------ + /** + * + */ + function ajaxAddComment() { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + // when close is set to true, will make the form view disappear after saving form + + $va_errors = array(); + $vn_count = null; + $vs_message = null; + + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } else { + $ps_comment_type = $this->request->getParameter('type', pString); + + // check this is a valid table to have comments in the lightbox + if(!in_array($ps_comment_type, array("ca_sets", "ca_set_items"))){ + $va_errors[] = _t("Invalid type: %1", $ps_comment_type); + } else { + // load table + $t_item = Datamodel::getInstance($ps_comment_type, true); + $pn_id = $this->request->getParameter('id', pInteger); + if (!$t_item->load($pn_id)) { + $va_errors[] = _t("Invalid id: %1", $pn_id); + } elseif(!($ps_comment = $this->purifier->purify($this->request->getParameter('comment', pString)))) { + $va_errors[] = _t("Please enter a comment"); + } elseif($t_comment = $t_item->addComment($ps_comment, null, $this->request->getUserID(), null, null, null, 1, $this->request->getUserID(), array("purify" => true))){ + // pass user's id as moderator - all set comments should be made public, it's a private space and comments should not need to be moderated + $vs_message = _t("Saved comment"); + + $this->view->setVar('comment', $ps_comment); + $this->view->setVar('comment_id', $t_comment->getPrimaryKey()); + $this->view->setVar('author', $t_comment->get('ca_users.fname').' '.$t_comment->get('ca_users.lname').' '.$t_comment->get('ca_item_comments.created_on')); + + $this->view->setVar('is_writeable', $this->view->getVar('write_access')); + $this->view->setVar('is_author', true); + $vs_rendered_comment = $this->render("Lightbox/set_comment_html.php", true); + $vn_count = (int)$t_comment->getItem()->getNumComments(); + + } else { + $va_errors[] = _t("There were errors adding your comment: ".join("; ", $t_item->getErrors())); + } } + } - if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ - - $pn_item_id = $this->request->getParameter('item_id', pInteger); - if ($t_set->removeItemByItemID($pn_item_id, $this->request->getUserID())) { - $va_errors = array(); + $this->view->setVar("type", $ps_comment_type); + $this->view->setVar("set_id", $pn_id); + $this->view->setVar("message", $vs_message); + $this->view->setVar("comment", $vs_rendered_comment); + $this->view->setVar("comment_count", $vn_count); + $this->view->setVar("comment_count_display", $vn_count." ".(($vn_count == 1) ? _t("comment") : _t("comments"))); + $this->view->setVar("errors", $va_errors); + $this->render("Lightbox/ajax_add_comment_json.php"); + } + # ------------------------------------------------------ + /** + * + */ + function ajaxDeleteComment() { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $va_errors = array(); + $vs_message = null; + $vn_count = null; + $pn_comment_id = null; + + if (!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)) { + $va_errors[] = _t('You do not have access to this lightbox'); + } else { + $t_comment = new ca_item_comments($pn_comment_id = $this->request->getParameter("comment_id", pInteger)); + + if ($t_comment->get("comment_id")) { + $vn_count = $t_comment->getItem()->getNumComments(); + + // check if user is owner of comment or has edit access to set comment was made on + if (($this->request->getUserID() != $t_comment->get("user_id")) && !$t_set->haveAccessToSet($this->request->getUserID(), __CA_SET_EDIT_ACCESS__)) { + $va_errors[] = _t('You do not have access to this comment'); } else { - $va_errors[] = _t('Could not remove item from %1', $this->ops_lightbox_display_name); + $t_comment->delete(true); + if ($t_comment->numErrors()) { + $va_errors = $t_comment->getErrors(); + } else { + $vn_count--; + $vs_message = _t("Removed comment"); + } } - $this->view->setVar('set_id', $t_set->getPrimaryKey()); - $this->view->setVar('item_id', $pn_item_id); - $this->view->setVar('count', $t_set->getItemCount(array('user_id' => $this->request->getUserID(), 'checkAccess' => $this->opa_access_values))); } else { - throw new ApplicationException(_t("You do not have access to this lightbox")); + $va_errors[] = _t("Invalid comment_id"); } - - $this->view->setVar('errors', $va_errors); - $this->render('Lightbox/ajax_delete_item_json.php'); - } - # ------------------------------------------------------- - /** - * - */ - public function ajaxAddItem($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - if (!caValidateCSRFToken($this->request)) { - throw new ApplicationException(_t("Invalid CSRF token")); + + } + $this->view->setVar("comment_id", $pn_comment_id); + $this->view->setVar("comment_count", $vn_count); + $this->view->setVar("comment_count_display", $vn_count." ".(($vn_count == 1) ? _t("comment") : _t("comments"))); + $this->view->setVar("message", $vs_message); + $this->view->setVar("errors", $va_errors); + $this->render("Lightbox/ajax_delete_comment_json.php"); + } + # ------------------------------------------------------- + /** + * + */ + public function deleteLightbox() { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + $va_errors = array(); + $vs_message = $vn_set_id = $vs_set_name = null; + + if ($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)) { + $vs_set_name = $t_set->getLabelForDisplay(); + $t_set->setMode(ACCESS_WRITE); + $t_set->delete(); + + if($t_set->numErrors()) { + $va_errors[] = _t("%1 could not be deleted: %2", $vs_set_name, join("; ", $t_set->getErrors())); + } else { + $vs_message = _t("%1 was deleted", $vs_set_name); } + $vn_set_id = $t_set->get('set_id'); + } else { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + + $this->view->setVar('message', $vs_message); + $this->view->setVar('set_id', $vn_set_id); + $this->view->setVar('errors', $va_errors); + $this->view->setVar('name', $vs_set_name); + + $this->render("Lightbox/ajax_delete_set_json.php"); + } + # ------------------------------------------------------ + /** + * + */ + public function ajaxReorderItems() { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); - global $g_ui_locale_id; // current locale_id for user - $va_errors = array(); - - $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); - $this->view->setVar("display_name", $vs_display_name); - $vs_display_name_plural = caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural); - $this->view->setVar("display_name_plural", $vs_display_name_plural); - - // set_id is passed through form, otherwise we're saving a new set, and adding the item to it - if($this->request->getParameter('set_id', pInteger)){ - $t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__); - if(!$t_set && $t_set = $this->_getSet(__CA_SET_READ_ACCESS__)){ - $va_errors["general"] = _t("You can not add items to this %1. You have read only access.", $vs_display_name); - $this->view->setVar('errors', $va_errors); - $this->addItemForm(); - return; - } - }else{ - $t_set = new ca_sets(); - $t_set->purify(true); - - // set name - if not sent, make a decent default - $ps_name = $this->purifier->purify($this->request->getParameter('name', pString)); - if(!$ps_name){ - $ps_name = _t("Your %1", $vs_display_name); - } - // set description - optional - $ps_description = $this->purifier->purify($this->request->getParameter($this->ops_description_attribute, pString)); - - $t_list = new ca_lists(); - $vn_set_type_user = $t_list->getItemIDFromList('set_types', $this->request->config->get('user_set_type')); - - $t_object = new ca_objects(); - $t_object->purify(true); - - $vn_object_table_num = $t_object->tableNum(); - $t_set->setMode(ACCESS_WRITE); - $t_set->set('access', (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1); - $t_set->set('table_num', $vn_object_table_num); - $t_set->set('type_id', $vn_set_type_user); - $t_set->set('user_id', $this->request->getUserID()); - $t_set->set('set_code', $this->request->getUserID().'_'.time()); - // create new attribute - if($ps_description){ - $t_set->addAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); - } - $t_set->insert(); - if($t_set->numErrors()) { - $va_errors["general"] = join("; ", $t_set->getErrors()); - $this->view->setVar('errors', $va_errors); - $this->addItemForm(); - return; - }else{ - // save name - add new label - $t_set->addLabel(array('name' => $ps_name), $g_ui_locale_id, null, true); - // select the current set - $this->request->user->setVar('current_set_id', $t_set->get("set_id")); + if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ + + $this->view->setVar("set_id", $t_set->get("set_id")); + + $va_row_ids = array(); + $va_row_ids_raw = explode('&', $this->request->getParameter('row_ids', pString)); + foreach($va_row_ids_raw as $vn_row_id_raw){ + $va_row_ids[] = str_replace('row[]=', '', $vn_row_id_raw); + } + $va_errors = $t_set->reorderItems($va_row_ids, ['user_id' => $this->request->getUserID()]); + }else{ + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + $this->view->setVar('errors', $va_errors); + $this->render('Lightbox/ajax_reorder_items_json.php'); + } + # ------------------------------------------------------- + /** + * + */ + public function ajaxDeleteItem() { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); - } + if($t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__)){ + + $pn_item_id = $this->request->getParameter('item_id', pInteger); + if ($t_set->removeItemByItemID($pn_item_id, $this->request->getUserID())) { + $va_errors = array(); + } else { + $va_errors[] = _t('Could not remove item from %1', $this->ops_lightbox_display_name); } - if($t_set){ - $pn_item_id = null; - $pn_object_id = $this->request->getParameter('id', pInteger); - if($pn_object_id){ - if(!$t_set->isInSet("ca_objects", $pn_object_id, $t_set->get("set_id"))){ - if ($pn_item_id = $t_set->addItem($pn_object_id, array(), $this->request->getUserID())) { - // - // Select primary representation - // - $t_object = new ca_objects($pn_object_id); - $vn_rep_id = $t_object->getPrimaryRepresentationID(); // get representation_id for primary - - $t_item = new ca_set_items($pn_item_id); - $t_item->addSelectedRepresentation($vn_rep_id); // flag as selected in item vars - $t_item->update(); - - $va_errors = array(); - $this->view->setVar('message', _t("Successfully added item.")); - $this->render("Form/reload_html.php"); - } else { - $va_errors["message"] = _t('Could not add item to %1', $vs_display_name); - $this->render("Form/reload_html.php"); - } - }else{ - $this->view->setVar('message', _t("Item already in %1.", $vs_display_name)); + $this->view->setVar('set_id', $t_set->getPrimaryKey()); + $this->view->setVar('item_id', $pn_item_id); + $this->view->setVar('count', $t_set->getItemCount(array('user_id' => $this->request->getUserID(), 'checkAccess' => $this->opa_access_values))); + } else { + throw new ApplicationException(_t("You do not have access to this lightbox")); + } + + $this->view->setVar('errors', $va_errors); + $this->render('Lightbox/ajax_delete_item_json.php'); + } + # ------------------------------------------------------- + /** + * + */ + public function ajaxAddItem($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + caValidateCSRFToken($this->request, null, ['exceptions' => true]); + + global $g_ui_locale_id; // current locale_id for user + $va_errors = array(); + + $vs_display_name = caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name); + $this->view->setVar("display_name", $vs_display_name); + $vs_display_name_plural = caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural); + $this->view->setVar("display_name_plural", $vs_display_name_plural); + + // set_id is passed through form, otherwise we're saving a new set, and adding the item to it + if($this->request->getParameter('set_id', pInteger)){ + $t_set = $this->_getSet(__CA_SET_EDIT_ACCESS__); + if(!$t_set && $t_set = $this->_getSet(__CA_SET_READ_ACCESS__)){ + $va_errors["general"] = _t("You can not add items to this %1. You have read only access.", $vs_display_name); + $this->view->setVar('errors', $va_errors); + $this->addItemForm(); + return; + } + }else{ + $t_set = new ca_sets(); + $t_set->purify(true); + + // set name - if not sent, make a decent default + $ps_name = $this->purifier->purify($this->request->getParameter('name', pString)); + if(!$ps_name){ + $ps_name = _t("Your %1", $vs_display_name); + } + // set description - optional + $ps_description = $this->purifier->purify($this->request->getParameter($this->ops_description_attribute, pString)); + + $t_list = new ca_lists(); + $vn_set_type_user = $t_list->getItemIDFromList('set_types', $this->request->config->get('user_set_type')); + + $t_object = new ca_objects(); + $t_object->purify(true); + + $vn_object_table_num = $t_object->tableNum(); + $t_set->setMode(ACCESS_WRITE); + $t_set->set('access', (!is_null($vn_access = $this->request->config->get('lightbox_default_access'))) ? $vn_access : 1); + $t_set->set('table_num', $vn_object_table_num); + $t_set->set('type_id', $vn_set_type_user); + $t_set->set('user_id', $this->request->getUserID()); + $t_set->set('set_code', $this->request->getUserID().'_'.time()); + // create new attribute + if($ps_description){ + $t_set->addAttribute(array($this->ops_description_attribute => $ps_description, 'locale_id' => $g_ui_locale_id), $this->ops_description_attribute); + } + $t_set->insert(); + if($t_set->numErrors()) { + $va_errors["general"] = join("; ", $t_set->getErrors()); + $this->view->setVar('errors', $va_errors); + $this->addItemForm(); + return; + }else{ + // save name - add new label + $t_set->addLabel(array('name' => $ps_name), $g_ui_locale_id, null, true); + // select the current set + $this->request->user->setVar('current_set_id', $t_set->get("set_id")); + + } + } + if($t_set){ + $pn_item_id = null; + $pn_object_id = $this->request->getParameter('id', pInteger); + if($pn_object_id){ + if(!$t_set->isInSet("ca_objects", $pn_object_id, $t_set->get("set_id"))){ + if ($pn_item_id = $t_set->addItem($pn_object_id, array(), $this->request->getUserID())) { + // + // Select primary representation + // + $t_object = new ca_objects($pn_object_id); + $vn_rep_id = $t_object->getPrimaryRepresentationID(); // get representation_id for primary + + $t_item = new ca_set_items($pn_item_id); + $t_item->addSelectedRepresentation($vn_rep_id); // flag as selected in item vars + $t_item->update(); + + $va_errors = array(); + $this->view->setVar('message', _t("Successfully added item.")); $this->render("Form/reload_html.php"); - } + } else { + $va_errors["message"] = _t('Could not add item to %1', $vs_display_name); + $this->render("Form/reload_html.php"); + } }else{ - if(($pb_saveLastResults = $this->request->getParameter('saveLastResults', pString)) || ($ps_object_ids = $this->request->getParameter('object_ids', pString)) || ($pn_object_id = $this->request->getParameter('object_id', pInteger))){ - if($pb_saveLastResults){ - // get object ids from last result - $o_context = ResultContext::getResultContextForLastFind($this->request, "ca_objects"); - $va_object_ids = $o_context->getResultList(); - } elseif($pn_object_id) { - $va_object_ids = [$pn_object_id]; - $this->view->setVar("row_id", $pn_object_id); - }else{ - $va_object_ids = explode(";", $ps_object_ids); - } - if(is_array($va_object_ids) && sizeof($va_object_ids)){ - // check for those already in set - $va_object_ids_in_set = $t_set->areInSet("ca_objects", $va_object_ids, $t_set->get("set_id")); - $va_object_ids = array_diff($va_object_ids, $va_object_ids_in_set); - // insert items - $t_set->addItems($va_object_ids); - $this->view->setVar('message', _t("Successfully added results to %1.", $vs_display_name)); - $this->render("Form/reload_html.php"); - - }else{ - $this->view->setVar('message', _t("No objects in search result to add to %1", $vs_display_name)); - $this->render("Form/reload_html.php"); - } + $this->view->setVar('message', _t("Item already in %1.", $vs_display_name)); + $this->render("Form/reload_html.php"); + } + }else{ + if(($pb_saveLastResults = $this->request->getParameter('saveLastResults', pString)) || ($ps_object_ids = $this->request->getParameter('object_ids', pString)) || ($pn_object_id = $this->request->getParameter('object_id', pInteger))){ + if($pb_saveLastResults){ + // get object ids from last result + $o_context = ResultContext::getResultContextForLastFind($this->request, "ca_objects"); + $va_object_ids = $o_context->getResultList(); + } elseif($pn_object_id) { + $va_object_ids = [$pn_object_id]; + $this->view->setVar("row_id", $pn_object_id); }else{ - $this->view->setVar('message', _t("Object ID is not defined")); + $va_object_ids = explode(";", $ps_object_ids); + } + if(is_array($va_object_ids) && sizeof($va_object_ids)){ + // check for those already in set + $va_object_ids_in_set = $t_set->areInSet("ca_objects", $va_object_ids, $t_set->get("set_id")); + $va_object_ids = array_diff($va_object_ids, $va_object_ids_in_set); + // insert items + $t_set->addItems($va_object_ids); + $this->view->setVar('message', _t("Successfully added results to %1.", $vs_display_name)); + $this->render("Form/reload_html.php"); + + }else{ + $this->view->setVar('message', _t("No objects in search result to add to %1", $vs_display_name)); $this->render("Form/reload_html.php"); } + }else{ + $this->view->setVar('message', _t("Object ID is not defined")); + $this->render("Form/reload_html.php"); } } - } - # ------------------------------------------------------- - /** - * - */ - public function addItemForm($pa_options = array()){ - if($this->opb_is_login_redirect) { return; } - - $this->view->setVar("display_name", caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name)); - $this->view->setVar("display_name_plural", caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural)); - $this->view->setvar("set", new ca_Sets()); - $this->view->setvar("object_id", $this->request->getParameter('object_id', pInteger)); - $this->view->setvar("object_ids", $this->request->getParameter('object_ids', pString)); - $this->view->setvar("saveLastResults", $this->request->getParameter('saveLastResults', pInteger)); - if(($pn_object_id = $this->request->getParameter('object_id', pInteger)) || ($pn_save_last_results = $this->request->getParameter('saveLastResults', pInteger)) || ($pa_object_ids = sizeof(explode(";", $this->request->getParameter('object_ids', pString))))){ - $this->render("Lightbox/form_add_set_item_html.php"); - }else{ - $this->view->setVar('message', _t("Object ID is not defined")); - $this->render("Form/reload_html.php"); - } - } - # ------------------------------------------------------- - /** - * Return text for map item info bubble - */ - public function ajaxGetMapItem() { - if($this->opb_is_login_redirect) { return; } - - $pa_ids = explode(";", $this->request->getParameter('id', pString)); - $ps_view = $this->request->getParameter('view', pString); - - $this->view->setVar('view', $ps_view = caCheckLightboxView(array('request' => $this->request, 'default' => 'map'))); - $this->view->setVar('views', $va_views = $this->opo_config->getAssoc("views")); - $va_view_info = $va_views[$ps_view]; - - $vs_content_template = $va_view_info['display']['description_template']; - - $this->view->setVar('contentTemplate', caProcessTemplateForIDs($vs_content_template, 'ca_objects', $pa_ids, array('checkAccess' => $this->opa_access_values))); - - $this->render("Lightbox/ajax_map_item_html.php"); - } - # ------------------------------------------------------ - /** - * - */ - public function present($pa_options = null) { - if($this->opb_is_login_redirect) { return; } - if(!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)){ - $this->Index(); - return; - } - $this->view->setVar("controller", caGetOption("controller", $pa_options, "Lightbox")); - $this->view->setVar("display_name", caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name)); - $this->view->setVar("display_name_plural", caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural)); - - AssetLoadManager::register("reveal.js"); - $o_app = AppController::getInstance(); - $o_app->removeAllPlugins(); - $this->view->setVar("set", $t_set); + } + } + # ------------------------------------------------------- + /** + * + */ + public function addItemForm($pa_options = array()){ + if($this->opb_is_login_redirect) { return; } - $this->render("Lightbox/present_html.php"); + $this->view->setVar("display_name", caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name)); + $this->view->setVar("display_name_plural", caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural)); + $this->view->setvar("set", new ca_Sets()); + $this->view->setvar("object_id", $this->request->getParameter('object_id', pInteger)); + $this->view->setvar("object_ids", $this->request->getParameter('object_ids', pString)); + $this->view->setvar("saveLastResults", $this->request->getParameter('saveLastResults', pInteger)); + if(($pn_object_id = $this->request->getParameter('object_id', pInteger)) || ($pn_save_last_results = $this->request->getParameter('saveLastResults', pInteger)) || ($pa_object_ids = sizeof(explode(";", $this->request->getParameter('object_ids', pString))))){ + $this->render("Lightbox/form_add_set_item_html.php"); + }else{ + $this->view->setVar('message', _t("Object ID is not defined")); + $this->render("Form/reload_html.php"); } - # ------------------------------------------------------- - /** - * Download (accessible) media for all records in this set - */ - public function getLightboxMedia() { - set_time_limit(600); // allow a lot of time for this because the sets can be potentially large - $t_set = new ca_sets($this->request->getParameter('set_id', pInteger)); - if (!$t_set->getPrimaryKey()) { - $this->notification->addNotification(_t('No set defined'), __NOTIFICATION_TYPE_ERROR__); - $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); - return false; - } + } + # ------------------------------------------------------- + /** + * Return text for map item info bubble + */ + public function ajaxGetMapItem() { + if($this->opb_is_login_redirect) { return; } + + $pa_ids = explode(";", $this->request->getParameter('id', pString)); + $ps_view = $this->request->getParameter('view', pString); + + $this->view->setVar('view', $ps_view = caCheckLightboxView(array('request' => $this->request, 'default' => 'map'))); + $this->view->setVar('views', $va_views = $this->opo_config->getAssoc("views")); + $va_view_info = $va_views[$ps_view]; + + $vs_content_template = $va_view_info['display']['description_template']; + + $this->view->setVar('contentTemplate', caProcessTemplateForIDs($vs_content_template, 'ca_objects', $pa_ids, array('checkAccess' => $this->opa_access_values))); + + $this->render("Lightbox/ajax_map_item_html.php"); + } + # ------------------------------------------------------ + /** + * + */ + public function present($pa_options = null) { + if($this->opb_is_login_redirect) { return; } + if(!$t_set = $this->_getSet(__CA_SET_READ_ACCESS__)){ + $this->Index(); + return; + } + $this->view->setVar("controller", caGetOption("controller", $pa_options, "Lightbox")); + $this->view->setVar("display_name", caGetOption("display_name", $pa_options, $this->ops_lightbox_display_name)); + $this->view->setVar("display_name_plural", caGetOption("display_name_plural", $pa_options, $this->ops_lightbox_display_name_plural)); + + AssetLoadManager::register("reveal.js"); + $o_app = AppController::getInstance(); + $o_app->removeAllPlugins(); + $this->view->setVar("set", $t_set); - $va_record_ids = array_keys($t_set->getItemRowIDs(array('checkAccess' => $this->opa_access_values, 'limit' => 100000))); - if(!is_array($va_record_ids) || !sizeof($va_record_ids)) { - $this->notification->addNotification(_t('No media is available for download'), __NOTIFICATION_TYPE_ERROR__); - $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); - return false; - } + $this->render("Lightbox/present_html.php"); + } + # ------------------------------------------------------- + /** + * Download (accessible) media for all records in this set + */ + public function getLightboxMedia() { + set_time_limit(600); // allow a lot of time for this because the sets can be potentially large + $t_set = new ca_sets($this->request->getParameter('set_id', pInteger)); + if (!$t_set->getPrimaryKey()) { + $this->notification->addNotification(_t('No set defined'), __NOTIFICATION_TYPE_ERROR__); + $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); + return false; + } - $vs_subject_table = Datamodel::getTableName($t_set->get('table_num')); - $t_instance = Datamodel::getInstance($vs_subject_table); + $va_record_ids = array_keys($t_set->getItemRowIDs(array('checkAccess' => $this->opa_access_values, 'limit' => 100000))); + if(!is_array($va_record_ids) || !sizeof($va_record_ids)) { + $this->notification->addNotification(_t('No media is available for download'), __NOTIFICATION_TYPE_ERROR__); + $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); + return false; + } - $qr_res = $vs_subject_table::createResultSet($va_record_ids); - $qr_res->filterNonPrimaryRepresentations(false); + $vs_subject_table = Datamodel::getTableName($t_set->get('table_num')); + $t_instance = Datamodel::getInstance($vs_subject_table); - $va_paths = array(); - $t_download_log = new Downloadlog(); - while($qr_res->nextHit()) { - $t_instance->load($qr_res->get("ca_objects.object_id")); - if (!$t_instance->getPrimaryKey()) { continue; } - - $va_reps = $t_instance->getRepresentations(null, null, array("checkAccess" => $this->opa_access_values)); - $vs_idno = $t_instance->get('idno'); + $qr_res = $vs_subject_table::createResultSet($va_record_ids); + $qr_res->filterNonPrimaryRepresentations(false); + + $va_paths = array(); + $t_download_log = new Downloadlog(); + while($qr_res->nextHit()) { + $t_instance->load($qr_res->get("ca_objects.object_id")); + if (!$t_instance->getPrimaryKey()) { continue; } + + $va_reps = $t_instance->getRepresentations(null, null, array("checkAccess" => $this->opa_access_values)); + $vs_idno = $t_instance->get('idno'); + + $vn_c = 1; + foreach($va_reps as $vn_representation_id => $va_rep) { - $vn_c = 1; - foreach($va_reps as $vn_representation_id => $va_rep) { - - $t_download_log->log(array( - "user_id" => $this->request->getUserID() ? $this->request->getUserID() : null, - "ip_addr" => RequestHTTP::ip(), - "table_num" => $t_instance->TableNum(), - "row_id" => $t_instance->get("ca_objects.object_id"), - "representation_id" => $vn_representation_id, - "download_source" => "pawtucket" - )); + $t_download_log->log(array( + "user_id" => $this->request->getUserID() ? $this->request->getUserID() : null, + "ip_addr" => RequestHTTP::ip(), + "table_num" => $t_instance->TableNum(), + "row_id" => $t_instance->get("ca_objects.object_id"), + "representation_id" => $vn_representation_id, + "download_source" => "pawtucket" + )); + - - # -- get version to download configured in media_display.conf - $va_download_display_info = caGetMediaDisplayInfo('download', $va_rep["mimetype"]); - $vs_download_version = caGetOption(['download_version', 'display_version'], $va_download_display_info); - - $t_rep = new ca_object_representations($va_rep['representation_id']); - $va_rep_info = $t_rep->getMediaInfo("media", $vs_download_version); + # -- get version to download configured in media_display.conf + $va_download_display_info = caGetMediaDisplayInfo('download', $va_rep["mimetype"]); + $vs_download_version = caGetOption(['download_version', 'display_version'], $va_download_display_info); - $vs_filename = caGetRepresentationDownloadFileName('ca_objects', ['idno' => $vs_idno, 'index' => $vn_c, 'version' => $vs_download_version, 'extension' => $va_rep_info['EXTENSION'], 'original_filename' => $va_rep['info']['original_filename'], 'representation_id' => $vn_representation_id]); - - $va_file_names[$vs_filename] = true; + $t_rep = new ca_object_representations($va_rep['representation_id']); + $va_rep_info = $t_rep->getMediaInfo("media", $vs_download_version); + + $vs_filename = caGetRepresentationDownloadFileName('ca_objects', ['idno' => $vs_idno, 'index' => $vn_c, 'version' => $vs_download_version, 'extension' => $va_rep_info['EXTENSION'], 'original_filename' => $va_rep['info']['original_filename'], 'representation_id' => $vn_representation_id]); - // - // Perform metadata embedding - if (!($vs_path = $this->ops_tmp_download_file_path = caEmbedMediaMetadataIntoFile($t_rep->getMediaPath('media', $vs_download_version), 'ca_objects', $t_instance->getPrimaryKey(), $t_instance->getTypeCode(), $t_rep->getPrimaryKey(), $t_rep->getTypeCode()))) { - $vs_path = $t_rep->getMediaPath('media', $vs_download_version); - } - $va_file_paths[$vs_path] = $vs_filename; - - $vn_c++; + $va_file_names[$vs_filename] = true; + + // + // Perform metadata embedding + if (!($vs_path = $this->ops_tmp_download_file_path = caEmbedMediaMetadataIntoFile($t_rep->getMediaPath('media', $vs_download_version), 'ca_objects', $t_instance->getPrimaryKey(), $t_instance->getTypeCode(), $t_rep->getPrimaryKey(), $t_rep->getTypeCode()))) { + $vs_path = $t_rep->getMediaPath('media', $vs_download_version); } - $va_paths[$qr_res->get($t_instance->primaryKey())] = $va_file_paths; - } + $va_file_paths[$vs_path] = $vs_filename; + + $vn_c++; + } + $va_paths[$qr_res->get($t_instance->primaryKey())] = $va_file_paths; + } - if (sizeof($va_paths) > 0){ - $o_zip = new ZipStream(); + if (sizeof($va_paths) > 0){ + $o_zip = new ZipStream(); - foreach($va_paths as $vn_pk => $va_reps) { - $vn_c = 1; - foreach($va_reps as $vs_path => $vs_filename) { - if (!file_exists($vs_path)) { continue; } - $o_zip->addFile($vs_path, $vs_filename); + foreach($va_paths as $vn_pk => $va_reps) { + $vn_c = 1; + foreach($va_reps as $vs_path => $vs_filename) { + if (!file_exists($vs_path)) { continue; } + $o_zip->addFile($vs_path, $vs_filename); - $vn_c++; - } + $vn_c++; } + } - $o_view = new View($this->request, $this->request->getViewsDirectoryPath().'/bundles/'); + $o_view = new View($this->request, $this->request->getViewsDirectoryPath().'/bundles/'); - // send files - $o_view->setVar('zip_stream', $o_zip); - $o_view->setVar('archive_name', 'media_for_'.mb_substr(preg_replace('![^A-Za-z0-9]+!u', '_', ($vs_set_code = $t_set->get('set_code')) ? $vs_set_code : $t_set->getPrimaryKey()), 0, 20).'.zip'); - $this->response->addContent($o_view->render('download_file_binary.php')); - return; - } else { - $this->notification->addNotification(_t('No files to download'), __NOTIFICATION_TYPE_ERROR__); - $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); - return; - } + // send files + $o_view->setVar('zip_stream', $o_zip); + $o_view->setVar('archive_name', 'media_for_'.mb_substr(preg_replace('![^A-Za-z0-9]+!u', '_', ($vs_set_code = $t_set->get('set_code')) ? $vs_set_code : $t_set->getPrimaryKey()), 0, 20).'.zip'); + $this->response->addContent($o_view->render('download_file_binary.php')); + return; + } else { + $this->notification->addNotification(_t('No files to download'), __NOTIFICATION_TYPE_ERROR__); + $this->opo_response->setRedirect(caNavUrl($this->request, '', 'Lightbox', 'Index')); + return; + } - return $this->Index(); + return $this->Index(); + } + # ------------------------------------------------------- + + /** + * Return set_id from request with fallback to user var, or if nothing there then get the users' first set + */ + private function _getSetID() { + $vn_set_id = null; + if (!$vn_set_id = $this->request->getParameter('set_id', pInteger)) { // try to get set_id from request + if(!$vn_set_id = $this->request->user->getVar('current_set_id')){ // get last used set_id + return null; + } } - # ------------------------------------------------------- - - /** - * Return set_id from request with fallback to user var, or if nothing there then get the users' first set - */ - private function _getSetID() { - $vn_set_id = null; - if (!$vn_set_id = $this->request->getParameter('set_id', pInteger)) { // try to get set_id from request - if(!$vn_set_id = $this->request->user->getVar('current_set_id')){ // get last used set_id - return null; - } - } - return $vn_set_id; - } - # ------------------------------------------------------- - /** - * Uses _getSetID() to figure out the ID of the current set, then returns a ca_sets object for it - * and also sets the 'current_set_id' user variable - */ - private function _getSet($pn_access_level=__CA_SET_EDIT_ACCESS__) { - $t_set = new ca_sets(); - $vn_set_id = $this->_getSetID(); - if($vn_set_id){ - $t_set->load($vn_set_id); - - if ($t_set->getPrimaryKey() && ($t_set->haveAccessToSet($this->request->getUserID(), $pn_access_level))) { - $this->request->user->setVar('current_set_id', $vn_set_id); - // pass the access level the user has to the set - needed to display the proper controls in views - $vb_write_access = false; - if($t_set->haveAccessToSet($this->request->getUserID(), __CA_SET_EDIT_ACCESS__)){ - $vb_write_access = true; - } - $this->view->setVar("write_access", $vb_write_access); - return $t_set; + return $vn_set_id; + } + # ------------------------------------------------------- + /** + * Uses _getSetID() to figure out the ID of the current set, then returns a ca_sets object for it + * and also sets the 'current_set_id' user variable + */ + private function _getSet($pn_access_level=__CA_SET_EDIT_ACCESS__) { + $t_set = new ca_sets(); + $vn_set_id = $this->_getSetID(); + if($vn_set_id){ + $t_set->load($vn_set_id); + + if ($t_set->getPrimaryKey() && ($t_set->haveAccessToSet($this->request->getUserID(), $pn_access_level))) { + $this->request->user->setVar('current_set_id', $vn_set_id); + // pass the access level the user has to the set - needed to display the proper controls in views + $vb_write_access = false; + if($t_set->haveAccessToSet($this->request->getUserID(), __CA_SET_EDIT_ACCESS__)){ + $vb_write_access = true; } + $this->view->setVar("write_access", $vb_write_access); + return $t_set; } - return null; - } - # ------------------------------------------------------- - /** - * Generate the URL for the "back to results" link from a browse result item - * as an array of path components. - */ - public static function getReturnToResultsUrl($po_request) { - $va_ret = array( - 'module_path' => '', - 'controller' => 'Lightbox', - 'action' => 'setDetail', - 'params' => array( - - ) - ); - return $va_ret; - } - # ------------------------------------------------------- - } + } + return null; + } + # ------------------------------------------------------- + /** + * Generate the URL for the "back to results" link from a browse result item + * as an array of path components. + */ + public static function getReturnToResultsUrl($po_request) { + $va_ret = array( + 'module_path' => '', + 'controller' => 'Lightbox', + 'action' => 'setDetail', + 'params' => array( + + ) + ); + return $va_ret; + } + # ------------------------------------------------------- +} diff --git a/app/helpers/utilityHelpers.php b/app/helpers/utilityHelpers.php index 899adcf90c..520c9bab8c 100644 --- a/app/helpers/utilityHelpers.php +++ b/app/helpers/utilityHelpers.php @@ -3613,8 +3613,9 @@ function caGenerateCSRFToken($po_request=null){ * @param RequestHTTP $po_request Current request * @param string $ps_token CSRF token to validate. If omitted token in the "csrfToken" parameter is extracted from current request. * @param array $pa_options Options include: - * remove = remove validated token from active token list. [Default is true] - * exceptions = throw exception if token is invalid. [Default is true] + * remove = remove validated token from active token list. [Default is false] + * exceptions = throw exception if token is invalid. [Default is false] + * notifications = post notification if token is invalid. [Default is false] * @return bool * @throws ApplicationException */ diff --git a/themes/default/views/Classroom/form_set_info_html.php b/themes/default/views/Classroom/form_set_info_html.php index 04f8783ab7..b79a6cab77 100644 --- a/themes/default/views/Classroom/form_set_info_html.php +++ b/themes/default/views/Classroom/form_set_info_html.php @@ -48,6 +48,8 @@ ?>
caGenerateCSRFToken($this->request))); + if($va_errors["name"]){ print "
".$va_errors["name"]."
"; } diff --git a/themes/default/views/Lightbox/form_set_info_html.php b/themes/default/views/Lightbox/form_set_info_html.php index 86cfb2154b..88ae290e78 100644 --- a/themes/default/views/Lightbox/form_set_info_html.php +++ b/themes/default/views/Lightbox/form_set_info_html.php @@ -46,6 +46,8 @@ ?> caGenerateCSRFToken($this->request))); + if($va_errors["name"]){ print "
".$va_errors["name"]."
"; } diff --git a/themes/default/views/Lightbox/form_share_set_html.php b/themes/default/views/Lightbox/form_share_set_html.php index d97c947345..8ba7ea2422 100644 --- a/themes/default/views/Lightbox/form_share_set_html.php +++ b/themes/default/views/Lightbox/form_share_set_html.php @@ -45,6 +45,7 @@ ?> caGenerateCSRFToken($this->request))); if(is_array($va_user_groups) && sizeof($va_user_groups)){ if($va_errors["group_id"]){ print "
".$va_errors["group_id"]."
\n"; @@ -93,4 +94,4 @@ return false; }); }); - \ No newline at end of file + diff --git a/themes/default/views/Lightbox/form_user_group_html.php b/themes/default/views/Lightbox/form_user_group_html.php index 18e4bf161c..c87e4fccd4 100644 --- a/themes/default/views/Lightbox/form_user_group_html.php +++ b/themes/default/views/Lightbox/form_user_group_html.php @@ -41,6 +41,7 @@ ?> caGenerateCSRFToken($this->request))); if($va_errors["name"]){ print "
".$va_errors["name"]."
"; } @@ -70,4 +71,4 @@ return false; }); }); - \ No newline at end of file + diff --git a/themes/default/views/Lightbox/set_access_html.php b/themes/default/views/Lightbox/set_access_html.php index 27d65b617c..c2a98091df 100644 --- a/themes/default/views/Lightbox/set_access_html.php +++ b/themes/default/views/Lightbox/set_access_html.php @@ -48,9 +48,9 @@ print "

"._t("User Groups")."

"; print ""; @@ -61,13 +61,13 @@ foreach($va_users as $va_user){ print "
  • "; if(!$va_user["owner"]){ - print "
       
    "; + print "
        caGenerateCSRFToken($this->request)))."\"); return false;'>
    "; } print $va_user["name"]." (".$va_user["email"]."), ".(($va_user["access"] == 2) ? _t("write access") : _t("read access")).(($va_user["owner"]) ? ", "._t("Owner")."" : ""); - print ""; + print ""; print "
    • "; } print ""; } ?> - \ No newline at end of file +