Commit e3f082d7 authored by Robert Lyon's avatar Robert Lyon
Browse files

Alerting if added pages to collection change access perms (Bug #1070019)



A popup alert containing the name of the page(s) that have changed
permissions.

If an added page has a permssion that the parent doesn't then the
alert will contain the names of the existing pages in the collection
as well because their access permissions will have also changed.

Change-Id: If7391427ab2b358ebcf85a3292282ab5075ffbe4
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent e3d38601
......@@ -14,6 +14,7 @@ define('JSON', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
require_once('view.php');
$id = param_integer('id');
$direction = param_variable('direction','');
......@@ -28,14 +29,18 @@ $owner = $collection->get('owner');
$groupid = $collection->get('group');
$institutionname = $collection->get('institution');
$views = $collection->views();
$message = null;
if (!empty($direction)) {
parse_str($direction, $direction_array);
$viewids = array();
// get all the id's of the existing views attached to collection - if any
$firstviewaccess = array();
if (!empty($views['views'])) {
foreach ($views['views'] as $v) {
$viewids[] = $v->view;
}
$firstview = new View($viewids[0]);
$firstviewaccess = $firstview->get_access();
}
// now check if there are any new views to add to the collection
// items dragged from the 'add to collection' list. (currently handles only one at a time)
......@@ -43,13 +48,15 @@ if (!empty($direction)) {
if (!empty($diff)) {
// turn it into an array understood by $collection->add_views()
$addviews = array();
$newviewid = false;
foreach ($diff as $v) {
$newviewid = $v;
// We need to check that the id's are allowed to be added to the collection
// by checking if the user can edit the view.
require_once('view.php');
$view = new View($v);
$viewowner = $view->get('owner');
$viewgroup = $view->get('group');
$viewaccess = $view->get_access();
$viewinstitution = $view->get('institution');
if ((!$USER->can_edit_view($view)) ||
(!empty($viewowner) && $viewowner != $collection->get('owner')) ||
......@@ -62,6 +69,46 @@ if (!empty($direction)) {
}
if (!empty($addviews)) {
$collection->add_views($addviews);
// New view permissions
$collectiondifferent = false;
$different = false;
$differentarray = array();
if (!empty($firstviewaccess) && empty($viewaccess)) {
// adding the collection access rules to the added pages
$different = true;
$differentarray[] = $newviewid;
}
else if (!empty($firstviewaccess)) {
$merged = combine_arrays($firstviewaccess, $viewaccess);
if ($merged != $firstviewaccess) {
// adding the new access rules to both collection and added pages
$different = true;
$collectiondifferent = true;
$differentarray[] = $newviewid;
}
else if ($merged != $viewaccess) {
// adding the collection access rules to the added pages
$different = true;
$differentarray[] = $newviewid;
}
}
else if (empty($firstviewaccess) && !empty($viewaccess)) {
// adding the page's access rules to the collection pages
$different = true;
$collectiondifferent = true;
}
if ($collectiondifferent) {
$differentarray = array_merge($differentarray, $viewids);
}
if ($different) {
$alertstr = get_string('viewsaddedaccesschanged', 'collection');
foreach ($differentarray as $viewid) {
$changedview = new View($viewid);
$alertstr .= " " . json_encode($changedview->get('title')) . ",";
}
$alertstr = substr($alertstr, 0, -1) . '.';
$message = $alertstr;
}
}
}
$collection->set_viewdisplayorder(null, $direction_array['row']);
......@@ -98,6 +145,6 @@ $smarty->assign('displayurl', get_config('wwwroot') . 'collection/views.php?id='
$html = $smarty->fetch('collection/views.json.tpl');
json_reply(false, array(
'message' => null,
'message' => $message,
'html' => $html,
));
......@@ -18,6 +18,7 @@ define('SECTION_PAGE', 'views');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php');
require_once('collection.php');
require_once('view.php');
$id = param_integer('id');
......@@ -30,6 +31,21 @@ if (!$USER->can_edit_collection($collection)) {
throw new AccessDeniedException(get_string('canteditcollection', 'collection'));
}
$sesskey = $USER->get('sesskey');
$inlinejs = '';
if ($accesschanged = $SESSION->get('pageaccesschanged')) {
$alertstr = get_string('viewsaddedaccesschanged', 'collection');
foreach ($accesschanged as $viewid) {
$changedview = new View($viewid);
$alertstr .= " " . json_encode($changedview->get('title')) . ",";
}
$alertstr = substr($alertstr, 0, -1) . '.';
$inlinejs = <<<EOF
\$j(function() {
alert('$alertstr');
});
EOF;
$SESSION->set('pageaccesschanged', false);
}
$owner = $collection->get('owner');
$groupid = $collection->get('group');
$institutionname = $collection->get('institution');
......@@ -119,7 +135,7 @@ if ($available = Collection::available_views($owner, $groupid, $institutionname)
));
}
$noviewsavailable = get_string('noviewsavailable', 'collection');
$inlinejs = <<<EOF
$inlinejs .= <<<EOF
\$j(function() {
var fixhelper = function(e, tr) {
var originals = tr.children();
......@@ -132,23 +148,26 @@ $inlinejs = <<<EOF
var updaterows = function(viewid) {
var sortorder = \$j('#collectionviews tbody').sortable('serialize');
\$j.post(config['wwwroot'] + "collection/views.json.php", { sesskey: '$sesskey', id: $id, direction: sortorder })
.done(function(data) {
// update the page with the new table
if (data.returnCode == '0') {
\$j('#collectionviews').replaceWith(data.message.html);
if (viewid) {
\$j('#addviews_view_' + viewid + '_container').remove();
// check if we have just removed the last option leaving
// only the add pages button
if (\$j("#addviews tbody").children().length <= 1) {
\$j("#addviews").remove();
\$j("#pagestoadd").append('$noviewsavailable');
}
}
wiresortables();
wireaddrow();
}
});
.done(function(data) {
// update the page with the new table
if (data.returnCode == '0') {
\$j('#collectionviews').replaceWith(data.message.html);
if (viewid) {
\$j('#addviews_view_' + viewid + '_container').remove();
// check if we have just removed the last option leaving
// only the add pages button
if (\$j("#addviews tbody").children().length <= 1) {
\$j("#addviews").remove();
\$j("#pagestoadd").append('$noviewsavailable');
}
}
if (data.message.message) {
alert(data.message.message);
}
wiresortables();
wireaddrow();
}
});
};
var wiresortables = function() {
......@@ -240,17 +259,85 @@ $smarty->assign_by_ref('views', $views);
$smarty->assign_by_ref('viewsform', $viewsform);
$smarty->display('collection/views.tpl');
function addviews_validate(Pieform $form, $values) {
// Check if a view was selected. Each view was marked with a
// key of view_<id> in order to identify the correct items
// from the form values
$chosen = array();
foreach ($values as $key => $value) {
if (substr($key, 0, 5) === 'view_' AND $value == true) {
$chosen[] = substr($key, 5);
}
}
if (empty($chosen)) {
$form->set_error(null, get_string('needtoselectaview', 'collection'));
return;
}
}
function addviews_submit(Pieform $form, $values) {
global $SESSION, $collection;
// Check if the existing view permissions are different from the views being added
$viewids = get_column('collection_view', 'view', 'collection', $collection->get('id'));
$firstviewaccess = array();
if (count($viewids)) {
$firstview = new View($viewids[0]);
$firstviewaccess = $firstview->get_access();
}
$chosen = array();
foreach ($values as $key => $value) {
if (substr($key, 0, 5) === 'view_' AND $value == true) {
$chosen[] = substr($key, 5);
}
}
// New view permissions
$collectiondifferent = false;
$different = false;
$differentarray = array();
foreach ($chosen as $viewid) {
$view = new View($viewid);
$viewaccess = $view->get_access();
if (!empty($firstviewaccess) && empty($viewaccess)) {
// adding the collection access rules to the added pages
$different = true;
$differentarray[] = $viewid;
}
else if (!empty($firstviewaccess)) {
$merged = combine_arrays($firstviewaccess, $viewaccess);
if ($merged != $firstviewaccess) {
// adding the new access rules to both collection and added pages
$different = true;
$collectiondifferent = true;
$differentarray[] = $viewid;
}
else if ($merged != $viewaccess) {
// adding collection access rules to the added pages
$different = true;
$differentarray[] = $viewid;
}
}
else if (empty($firstviewaccess) && !empty($viewaccess)) {
// adding the page's access rules to the collection pages
$different = true;
$collectiondifferent = true;
}
}
$count = $collection->add_views($values);
if ($count > 1) {
$SESSION->add_ok_msg(get_string('viewsaddedtocollection', 'collection'));
if ($collectiondifferent) {
$differentarray = array_merge($differentarray, $viewids);
}
if ($different) {
$SESSION->add_ok_msg(get_string('viewsaddedtocollection1different', 'collection', $count));
$SESSION->set('pageaccesschanged', $differentarray);
}
else {
$SESSION->add_ok_msg(get_string('viewaddedtocollection', 'collection'));
$SESSION->add_ok_msg(get_string('viewsaddedtocollection1', 'collection', $count));
}
redirect('/collection/views.php?id='.$collection->get('id'));
}
function removeview_submit(Pieform $form, $values) {
......@@ -258,4 +345,4 @@ function removeview_submit(Pieform $form, $values) {
$collection->remove_view((int)$values['view']);
$SESSION->add_ok_msg(get_string('viewremovedsuccessfully','collection'));
redirect('/collection/views.php?id='.$collection->get('id'));
}
}
\ No newline at end of file
......@@ -71,6 +71,7 @@ $string['emptycollection'] = 'Empty collection';
$string['manageviews'] = 'Manage pages';
$string['manageviewsspecific'] = 'Manage pages in "%s"';
$string['name'] = 'Collection name';
$string['needtoselectaview'] = 'You need to select a page to add to the collection.';
$string['newcollection'] = 'New collection';
$string['nocollections'] = 'No collections yet.';
$string['nocollectionsaddone'] = 'No collections yet. %sAdd one%s.';
......@@ -85,13 +86,20 @@ $string['savecollection'] = 'Save collection';
$string['update'] = 'Update';
$string['usecollectionname'] = 'Use collection name?';
$string['usecollectionnamedesc'] = 'If you wish to use the collection name instead of the block title, leave this checked.';
$string['viewaddedtocollection'] = 'Page added to collection. Collection updated to include access from new page.';
$string['viewsaddedtocollection1'] = array(
'%s page added to collection.',
'%s pages added to collection.',
);
$string['viewsaddedtocollection1different'] = array(
'%s page added to collection. The shared access has changed for all pages in the collection.',
'%s pages added to collection. The shared access has changed for all pages in the collection.',
);
$string['viewsaddedaccesschanged'] = 'Access permissions have changed for the following pages:';
$string['viewcollection'] = 'View collection details';
$string['viewcount'] = 'Pages';
$string['viewremovedsuccessfully'] = 'Page removed successfully.';
$string['viewnavigation'] = 'Page navigation bar';
$string['viewnavigationdesc'] = 'Add a horizontal navigation bar to every page in this collection by default.';
$string['viewsaddedtocollection'] = 'Pages added to collection. Collection updated to include access from new pages.';
$string['viewstobeadded'] = 'Pages to be added';
$string['viewconfirmremove'] = 'Are you sure you wish to remove this page from the collection?';
$string['collectioncopywouldexceedquota'] = 'Copying this collection would exceed your file quota.';
......
......@@ -3851,3 +3851,27 @@ function check_case_sensitive($a, $table) {
}
return $a;
}
/**
* Check one array of associative arrays against another to see if
* there are any differences and return a merged array based on the order
* of the $first array with the differences of $second appended on
*
* @param array $first contains associative arrays
* @param array $second contains associative arrays
*
* @return array all the different associative arrays
*/
function combine_arrays($first, $second) {
foreach ($first as $k => $v) {
foreach ($second as $sk => $sv) {
$diff = array_diff($v, $sv);
if (empty($diff)) {
// arrays are the same
unset($second[$sk]);
}
}
}
$merged = array_merge($first, $second);
return $merged;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment