1<?php
2/**
3 * @package tikiwiki
4 */
5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6//
7// All Rights Reserved. See copyright.txt for details and a complete list of authors.
8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9// $Id$
10
11require_once('tiki-setup.php');
12$usermoduleslib = TikiLib::lib('usermodules');
13$smarty = TikiLib::lib('smarty');
14global $tiki_p_configure_modules, $prefs, $user;
15$actions = [
16	'mc_unassign' => [
17		'method' => 'unassign_user_module',
18		'success' => tr('User module unassigned'),
19		'error' => tr('User module not unassigned'),
20	],
21	'mc_up' => [
22		'method' => 'swap_up_user_module',
23		'success' => tr('User module moved up'),
24		'error' => tr('User module not moved up'),
25	],
26	'mc_down' => [
27		'method' => 'swap_down_user_module',
28		'success' => tr('User module moved down'),
29		'error' => tr('User module not moved down'),
30	],
31	'mc_move' => [
32		'method' => 'move_module',
33		'success' => tr('User module moved to opposite side'),
34		'error' => tr('User module not moved to opposite side'),
35	],
36];
37$actions = array_intersect_key($actions, $_REQUEST);
38$check_req = count($actions);
39if ($tiki_p_configure_modules != 'y' && $check_req) {
40	Feedback::errorPage(['mes' => tr('You do not have permission to use this feature'), 'errortype' => 401]);
41}
42if ($prefs['user_assigned_modules'] != 'y' && $check_req) {
43	Feedback::errorPage(tr('This feature is disabled') . ': user_assigned_modules');
44}
45if (! $user && $check_req) {
46	Feedback::errorPage(tr('You must log in to use this feature'));
47}
48$request_uri = $url = isset($_SERVER["REQUEST_URI"]) ? $_SERVER['REQUEST_URI'] : '';
49$access = TikiLib::lib('access');
50foreach ($actions as $action => $settings) {
51	if (isset($_REQUEST[$action]) && $access->checkCsrf()) {
52		// Assign default user modules if user has not yet configured modules
53		if (! $usermoduleslib->user_has_assigned_modules($user)) {
54			$usermoduleslib->create_user_assigned_modules($user);
55		}
56		$method = $settings['method'];
57		$result = $usermoduleslib->$method($_REQUEST[$action], $user);
58		/** @var TikiDb_Pdo_Result|TikiDb_Adodb_Result $result */
59		if ($result && $result->numRows()) {
60			Feedback::success($settings['success']);
61		} else {
62			Feedback::error($settings['error']);
63		}
64
65	}
66	// Remove module movemet paramaters from an URL
67	// \todo What if 'mc_xxx' arg was not at the end? (if smbd fix URL by hands...)
68	//       should I handle this very special (hack?) case?
69	$url = preg_replace('/(.*)(\?|&){1}(mc_up|mc_down|mc_move|mc_unassign)=[^&]*/', '\1', $url);
70}
71
72// Fix locaton if parameter was removed...
73if ($url != $request_uri || (isset($_POST['redirect']) && $_POST['redirect'])) {
74	$access->redirect($url);
75}
76$smarty->assign('current_location', $url);
77$smarty->assign('mpchar', (strpos($url, '?') ? '&' : '?'));
78