1<?php
2// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
3//
4// All Rights Reserved. See copyright.txt for details and a complete list of authors.
5// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
6
7class Services_Object_Controller
8{
9	public static function supported()
10	{
11		global $prefs;
12		$supported = [];
13
14		if ($prefs['feature_trackers'] == 'y') {
15			$supported[] = 'trackeritem';
16		}
17
18		if ($prefs['activity_basic_events'] == 'y' || $prefs['activity_custom_events'] == 'y' || $prefs['monitor_enabled']) {
19			$supported[] = 'activity';
20		}
21
22		return $supported;
23	}
24
25	function action_infobox($input)
26	{
27		$type = $input->type->none();
28		if (! in_array($type, self::supported())) {
29			throw new Services_Exception_NotAvailable(tr('No box available for %0', $type));
30		}
31
32		return [
33			'type' => $type,
34			'object' => $input->object->none(),
35			'content' => $this->{'infobox_' . $type}($input),
36			'plain' => $input->plain->int(),
37			'format' => $input->format->word(),
38		];
39	}
40
41	private function infobox_trackeritem($input)
42	{
43		$itemId = $input->object->int();
44		$trklib = TikiLib::lib('trk');
45
46		if (! $item = $trklib->get_tracker_item($itemId)) {
47			throw new Services_Exception_NotFound;
48		}
49
50		if (! $definition = Tracker_Definition::get($item['trackerId'])) {
51			throw new Services_Exception_NotFound;
52		}
53
54		$itemObject = Tracker_Item::fromInfo($item);
55
56		if (! $itemObject->canView()) {
57			throw new Services_Exception('Permission denied', 403);
58		}
59
60		$fields = [];
61		foreach ($definition->getPopupFields() as $fieldId) {
62			if ($itemObject->canViewField($fieldId) && $field = $definition->getField($fieldId)) {
63				$fields[] = $field;
64			}
65		}
66
67		$smarty = TikiLib::lib('smarty');
68		$smarty->assign('fields', $fields);
69		$smarty->assign('item', $item);
70		$smarty->assign('can_modify', $itemObject->canModify());
71		$smarty->assign('can_remove', $itemObject->canRemove());
72		$smarty->assign('mode', $input->mode->text() ? $input->mode->text() : '');	// default divs mode
73		return $smarty->fetch('object/infobox/trackeritem.tpl');
74	}
75
76	private function infobox_activity($input)
77	{
78		$itemId = $input->object->int();
79		$lib = TikiLib::lib('activity');
80		$info = $lib->getActivity($itemId);
81
82		if (! $info) {
83			throw new Services_Exception_NotFound;
84		}
85
86		$smarty = TikiLib::lib('smarty');
87		$smarty->assign('activity', $itemId);
88		$smarty->assign('format', $input->format->word());
89		return $smarty->fetch('object/infobox/activity.tpl');
90	}
91
92
93	function action_lock($input)
94	{
95		$attributelib = TikiLib::lib('attribute');
96
97		$type = $input->type->text();
98		$object = $input->object->text();
99		$value = $input->value->text();
100
101		list($perm, $adminperm, $attribute, $permtype) = $this->setup_locking($type);
102
103		$perms = Perms::get($permtype, $object);
104		$lockedby = $attributelib->get_attribute($type, $object, $attribute);
105
106
107		if (empty($lockedby) || $perms->$adminperm) {
108			Services_Exception_Denied::checkObject($perm, $permtype, $object);
109
110			if (! empty($object)) {
111				$return = TikiLib::lib('attribute')->set_attribute($type, $object, $attribute, $value);
112
113				if (! $return) {
114					Feedback::error(tr('Invalid attribute name "%0"', $attribute));
115				}
116			}
117
118			return ['locked' => true];
119		}
120
121		return [];
122	}
123
124	function action_unlock($input)
125	{
126		global $user;
127		$attributelib = TikiLib::lib('attribute');
128
129		$type = $input->type->text();
130		$object = $input->object->text();
131
132		list($perm, $adminperm, $attribute, $permtype) = $this->setup_locking($type);
133
134		$perms = Perms::get($permtype, $object);
135		$lockedby = $attributelib->get_attribute($type, $object, $attribute);
136
137		if ($lockedby) {	// it's locked
138			if ($perms->$adminperm || ($user === $lockedby && $perms->$perm)) {
139				if (! empty($object)) {
140					$res = $attributelib->set_attribute($type, $object, $attribute, '');
141
142					if (! $res) {
143						Feedback::error(tr('Invalid attribute name "%0"', $attribute));
144					}
145				}
146
147				return ['locked' => false];
148			} else {
149				Services_Exception_Denied::checkObject($adminperm, $permtype, $object);
150			}
151		}
152		return [];
153	}
154
155	/**
156	 * Generic function to allow consistently formatted errors from javascript using Feedback
157	 *
158	 * @param $input JitFilter filtered input object
159	 * @throws Exception
160	 */
161	function action_report_error($input)
162	{
163		Feedback::error($input->message->text(), true);
164	}
165
166	/**
167	 * @param $type
168	 * @return array string
169	 * @throws Exception
170	 * @throws Services_Exception_Disabled
171	 */
172	private function setup_locking($type)
173	{
174		$perm = 'lock';    // default (for wiki page, so not used here yet)
175		$adminperm = 'admin';
176		$attribute = 'tiki.object.lock';
177		$permtype = $type;
178
179		switch ($type) {
180			case 'template':
181				Services_Exception_Disabled::check('lock_content_templates');
182				$perm = 'lock_content_templates';
183				$adminperm = 'admin_content_templates';
184				break;
185			case 'wiki structure':
186				Services_Exception_Disabled::check('lock_wiki_structures');
187				$perm = 'lock_structures';
188				$adminperm = 'admin_structures';
189				$permtype = 'wiki page';		// perms for structures are actually from the top wiki page (don't ask)
190				break;
191			default:
192				Feedback::error(tr('Cannot lock "%0"', $type));
193		}
194
195		return [$perm, $adminperm, $attribute, $permtype];
196	}
197}
198