Permalink
Browse files

Merge branch 'master' of https://github.com/collectiveaccess/providence

… into v1.3

Fixed app.conf conflic

Conflicts:
	app/conf/app.conf
  • Loading branch information...
2 parents 0b611fb + 961cd6c commit 22acc295613b8aa926b4084bf168856cac609788 @collectiveaccess committed Jun 12, 2012
@@ -10,8 +10,8 @@ notification_login_url = http://digitallibrary.hsp.org/index.php/LoginReg/form
# email address(es) to send administrative notifications to
administrative_email_addresses = [rnr@hsp.org, seth@whirl-i-gig.com]
-administrative_email_on_order_status = [SUBMITTED, AWAITING_PAYMENT, PROCESSED, PROCESSED_AWAITING_DIGITIZATION, COMPLETED, REOPENED]
-administrative_email_on_payment_status = [SENT_INVOICE, PROCESSING, PROCESSED_AWAITING_DIGITIZATION, DECLINED, RECEIVED]
+administrative_email_on_order_status = [SUBMITTED, AWAITING_PAYMENT, PROCESSED, PROCESSED_AWAITING_DIGITIZATION, PROCESSED_AWAITING_MEDIA_ACCESS, COMPLETED, REOPENED]
+administrative_email_on_payment_status = [SENT_INVOICE, PROCESSING, PROCESSED_AWAITING_DIGITIZATION, PROCESSED_AWAITING_MEDIA_ACCESS, DECLINED, RECEIVED]
# Service to use for processing of credit card payments
#
@@ -49,6 +49,22 @@ fulfillment_methods = {
}
}
+
+# Remote media storage access
+# If high-resolution media is not stored in this system you can pull them on-demand
+# from another CA instance using the configuration options below. On-demand pull of high-resolution
+# to this commerce system is accomplished using media URLs discovered via the itemInfo
+# getObjectRepresentationURLByMD5() web service.
+
+# Base URL (everything before "index.php" or "service.php") of instance to pull media from
+remote_media_base_url = http://test.com/admin
+
+# Remote instance login
+# To ensure these are not accidentally made visible in a web-served configuration file
+# you can place them in setup.php and then references them here using the constants below
+remote_media_username = __CA_CLIENT_SERVICES_REMOTE_MEDIA_USERNAME__
+remote_media_password = __CA_CLIENT_SERVICES_REMOTE_MEDIA_PASSWORD__
+
# Set disposal policy determines what is done with a user's set once
# an order is created from it. Possible values are:
#
@@ -62,11 +62,13 @@
* $pa_bcc: Email address(es) of bcc'ed message recipients. Can be a string containing a single email address or
* an associative array with keys set to multiple addresses and corresponding values optionally set to
* a human-readable recipient name. (optional)
+ * $pa_attachment: array containing file path, name and mime_type of file to attach.
+ * keys are "path", "name", "mime_type"
*
* While both $ps_body_text and $ps_html_text are optional, at least one should be set and both can be set for a
* combination text and HTML email
*/
- function caSendmail($pa_to, $pa_from, $ps_subject, $ps_body_text, $ps_body_html='', $pa_cc=null, $pa_bcc=null) {
+ function caSendmail($pa_to, $pa_from, $ps_subject, $ps_body_text, $ps_body_html='', $pa_cc=null, $pa_bcc=null, $pa_attachment=null) {
$o_config = Configuration::load();
$o_log = new Eventlog();
@@ -152,7 +154,19 @@ function caSendmail($pa_to, $pa_from, $ps_subject, $ps_body_text, $ps_body_html=
}
}
-
+ if(is_array($pa_attachment) && $pa_attachment["path"]){
+ $ps_attachment_url = $pa_attachment["path"];
+ $vs_file_contents = file_get_contents($ps_attachment_url);
+
+ $o_attachment = $o_mail->createAttachment($vs_file_contents);
+ if($pa_attachment["name"]){
+ $o_attachment->filename = $pa_attachment["name"];
+ }
+ if($pa_attachment["mime_type"]){
+ $o_attachment->type = $pa_attachment["mime_type"];
+ }
+ }
+
$o_mail->setSubject($ps_subject);
if ($ps_body_text) {
$o_mail->setBodyText($ps_body_text);
@@ -224,7 +238,9 @@ function caCheckEmailAddressRegex($ps_address) {
* @return string True if send, false if error
*/
function caSendMessageUsingView($po_request, $pa_to, $pa_from, $ps_subject, $ps_view, $pa_values, $pa_cc=null, $pa_bcc=null) {
- $o_view = new View(null, $po_request->getViewsDirectoryPath()."/mailTemplates");
+ $vs_view_path = (is_object($po_request)) ? $po_request->getViewsDirectoryPath() : __CA_BASE_DIR__.'/themes/default/views';
+
+ $o_view = new View(null, $vs_view_path."/mailTemplates");
foreach($pa_values as $vs_key => $vm_val) {
$o_view->setVar($vs_key, $vm_val);
}
View
@@ -7,7 +7,7 @@
* ----------------------------------------------------------------------
*
* Software by Whirl-i-Gig (http://www.whirl-i-gig.com)
- * Copyright 2008-2009 Whirl-i-Gig
+ * Copyright 2008-2012 Whirl-i-Gig
*
* For more information visit http://www.CollectiveAccess.org
*
@@ -54,6 +54,8 @@
require(__CA_LIB_DIR__."/core/Controller/ActionController.php");
+ require(__CA_MODELS_DIR__."/ca_acl.php");
+
// initialize Tooltip manager
TooltipManager::init();
?>
@@ -94,6 +94,16 @@ public function Edit($pa_values=null, $pa_options=null) {
return;
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
//
// Are we duplicating?
//
@@ -204,6 +214,16 @@ public function Save($pa_options=null) {
$this->response->setRedirect($this->request->config->get('error_display_url').'/n/2560?r='.urlencode($this->request->getFullUrlPath()));
return;
}
+
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) < __CA_ACL_EDIT_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
if($vn_above_id) {
// Convert "above" id (the id of the record we're going to make the newly created record parent of
@@ -350,6 +370,16 @@ public function Delete($pa_options=null) {
$vs_type_name = $t_subject->getProperty('NAME_SINGULAR');
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) < __CA_ACL_EDIT_DELETE_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
// get parent_id, if it exists, prior to deleting so we can
// set the browse_last_id parameter to something sensible
$vn_parent_id = null;
@@ -463,6 +493,16 @@ public function Summary($pa_options=null) {
return;
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
$t_display = new ca_bundle_displays();
$va_displays = $t_display->getBundleDisplays(array('table' => $t_subject->tableNum(), 'user_id' => $this->request->getUserID(), 'access' => __CA_BUNDLE_DISPLAY_READ_ACCESS__));
@@ -533,6 +573,16 @@ public function PrintSummary($pa_options=null) {
return;
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
$t_display = new ca_bundle_displays();
$va_displays = $t_display->getBundleDisplays(array('table' => $t_subject->tableNum(), 'user_id' => $this->request->getUserID(), 'access' => __CA_BUNDLE_DISPLAY_READ_ACCESS__));
@@ -615,6 +665,16 @@ public function Log($pa_options=null) {
return;
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
$this->render('log_html.php');
}
# -------------------------------------------------------
@@ -639,6 +699,16 @@ public function Access($pa_options=null) {
return;
}
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
if ((!$this->request->user->canDoAction('can_change_acl_'.$t_subject->tableName()))) {
$this->response->setRedirect($this->request->config->get('error_display_url').'/n/2570?r='.urlencode($this->request->getFullUrlPath()));
return;
@@ -767,6 +837,16 @@ public function DownloadFile() {
list($vn_subject_id, $t_subject) = $this->_initView();
if (!($pn_value_id = $this->request->getParameter('value_id', pInteger))) { return; }
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
$o_view = new View($this->request, $this->request->getViewsDirectoryPath().'/bundles/');
// TODO: check that file is part of item user has access rights for
@@ -802,6 +882,16 @@ public function DownloadMedia($pa_options=null) {
if (!($pn_value_id = $this->request->getParameter('value_id', pInteger))) { return; }
$ps_version = $this->request->getParameter('version', pString);
+ //
+ // Does user have access to row?
+ //
+ if ($t_subject->getAppConfig()->get('perform_item_level_access_checking')) {
+ if ($t_subject->checkACLAccessForUser($this->request->user) == __CA_ACL_NO_ACCESS__) {
+ $this->response->setRedirect($this->request->config->get('error_display_url').'/n/2580?r='.urlencode($this->request->getFullUrlPath()));
+ return;
+ }
+ }
+
// TODO: check that file is part of item user has access rights for
$t_attr_val = new ca_attribute_values($pn_value_id);
if (!$t_attr_val->getPrimaryKey()) { return; }
Oops, something went wrong.

0 comments on commit 22acc29

Please sign in to comment.