claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Let maintainers and super maintainers process the application versions and images submitted for applications they maintain

Browse Source
This commit is contained in:
Chris Morgan
2005-08-05 22:07:41 +00:00
committed by WineHQ
parent 415ddb3654
commit 639dd77d15
13 changed files with 290 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
admin/adminAppDataQueue.php
View File

@@ -9,25 +9,20 @@ require(BASE."include/mail.php");
require(BASE."include/tableve.php"); require(BASE."include/tableve.php");
require(BASE."include/application.php"); require(BASE."include/application.php");
// deny access if not admin // deny access if not admin or at least some kind of maintainer
if(!$_SESSION['current']->hasPriv("admin")) if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer())
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
} }
// shows the list of appdata in queue // shows the list of appdata in queue
if (!$_REQUEST['id']) if (!$_REQUEST['id'])
{ {
apidb_header("Admin Application Data Queue"); apidb_header("Admin Application Data Queue");
// get available appData /* retrieve the queued apps */
$sQuery = "SELECT appData.*, appVersion.appId AS appId $hResult = $_SESSION['current']->getAppDataQuery("*", false, true);
FROM appData, appVersion
WHERE appVersion.versionId = appData.versionID AND appData.queued = 'true';";
$hResult = query_appdb($sQuery);
if(!$hResult || !mysql_num_rows($hResult)) if(!$hResult || !mysql_num_rows($hResult))
{ {
@@ -81,11 +76,7 @@ if (!$_REQUEST['id'])
} }
} else // shows a particular appdata } else // shows a particular appdata
{ {
$sQuery = "SELECT appData.*, appVersion.appId AS appId $hResult = $_SESSION['current']->getAppDataQuery($_REQUEST['id'], false, false);
FROM appData,appVersion
WHERE appVersion.versionId = appData.versionId
AND id='".$_REQUEST['id']."'";
$hResult = query_appdb($sQuery);
$obj_row = mysql_fetch_object($hResult); $obj_row = mysql_fetch_object($hResult);
if(!$_REQUEST['sub']=="inside_form") if(!$_REQUEST['sub']=="inside_form")
@@ -211,9 +202,7 @@ if (!$_REQUEST['id'])
} }
//delete main item //delete main item
$sQuery = "DELETE from appData where id = ".$obj_row->id.";"; if($_SESSION['current']->deleteAppData($obj_row->id))
$hResult = query_appdb($sQuery);
if($hResult)
{ {
//success //success
echo "<p>Application data was successfully deleted from the Queue.</p>\n"; echo "<p>Application data was successfully deleted from the Queue.</p>\n";

35
admin/adminAppQueue.php
View File

@@ -70,8 +70,8 @@ function outputSearchTableForDuplicateFlagging($currentAppId, $hResult)
} }
} }
//deny access if not logged in //deny access if not logged in or not a super maintainer of any applications
if(!$_SESSION['current']->hasPriv("admin")) if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isSuperMaintainer())
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
@@ -81,6 +81,13 @@ if ($_REQUEST['sub'])
{ {
if(is_numeric($_REQUEST['appId'])) if(is_numeric($_REQUEST['appId']))
{ {
/* make sure the user is authorized to view this application request */
if(!$_SESSION['current']->hasPriv("admin"))
{
errorpage("Insufficient privileges.");
exit;
}
$oApp = new Application($_REQUEST['appId']); $oApp = new Application($_REQUEST['appId']);
/* if we are processing a queued application there MUST be an implicitly queued */ /* if we are processing a queued application there MUST be an implicitly queued */
@@ -91,9 +98,23 @@ if ($_REQUEST['sub'])
$hResult = query_appdb($sQuery); $hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult); $oRow = mysql_fetch_object($hResult);
/* make sure the user has permission to view this version */
if(!$_SESSION['current']->hasAppVersionModifyPermission($oRow->versionId))
{
errorpage("Insufficient privileges.");
exit;
}
$oVersion = new Version($oRow->versionId); $oVersion = new Version($oRow->versionId);
} elseif(is_numeric($_REQUEST['versionId'])) } elseif(is_numeric($_REQUEST['versionId']))
{ {
/* make sure the user has permission to view this version */
if(!$_SESSION['current']->hasAppVersionModifyPermission($_REQUEST['versionId']))
{
errorpage("Insufficient privileges.");
exit;
}
$oVersion = new Version($_REQUEST['versionId']); $oVersion = new Version($_REQUEST['versionId']);
} else } else
{ {
@@ -309,7 +330,6 @@ if ($_REQUEST['sub'])
/* delete the appId that is the duplicate */ /* delete the appId that is the duplicate */
$oApp->delete(); $oApp->delete();
} }
/* redirect back to the main page */ /* redirect back to the main page */
@@ -353,9 +373,9 @@ if ($_REQUEST['sub'])
else /* if ($_REQUEST['sub']) is not defined, display the main app queue page */ else /* if ($_REQUEST['sub']) is not defined, display the main app queue page */
{ {
apidb_header("Admin App Queue"); apidb_header("Admin App Queue");
// get queued apps
$sQuery = "SELECT appId FROM appFamily WHERE queued = 'true'"; // get queued apps that the current user should see
$hResult = query_appdb($sQuery); $hResult = $_SESSION['current']->getAppQueueQuery(true); /* query for the app family */
if(!$hResult || !mysql_num_rows($hResult)) if(!$hResult || !mysql_num_rows($hResult))
{ {
@@ -416,8 +436,7 @@ else /* if ($_REQUEST['sub']) is not defined, display the main app queue page */
} }
// get queued versions (only versions where application are not queued already) // get queued versions (only versions where application are not queued already)
$sQuery = "SELECT versionId FROM appVersion, appFamily WHERE appFamily.appId = appVersion.appId and appFamily.queued = 'false' AND appVersion.queued = 'true'"; $hResult = $_SESSION['current']->getAppQueueQuery(false); /* query for the app version */
$hResult = query_appdb($sQuery);
if(!$hResult || !mysql_num_rows($hResult)) if(!$hResult || !mysql_num_rows($hResult))
{ {

11
appimage.php
View File

@@ -5,17 +5,20 @@
include("path.php"); include("path.php");
require(BASE."include/"."incl.php"); require(BASE."include/"."incl.php");
require(BASE."include/"."screenshot.php"); require_once(BASE."include/"."screenshot.php");
/* an image doesn't have a link, so a cookie makes no sense */ /* an image doesn't have a link, so a cookie makes no sense */
header("Set-Cookie: "); header("Set-Cookie: ");
header("Pragma: "); header("Pragma: ");
if(!$_SESSION['current']->hasPriv("admin") && $_REQUEST['queued']) /* if the user isn't supposed to be viewing this image */
/* display an error message and exit */
if(!$_SESSION['current']->canViewImage($_REQUEST['id']))
{ {
errorpage("Insufficient privileges."); errorpage("Insufficient privileges.");
exit; exit;
} }
if ($_REQUEST['REQUEST_METHOD']='HEAD') if ($_REQUEST['REQUEST_METHOD']='HEAD')
{ {
/* WARNING! optimization of logic in include/screenshots.php */ /* WARNING! optimization of logic in include/screenshots.php */

2
appsubmit.php
View File

@@ -87,7 +87,7 @@ if (isset($_REQUEST['appName']))
$oApplication = new Application(); $oApplication = new Application();
// FIXME When two htmlarea will be able to live on the same page // FIXME When two htmlarea will be able to live on the same page
// without problems under gecko, remove the <p></p> around appDescrion // without problems under gecko, remove the <p></p> around appDescrion
$oApplication->create($_REQUEST['appName'], "<p>".$_REQUEST['appDescription']."</p>", $_REQUEST['keywords']." *** ".$_REQUEST['vendorName'], $_REQUEST['webpage'],$_REQUEST['vendorId'], $_REQUEST['catId']); $oApplication->create($_REQUEST['appName'], "<p>".$_REQUEST['appDescription']."</p>", $_REQUEST['keywords']." *** ".$_REQUEST['vendorName'], $_REQUEST['webpage'], $_REQUEST['vendorId'], $_REQUEST['catId']);
$oVersion = new Version(); $oVersion = new Version();
$oVersion->create($_REQUEST['versionName'], $_REQUEST['versionDescription'], null, null, $oApplication->iAppId); $oVersion->create($_REQUEST['versionName'], $_REQUEST['versionDescription'], null, null, $oApplication->iAppId);
redirect(apidb_fullurl("index.php")); redirect(apidb_fullurl("index.php"));

5
include/application.php
View File

@@ -115,7 +115,6 @@ class Application {
*/ */
function create($sName=null, $sDescription=null, $sKeywords=null, $sWebpage=null, $iVendorId=null, $iCatId=null) function create($sName=null, $sDescription=null, $sKeywords=null, $sWebpage=null, $iVendorId=null, $iCatId=null)
{ {
// Security, if we are not an administrator the application must be queued. // Security, if we are not an administrator the application must be queued.
if(!($_SESSION['current']->hasPriv("admin"))) if(!($_SESSION['current']->hasPriv("admin")))
$this->bQueued = true; $this->bQueued = true;
@@ -222,6 +221,10 @@ class Application {
*/ */
function delete($bSilent=false) function delete($bSilent=false)
{ {
/* don't let non-admins delete applications */
if(!($_SESSION['current']->hasPriv("admin")))
return;
foreach($this->aVersionsIds as $iVersionId) foreach($this->aVersionsIds as $iVersionId)
{ {
$oVersion = new Version($iVersionId); $oVersion = new Version($iVersionId);

4
include/incl.php
View File

@@ -107,6 +107,10 @@ function apidb_sidebar()
{ {
include(BASE."include/sidebar_admin.php"); include(BASE."include/sidebar_admin.php");
apidb_sidebar_add("global_admin_menu"); apidb_sidebar_add("global_admin_menu");
} else if($_SESSION['current']->isMaintainer()) /* if the user maintains anything, add their menus */
{
include(BASE."include/sidebar_maintainer_admin.php");
apidb_sidebar_add("global_maintainer_admin_menu");
} }
// Login Menu // Login Menu

10
include/screenshot.php
View File

@@ -3,7 +3,7 @@
/* screenshot class and related functions */ /* screenshot class and related functions */
/******************************************/ /******************************************/
require(BASE."include/image.php"); require_once(BASE."include/image.php");
// load the watermark // load the watermark
$watermark = new image("/images/watermark.png"); $watermark = new image("/images/watermark.png");
@@ -128,11 +128,9 @@ class Screenshot {
*/ */
function delete($bSilent=false) function delete($bSilent=false)
{ {
$sQuery = "DELETE FROM appData /* the user object should delete the app data entry */
WHERE id = ".$this->iScreenshotId." /* we can perform better permissions checking there */
AND type = 'image' if($_SESSION['current']->deleteAppData($this->iScreenshotId))
LIMIT 1";
if($hResult = query_appdb($sQuery))
{ {
$this->oScreenshotImage->delete(); $this->oScreenshotImage->delete();
$this->oThumbnailImage->delete(); $this->oThumbnailImage->delete();

5
include/sidebar_admin.php
View File

@@ -11,8 +11,8 @@ function global_admin_menu() {
$g->add("Add Vendor", BASE."admin/addVendor.php"); $g->add("Add Vendor", BASE."admin/addVendor.php");
$g->addmisc("&nbsp;"); $g->addmisc("&nbsp;");
$g->add("View App Queue (".getQueuedAppCount()."/".getQueuedVersionCount().")", BASE."admin/adminAppQueue.php"); $g->add("View App Queue (".$_SESSION['current']->getQueuedAppCount()."/".$_SESSION['current']->getQueuedVersionCount().")", BASE."admin/adminAppQueue.php");
$g->add("View App Data Queue (".getQueuedAppDataCount().")", BASE."admin/adminAppDataQueue.php"); $g->add("View App Data Queue (".$_SESSION['current']->getQueuedAppDataCount().")", BASE."admin/adminAppDataQueue.php");
$g->add("View Maintainer Queue (".getQueuedMaintainerCount().")", BASE."admin/adminMaintainerQueue.php"); $g->add("View Maintainer Queue (".getQueuedMaintainerCount().")", BASE."admin/adminMaintainerQueue.php");
$g->add("View Maintainer Entries (".getMaintainerCount().")", BASE."admin/adminMaintainers.php"); $g->add("View Maintainer Entries (".getMaintainerCount().")", BASE."admin/adminMaintainers.php");
$g->add("View Vendors (".getVendorCount().")", BASE."admin/adminVendors.php"); $g->add("View Vendors (".getVendorCount().")", BASE."admin/adminVendors.php");
@@ -23,7 +23,6 @@ function global_admin_menu() {
$g->add("Comments Management", BASE."admin/adminCommentView.php"); $g->add("Comments Management", BASE."admin/adminCommentView.php");
$g->add("Screenshots Management", BASE."admin/adminScreenshots.php"); $g->add("Screenshots Management", BASE."admin/adminScreenshots.php");
$g->done(); $g->done();
} }
?> ?>

15
include/sidebar_maintainer_admin.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
/*****************/
/* sidebar_admin */
/*****************/
function global_maintainer_admin_menu() {
$g = new htmlmenu("Maintainer Admin");
$g->add("View App Queue (".$_SESSION['current']->getQueuedVersionCount().")", BASE."admin/adminAppQueue.php");
$g->add("View App Data Queue (".$_SESSION['current']->getQueuedAppDataCount().")", BASE."admin/adminAppDataQueue.php");
$g->done();
}
?>

208
include/user.php
View File

@@ -3,6 +3,7 @@
/* user class and related functions */ /* user class and related functions */
/************************************/ /************************************/
require_once(BASE."include/version.php");
/** /**
* User class for handling users * User class for handling users
@@ -232,7 +233,7 @@ class User {
if($iAppId) if($iAppId)
{ {
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND appId = '$iAppId' AND superMaintainer = '1'"; $sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND appId = '$iAppId' AND superMaintainer = '1'";
} else } else /* are we super maintainer of any applications? */
{ {
$sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND superMaintainer = '1'"; $sQuery = "SELECT * FROM appMaintainers WHERE userid = '$this->iUserId' AND superMaintainer = '1'";
} }
@@ -295,6 +296,49 @@ class User {
return $statusMessage; return $statusMessage;
} }
/* get the number of queued applications */
function getQueuedAppCount()
{
/* return 0 because non-admins have no way to process new apps */
if(!$this->hasPriv("admin"))
return 0;
$qstring = "SELECT count(*) as queued_apps FROM appFamily WHERE queued='true'";
$result = query_appdb($qstring);
$ob = mysql_fetch_object($result);
return $ob->queued_apps;
}
function getQueuedVersionCount()
{
if($this->hasPriv("admin"))
{
$qstring = "SELECT count(*) as queued_versions FROM appVersion WHERE queued='true'";
} else
{
/* find all queued versions of applications that the user is a super maintainer of */
$qstring = "SELECT count(*) as queued_versions FROM appVersion, appMaintainers
WHERE queued='true' AND appMaintainers.superMaintainer ='1'
AND appVersion.appId = appMaintainers.appId
AND appMaintainers.userId ='".$this->iUserId."';";
}
$result = query_appdb($qstring);
$ob = mysql_fetch_object($result);
/* we don't want to count the versions that are implicit in the applications */
/* that are in the queue */
return $ob->queued_versions - $this->getQueuedAppCount();
}
/* get the number of queued appdata */
function getQueuedAppDataCount()
{
$hResult = $this->getAppDataQuery(0, true, false);
$ob = mysql_fetch_object($hResult);
return $ob->queued_appdata;
}
function addPriv($sPriv) function addPriv($sPriv)
{ {
if(!$this->isLoggedIn() || !$sPriv) if(!$this->isLoggedIn() || !$sPriv)
@@ -343,6 +387,168 @@ class User {
{ {
return ($this->isLoggedIn() && $this->getPref("send_email","yes")=="yes"); return ($this->isLoggedIn() && $this->getPref("send_email","yes")=="yes");
} }
/**
* Return an app query based on the user permissions and an iAppDataId
* Used to display appropriate appdata entries based upon admin vs. maintainer
* as well as to determine if the maintainer has permission to delete an appdata entry
*/
function getAppDataQuery($iAppDataId, $queryQueuedCount, $queryQueued)
{
/* either look for queued app data entries */
/* or ones that match the given id */
if($queryQueuedCount)
{
$selectTerms = "count(*) as queued_appdata";
$additionalTerms = "AND appData.queued='true'";
} else if($queryQueued)
{
$selectTerms = "appData.*, appVersion.appId AS appId";
$additionalTerms = "AND appData.queued='true'";
} else
{
$selectTerms = "appData.*, appVersion.appId AS appId";
$additionalTerms = "AND id='".$iAppDataId."'";
}
if($_SESSION['current']->hasPriv("admin"))
{
$sQuery = "SELECT ".$selectTerms."
FROM appData,appVersion
WHERE appVersion.versionId = appData.versionId
".$additionalTerms.";";
} else
{
/* select versions where we supermaintain the application or where */
/* we maintain the appliation, and where the versions we supermaintain */
/* or maintain are in the appData list */
/* then apply some additional terms */
$sQuery = "select ".$selectTerms." from appMaintainers, appVersion, appData where
(
((appMaintainers.appId = appVersion.appId) AND
(appMaintainers.superMaintainer = '0'))
OR
((appMaintainers.versionId = appVersion.versionId)
AND (appMaintainers.superMaintainer = '0'))
)
AND appData.versionId = appVersion.versionId
AND appMaintainers.userId = '".$this->iUserId."'
".$additionalTerms.";";
}
return query_appdb($sQuery);
}
/**
* Delete appData
*/
function deleteAppData($iAppDataId)
{
$isMaintainer = false;
/* if we aren't an admin we should see if we can find any results */
/* for a query based on this appDataId, if we can then */
/* we have permission to delete the entry */
if(!$this->hasPriv("admin"))
{
$hResult = $this->getAppDataQuery($iAppDataId, false, false);
if(!$hResult)
return false;
echo "result rows:".mysql_num_row($hResult);
if(mysql_num_rows($hResult) > 0)
$isMaintainer = true;
}
/* do we have permission to delete this item? */
if($this->hasPriv("admin") || $isMaintainer)
{
$sQuery = "DELETE from appData where id = ".$iAppDataId."
LIMIT 1;";
$hResult = query_appdb($sQuery);
if($hResult)
return true;
}
return false;
}
/**
* Returns true or false depending on whether the user can view the image
*/
function canViewImage($iImageId)
{
$oScreenshot = new Screenshot($iImageId);
if(!$oScreenshot->bQueued ||
($oScreenshot->bQueued && ($this->hasPriv("admin") ||
$this->isMaintainer($oScreenshot->iVersionId) ||
$this->isSuperMaintainer($oScreenshot->iAppId))))
return true;
return false;
}
/**
* Retrieve the list of applications in the app queue that this user can see
*/
function getAppQueueQuery($queryAppFamily)
{
if($this->hasPriv("admin"))
{
if($queryAppFamily)
{
$sQuery = "SELECT appFamily.appId FROM appFamily WHERE queued = 'true'";
} else
{
$sQuery = "SELECT appVersion.versionId FROM appVersion, appFamily
WHERE appFamily.appId = appVersion.appId
AND appFamily.queued = 'false' AND appVersion.queued = 'true'";
}
} else
{
if($queryAppFamily)
{
$sQuery = "SELECT appFamily.appId FROM appFamily, appMaintainers
WHERE queued = 'true'
AND appFamily.appId = appMaintainers.appId
AND appMaintainers.superMaintainer = '1'
AND appMaintainers.userId = '".$this->iUserId."';";
} else
{
$sQuery = "SELECT appVersion.versionId FROM appVersion, appFamily, appMaintainers
WHERE appFamily.appId = appVersion.appId
AND appFamily.queued = 'false' AND appVersion.queued = 'true'
AND appFamily.appId = appMaintainers.appId
AND appMaintainers.superMaintainer = '1'
AND appMaintainers.userId = '".$this->iUserId."';";
}
}
return query_appdb($sQuery);
}
/**
* Does the user have permission to modify on this version?
*/
function hasAppVersionModifyPermission($iVersionId)
{
if($this->hasPriv("admin"))
return true;
$sQuery = "SELECT appVersion.versionId FROM appVersion, appFamily, appMaintainers
WHERE appFamily.appId = appVersion.appId
AND appFamily.appId = appMaintainers.appId
AND appMaintainers.superMaintainer = '1'
AND appMaintainers.userId = '".$this->iUserId."'
AND appVersion.versionId = '".$iVersionId."';";
$hResult = query_appdb($sQuery);
if(mysql_num_rows($hResult))
return true;
else
return false;
}
} }

30
include/util.php
View File

@@ -146,36 +146,6 @@ function make_maintainer_rating_list($varname, $cvalue)
echo "</select>\n"; echo "</select>\n";
} }
/* get the number of queued applications */
function getQueuedAppCount()
{
$qstring = "SELECT count(*) as queued_apps FROM appFamily WHERE queued='true'";
$result = query_appdb($qstring);
$ob = mysql_fetch_object($result);
return $ob->queued_apps;
}
function getQueuedVersionCount()
{
$qstring = "SELECT count(*) as queued_versions FROM appVersion WHERE queued='true'";
$result = query_appdb($qstring);
$ob = mysql_fetch_object($result);
/* we don't want to count the versions that are implicit in the applications */
/* that are in the queue */
return $ob->queued_versions - getQueuedAppCount();
}
/* get the number of queued appdata */
function getQueuedAppDataCount()
{
$qstring = "SELECT count(*) as queued_appdata FROM appData WHERE queued='true'";
$result = query_appdb($qstring);
$ob = mysql_fetch_object($result);
return $ob->queued_appdata;
}
/* get the number of queued maintainers */ /* get the number of queued maintainers */
function getQueuedMaintainerCount() function getQueuedMaintainerCount()
{ {

12
include/version.php
View File

@@ -248,6 +248,12 @@ class Version {
*/ */
function delete($bSilent=false) function delete($bSilent=false)
{ {
/* is the current user allowed to delete this version? */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($iVersionId))
{
return;
}
/* remove all of the items this version contains */ /* remove all of the items this version contains */
foreach($this->aNotesIds as $iNoteId) foreach($this->aNotesIds as $iNoteId)
{ {
@@ -303,6 +309,12 @@ class Version {
*/ */
function unQueue() function unQueue()
{ {
/* is the current user allowed to delete this version? */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($iVersionId))
{
return;
}
// If we are not in the queue, we can't move the version out of the queue. // If we are not in the queue, we can't move the version out of the queue.
if(!$this->bQueued) if(!$this->bQueued)
return false; return false;

2
screenshots.php
View File

@@ -10,7 +10,7 @@
*/ */
include("path.php"); include("path.php");
require(BASE."include/incl.php"); require(BASE."include/incl.php");
require(BASE."include/screenshot.php"); require_once(BASE."include/screenshot.php");
require(BASE."include/application.php"); require(BASE."include/application.php");
require(BASE."include/mail.php"); require(BASE."include/mail.php");