ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 1066


Ignore:
Timestamp:
Dec 7, 2006, 6:27:25 PM (14 years ago)
Author:
ebihara
Message:

Todo表示時に権限チェックを行うようにした

Location:
OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/biz/lib/mysql_functions.php

    r1061 r1066  
    544544}
    545545
     546//指定されたTodoに関する権限があるかどうかをチェックする関数
     547function biz_isPermissionTodo($u, $biz_todo_id)
     548{
     549    $biz_todo = biz_getTodo($biz_todo_id);
     550    $public_flag = $biz_todo['public_flag'];
     551    $biz_group_id = $biz_todo['biz_group_id'];
     552    $target_c_member_id = $biz_todo['c_member_id'];
     553
     554    switch ($public_flag) {
     555    case 'group' :  //グループのメンバーにのみ権限が与えられるTodo
     556        if (biz_isGroupMember($u, $biz_group_id)) {
     557            return true;
     558        } else {
     559            return false;
     560        }
     561        break;
     562    case 'private' :  //投稿者にのみ権限が与えられるTodo
     563        if ($target_c_member_id == $u) {
     564            return true;
     565        } else {
     566            return false;
     567        }
     568        break;
     569    default :  //すべてのユーザに権限が与えられるTodo
     570        return true;
     571    }
     572}
     573
    546574//指定メンバーのTodoを得る
    547 function biz_getMemberTodo($id, $cat = null)
     575function biz_getMemberTodo($u, $target_c_member_id, $cat = null)
    548576{
    549577    $sql = 'SELECT * FROM biz_todo WHERE c_member_id = ? AND is_check = ? ORDER BY biz_todo_id DESC;';  //メンバーが保有しているtodoid一覧
    550578    $params = array(
    551         intval($id),
     579        intval($target_c_member_id),
    552580        intval($cat),
    553581    );
     
    568596    $sharetodo = db_get_all($sql, $params);
    569597
    570     $list = array_merge($membertodo , $sharetodo);  //各Todoの連結処理
    571 
    572     foreach ($list as $key => $value) {
    573         $sql = 'SELECT nickname FROM c_member WHERE c_member_id = ?';
    574         $params = array(
    575             ($list[$key]['writer_id']),
    576         );
    577         $list[$key]['writer_name'] = db_get_one($sql, $params);
     598    $list = array();  //各Todoの連結処理
     599
     600    foreach (array_merge($membertodo, $sharetodo) as $key => $value) {
     601        if (biz_isPermissionTodo($u, $value['biz_todo_id'])) {
     602                $sql = 'SELECT nickname FROM c_member WHERE c_member_id = ?';
     603                $params = array(
     604                    intval($value['writer_id']),
     605                );
     606            $list[$key] = $value;
     607                $list[$key]['writer_name'] = db_get_one($sql, $params);
     608        }
    578609    }
    579610
     
    595626
    596627//カレンダー表示用期限付きTodoリストの取得
    597 function biz_schedule_todo4c_member_id($c_member_id, $year, $month, $day = null)
     628function biz_schedule_todo4c_member_id($u, $c_member_id, $year, $month, $day = null)
    598629{
    599630    $sql = 'SELECT biz_todo_id FROM biz_todo WHERE c_member_id = ?';
     
    611642                sprintf('%04d-%02d-%02d', intval($year), intval($month), intval($day)) . ' 00:00:00',
    612643            );
    613             $list = db_get_all($sql, $params);
     644
     645        $list = array();
     646            foreach(db_get_all($sql, $params) as $key => $value) {
     647            if(biz_isPermissionTodo($u, $value['biz_todo_id'])) {
     648                        $list[$key] = $value;
     649            }
     650        }
     651       
    614652        return $list;
    615653    } else {
     
    621659            );
    622660            $list = db_get_all($sql, $params);
    623        
     661
    624662            $res = array();
    625663            foreach ($list as $item) {
    626                 $day = date('j', strtotime($item['due_datetime']));
    627                 $res[$day][] = $item;
     664            if(biz_isPermissionTodo($u, $item['biz_todo_id'])) {
     665                        $day = date('j', strtotime($item['due_datetime']));
     666                        $res[$day][] = $item;
     667            }
    628668            }
    629669            return $res;
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/biz/lib/smarty_functions.php

    r1055 r1066  
    4747
    4848//スケジュール用カレンダーを得る
    49 function biz_getScheduleWeek($member_id, $w, $cmd, $head = true, $value = true, $foot = true, $member_info = false)
     49function biz_getScheduleWeek($u, $member_id, $w, $cmd, $head = true, $value = true, $foot = true, $member_info = false)
    5050{
    5151    if ($cmd != 'p') {
     
    107107                'event' => p_h_home_event4c_member_id($y, $m, $d, $member_id),
    108108                'schedule' => $schedule,
    109                 'todo' => biz_schedule_todo4c_member_id($member_id, $y, $m, $d),
     109                'todo' => biz_schedule_todo4c_member_id($u, $member_id, $y, $m, $d),
    110110            );
    111111
     
    175175
    176176//Todoリストを得る
    177 function biz_getTodoList($member_id, $cmd, $nickname = null)
     177function biz_getTodoList($u, $member_id, $cmd, $nickname = null)
    178178{
    179179    $inc_smarty = new OpenPNE_Smarty($GLOBALS['SMARTY']);
     
    187187    }
    188188
    189     $todolist = biz_getMemberTodo($member_id);
    190     $checkedlist = biz_getMemberTodo($member_id, 1);
     189    $todolist = biz_getMemberTodo($u, $member_id);
     190    $checkedlist = biz_getMemberTodo($u, $member_id, 1);
    191191
    192192    foreach ($todolist as $key => $value) {
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/biz/page/fh_biz_schedule_calendar.php

    r1055 r1066  
    4646        $birth_list = p_h_calendar_birth4c_member_id($month, $target_id);
    4747        // Todo
    48         $todo_list = biz_schedule_todo4c_member_id($target_id, $year, $month);
     48        $todo_list = biz_schedule_todo4c_member_id($u, $target_id, $year, $month);
    4949
    5050        require_once 'Calendar/Month/Weekdays.php';
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/biz/page/g_home.php

    r406 r1066  
    4242        $this->set("admin_data", db_common_c_member4c_member_id_LIGHT($group['admin_id']));
    4343
    44         $this->set('calendar_head', biz_getScheduleWeek($target_id, $requests['w'], 'g', ture, false, false));
     44        $this->set('calendar_head', biz_getScheduleWeek($u, $target_id, $requests['w'], 'g', ture, false, false));
    4545
    4646        foreach ($member_list_full as $key => $value) {
    47             $calendar_value .= biz_getScheduleWeek($value['c_member_id'], $requests['w'], 'g', false, true, false, $value);
     47            $calendar_value .= biz_getScheduleWeek($u, $value['c_member_id'], $requests['w'], 'g', false, true, false, $value);
    4848        }
    4949
    5050        $this->set('calendar_value', $calendar_value);
    51         $this->set('calendar_foot', biz_getScheduleWeek($target_id, $requests['w'], 'g', false, false, true));
     51        $this->set('calendar_foot', biz_getScheduleWeek($u, $target_id, $requests['w'], 'g', false, false, true));
    5252
    5353        if ($u == $group['admin_id']) {
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/biz/page/s_list.php

    r406 r1066  
    6060        $calendar = '';
    6161        foreach ($list as $key => $value) {
    62             $calendar .= biz_getScheduleWeek($value['biz_shisetsu_id'], $requests['w'], 's_list', true, true, true);
     62            $calendar .= biz_getScheduleWeek($u, $value['biz_shisetsu_id'], $requests['w'], 's_list', true, true, true);
    6363        }
    6464
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/pc/page/f_home.php

    r312 r1066  
    8888        $c_member = db_common_c_member4c_member_id($u);
    8989
    90         $todolist = biz_getTodoList($target_c_member_id, "f", $c_member['nickname']);
     90        $todolist = biz_getTodoList($u, $target_c_member_id, "f", $c_member['nickname']);
    9191        $this->set("todolist", $todolist);
    9292
    93         $this->set('calendar', biz_getScheduleWeek($target_c_member_id, $requests['w'], 'f', true, true, true, $target_c_member));
     93        $this->set('calendar', biz_getScheduleWeek($u, $target_c_member_id, $requests['w'], 'f', true, true, true, $target_c_member));
    9494
    9595        $group_list = biz_getHomeGroupList($target_c_member_id);
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/pc/page/h_home.php

    r406 r1066  
    101101
    102102            //--- biz ここから
    103             $this->set('calendar_biz', biz_getScheduleWeek($u, $requests['w'], 'h', true, true, true, $c_member));
     103            $this->set('calendar_biz', biz_getScheduleWeek($u, $u, $requests['w'], 'h', true, true, true, $c_member));
    104104            //--- biz ここまで
    105105
     
    131131        $this->set("c_message_ru_list",$ru_list);
    132132
    133         $todolist = biz_getTodoList($u, "h", $c_member['nickname']);
     133        $todolist = biz_getTodoList($u, $u, "h", $c_member['nickname']);
    134134        $this->set("todolist", $todolist);
    135135
  • OpenPNE/branches/ebihara/prj_dev26_todo/webapp_biz/modules/pc/page/h_prof.php

    r942 r1066  
    5353        include_once($biz_dir.'lib/smarty_functions.php');  //bizモジュールよりライブラリを拝借
    5454        include_once $biz_dir . 'lib/mysql_functions.php';  //bizモジュールよりライブラリを拝借
    55         $this->set('calendar', biz_getScheduleWeek($u, $requests['w'], 'p', true, true, true, $target_c_member));
     55        $this->set('calendar', biz_getScheduleWeek($u, $u, $requests['w'], 'p', true, true, true, $target_c_member));
    5656
    57         $todolist = biz_getTodoList($u, "h", $target_c_member['nickname']);
     57        $todolist = biz_getTodoList($u, $u, "h", $target_c_member['nickname']);
    5858        $this->set("todolist", $todolist);
    5959        $stateform = biz_getStateForm($u);
Note: See TracChangeset for help on using the changeset viewer.