0 && CModule::IncludeModule('socialnetwork')) { if(CSocNetFeatures::IsActiveFeature(SONET_ENTITY_GROUP, $socnet_group_id, "group_lists")) { if($iblock_id !== false) return CListPermissions::_socnet_check($USER, $iblock_type_id, $iblock_id, intval($socnet_group_id)); else return CListPermissions::_socnet_type_check($USER, $iblock_type_id, $socnet_group_id); } else { return CListPermissions::LISTS_FOR_SONET_GROUP_DISABLED; } } else { if($iblock_id !== false) return CListPermissions::_lists_check($USER, $iblock_type_id, $iblock_id); else return CListPermissions::_lists_type_check($USER, $iblock_type_id); } } /** * @param $USER CUser * @param $iblock_type_id string * @param $iblock_id int * @param $socnet_group_id int * @return string */ static protected function _socnet_check($USER, $iblock_type_id, $iblock_id, $socnet_group_id) { $type_check = CListPermissions::_socnet_type_check($USER, $iblock_type_id, $socnet_group_id); if($type_check < 0) return $type_check; $iblock_check = CListPermissions::_iblock_check($iblock_type_id, $iblock_id); if($iblock_check < 0) return $iblock_check; $iblock_socnet_group_id = CIBlock::GetArrayByID($iblock_id, "SOCNET_GROUP_ID"); if($iblock_socnet_group_id != $socnet_group_id) return CListPermissions::ACCESS_DENIED; $socnet_role = CSocNetUserToGroup::GetUserRole($USER->GetID(), $socnet_group_id); if (CSocNetUser::IsCurrentUserModuleAdmin()) { $socnet_role = "A"; } if ($socnet_role !== "A" && CIBlock::GetArrayByID($iblock_id, "RIGHTS_MODE") === "E") { return '0'; } static $roles = array("A", "E", "K", "T"); if(!in_array($socnet_role, $roles)) { if($USER->IsAuthorized()) $socnet_role = "L"; else $socnet_role = "N"; } if (!CSocNetFeaturesPerms::CanPerformOperation($USER->GetID(), SONET_ENTITY_GROUP, $socnet_group_id, "group_lists", "write", CSocNetUser::IsCurrentUserModuleAdmin())) { return "D"; } else { $arSocnetPerm = CLists::GetSocnetPermission($iblock_id); return $arSocnetPerm[$socnet_role]; } } /** * @param $USER CUser * @param $iblock_type_id string * @param $socnet_group_id int * @return int|string */ static protected function _socnet_type_check($USER, $iblock_type_id, $socnet_group_id) { if($iblock_type_id === COption::GetOptionString("lists", "socnet_iblock_type_id")) { $socnet_role = CSocNetUserToGroup::GetUserRole($USER->GetID(), $socnet_group_id); if (CSocNetUser::IsCurrentUserModuleAdmin()) { $socnet_role = "A"; } if ( $socnet_role == "A" && CSocNetFeaturesPerms::CanPerformOperation($USER->GetID(), SONET_ENTITY_GROUP, $socnet_group_id, "group_lists", "write", CSocNetUser::IsCurrentUserModuleAdmin()) ) { return CListPermissions::IS_ADMIN; } else { return CListPermissions::CAN_READ; } } else { return CListPermissions::WRONG_IBLOCK_TYPE; } } /** * @param $USER CUser * @param $iblockTypeId string * @return string */ static protected function _lists_type_check($USER, $iblockTypeId) { $listsPermission = CLists::GetPermission($iblockTypeId); if (!is_array($listsPermission) || !count($listsPermission)) return CListPermissions::ACCESS_DENIED; $userGroups = $USER->GetUserGroupArray(); if (count(array_intersect($listsPermission, $userGroups)) > 0) return CListPermissions::IS_ADMIN; return CListPermissions::CAN_READ; } /** * @param $USER CUser * @param $iblock_type_id string * @param $iblock_id int * @return int|string */ static protected function _lists_check($USER, $iblock_type_id, $iblock_id) { $iblock_check = CListPermissions::_iblock_check($iblock_type_id, $iblock_id); if($iblock_check < 0) return $iblock_check; $arListsPerm = CLists::GetPermission($iblock_type_id); if(!$arListsPerm) { return CListPermissions::ACCESS_DENIED; } $arUSER_GROUPS = $USER->GetUserGroupArray(); if(count(array_intersect($arListsPerm, $arUSER_GROUPS)) > 0) return CListPermissions::IS_ADMIN; return CIBlock::GetPermission($iblock_id); } /** * @param $iblock_type_id string * @param $iblock_id int * @return int */ static protected function _iblock_check($iblock_type_id, $iblock_id) { $iblock_id = intval($iblock_id); if($iblock_id > 0) { $iblock_type = CIBlock::GetArrayByID($iblock_id, "IBLOCK_TYPE_ID"); if($iblock_type_id === $iblock_type) return 0; else return CListPermissions::WRONG_IBLOCK; } else { return CListPermissions::WRONG_IBLOCK; } } static public function MergeRights($IBLOCK_TYPE_ID, $DB, $POST) { $arResult = array(); //1) Put into result protected from changes rights $arListsPerm = CLists::GetPermission($IBLOCK_TYPE_ID); foreach($DB as $RIGHT_ID => $arRight) { //1) protect groups from module settings if( preg_match("/^G(\\d)\$/", $arRight["GROUP_CODE"], $match) && is_array($arListsPerm) && in_array($match[1], $arListsPerm) ) $arResult[$RIGHT_ID] = $arRight; else { //2) protect groups with iblock_% operations $arOperations = CTask::GetOperations($arRight['TASK_ID'], true); foreach($arOperations as $operation) { if(preg_match("/^iblock_(?!admin)/", $operation)) { $arResult[$RIGHT_ID] = $arRight; break; } } } } //2) Leave in POST only safe rights foreach($POST as $RIGHT_ID => $arRight) { //1) protect groups from module settings if( preg_match("/^G(\\d)\$/", $arRight["GROUP_CODE"], $match) && is_array($arListsPerm) && in_array($match[1], $arListsPerm) ) unset($POST[$RIGHT_ID]); else { //2) protect groups with iblock_% operations $arOperations = CTask::GetOperations($arRight['TASK_ID'], true); foreach($arOperations as $operation) { if(preg_match("/^iblock_(?!admin)/", $operation)) { unset($POST[$RIGHT_ID]); break; } } } } //3) Join POST to result foreach($POST as $RIGHT_ID => $arRight) { foreach($arResult as $RIGHT_ID2 => $arRight2) { if($arRight["GROUP_CODE"] == $arRight2["GROUP_CODE"]) unset($arResult[$RIGHT_ID2]); } $arResult[$RIGHT_ID] = $arRight; } return $arResult; } /** * @param $iblockId int * @param $fieldId int */ public static function CheckFieldId($iblock_id, $field_id) { if ($field_id === "DETAIL_PICTURE") return true; elseif ($field_id === "PREVIEW_PICTURE") return true; elseif ($field_id === "PICTURE") return true; elseif ($iblock_id <= 0) return false; elseif (!preg_match("/^PROPERTY_(.+)\$/", $field_id, $match)) return false; else { $db_prop = CIBlockProperty::GetPropertyArray($match[1], $iblock_id); if(is_array($db_prop) && $db_prop["PROPERTY_TYPE"] === "F") return true; } return false; } } ?>