From 24bc0eadf0b3dd33ce1b1e680a131e5d56e1e034 Mon Sep 17 00:00:00 2001 From: helgispbru Date: Mon, 5 Jan 2026 11:31:56 +0300 Subject: [PATCH 1/4] rewrite processors --- core/src/Core.php | 40 +- manager/actions/mutate_content.dynamic.php | 10 +- manager/media/script/resources-functions.js | 3 +- manager/media/style/default/js/modx.js | 23 +- .../processors/delete_content.processor.php | 66 +- .../duplicate_content.processor.php | 28 +- .../processors/publish_content.processor.php | 39 +- manager/processors/save_content.processor.php | 800 ++++++------------ .../processors/undelete_content.processor.php | 42 +- .../unpublish_content.processor.php | 39 +- 10 files changed, 380 insertions(+), 710 deletions(-) diff --git a/core/src/Core.php b/core/src/Core.php index 48f5fe9c8c..7068423db4 100644 --- a/core/src/Core.php +++ b/core/src/Core.php @@ -446,7 +446,7 @@ public function sendRedirect($url, $count_attempts = 0, $type = 'REDIRECT_HEADER } if ($type === 'REDIRECT_JS') { - echo sprintf("", $url); + echo sprintf('', $url); exit; } @@ -3151,7 +3151,7 @@ public function webAlertAndQuit($msg, $url = '') } elseif (!$url) { $fnc = 'history.back(-1);'; } else { - $fnc = "window.location.href='" . addslashes($url) . "';"; + $fnc = 'window.location.href="' . addslashes($url) . '";'; } $style = ''; @@ -3169,23 +3169,25 @@ public function webAlertAndQuit($msg, $url = '') echo ' - Evolution CMS :: Alert - - ' . $style . " - - - -

" . $msg . '

- - '; + Evolution CMS :: Alert + + ' . $style . ' + + + +

' . $msg . '

+ + '; exit; } diff --git a/manager/actions/mutate_content.dynamic.php b/manager/actions/mutate_content.dynamic.php index 71fa200653..e1aff6fe55 100644 --- a/manager/actions/mutate_content.dynamic.php +++ b/manager/actions/mutate_content.dynamic.php @@ -8,6 +8,7 @@ $sb = isset($_REQUEST['sort']) ? '&sort=' . $_REQUEST['sort'] : '&sort=createdon'; $pg = isset($_REQUEST['page']) ? '&page=' . (int) $_REQUEST['page'] : ''; $add_path = $sd . $sb . $pg; + /*******************/ global $content, $richtexteditorIds, $richtexteditorOptions; $richtexteditorIds = array(); @@ -102,7 +103,12 @@ } // restore saved form -$formRestored = $modx->getManagerApi()->loadFormValues(); +$formRestored = false; +if($_GET['r'] == 1) { + $formRestored = $modx->getManagerApi()->loadFormValues(); + unset($_POST['a']); + unset($_POST['id']); +} if(isset($_REQUEST['newtemplate'])) { $formRestored = true; } @@ -484,7 +490,7 @@ function decode(s) { getManagerApi()->action == '72') { - $ResourceManagerLoaded = true; + $ResourceManagerLoaded = true; // ? } ?> /* ]]> */ diff --git a/manager/media/script/resources-functions.js b/manager/media/script/resources-functions.js index 6fc3b869c4..6c2f26ded6 100644 --- a/manager/media/script/resources-functions.js +++ b/manager/media/script/resources-functions.js @@ -20,7 +20,8 @@ function actionDisableElement(t) { jQuery.get($t.data('disabled') ? $t.data('enable-href') : $t.data('disable-href'), function (data) { $row.fadeTo(100, 1); - /__alertQuit\(\)/.test(data) && parent.modx.alert(data.match(/\(.*?)\<\/body\>/s)[0]); + // if '__alertQuit' exists show alert with text from BODY > P + /__alertQuit\(\)/.test(data) && parent.modx.alert(data.match(/\s*

(.*?)<\/p>\s*<\/body>/s)?.[1] || ''); if ($t.data('disabled')) { $t.data('disabled', 0); diff --git a/manager/media/style/default/js/modx.js b/manager/media/style/default/js/modx.js index dbdb96569c..9eb7d778b6 100755 --- a/manager/media/style/default/js/modx.js +++ b/manager/media/style/default/js/modx.js @@ -1535,15 +1535,19 @@ this.show(); if (~this.closeactions.indexOf(this.action)) { this.setDocPublished(); - modx.get(this.url, function (r) { - /__alertQuit\(\)/.test(r) && modx.alert(r.match(/\(.*?)\<\/body\>/s)[0]); + modx.get(this.url, function (data) { + // if '__alertQuit' exists show alert with text from BODY > P + /__alertQuit\(\)/.test(data) && modx.alert(data.match(/\s*

(.*?)<\/p>\s*<\/body>/s)?.[1] || ''); + modx.tree.restoreTree(); }); } } } else if (~this.closeactions.indexOf(this.action)) { - modx.get(this.url, function (r) { - /__alertQuit\(\)/.test(r) && modx.alert(r.match(/\(.*?)\<\/body\>/s)[0]); + modx.get(this.url, function (data) { + // if '__alertQuit' exists show alert with text from BODY > P + /__alertQuit\(\)/.test(data) && modx.alert(data.match(/\s*

(.*?)<\/p>\s*<\/body>/s)?.[1] || ''); + modx.tree.restoreTree(); }); } else { @@ -1604,8 +1608,8 @@ this.olduid = this.uid; this.uid = modx.urlToUid(this.url); if (!!w.main.__alertQuit) { - w.main.alert = function (a) { }; - var message = w.main.document.body.innerHTML; + w.main.alert = function () { }; + var message = w.main.document.body.querySelector('p').innerHTML; w.main.document.body.style.display = 'none'; history.pushState(null, d.title, modx.getActionFromUrl(this.url, 2) ? modx.MODX_MANAGER_URL : '#' + this.url); w.onpopstate = function () { @@ -2002,9 +2006,10 @@ o.uid = modx.urlToUid(a.url); o.event = e; if (!!e.target.contentWindow.__alertQuit) { - modx.alert(e.target.contentWindow.document.body.querySelector('p').innerHTML); - e.target.contentWindow.document.body.innerHTML = ''; e.target.contentWindow.alert = function () { }; + var message = e.target.contentWindow.document.body.querySelector('p').innerHTML; + e.target.contentWindow.document.body.innerHTML = ''; + modx.alert(message); } else { if (modx.getActionFromUrl(a.url, 2) || o.wrap.querySelectorAll('#evo-popup-' + o.uid).length > 1) { o.el.close(); @@ -2213,7 +2218,7 @@ let m = a.match(/modules\/(.*?)$/)?.[1]; m && (b += m); - + b = modx.toHash(b); } return b; diff --git a/manager/processors/delete_content.processor.php b/manager/processors/delete_content.processor.php index 1c79003608..3ee2d8dd34 100755 --- a/manager/processors/delete_content.processor.php +++ b/manager/processors/delete_content.processor.php @@ -21,8 +21,6 @@ $pg = isset($_REQUEST['page']) ? '&page=' . (int)$_REQUEST['page'] : ''; $add_path = $sd . $sb . $pg; -/*****************************/ - // check permissions on the document $udperms = new EvolutionCMS\Legacy\Permissions(); $udperms->user = $modx->getLoginUserID('mgr'); @@ -33,56 +31,26 @@ $modx->webAlertAndQuit($_lang["access_permission_denied"]); } -$children = $document->getAllChildren($document); - -// invoke OnBeforeDocFormDelete event -$modx->invokeEvent("OnBeforeDocFormDelete", - array( - "id" => $id, - "children" => $children - )); - -$documentDeleteIds = $children; -array_unshift($documentDeleteIds, $id); - -foreach ($documentDeleteIds as $deleteId) { - if ($modx->getConfig('site_start') == $deleteId) { - $modx->webAlertAndQuit("Document is 'Site start' and cannot be deleted!"); - } - - if ($modx->getConfig('site_unavailable_page') == $deleteId) { - $modx->webAlertAndQuit("Document is used as the 'Site unavailable page' and cannot be deleted!"); - } - - if ($modx->getConfig('error_page') == $deleteId) { - $modx->webAlertAndQuit("Document is used as the 'Site error page' and cannot be deleted!"); - } - - if ($modx->getConfig('unauthorized_page') == $deleteId) { - $modx->webAlertAndQuit("Document is used as the 'Site unauthorized page' and cannot be deleted!"); - } +// Run deleter +try { + $document = \DocumentManager::delete(['id' => $id]); +} catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; +} catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; } -$site_content_table = (new \EvolutionCMS\Models\SiteContent())->getTable(); -DB::table($site_content_table) - ->whereIn('id', $documentDeleteIds) - ->update(['deleted' => 1, - 'deletedby'=>$modx->getLoginUserID('mgr'), - 'deletedon'=>time()]); - -// invoke OnDocFormDelete event -$modx->invokeEvent("OnDocFormDelete", - array( - "id" => $id, - "children" => $children - )); - // Set the item name for logger $_SESSION['itemname'] = $document->pagetitle; -// empty cache -$modx->clearCache('full'); - // finished emptying cache - redirect -$header = "Location: index.php?a=3&id=$pid&r=1" . $add_path; -header($header); \ No newline at end of file +$header = "Location: index.php?a=3&r=1&id={$pid}{$add_path}"; +header($header); diff --git a/manager/processors/duplicate_content.processor.php b/manager/processors/duplicate_content.processor.php index 3d283a1d24..ff417cd774 100755 --- a/manager/processors/duplicate_content.processor.php +++ b/manager/processors/duplicate_content.processor.php @@ -11,26 +11,38 @@ $modx->webAlertAndQuit($_lang["error_no_id"]); } -$children = array(); - // check permissions on the document $udperms = new EvolutionCMS\Legacy\Permissions(); $udperms->user = $modx->getLoginUserID('mgr'); $udperms->document = $id; $udperms->role = $_SESSION['mgrRole']; -$udperms->duplicateDoc = true; +// EvolutionCMS\Legacy\Permissions: +$udperms->duplicateDoc = true; // непонятно зачем это if (!$udperms->checkPermissions()) { $modx->webAlertAndQuit($_lang["access_permission_denied"]); } -// Run the duplicator -$document = \DocumentManager::duplicate(['id' => $id]); +// Run duplicator +try { + $document = \DocumentManager::duplicate(['id' => $id]); +} catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; +} catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; +} // Set the item name for logger -$name = EvolutionCMS\Models\SiteContent::select('pagetitle')->findOrFail($document->getKey())->pagetitle; -$_SESSION['itemname'] = $name; +$_SESSION['itemname'] = $document->pagetitle; // finish cloning - redirect -$header = "Location: index.php?r=1&a=3&id=" . $document->getKey(); +$header = "Location: index.php?a=3&r=1&id={$document->getKey()}"; header($header); diff --git a/manager/processors/publish_content.processor.php b/manager/processors/publish_content.processor.php index b2f92c9507..750d042552 100755 --- a/manager/processors/publish_content.processor.php +++ b/manager/processors/publish_content.processor.php @@ -21,8 +21,6 @@ $pg = isset($_REQUEST['page']) ? '&page=' . (int) $_REQUEST['page'] : ''; $add_path = $sd . $sb . $pg; -/***********************************/ - // check permissions on the document $udperms = new EvolutionCMS\Legacy\Permissions(); $udperms->user = $modx->getLoginUserID('mgr'); @@ -33,26 +31,25 @@ $modx->webAlertAndQuit($_lang["access_permission_denied"]); } -// update the document -\EvolutionCMS\Models\SiteContent::query()->find($id)->update(array( - 'published' => 1, - 'pub_date' => 0, - 'unpub_date' => 0, - 'editedby' => $modx->getLoginUserID('mgr'), - 'editedon' => time(), - 'publishedby' => $modx->getLoginUserID('mgr'), - 'publishedon' => time(), -)); - -// invoke OnDocPublished event -$modx->invokeEvent("OnDocPublished", array("docid" => $id)); +// Run publisher +try { + $document = \DocumentManager::publish(['id' => $id]); +} catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; +} catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; +} // Set the item name for logger -$_SESSION['itemname'] = $content['pagetitle']; - -// empty cache -$modx->clearCache('full'); - -$header = "Location: index.php?a=3&id=$pid&r=1" . $add_path; +$_SESSION['itemname'] = $document->pagetitle; +$header = "Location: index.php?a=3&r=1&id={$pid}{$add_path}"; header($header); diff --git a/manager/processors/save_content.processor.php b/manager/processors/save_content.processor.php index e9238a1e24..2f501bf5cf 100644 --- a/manager/processors/save_content.processor.php +++ b/manager/processors/save_content.processor.php @@ -2,269 +2,108 @@ if (!defined('IN_MANAGER_MODE') || IN_MANAGER_MODE !== true) { die("INCLUDE_ORDERING_ERROR

Please use the EVO Content Manager instead of accessing this file directly."); } -$modx = EvolutionCMS(); if (!$modx->hasPermission('save_document')) { $modx->webAlertAndQuit($_lang["error_no_privileges"]); + return; } -// preprocess POST values -$id = is_numeric($_POST['id']) ? $_POST['id'] : ''; - -$introtext = $_POST['introtext']; -$content = $_POST['ta']; -$pagetitle = $_POST['pagetitle']; -$description = $_POST['description']; -$alias = $_POST['alias']; -$link_attributes = $_POST['link_attributes']; -$isfolder = (int) $_POST['isfolder']; -$richtext = (int) $_POST['richtext']; -$published = (int) $_POST['published']; -$parentId = $parent = (int) get_by_key($_POST, 'parent', 0, 'is_scalar'); -$template = (int) $_POST['template']; -$menuindex = !empty($_POST['menuindex']) ? (int) $_POST['menuindex'] : 0; -$searchable = (int) $_POST['searchable']; -$cacheable = (int) $_POST['cacheable']; -$syncsite = (int) $_POST['syncsite']; -$pub_date = $_POST['pub_date']; -$unpub_date = $_POST['unpub_date']; -$document_groups = (isset($_POST['chkalldocs']) && $_POST['chkalldocs'] == 'on') ? [] : get_by_key($_POST, 'docgroups', [], 'is_array'); -$type = $_POST['type']; -$contentType = $_POST['contentType']; -$contentdispo = (int) $_POST['content_dispo']; -$longtitle = $_POST['longtitle']; -$hide_from_tree = (int) $_POST['hide_from_tree']; -$menutitle = $_POST['menutitle']; -$hidemenu = (int) $_POST['hidemenu']; -$aliasvisible = (int) $_POST['alias_visible']; - /************* webber ********/ $sd = isset($_POST['dir']) && strtolower($_POST['dir']) === 'asc' ? '&dir=ASC' : '&dir=DESC'; $sb = isset($_POST['sort']) ? '&sort=' . entities($_POST['sort'], $modx->getConfig('modx_charset')) : '&sort=pub_date'; $pg = isset($_POST['page']) ? '&page=' . (int) $_POST['page'] : ''; $add_path = $sd . $sb . $pg; -$no_esc_pagetitle = $_POST['pagetitle']; -if (trim($no_esc_pagetitle) == "") { - if ($type == "reference") { - $no_esc_pagetitle = $pagetitle = $_lang['untitled_weblink']; - } else { - $no_esc_pagetitle = $pagetitle = $_lang['untitled_resource']; - } -} - -$actionToTake = "new"; -if ($_POST['mode'] == '73' || $_POST['mode'] == '27') { - $actionToTake = "edit"; -} - -// friendly url alias checks -if ($modx->getConfig('friendly_urls')) { - // auto assign alias - if (!$alias && $modx->getConfig('automatic_alias')) { - $alias = strtolower($modx->stripAlias(trim($pagetitle))); - if (!$modx->getConfig('allow_duplicate_alias')) { - if (\EvolutionCMS\Models\SiteContent::withTrashed() - ->where('id', '<>', $id) - ->where('alias', $alias)->count() > 0) { - $cnt = 1; - $tempAlias = $alias; - - while (\EvolutionCMS\Models\SiteContent::withTrashed() - ->where('id', '<>', $id) - ->where('alias', $tempAlias)->count() > 0) { - $tempAlias = $alias; - $tempAlias .= $cnt; - $cnt++; - } - $alias = $tempAlias; - } - } else { - if (\EvolutionCMS\Models\SiteContent::withTrashed() - ->where('id', '<>', $id) - ->where('alias', $alias) - ->where('parent', $parent)->count() > 0) { - $cnt = 1; - $tempAlias = $alias; - while (\EvolutionCMS\Models\SiteContent::withTrashed() - ->where('id', '<>', $id) - ->where('alias', $tempAlias) - ->where('parent', $parent)->count() > 0) { - $tempAlias = $alias; - $tempAlias .= $cnt; - $cnt++; - } - $alias = $tempAlias; - } - } - } elseif ($alias && !$modx->getConfig('allow_duplicate_alias')) { - // check for duplicate alias name if not allowed - $alias = $modx->stripAlias($alias); - $docid = \EvolutionCMS\Models\SiteContent::withTrashed()->select('id') - ->where('id', '<>', $id) - ->where('alias', $alias); - if ($modx->getConfig('use_alias_path')) { - // only check for duplicates on the same level if alias_path is on - $docid = $docid->where('parent', $parent); - } - $docid = $docid->first(); - if (!is_null($docid)) { - if ($actionToTake == 'edit') { - $modx->getManagerApi()->saveFormValues(27); - $modx->webAlertAndQuit(sprintf($_lang["duplicate_alias_found"], $docid->id, $alias), "index.php?a=27&id={$id}"); - } else { - $modx->getManagerApi()->saveFormValues(4); - $modx->webAlertAndQuit(sprintf($_lang["duplicate_alias_found"], $docid->id, $alias), "index.php?a=4"); - } - } - } elseif ($alias) { - // strip alias of special characters - $alias = $modx->stripAlias($alias); - $docid = \EvolutionCMS\Models\SiteContent::withTrashed()->select('id') - ->where('id', '<>', $id) - ->where('alias', $alias) - ->where('parent', $parent) - ->first(); - if (!is_null($docid)) { - if ($actionToTake == 'edit') { - $modx->getManagerApi()->saveFormValues(27); - $modx->webAlertAndQuit(sprintf($_lang["duplicate_alias_found"], $docid->id, $alias), "index.php?a=27&id={$id}"); - } else { - $modx->getManagerApi()->saveFormValues(4); - $modx->webAlertAndQuit(sprintf($_lang["duplicate_alias_found"], $docid->id, $alias), "index.php?a=4"); - } - } - } -} elseif ($alias) { - $alias = $modx->stripAlias($alias); -} - -// determine published status -$currentdate = $modx->timestamp((int) get_by_key($_SERVER, 'REQUEST_TIME', 0)); - -if (empty($pub_date)) { - $pub_date = 0; -} else { - $pub_date = $modx->toTimeStamp($pub_date); - - if ($pub_date < $currentdate) { - $published = 1; - } elseif ($pub_date > $currentdate) { - $published = 0; - } -} - -if (empty($unpub_date)) { - $unpub_date = 0; -} else { - $unpub_date = $modx->toTimeStamp($unpub_date); - if ($unpub_date < $currentdate) { - $published = 0; - } -} +$resourceArray = [ + 'id' => is_numeric($_POST['id']) ? $_POST['id'] : '', + // + "introtext" => $_POST['introtext'], + "content" => $_POST['ta'], + "pagetitle" => $_POST['pagetitle'], + "longtitle" => $_POST['longtitle'], + "type" => $_POST['type'], + "description" => $_POST['description'], + "alias" => $_POST['alias'], + "link_attributes" => $_POST['link_attributes'], + "isfolder" => (int) $_POST['isfolder'], + "richtext" => (int) $_POST['richtext'], + "published" => (int) $_POST['published'], + "parent" => (int) get_by_key($_POST, 'parent', 0, 'is_scalar'), + "template" => (int) $_POST['template'], + "menuindex" => !empty($_POST['menuindex']) ? (int) $_POST['menuindex'] : 0, + "searchable" => (int) $_POST['searchable'], + "cacheable" => (int) $_POST['cacheable'], + "pub_date" => $_POST['pub_date'], + "unpub_date" => $_POST['unpub_date'], + "contentType" => $_POST['contentType'], + "content_dispo" => (int) $_POST['content_dispo'], + "hide_from_tree" => (int) $_POST['hide_from_tree'], + "menutitle" => $_POST['menutitle'], + "hidemenu" => (int) $_POST['hidemenu'], + "alias_visible" => (int) $_POST['alias_visible'], +]; // get document groups for current user -$tmplvars = []; $docgrp = array_unique(\EvolutionCMS\Models\MemberGroup::query() ->join('membergroup_access', 'membergroup_access.membergroup', '=', 'member_groups.user_group') ->where('member_groups.member', $modx->getLoginUserID('mgr'))->pluck('documentgroup')->toArray()); +$document_groups = (isset($_POST['chkalldocs']) && $_POST['chkalldocs'] == 'on') + ? [] + : get_by_key($_POST, 'docgroups', [], 'is_array'); + +$actionToTake = 'create'; +if ($_POST['mode'] == '73' || $_POST['mode'] == '27') { + $actionToTake = 'edit'; +} + // ensure that user has not made this document inaccessible to themselves -if ($_SESSION['mgrRole'] != 1 && is_array($document_groups)) { +if ($_SESSION['mgrRole'] != 1 && !empty($document_groups)) { + // every value is "number,type", have to leave only numbers $document_group_list = implode(',', $document_groups); $document_group_list = array_filter(explode(',', $document_group_list), 'is_numeric'); + if (!empty($document_group_list)) { - $count = \EvolutionCMS\Models\MembergroupAccess::query() + $exist = \EvolutionCMS\Models\MembergroupAccess::query() + ->select('member_groups.id') ->join('member_groups', 'membergroup_access.membergroup', '=', 'member_groups.user_group') ->whereIn('membergroup_access.documentgroup', $document_group_list) - ->where('member_groups.member', $_SESSION['mgrInternalKey'])->count('member_groups.id'); + ->where('member_groups.member', $_SESSION['mgrInternalKey']) + ->exists(); - if ($count == 0) { + if (!$exist) { if ($actionToTake == 'edit') { $modx->getManagerApi()->saveFormValues(27); - $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=27&id={$id}"); + $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=27&id={$resourceArray['id']}"); + return; } else { $modx->getManagerApi()->saveFormValues(4); - $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=4"); + $modx->webAlertAndQuit($_lang["resource_permissions_error"], 'index.php?a=4'); + return; } } } } -$tvs = \EvolutionCMS\Models\SiteTmplvar::query()->distinct() - ->select('site_tmplvars.*', 'site_tmplvar_contentvalues.value') - ->join('site_tmplvar_templates', 'site_tmplvar_templates.tmplvarid', '=', 'site_tmplvars.id') - ->leftJoin('site_tmplvar_contentvalues', function ($join) use ($id) { - $join->on('site_tmplvar_contentvalues.tmplvarid', '=', 'site_tmplvars.id'); - $join->on('site_tmplvar_contentvalues.contentid', '=', \DB::raw($id)); - })->leftjoin('site_tmplvar_access', 'site_tmplvar_access.tmplvarid', '=', 'site_tmplvars.id') - ->where('site_tmplvar_templates.templateid', $template)->orderBy('site_tmplvars.rank'); -if ($_SESSION['mgrRole'] != 1) { - $tvs = $tvs->leftJoin('document_groups', 'site_tmplvar_contentvalues.contentid', '=', 'document_groups.document'); - $tvs = $tvs->where(function ($query) { - $query->whereNull('site_tmplvar_access.documentgroup') - ->orWhereIn('document_groups.document_group', $_SESSION['mgrDocgroups']); - }); -} -$tvs = $tvs->get(); -foreach ($tvs->toArray() as $row) { - $tmplvar = ''; - switch ($row['type']) { - case 'url': - if (isset($_POST["tv" . $row['id']])) { - $tmplvar = $_POST["tv" . $row['id']]; - if (isset($_POST["tv" . $row['id'] . '_prefix']) && $_POST["tv" . $row['id'] . '_prefix'] != '--') { - $tmplvar = str_replace([ - "feed://", - "ftp://", - "http://", - "https://", - "mailto:", - ], "", $tmplvar); - $tmplvar = $_POST["tv" . $row['id'] . '_prefix'] . $tmplvar; - } - } - break; - case 'file': - $tmplvar = $_POST["tv" . $row['id']] ?? ''; - break; - default: - $tmp = get_by_key($_POST, 'tv' . $row['id']); - if (is_array($tmp)) { - // handles checkboxes & multiple selects elements - $feature_insert = []; - foreach ($tmp as $featureValue => $feature_item) { - $feature_insert[count($feature_insert)] = $feature_item; - } - $tmplvar = implode("||", $feature_insert); - } else { - $tmplvar = $tmp; - } - break; - } - // save value if it was modified - if ($tmplvar !== '' && $tmplvar !== $row['default_text']) { - $tmplvars[$row['id']] = array( - $row['id'], - $tmplvar, - ); - } else { - // Mark the variable for deletion - $tmplvars[$row['name']] = $row['id']; - } -} - // get the document, but only if it already exists -if ($actionToTake != "new") { - $existingDocument = \EvolutionCMS\Models\SiteContent::withTrashed()->find($id); +$existingDocument = null; +if ($actionToTake != 'create') { + $existingDocument = \EvolutionCMS\Models\SiteContent::query() + ->withTrashed() + ->find($resourceArray['id']); + if (is_null($existingDocument)) { $modx->webAlertAndQuit($_lang["error_no_results"]); + return; } + $existingDocument = $existingDocument->toArray(); } // check to see if the user is allowed to save the document in the place he wants to save it in if ($modx->getConfig('use_udperms') == 1) { - if (!isset($existingDocument) || $existingDocument['parent'] != $parent) { + $parent = (int) get_by_key($_POST, 'parent', 0, 'is_scalar'); + + if ($existingDocument && $existingDocument['parent'] != $parent) { $udperms = new EvolutionCMS\Legacy\Permissions(); $udperms->user = $modx->getLoginUserID('mgr'); $udperms->document = $parent; @@ -273,435 +112,286 @@ if (!$udperms->checkPermissions()) { if ($actionToTake == 'edit') { $modx->getManagerApi()->saveFormValues(27); - $modx->webAlertAndQuit($_lang['access_permission_parent_denied'], "index.php?a=27&id={$id}"); + $modx->webAlertAndQuit($_lang['access_permission_parent_denied'], "index.php?a=27&id={$resourceArray['id']}"); + return; } else { $modx->getManagerApi()->saveFormValues(4); - $modx->webAlertAndQuit($_lang['access_permission_parent_denied'], "index.php?a=4"); + $modx->webAlertAndQuit($_lang['access_permission_parent_denied'], 'index.php?a=4'); + return; } } } } -$resourceArray = [ - "introtext" => $introtext, - "content" => $content, - "pagetitle" => $pagetitle, - "longtitle" => $longtitle, - "type" => $type, - "description" => $description, - "alias" => $alias, - "link_attributes" => $link_attributes, - "isfolder" => $isfolder, - "richtext" => $richtext, - "published" => $published, - "parent" => $parent, - "template" => $template, - "menuindex" => $menuindex, - "searchable" => $searchable, - "cacheable" => $cacheable, - "pub_date" => $pub_date, - "unpub_date" => $unpub_date, - "contentType" => $contentType, - "content_dispo" => $contentdispo, - "hide_from_tree" => $hide_from_tree, - "menutitle" => $menutitle, - "hidemenu" => $hidemenu, - "alias_visible" => $aliasvisible, -]; +$events = true; +$cache = false; switch ($actionToTake) { - case 'new': - // invoke OnBeforeDocFormSave event - switch ($modx->config['docid_incrmnt_method']) { - case '1': - $id = \EvolutionCMS\Models\SiteContent::withTrashed() - ->leftJoin('site_content as t1', function ($join) { - $join->on(\DB::raw(evo()->getDatabase()->getFullTableName('site_content') . '.id +1'), '=', 't1.id'); - }) - ->whereNull('t1.id')->min('site_content.id'); - $id++; - - break; - case '2': - $id = \EvolutionCMS\Models\SiteContent::max('id'); - $id++; - break; - - default: - $id = ''; - } - - $modx->invokeEvent("OnBeforeDocFormSave", array( - 'mode' => 'new', - 'id' => $id, - 'doc' => &$resourceArray, - )); - - $parentDeleted = $parentId > 0 && empty(\EvolutionCMS\Models\SiteContent::find($parentId)); - if ($parentDeleted) { - $resourceArray['deleted'] = 1; - } - // deny publishing if not permitted - if (!$modx->hasPermission('publish_document')) { - $pub_date = 0; - $unpub_date = 0; - $published = 0; + case 'create': + if ((int) $_POST['syncsite'] == 1) { + // empty cache + $cache = true; } - $publishedon = ($published ? $currentdate : 0); - $publishedby = ($published ? $modx->getLoginUserID('mgr') : 0); - - if ((!empty($pub_date)) && ($published)) { - $publishedon = $pub_date; - } + // Run resource creator + try { + $document = \DocumentManager::create($resourceArray, $events, $cache); + } catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); - $resourceArray['pub_date'] = $pub_date; - $resourceArray['publishedon'] = $publishedon; - $resourceArray['publishedby'] = $publishedby; - $resourceArray['unpub_date'] = $unpub_date; + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; + } catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); - if ($id != '') { - $resourceArray["id"] = $id; + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; } - $key = \EvolutionCMS\Models\SiteContent::withTrashed()->create($resourceArray)->getKey(); - - $tvChanges = array(); - foreach ($tmplvars as $field => $value) { - if (is_array($value)) { - $tvId = $value[0]; - $tvVal = $value[1]; - \EvolutionCMS\Models\SiteTmplvarContentvalue::query()->create(array('tmplvarid' => $tvId, 'contentid' => $key, 'value' => $tvVal)); + // create document permissions + if ($modx->getConfig('use_udperms') == 1) { + // document access permissions + $groupsParent = []; + if ($resourceArray['parent'] != 0) { + $groupsParent = \EvolutionCMS\Models\DocumentGroup::query() + ->select('document_group', 'document') + ->where('document', $resourceArray['parent']) + ->pluck('document_group') + ->toArray(); } - } - // document access permissions - if ($modx->getConfig('use_udperms') && $parent != 0) { - $groupsParent = \EvolutionCMS\Models\DocumentGroup::select('document_group', 'document') - ->where('document', $parent)->pluck('document_group')->toArray(); - } else { - $groupsParent = []; - } - if ($modx->getConfig('use_udperms') == 1 && $modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions']) && is_array($document_groups)) { - $new_groups = []; - $groupsToInsert = []; - foreach ($document_groups as $value_pair) { - // first, split the pair (this is a new document, so ignore the second value - [$group] = explode(',', $value_pair); // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) - $group = (int) $group; - if ($modx->hasPermission('manage_groups')) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; - continue; - } - if ($modx->hasPermission('manage_document_permissions')) { - if (in_array($group, $docgrp)) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; + if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions'])) { + if (!empty($document_groups)) { + $new_groups = []; + $groupsToInsert = []; + foreach ($document_groups as $value_pair) { + // first, split the pair (this is a new document, so ignore the second value + [$group] = explode(',', $value_pair); // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) + $group = (int) $group; + + if ($modx->hasPermission('manage_groups')) { + $new_groups[] = ['document_group' => $group, 'document' => $key]; + $groupsToInsert[] = $group; + continue; + } + + if ($modx->hasPermission('manage_document_permissions')) { + if (in_array($group, $docgrp)) { + $new_groups[] = ['document_group' => $group, 'document' => $key]; + $groupsToInsert[] = $group; + } + } } - } - } - if ($modx->hasPermission('manage_document_permissions')) { - foreach ($groupsParent as $group) { - if (!in_array($group, $docgrp)) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; + + if ($modx->hasPermission('manage_document_permissions')) { + foreach ($groupsParent as $group) { + if (!in_array($group, $docgrp)) { + $new_groups[] = ['document_group' => $group, 'document' => $key]; + $groupsToInsert[] = $group; + } + } } - } - } - if (!$modx->hasPermission('manage_groups')) { - if (!array_intersect($groupsToInsert, $docgrp)) { - foreach ($groupsParent as $group) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; + + if (!$modx->hasPermission('manage_groups')) { + if (!array_intersect($groupsToInsert, $docgrp)) { + foreach ($groupsParent as $group) { + $new_groups[] = ['document_group' => $group, 'document' => $key]; + } + } + } + + if (!empty($new_groups)) { + \EvolutionCMS\Models\DocumentGroup::query() + ->insertOrIgnore($new_groups); } } - } - if (!empty($new_groups)) { - \EvolutionCMS\Models\DocumentGroup::query()->insertOrIgnore($new_groups); - } - } else { - if (!($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions']))) { + } else { // inherit document access permissions foreach ($groupsParent as $group) { - \EvolutionCMS\Models\DocumentGroup::insert(['document_group' => $group, 'document' => $key]); + \EvolutionCMS\Models\DocumentGroup::query() + ->insert(['document_group' => $group, 'document' => $key]); } } } - // update parent folder status - if ($resourceArray['parent'] != 0) { - $fields = array('isfolder' => 1); - \EvolutionCMS\Models\SiteContent::withTrashed()->where('id', $resourceArray['parent'])->update(['isfolder' => 1]); - } - - // invoke OnDocFormSave event - $modx->invokeEvent("OnDocFormSave", array( - 'mode' => 'new', - 'id' => $key, - 'doc' => $resourceArray, - )); - - // secure web documents - flag as private - include MODX_MANAGER_PATH . "includes/secure_web_documents.inc.php"; - secureWebDocument($key); - secureMgrDocument($key); - - // Set the item name for logger - $_SESSION['itemname'] = $no_esc_pagetitle; - - if ($syncsite == 1) { - // empty cache - $modx->clearCache('full'); - } - // redirect/stay options if ($_POST['stay'] != '') { // weblink if ($_POST['mode'] == "72") { - $a = ($_POST['stay'] == '2') ? "27&id=$key" : "72&pid=$parentId"; + $a = ($_POST['stay'] == '2') ? "27&id={$document['id']}" : "72&pid={$resourceArray['parent']}"; } // document if ($_POST['mode'] == "4") { - $a = ($_POST['stay'] == '2') ? "27&id=$key" : "4&pid=$parentId"; + $a = ($_POST['stay'] == '2') ? "27&id={$document['id']}" : "4&pid={$resourceArray['parent']}"; } - $header = "Location: index.php?a=" . $a . "&r=1&stay=" . $_POST['stay']; + $header = "Location: index.php?a={$a}&r=1&stay={$_POST['stay']}"; } else { - $header = "Location: index.php?a=3&id=$key&r=1"; + $header = "Location: index.php?a=3&r=1&id={$document['id']}"; } if (headers_sent()) { $header = str_replace('Location: ', '', $header); - echo "\n"; + echo "\r\n"; } else { header($header); } - break; - case 'edit': - // get the document's current parent - $oldparent = $existingDocument['parent']; - $doctype = $existingDocument['type']; - if ($id == $modx->getConfig('site_start') && $published == 0) { + case 'edit': + if ($resourceArray['id'] == $modx->getConfig('site_start') && $resourceArray['published'] == 0) { $modx->getManagerApi()->saveFormValues(27); $modx->webAlertAndQuit("Document is linked to site_start variable and cannot be unpublished!"); + return; } + $today = $modx->timestamp(); - if ($id == $modx->getConfig('site_start') && ($pub_date > $today || $unpub_date != "0")) { + if ($resourceArray['id'] == $modx->getConfig('site_start') && ($resourceArray['pub_date'] > $today || $resourceArray['unpub_date'] != "0")) { $modx->getManagerApi()->saveFormValues(27); $modx->webAlertAndQuit("Document is linked to site_start variable and cannot have publish or unpublish dates set!"); + return; } - if ($parent == $id) { + + if ($resourceArray['parent'] == $resourceArray['id']) { $modx->getManagerApi()->saveFormValues(27); $modx->webAlertAndQuit("Document can not be it's own parent!"); + return; } - $parents = $modx->getParentIds($parent); - if (in_array($id, $parents)) { + $parents = $modx->getParentIds($resourceArray['parent']); + if (in_array($resourceArray['id'], $parents)) { $modx->webAlertAndQuit("Document descendant can not be it's parent!"); + return; } - // check to see document is a folder - $child = \EvolutionCMS\Models\SiteContent::withTrashed()->select('id')->where('parent', $id)->first(); - if (!is_null($child)) { - $resourceArray['isfolder'] = 1; - } - - // set publishedon and publishedby - $was_published = $existingDocument['published']; - - // keep original publish state, if change is not permitted - if (!$modx->hasPermission('publish_document')) { - $published = $was_published; - $pub_date = 'pub_date'; - $unpub_date = 'unpub_date'; - } - - // if it was changed from unpublished to published - if (!$was_published && $published) { - $publishedon = $currentdate; - $publishedby = $modx->getLoginUserID('mgr'); - } elseif ((!empty($pub_date) && $pub_date <= $currentdate && $published)) { - $publishedon = $pub_date; - $publishedby = $modx->getLoginUserID('mgr'); - } elseif ($was_published && !$published) { - $publishedon = 0; - $publishedby = 0; - } else { - $publishedon = $existingDocument['publishedon']; - $publishedby = $existingDocument['publishedby']; + if ((int) $_POST['syncsite'] == 1) { + // empty cache + $cache = true; } - $resourceArray['pub_date'] = $pub_date; - $resourceArray['publishedon'] = $publishedon; - $resourceArray['publishedby'] = $publishedby; - - // invoke OnBeforeDocFormSave event - $modx->invokeEvent("OnBeforeDocFormSave", array( - 'mode' => 'upd', - 'id' => $id, - 'doc' => &$resourceArray, - )); - $parentDeleted = $parentId > 0 && empty(\EvolutionCMS\Models\SiteContent::find($parentId)); - if ($parentDeleted) { - $resourceArray['deleted'] = 1; - } - $resource = \EvolutionCMS\Models\SiteContent::withTrashed()->find($id); - foreach ($resourceArray as $key => $value) { - $resource->{$key} = $value; - } - $resource->save(); + // save resource + try { + $document = \DocumentManager::edit($resourceArray, $events, $cache); + } catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); - // update template variables - $tvs = \EvolutionCMS\Models\SiteTmplvarContentvalue::select('id', 'tmplvarid')->where('contentid', $id)->get(); - $tvIds = array(); - foreach ($tvs as $tv) { - $tvIds[$tv->tmplvarid] = $tv->id; - } - $tvDeletions = array(); - $tvChanges = array(); - $tvAdded = array(); - - foreach ($tmplvars as $field => $value) { - if (!is_array($value)) { - if (isset($tvIds[$value])) { - $tvDeletions[] = $tvIds[$value]; - } - } else { - $tvId = $value[0]; - $tvVal = $value[1]; - if (isset($tvIds[$tvId])) { - \EvolutionCMS\Models\SiteTmplvarContentvalue::query()->find($tvIds[$tvId])->update(array('tmplvarid' => $tvId, 'contentid' => $id, 'value' => $tvVal)); - } else { - \EvolutionCMS\Models\SiteTmplvarContentvalue::query()->create(array('tmplvarid' => $tvId, 'contentid' => $id, 'value' => $tvVal)); - } - } - } + $modx->getManagerApi()->saveFormValues(27); + $modx->webAlertAndQuit($e->getMessage(), "index.php?a=27&id={$resourceArray['id']}"); + return; + } catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); - if (!empty($tvDeletions)) { - \EvolutionCMS\Models\SiteTmplvarContentvalue::query()->whereIn('id', $tvDeletions)->delete(); + $modx->getManagerApi()->saveFormValues(27); + $modx->webAlertAndQuit($e->getValidationErrors(), "index.php?a=27&id={$resourceArray['id']}"); + return; } // set document permissions - if ($modx->getConfig('use_udperms') == 1 && $modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions']) && is_array($document_groups)) { - $new_groups = array(); - // process the new input - foreach ($document_groups as $value_pair) { - [$group, $link_id] = explode(',', $value_pair); // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) - if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { - $new_groups[$group] = $link_id; + if ($modx->getConfig('use_udperms') == 1) { + if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions']) && is_array($document_groups)) { + // process the new input + $new_groups = []; + foreach ($document_groups as $value_pair) { + // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) + [$group, $link_id] = explode(',', $value_pair); + if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { + $new_groups[$group] = $link_id; + } } - } - - // grab the current set of permissions on this document the user can access - $documentGroups = \EvolutionCMS\Models\DocumentGroup::select('id', 'document_group') - ->where('document', $id)->get(); - $old_groups = array(); - foreach ($documentGroups as $documentGroup) { - if (in_array($documentGroup->document_group, $docgrp) || $modx->hasPermission('manage_groups')) { - $old_groups[$documentGroup->document_group] = $documentGroup->id; - } - } - // update the permissions in the database - $insertions = $deletions = array(); - foreach ($new_groups as $group => $link_id) { - if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { - if (array_key_exists($group, $old_groups)) { - unset($old_groups[$group]); - continue; - } elseif ($link_id == 'new') { - $insertions[] = ['document_group' => (int) $group, 'document' => $id]; + // grab the current set of permissions on this document the user can access + $old_groups = []; + $documentGroups = \EvolutionCMS\Models\DocumentGroup::query() + ->select('id', 'document_group') + ->where('document', $resourceArray['id']) + ->get(); + foreach ($documentGroups as $documentGroup) { + if (in_array($documentGroup->document_group, $docgrp) || $modx->hasPermission('manage_groups')) { + $old_groups[$documentGroup->document_group] = $documentGroup->id; } } - } - if (!empty($insertions)) { - \EvolutionCMS\Models\DocumentGroup::query()->insert($insertions); - } - if (!$modx->hasPermission('manage_groups')) { - $remainingGroups = \EvolutionCMS\Models\DocumentGroup::select('document_groups.document_group') - ->whereNotIn('id', $old_groups) - ->where('document_groups.document', $id) - ->pluck('document_group') - ->toArray(); - if (!empty($docgrp) && !array_intersect($docgrp, $remainingGroups)) { - $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=27&id={$id}"); - } - } - if (!empty($old_groups)) { - \EvolutionCMS\Models\DocumentGroup::query()->whereIn('id', $old_groups)->delete(); - } - // necessary to remove all permissions as document is public - if ((isset($_POST['chkalldocs']) && $_POST['chkalldocs'] == 'on')) { - \EvolutionCMS\Models\DocumentGroup::query()->where('document', $id)->delete(); - } - } - // do the parent stuff - if ($resourceArray['parent'] != 0) { - $parent = \EvolutionCMS\Models\SiteContent::withTrashed()->find($_REQUEST['parent']); - $parent->isfolder = 1; - $parent->save(); - } - - // finished moving the document, now check to see if the old_parent should no longer be a folder - $countChildOldParent = \EvolutionCMS\Models\SiteContent::withTrashed()->where('parent', $oldparent)->count(); - - if ($countChildOldParent == 0) { - $oldParent = \EvolutionCMS\Models\SiteContent::withTrashed()->find($oldparent); - $oldParent->isfolder = 0; - $oldParent->save(); - } + // update the permissions in the database + $insertions = $deletions = []; + foreach ($new_groups as $group => $link_id) { + if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { + if (array_key_exists($group, $old_groups)) { + unset($old_groups[$group]); + continue; + } elseif ($link_id == 'new') { + $insertions[] = [ + 'document_group' => (int) $group, + 'document' => $resourceArray['id'] + ]; + } + } + } - // invoke OnDocFormSave event - $modx->invokeEvent("OnDocFormSave", array( - 'mode' => 'upd', - 'id' => $id, - 'doc' => $resourceArray, - )); + if (!empty($insertions)) { + \EvolutionCMS\Models\DocumentGroup::query() + ->insert($insertions); + } - // secure web documents - flag as private - include MODX_MANAGER_PATH . "includes/secure_web_documents.inc.php"; - secureWebDocument($id); - secureMgrDocument($id); + if (!$modx->hasPermission('manage_groups')) { + $remainingGroups = \EvolutionCMS\Models\DocumentGroup::query() + ->select('document_groups.document_group') + ->whereNotIn('id', $old_groups) + ->where('document_groups.document', $resourceArray['id']) + ->pluck('document_group') + ->toArray(); + if (!empty($docgrp) && !array_intersect($docgrp, $remainingGroups)) { + $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=27&id={$resourceArray['id']}"); + return; + } + } - // Set the item name for logger - $_SESSION['itemname'] = $no_esc_pagetitle; + if (!empty($old_groups)) { + \EvolutionCMS\Models\DocumentGroup::query() + ->whereIn('id', $old_groups) + ->delete(); + } - if ($syncsite == 1) { - // empty cache - $modx->clearCache('full'); + // necessary to remove all permissions as document is public + if (empty($document_groups)) { + \EvolutionCMS\Models\DocumentGroup::query() + ->where('document', $resourceArray['id']) + ->delete(); + } + } } + // make redirect if ($_POST['refresh_preview'] == '1') { - $header = "Location: " . MODX_SITE_URL . "index.php?id=$id&z=manprev"; + $header = "Location: {MODX_SITE_URL}index.php?id={$resourceArray['id']}&z=manprev"; } else { - if ($_POST['stay'] != '2' && $id > 0) { - $modx->unlockElement(7, $id); + if ($_POST['stay'] != '2' && $resourceArray['id'] > 0) { + $modx->unlockElement(7, $resourceArray['id']); } if ($_POST['stay'] != '') { - $id = $_REQUEST['id']; - if ($type == "reference") { + if ($resourceArray['type'] == "reference") { // weblink - $a = ($_POST['stay'] == '2') ? "27&id=$id" : "72&pid=$parentId"; + $a = ($_POST['stay'] == '2') ? "27&id={$resourceArray['id']}" : "72&pid={$resourceArray['parent']}"; } else { // document - $a = ($_POST['stay'] == '2') ? "27&id=$id" : "4&pid=$parentId"; + $a = ($_POST['stay'] == '2') ? "27&id={$resourceArray['id']}" : "4&pid={$resourceArray['parent']}"; } - $header = "Location: index.php?a=" . $a . "&r=1&stay=" . $_POST['stay'] . $add_path; + $header = "Location: index.php?a={$a}&r=1&stay={$_POST['stay']}{$add_path}"; } else { - $header = "Location: index.php?a=3&id=$id&r=1" . $add_path; + $header = "Location: index.php?a=3&r=1&id={$resourceArray['id']}{$add_path}"; } } if (headers_sent()) { $header = str_replace('Location: ', '', $header); - echo "\n"; + echo "\r\n"; } else { header($header); } break; + default: $modx->webAlertAndQuit("No operation set in request."); + return; } diff --git a/manager/processors/undelete_content.processor.php b/manager/processors/undelete_content.processor.php index 8093396e53..164037c3e1 100755 --- a/manager/processors/undelete_content.processor.php +++ b/manager/processors/undelete_content.processor.php @@ -38,34 +38,26 @@ $modx->webAlertAndQuit("Couldn't find document to determine it's date of deletion!"); } -$children = $document->getAllChildren($document); - -$documentDeleteIds = $children; -array_unshift($documentDeleteIds, $id); - -$site_content_table = (new \EvolutionCMS\Models\SiteContent())->getTable(); -DB::table($site_content_table) - ->whereIn('id', $documentDeleteIds) - ->update([ - 'deleted' => 0, - 'deletedby' => 0, - 'deletedon' => 0, - ]); - -$modx->invokeEvent( - "OnDocFormUnDelete", - array( - "id" => $id, - "children" => $children, - ) -); +// Run undeleter +try { + $document = \DocumentManager::undelete(['id' => $id]); +} catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; +} catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; +} // Set the item name for logger $_SESSION['itemname'] = $document->pagetitle; -// empty cache -$modx->clearCache('full'); - // finished emptying cache - redirect -$header = "Location: index.php?a=3&id=$pid&r=1" . $add_path; +$header = "Location: index.php?a=3&r=1&id={$pid}{$add_path}"; header($header); diff --git a/manager/processors/unpublish_content.processor.php b/manager/processors/unpublish_content.processor.php index b14029d7b8..ebf7972b66 100755 --- a/manager/processors/unpublish_content.processor.php +++ b/manager/processors/unpublish_content.processor.php @@ -21,8 +21,6 @@ $pg = isset($_REQUEST['page']) ? '&page=' . (int) $_REQUEST['page'] : ''; $add_path = $sd . $sb . $pg; -/***********************************/ - // check permissions on the document $udperms = new EvolutionCMS\Legacy\Permissions(); $udperms->user = $modx->getLoginUserID('mgr'); @@ -33,26 +31,25 @@ $modx->webAlertAndQuit($_lang["access_permission_denied"]); } -// update the document -\EvolutionCMS\Models\SiteContent::query()->find($id)->update(array( - 'published' => 0, - 'pub_date' => 0, - 'unpub_date' => 0, - 'editedby' => $modx->getLoginUserID('mgr'), - 'editedon' => time(), - 'publishedby' => 0, - 'publishedon' => 0, -)); - -// invoke OnDocUnPublished event -$modx->invokeEvent("OnDocUnPublished", array("docid" => $id)); +// Run unpublisher +try { + $document = \DocumentManager::unpublish(['id' => $id]); +} catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; +} catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; +} // Set the item name for logger -$_SESSION['itemname'] = $content['pagetitle']; - -// empty cache -$modx->clearCache('full'); - -$header = "Location: index.php?a=3&id=$pid&r=1" . $add_path; +$_SESSION['itemname'] = $document->pagetitle; +$header = "Location: index.php?a=3&r=1&id={$pid}{$add_path}"; header($header); From 7953fed8f1929e3c4aee4a5f10ce75636eec8c59 Mon Sep 17 00:00:00 2001 From: helgispbru Date: Tue, 13 Jan 2026 13:18:31 +0300 Subject: [PATCH 2/4] use documentmanager to set groups on create/edit --- manager/processors/save_content.processor.php | 202 +++++++++--------- 1 file changed, 97 insertions(+), 105 deletions(-) diff --git a/manager/processors/save_content.processor.php b/manager/processors/save_content.processor.php index 2f501bf5cf..9d2ee2dd73 100644 --- a/manager/processors/save_content.processor.php +++ b/manager/processors/save_content.processor.php @@ -43,11 +43,15 @@ ]; // get document groups for current user -$docgrp = array_unique(\EvolutionCMS\Models\MemberGroup::query() +$userGroups = \EvolutionCMS\Models\MemberGroup::query() ->join('membergroup_access', 'membergroup_access.membergroup', '=', 'member_groups.user_group') - ->where('member_groups.member', $modx->getLoginUserID('mgr'))->pluck('documentgroup')->toArray()); + ->where('member_groups.member', $modx->getLoginUserID('mgr')) + ->pluck('documentgroup') + ->toArray(); +$userGroups = array_unique($userGroups); -$document_groups = (isset($_POST['chkalldocs']) && $_POST['chkalldocs'] == 'on') +// get passed document groups +$documentGroups = (isset($_POST['chkalldocs']) && $_POST['chkalldocs'] == 'on') ? [] : get_by_key($_POST, 'docgroups', [], 'is_array'); @@ -57,9 +61,9 @@ } // ensure that user has not made this document inaccessible to themselves -if ($_SESSION['mgrRole'] != 1 && !empty($document_groups)) { +if ($_SESSION['mgrRole'] != 1 && !empty($documentGroups)) { // every value is "number,type", have to leave only numbers - $document_group_list = implode(',', $document_groups); + $document_group_list = implode(',', $documentGroups); $document_group_list = array_filter(explode(',', $document_group_list), 'is_numeric'); if (!empty($document_group_list)) { @@ -150,12 +154,12 @@ return; } - // create document permissions - if ($modx->getConfig('use_udperms') == 1) { - // document access permissions - $groupsParent = []; + // permissions is on + if ($modx->getConfig('use_udperms') == '1') { + // parent document access permissions + $parentGroups = []; if ($resourceArray['parent'] != 0) { - $groupsParent = \EvolutionCMS\Models\DocumentGroup::query() + $parentGroups = \EvolutionCMS\Models\DocumentGroup::query() ->select('document_group', 'document') ->where('document', $resourceArray['parent']) ->pluck('document_group') @@ -163,55 +167,80 @@ } if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions'])) { - if (!empty($document_groups)) { - $new_groups = []; - $groupsToInsert = []; - foreach ($document_groups as $value_pair) { - // first, split the pair (this is a new document, so ignore the second value - [$group] = explode(',', $value_pair); // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) + // document has groups checked + if (!empty($documentGroups)) { + $groups = []; + + foreach ($documentGroups as $value_pair) { + // first, split the pair (this is a new document, so ignore the second value $link_id) + // @see actions/mutate_content.dynamic.php @ line 1418 (permissions list) + [$group, $link_id] = explode(',', $value_pair); $group = (int) $group; - if ($modx->hasPermission('manage_groups')) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; - continue; - } - - if ($modx->hasPermission('manage_document_permissions')) { - if (in_array($group, $docgrp)) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; - } + // selected $group is in $userGroups or can manage groups in general + if (in_array($group, $userGroups) || $modx->hasPermission('manage_groups')) { + $groups[] = $group; } } if ($modx->hasPermission('manage_document_permissions')) { - foreach ($groupsParent as $group) { - if (!in_array($group, $docgrp)) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; - $groupsToInsert[] = $group; + foreach ($parentGroups as $group) { + // also add $group of parent if is in $userGroups + if (!in_array($group, $userGroups)) { + $groups[] = $group; } } } if (!$modx->hasPermission('manage_groups')) { - if (!array_intersect($groupsToInsert, $docgrp)) { - foreach ($groupsParent as $group) { - $new_groups[] = ['document_group' => $group, 'document' => $key]; + // selected $groups doesn't intersect to $userGroups + if (!array_intersect($groups, $userGroups)) { + // add groups from parent + foreach ($parentGroups as $group) { + $groups[] = $group; } } } - if (!empty($new_groups)) { - \EvolutionCMS\Models\DocumentGroup::query() - ->insertOrIgnore($new_groups); + try { + \DocumentManager::setGroups([ + 'id' => $document->id, + 'document_groups' => array_unique($groups), + ]); + } catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; + } catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; } } } else { // inherit document access permissions - foreach ($groupsParent as $group) { - \EvolutionCMS\Models\DocumentGroup::query() - ->insert(['document_group' => $group, 'document' => $key]); + try { + \DocumentManager::setGroups([ + 'id' => $document->id, + 'document_groups' => $parentGroups, + 'check_permissions' => false, // ignore permissions + ]); + } catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; + } catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; } } } @@ -220,17 +249,17 @@ if ($_POST['stay'] != '') { // weblink if ($_POST['mode'] == "72") { - $a = ($_POST['stay'] == '2') ? "27&id={$document['id']}" : "72&pid={$resourceArray['parent']}"; + $a = ($_POST['stay'] == '2') ? "27&id={$document->id}" : "72&pid={$resourceArray['parent']}"; } // document if ($_POST['mode'] == "4") { - $a = ($_POST['stay'] == '2') ? "27&id={$document['id']}" : "4&pid={$resourceArray['parent']}"; + $a = ($_POST['stay'] == '2') ? "27&id={$document->id}" : "4&pid={$resourceArray['parent']}"; } $header = "Location: index.php?a={$a}&r=1&stay={$_POST['stay']}"; } else { - $header = "Location: index.php?a=3&r=1&id={$document['id']}"; + $header = "Location: index.php?a=3&r=1&id={$document->id}"; } if (headers_sent()) { @@ -291,74 +320,37 @@ // set document permissions if ($modx->getConfig('use_udperms') == 1) { - if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions']) && is_array($document_groups)) { + if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions'])) { + $groups = []; + // process the new input - $new_groups = []; - foreach ($document_groups as $value_pair) { - // @see actions/mutate_content.dynamic.php @ line 1138 (permissions list) + foreach ($documentGroups as $value_pair) { + // @see actions/mutate_content.dynamic.php @ line 1418 (permissions list) [$group, $link_id] = explode(',', $value_pair); - if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { - $new_groups[$group] = $link_id; - } - } - // grab the current set of permissions on this document the user can access - $old_groups = []; - $documentGroups = \EvolutionCMS\Models\DocumentGroup::query() - ->select('id', 'document_group') - ->where('document', $resourceArray['id']) - ->get(); - foreach ($documentGroups as $documentGroup) { - if (in_array($documentGroup->document_group, $docgrp) || $modx->hasPermission('manage_groups')) { - $old_groups[$documentGroup->document_group] = $documentGroup->id; + // selected $group is in $userGroups or can manage groups in general + if (in_array($group, $userGroups) || $modx->hasPermission('manage_groups')) { + $groups[] = $group; } } - // update the permissions in the database - $insertions = $deletions = []; - foreach ($new_groups as $group => $link_id) { - if (in_array($group, $docgrp) || $modx->hasPermission('manage_groups')) { - if (array_key_exists($group, $old_groups)) { - unset($old_groups[$group]); - continue; - } elseif ($link_id == 'new') { - $insertions[] = [ - 'document_group' => (int) $group, - 'document' => $resourceArray['id'] - ]; - } - } - } - - if (!empty($insertions)) { - \EvolutionCMS\Models\DocumentGroup::query() - ->insert($insertions); - } - - if (!$modx->hasPermission('manage_groups')) { - $remainingGroups = \EvolutionCMS\Models\DocumentGroup::query() - ->select('document_groups.document_group') - ->whereNotIn('id', $old_groups) - ->where('document_groups.document', $resourceArray['id']) - ->pluck('document_group') - ->toArray(); - if (!empty($docgrp) && !array_intersect($docgrp, $remainingGroups)) { - $modx->webAlertAndQuit($_lang["resource_permissions_error"], "index.php?a=27&id={$resourceArray['id']}"); - return; - } - } - - if (!empty($old_groups)) { - \EvolutionCMS\Models\DocumentGroup::query() - ->whereIn('id', $old_groups) - ->delete(); - } - - // necessary to remove all permissions as document is public - if (empty($document_groups)) { - \EvolutionCMS\Models\DocumentGroup::query() - ->where('document', $resourceArray['id']) - ->delete(); + try { + \DocumentManager::setGroups([ + 'id' => $document->id, + 'document_groups' => array_unique($groups), + ]); + } catch (EvolutionCMS\Exceptions\ServiceActionException $e) { + // \Log::error('Unexpected error: ' . $e->getMessage()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getMessage(), 'index.php?a=4'); + return; + } catch (EvolutionCMS\Exceptions\ServiceValidationException $e) { + // \Log::error('Validation error: ' . $e->getValidationErrors()); + + $modx->getManagerApi()->saveFormValues(4); + $modx->webAlertAndQuit($e->getValidationErrors(), 'index.php?a=4'); + return; } } } From 95a480bcc7f0ff2286a081e1b7dc5005b72d3f4d Mon Sep 17 00:00:00 2001 From: helgispbru Date: Wed, 14 Jan 2026 15:17:22 +0300 Subject: [PATCH 3/4] add new events to installer --- .../install/SystemEventnamesTableSeeder.php | 45 ++++++++++++++----- .../update/SystemEventnamesTableSeeder.php | 42 ++++++++++++++++- 2 files changed, 74 insertions(+), 13 deletions(-) diff --git a/install/stubs/seeds/install/SystemEventnamesTableSeeder.php b/install/stubs/seeds/install/SystemEventnamesTableSeeder.php index a7d2ee0dcb..21cded46ef 100644 --- a/install/stubs/seeds/install/SystemEventnamesTableSeeder.php +++ b/install/stubs/seeds/install/SystemEventnamesTableSeeder.php @@ -1,12 +1,10 @@ delete(); \DB::table('system_eventnames')->insert([ + // after ['name' => 'OnAfterLoadDocumentObject', 'service' => '5', 'groupname' => '',], ['name' => 'OnAfterMoveDocument', 'service' => '1', 'groupname' => 'Documents',], + // before ['name' => 'OnBeforeCacheUpdate', 'service' => '4', 'groupname' => '',], ['name' => 'OnBeforeChunkFormDelete', 'service' => '1', 'groupname' => 'Chunks',], ['name' => 'OnBeforeChunkFormSave', 'service' => '1', 'groupname' => 'Chunks',], - ['name' => 'OnBeforeDocDuplicate', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnBeforeDocFormDelete', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnBeforeDocFormSave', 'service' => '1', 'groupname' => 'Documents',], + // doc + ['name' => 'OnBeforeDocCreate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocDuplicate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocEdit', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocSetGroups', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocPublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocUnpublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocDelete', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocUndelete', 'service' => 1, 'groupname' => 'Documents',], + // ['name' => 'OnBeforeEmptyTrash', 'service' => '1', 'groupname' => 'Documents',], ['name' => 'OnBeforeFileBrowserCopy', 'service' => '1', 'groupname' => 'File Browser Events',], ['name' => 'OnBeforeFileBrowserDelete', 'service' => '1', 'groupname' => 'File Browser Events',], @@ -52,22 +59,31 @@ public function run() ['name' => 'OnBeforeUserLogin', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnBeforeUserLogout', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnBeforeUserSave', 'service' => '1', 'groupname' => 'Users',], + // ['name' => 'OnCacheUpdate', 'service' => '4', 'groupname' => '',], + // chunk ['name' => 'OnChunkFormDelete', 'service' => '1', 'groupname' => 'Chunks',], ['name' => 'OnChunkFormPrerender', 'service' => '1', 'groupname' => 'Chunks',], ['name' => 'OnChunkFormRender', 'service' => '1', 'groupname' => 'Chunks',], ['name' => 'OnChunkFormSave', 'service' => '1', 'groupname' => 'Chunks',], + // ['name' => 'OnCreateDocGroup', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnDocDuplicate', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnDocFormDelete', 'service' => '1', 'groupname' => 'Documents',], + // doc form ['name' => 'OnDocFormPrerender', 'service' => '1', 'groupname' => 'Documents',], ['name' => 'OnDocFormRender', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnDocFormSave', 'service' => '1', 'groupname' => 'Documents',], ['name' => 'OnDocFormTemplateRender', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnDocFormUnDelete', 'service' => '1', 'groupname' => 'Documents',], - ['name' => 'OnDocPublished', 'service' => '5', 'groupname' => '',], - ['name' => 'OnDocUnPublished', 'service' => '5', 'groupname' => '',], + // doc + ['name' => 'OnDocCreate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocDuplicate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocEdit', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocSetGroups', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocPublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocUnpublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocDelete', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocUndelete', 'service' => 1, 'groupname' => 'Documents',], + // ['name' => 'OnEmptyTrash', 'service' => '1', 'groupname' => 'Documents',], + // file ['name' => 'OnFileBrowserCopy', 'service' => '1', 'groupname' => 'File Browser Events',], ['name' => 'OnFileBrowserDelete', 'service' => '1', 'groupname' => 'File Browser Events',], ['name' => 'OnFileBrowserInit', 'service' => '1', 'groupname' => 'File Browser Events',], @@ -76,6 +92,7 @@ public function run() ['name' => 'OnFileBrowserUpload', 'service' => '1', 'groupname' => 'File Browser Events',], ['name' => 'OnFileManagerSettingsRender', 'service' => '1', 'groupname' => 'System Settings',], ['name' => 'OnFileManagerUpload', 'service' => '1', 'groupname' => '',], + // ['name' => 'OnFriendlyURLSettingsRender', 'service' => '1', 'groupname' => 'System Settings',], ['name' => 'OnInterfaceSettingsRender', 'service' => '1', 'groupname' => 'System Settings',], ['name' => 'OnLoadDocumentObject', 'service' => '5', 'groupname' => '',], @@ -85,6 +102,7 @@ public function run() ['name' => 'OnLogEvent', 'service' => '1', 'groupname' => 'Log Event',], ['name' => 'OnMakeDocUrl', 'service' => '5', 'groupname' => '',], ['name' => 'OnMakePageCacheKey', 'service' => '4', 'groupname' => '',], + // manager ['name' => 'OnManagerFrameLoader', 'service' => '2', 'groupname' => '',], ['name' => 'OnManagerLoginFormPrerender', 'service' => '2', 'groupname' => '',], ['name' => 'OnManagerLoginFormRender', 'service' => '2', 'groupname' => '',], @@ -101,6 +119,7 @@ public function run() ['name' => 'OnManagerWelcomeHome', 'service' => '2', 'groupname' => '',], ['name' => 'OnManagerWelcomePrerender', 'service' => '2', 'groupname' => '',], ['name' => 'OnManagerWelcomeRender', 'service' => '2', 'groupname' => '',], + // ['name' => 'OnMiscSettingsRender', 'service' => '1', 'groupname' => 'System Settings',], ['name' => 'OnModFormDelete', 'service' => '1', 'groupname' => 'Modules',], ['name' => 'OnModFormPrerender', 'service' => '1', 'groupname' => 'Modules',], @@ -110,10 +129,12 @@ public function run() ['name' => 'OnPageUnauthorized', 'service' => '1', 'groupname' => '',], ['name' => 'OnParseDocument', 'service' => '5', 'groupname' => '',], ['name' => 'OnParseProperties', 'service' => '5', 'groupname' => '',], + // plugin ['name' => 'OnPluginFormDelete', 'service' => '1', 'groupname' => 'Plugins',], ['name' => 'OnPluginFormPrerender', 'service' => '1', 'groupname' => 'Plugins',], ['name' => 'OnPluginFormRender', 'service' => '1', 'groupname' => 'Plugins',], ['name' => 'OnPluginFormSave', 'service' => '1', 'groupname' => 'Plugins',], + // ['name' => 'OnRichTextEditorInit', 'service' => '1', 'groupname' => 'RichText Editor',], ['name' => 'OnRichTextEditorRegister', 'service' => '1', 'groupname' => 'RichText Editor',], ['name' => 'OnSecuritySettingsRender', 'service' => '1', 'groupname' => 'System Settings',], @@ -132,6 +153,7 @@ public function run() ['name' => 'OnTVFormPrerender', 'service' => '1', 'groupname' => 'Template Variables',], ['name' => 'OnTVFormRender', 'service' => '1', 'groupname' => 'Template Variables',], ['name' => 'OnTVFormSave', 'service' => '1', 'groupname' => 'Template Variables',], + // user ['name' => 'OnUserAuthentication', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnUserChangePassword', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnUserCreateGroup', 'service' => '1', 'groupname' => 'Users',], @@ -142,6 +164,7 @@ public function run() ['name' => 'OnUserLogout', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnUserSave', 'service' => '1', 'groupname' => 'Users',], ['name' => 'OnUserSettingsRender', 'service' => '1', 'groupname' => 'System Settings',], + // ['name' => 'OnWebPageComplete', 'service' => '5', 'groupname' => '',], ['name' => 'OnWebPageInit', 'service' => '5', 'groupname' => '',], ['name' => 'OnWebPagePrerender', 'service' => '5', 'groupname' => '',], diff --git a/install/stubs/seeds/update/SystemEventnamesTableSeeder.php b/install/stubs/seeds/update/SystemEventnamesTableSeeder.php index c1d664301d..d41aa6eb5c 100644 --- a/install/stubs/seeds/update/SystemEventnamesTableSeeder.php +++ b/install/stubs/seeds/update/SystemEventnamesTableSeeder.php @@ -1,12 +1,10 @@ insertOrIgnore([ 'name' => 'OnBeforeMailSend', 'service' => '1', 'groupname' => '', ]); + + // --- document event changes + $insert2 = [ + ['name' => 'OnBeforeDocCreate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocCreate', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocEdit', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocEdit', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocSetGroups', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnDocSetGroups', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocPublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocUnpublish', 'service' => 1, 'groupname' => 'Documents',], + ['name' => 'OnBeforeDocUndelete', 'service' => 1, 'groupname' => 'Documents',], + ]; + foreach ($insert2 as $el) { + \DB::table('system_eventnames') + ->insertOrIgnore($el); + } + + $delete2 = [ + 'OnBeforeDocFormSave', + 'OnDocFormSave', + ]; + \DB::table('system_eventnames')->whereIn('name', $delete2)->delete(); + + $rename2 = [ + 'OnBeforeDocFormDelete' => 'OnBeforeDocDelete', + 'OnDocFormDelete' => 'OnDocDelete', + 'OnDocFormUnDelete' => 'OnDocUndelete', + 'OnDocPublished' => 'OnDocPublish', + 'OnDocUnPublished' => 'OnDocUnpublish', + ]; + foreach ($rename2 as $old => $new) { + \DB::table('system_eventnames') + ->where('name', $old) + ->update([ + 'name' => $new, + 'groupname' => 'Documents', + 'service' => 1 + ]); + } } } From 4f3e650a71aee25618616ebfb0aa9523d389e8ca Mon Sep 17 00:00:00 2001 From: helgispbru Date: Wed, 14 Jan 2026 15:18:29 +0300 Subject: [PATCH 4/4] fix edit permissions --- manager/actions/mutate_content.dynamic.php | 66 ++++++++++--------- manager/processors/save_content.processor.php | 30 +++++---- 2 files changed, 54 insertions(+), 42 deletions(-) diff --git a/manager/actions/mutate_content.dynamic.php b/manager/actions/mutate_content.dynamic.php index e1aff6fe55..e7ef221e2e 100644 --- a/manager/actions/mutate_content.dynamic.php +++ b/manager/actions/mutate_content.dynamic.php @@ -487,12 +487,6 @@ function decode(s) { s = s.replace(/\%26/g, '&'); // & return s; } - - getManagerApi()->action == '72') { - $ResourceManagerLoaded = true; // ? - } - ?> /* ]]> */

getConfig('use_udperms') == 1) { +if ($modx->getConfig('use_udperms')) { $parent = (int) get_by_key($_POST, 'parent', 0, 'is_scalar'); if ($existingDocument && $existingDocument['parent'] != $parent) { @@ -155,7 +155,7 @@ } // permissions is on - if ($modx->getConfig('use_udperms') == '1') { + if ($modx->getConfig('use_udperms')) { // parent document access permissions $parentGroups = []; if ($resourceArray['parent'] != 0) { @@ -167,35 +167,41 @@ } if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions'])) { - // document has groups checked + // check if document has groups checked if (!empty($documentGroups)) { $groups = []; foreach ($documentGroups as $value_pair) { // first, split the pair (this is a new document, so ignore the second value $link_id) - // @see actions/mutate_content.dynamic.php @ line 1418 (permissions list) + // @see actions/mutate_content.dynamic.php @ line 1421 (permissions list) [$group, $link_id] = explode(',', $value_pair); $group = (int) $group; - // selected $group is in $userGroups or can manage groups in general + // - The current user belongs to this group (in $userGroups), OR + // - The user has the global 'manage_groups' permission (e.g., admin) if (in_array($group, $userGroups) || $modx->hasPermission('manage_groups')) { $groups[] = $group; } } + // If user has 'manage_document_permissions' permission, + // automatically include ALL parent document's groups — even if the user isn't in them. + // This allows privileged users to inherit or assign parent-level permissions. if ($modx->hasPermission('manage_document_permissions')) { foreach ($parentGroups as $group) { - // also add $group of parent if is in $userGroups - if (!in_array($group, $userGroups)) { - $groups[] = $group; - } + // also inherit every $group from parent + $groups[] = $group; } } + // If the user does NOT have 'manage_groups' permission, + // and they have NO overlap between their selected groups and their own groups ($userGroups), + // then fall back to inheriting ALL parent groups. + // This ensures non-admin users don't accidentally remove themselves from access. if (!$modx->hasPermission('manage_groups')) { - // selected $groups doesn't intersect to $userGroups + // Check if there's ANY common group between selected groups and user's groups if (!array_intersect($groups, $userGroups)) { - // add groups from parent + // If no overlap, restore all parent groups to prevent lockout foreach ($parentGroups as $group) { $groups[] = $group; } @@ -319,7 +325,7 @@ } // set document permissions - if ($modx->getConfig('use_udperms') == 1) { + if ($modx->getConfig('use_udperms')) { if ($modx->hasAnyPermissions(['manage_groups', 'manage_document_permissions'])) { $groups = [];