added check for upload permission to form class

Author: ggoffy

class/Files/Classes/ClassFiles.php

@@ -285,15 +285,16 @@ private function getFunctionForm($module, $table, $fieldId, $fieldInForm)
         $getForm .= $pc->getPhpCodeConditions('false', ' === ', '$action', $action, false, "\t\t");
         $xUser   = $pc->getPhpCodeGlobals('xoopsUser');
         $xModule = $pc->getPhpCodeGlobals('xoopsModule');
+        $permString = 'upload_groups';
         if (1 != $tableCategory/* && (1 == $tablePermissions)*/) {
             $getForm          .= $pc->getPhpCodeCommentLine('Permissions for', 'uploader', "\t\t");
             $getForm          .= $xc->getXcEqualsOperator('$gpermHandler', "xoops_getHandler('groupperm')", null, true, "\t\t");
             $getForm          .= $pc->getPhpCodeTernaryOperator('groups', 'is_object(' . $xUser . ')', $xUser . '->getGroups()', 'XOOPS_GROUP_ANONYMOUS', "\t\t");
-            $checkRight       = $xc->getXcCheckRight('$gpermHandler', $permString = '', 32, '$groups', $xModule . '->getVar(\'mid\')', true);
-            $ternaryOperator  = $pc->getPhpCodeTernaryOperator('permissionUpload', $checkRight, 'true', 'false', "\t\t\t\t");
+            $checkRight       = $xc->getXcCheckRight('$gpermHandler', $permString, 32, '$groups', $xModule . '->getVar(\'mid\')', true);
+            $ternaryOperator  = $pc->getPhpCodeTernaryOperator('permissionUpload', $checkRight, 'true', 'false', "\t\t\t");
             $permissionUpload = $xc->getXcEqualsOperator('$permissionUpload', 'true', null, false, "\t\t\t\t");
             $ternOperator     = $pc->getPhpCodeRemoveCarriageReturn($ternaryOperator, '', "\r");
-            $if               = $pc->getPhpCodeConditions('!' . $xUser . '->isAdmin(' . $xModule . '->mid())', '', '', $ternaryOperator, $permissionUpload, "\t\t\t");
+            $if               = $pc->getPhpCodeConditions('!' . $xUser . '->isAdmin(' . $xModule . '->mid())', '', '', "\t" . $ternaryOperator, $permissionUpload, "\t\t\t");
             $getForm          .= $pc->getPhpCodeConditions($xUser, '', '', $if, $ternOperator, "\t\t");
         }
         $getForm .= $pc->getPhpCodeCommentLine('Title', '', "\t\t");

class/Files/Classes/ClassFormElements.php

@@ -370,11 +370,12 @@ private function getXoopsFormUploadImage($language, $moduleDirname, $tableName,
         $ucfFieldName    = $tf->getCamelCase($fieldName, true);
         $ccFieldName     = $tf->getCamelCase($fieldName, false, true);
         $t               = "\t\t";
-        $ret             = $pc->getPhpCodeCommentLine('Form Upload', 'Image ' . $ucfFieldName, $t);
+        $ret             = $pc->getPhpCodeCommentLine('Form', 'Image ' . $ucfFieldName, $t);
+        $ret             .= $pc->getPhpCodeCommentLine("Form Image {$ucfFieldName}:", 'Select Uploaded Image ', $t);
         $ret             .= $xc->getXcEqualsOperator('$get' . $ucfFieldName, "\$this->getVar('{$fieldName}')", null, false, $t);
         $ret             .= $pc->getPhpCodeTernaryOperator($ccFieldName, '$get' . $ucfFieldName, '$get' . $ucfFieldName, "'blank.gif'", $t);
         $ret             .= $xc->getXcEqualsOperator('$imageDirectory', "'/uploads/{$moduleDirname}/images/{$tableName}'", null, false, $t);
-        $ret             .= $cc->getClassXoopsFormElementTray('imageTray', '_OPTIONS', '<br>', $t);
+        $ret             .= $cc->getClassXoopsFormElementTray('imageTray', $language . 'FORM_UPLOAD', '<br>', $t);
         $sprintf         = $pc->getPhpCodeSprintf($language . 'FORM_IMAGE_PATH', '".{$imageDirectory}/"');
         $ret             .= $cc->getClassXoopsFormSelect('imageSelect', $sprintf, $fieldName, $ccFieldName, 5, 'false', false, $t);
         $ret             .= $xc->getXcXoopsImgListArray('imageArray', 'XOOPS_ROOT_PATH . $imageDirectory', $t);
@@ -386,14 +387,13 @@ private function getXoopsFormUploadImage($language, $moduleDirname, $tableName,
         $paramLabel      = "\"<br><img src='\".XOOPS_URL.\"/\".\$imageDirectory.\"/\".\${$ccFieldName}.\"' name='image1' id='image1' alt='' style='max-width:100px' />\"";
         $xoopsFormLabel  = $cc->getClassXoopsFormLabel('', "''", $paramLabel, true, '');
         $ret             .= $cc->getClassAddElement('imageTray', $xoopsFormLabel, $t);
-        $ret             .= $pc->getPhpCodeCommentLine('Form', 'File ' . $ucfFieldName, $t);
-        $ret             .= $cc->getClassXoopsFormElementTray('fileSelectTray', "''", '<br>', $t);
+        $ret             .= $pc->getPhpCodeCommentLine("Form Image {$ucfFieldName}:", 'Upload Image', $t);
         $getConfig       = $xc->getXcGetConfig($moduleDirname, 'maxsize');
-        $xoopsFormFile   = $cc->getClassXoopsFormFile('', $language . 'FORM_UPLOAD_IMAGE_' . $stuTableName, 'attachedfile', $getConfig, true, '');
-        $ret             .= $cc->getClassAddElement('fileSelectTray', $xoopsFormFile, $t);
-        $xoopsFormLabel1 = $cc->getClassXoopsFormLabel('', "''", null, true);
-        $ret             .= $cc->getClassAddElement('fileSelectTray', $xoopsFormLabel1, $t);
-        $ret             .= $cc->getClassAddElement('imageTray', '$fileSelectTray', $t);
+        $xoopsFormFile   = $cc->getClassXoopsFormFile('imageTray', $language . 'FORM_UPLOAD_NEW', 'attachedfile', $getConfig, true, '');
+        $contIf          = $cc->getClassAddElement('imageTray', $xoopsFormFile, $t . "\t");
+        $formHidden      = $cc->getClassXoopsFormHidden('', $fieldName, $ccFieldName, true, true, $t, true);
+        $contElse        = $cc->getClassAddElement('imageTray', $formHidden, $t . "\t");
+        $ret             .= $pc->getPhpCodeConditions('$permissionUpload', null, null, $contIf, $contElse, "\t\t");
         $ret             .= $cc->getClassAddElement('form', "\$imageTray{$required}", $t);
 
         return $ret;
@@ -418,17 +418,24 @@ private function getXoopsFormUploadFile($language, $moduleDirname, $tableName, $
         $cc             = Tdmcreate\Files\Classes\ClassXoopsCode::getInstance();
         $ucfFieldName   = $tf->getCamelCase($fieldName, true);
         $stuTableName   = mb_strtoupper($tableName);
-        $t              = "\t\t";
-        $ret            = $pc->getPhpCodeCommentLine('Form', 'File ' . $ucfFieldName, $t);
-        $ret           .= $cc->getClassXoopsFormElementTray('fileUploadTray', $language . 'FORM_UPLOAD_FILE_' . $stuTableName, '<br>', $t);
-        $getVar         = $xc->getXcGetVar('', 'this', $fieldName, true);
-        $xoopsFormLabel = $cc->getClassXoopsFormLabel('', "''", $getVar, true);
+        $ccFieldName    = $tf->getCamelCase($fieldName, false, true);
+
+        $t              = "\t\t\t";
+        $ret            = $pc->getPhpCodeCommentLine('Form', 'File ' . $ucfFieldName, "\t\t");
+        $ret            .= $pc->getPhpCodeTernaryOperator($ccFieldName, '$this->isNew()', "''", "\$this->getVar('{$fieldName}')", "\t\t");
+
+        $uForm          = $cc->getClassXoopsFormElementTray('fileUploadTray', $language . 'FORM_UPLOAD', '<br>', $t);
+        $xoopsFormLabel = $cc->getClassXoopsFormLabel('', $language . 'FORM_UPLOAD_FILE_' . $stuTableName, $ccFieldName, true, "\t\t", true);
         $condIf         = $cc->getClassAddElement('fileUploadTray', $xoopsFormLabel, $t . "\t");
-        $ret           .= $pc->getPhpCodeConditions('!$this->isNew()', null, null, $condIf, false, "\t\t");
+        $uForm          .= $pc->getPhpCodeConditions('!$this->isNew()', null, null, $condIf, false, "\t\t\t");
         $getConfig      = $xc->getXcGetConfig($moduleDirname, 'maxsize');
         $xoopsFormFile  = $cc->getClassXoopsFormFile('', "''", $fieldName, $getConfig, true, '');
-        $ret            .= $cc->getClassAddElement('fileUploadTray', $xoopsFormFile, $t);
-        $ret            .= $cc->getClassAddElement('form', '$fileUploadTray', $t);
+        $uForm          .= $cc->getClassAddElement('fileUploadTray', $xoopsFormFile, $t);
+        $uForm          .= $cc->getClassAddElement('form', '$fileUploadTray', $t);
+        $formHidden     = $cc->getClassXoopsFormHidden('', $fieldName, $ccFieldName, true, true, "\t\t", true);
+        $contElse       = $cc->getClassAddElement('form', $formHidden, $t);
+
+        $ret           .= $pc->getPhpCodeConditions('$permissionUpload', null, null, $uForm, $contElse, "\t\t");
 
         return $ret;
     }

class/Files/Classes/ClassXoopsCode.php

@@ -277,10 +277,14 @@ public function getClassXoopsFormElementTray($var, $param1, $param2 = '', $t = "
      *
      * @return string
      */
-    public function getClassXoopsFormLabel($var, $param1 = '', $param2 = null, $isParam = false, $t = "\t\t")
+    public function getClassXoopsFormLabel($var, $param1 = '', $param2 = null, $isParam = false, $t = "\t\t", $useParam = false)
     {
         $label  = 'new \XoopsFormLabel(';
-        $params = null != $param2 ? "{$param1}, {$param2}" : $param1;
+        if (false === $useParam) {
+            $params = null != $param2 ? "{$param1}, {$param2}" : $param1;
+        } else {
+            $params = null != $param2 ? "{$param1}, \${$param2}" : $param1;
+        }
         if (false === $isParam) {
             $ret = "{$t}\${$var} = {$label}{$params});\n";
         } else {
@@ -326,7 +330,7 @@ public function getClassXoopsFormFile($var, $param1, $param2, $param3, $isParam
      *
      * @return string
      */
-    public function getClassXoopsFormHidden($var, $param1, $param2, $isForm = false, $isParam = false, $t = "\t\t")
+    public function getClassXoopsFormHidden($var, $param1, $param2, $isForm = false, $isParam = false, $t = "\t\t", $useParam = false)
     {
         $hidden       = 'new \XoopsFormHidden( ';
         $getVarHidden = Tdmcreate\Files\CreateXoopsCode::getInstance()->getXcGetVar('', 'this', $param2, true);
@@ -337,7 +341,11 @@ public function getClassXoopsFormHidden($var, $param1, $param2, $isForm = false,
             if (false === $isForm) {
                 $ret .= "{$hidden}{$param1}, {$param2} )";
             } else {
-                $ret .= "{$hidden}'{$param1}', '{$param2}' )";
+                if (false === $useParam) {
+                    $ret .= "{$hidden}'{$param1}', '{$param2}' )";
+                } else {
+                    $ret .= "{$hidden}'{$param1}', \${$param2} )";
+                }
             }
         }
 

class/Files/Language/LanguageAdmin.php

@@ -140,7 +140,7 @@ public function getLanguageAdminPages($language, $tables)
      * @param string $tables
      * @return string
      */
-    public function getLanguageAdminClass($language, $tables)
+    public function getLanguageAdminClass($language, $tables, $moduleDirname)
     {
         $ret = $this->defines->getAboveHeadDefines('Admin Classes');
 
@@ -193,17 +193,18 @@ public function getLanguageAdminClass($language, $tables)
                         $ret .= $this->defines->getDefine($language, 'FORM_URL_UPLOAD', "{$fieldNameDesc} in uploads files");
                         break;
                     case 13:
-                        $ret .= $this->defines->getDefine($language, "FORM_UPLOAD_IMAGE_{$stuTableName}", "{$fieldNameDesc} in uploads images");
+                        $ret .= $this->defines->getDefine($language, "FORM_UPLOAD_IMAGE_{$stuTableName}", "{$fieldNameDesc} in ./uploads/{$moduleDirname}/images/{$tableName}/ :");
                         break;
                     case 14:
-                        $ret .= $this->defines->getDefine($language, "FORM_UPLOAD_FILE_{$stuTableName}", "{$fieldNameDesc} in uploads files");
+                        $ret .= $this->defines->getDefine($language, "FORM_UPLOAD_FILE_{$stuTableName}", "{$fieldNameDesc} in ./uploads/{$moduleDirname}/files/{$tableName}/ :");
                         break;
                 }
             }
         }
         $ret .= $this->defines->getAboveDefines('General');
         $ret .= $this->defines->getDefine($language, 'FORM_UPLOAD', 'Upload file');
-        $ret .= $this->defines->getDefine($language, 'FORM_IMAGE_PATH', 'Files in %s ');
+        $ret .= $this->defines->getDefine($language, 'FORM_UPLOAD_NEW', 'Upload new file: ');
+        $ret .= $this->defines->getDefine($language, 'FORM_IMAGE_PATH', 'Files in %s :');
         $ret .= $this->defines->getDefine($language, 'FORM_ACTION', 'Action');
         $ret .= $this->defines->getDefine($language, 'FORM_EDIT', 'Modification');
         $ret .= $this->defines->getDefine($language, 'FORM_DELETE', 'Clear');
@@ -271,7 +272,7 @@ public function render()
         if (is_array($tables)) {
             $content .= $this->getLanguageAdminIndex($language, $tables);
             $content .= $this->getLanguageAdminPages($language, $tables);
-            $content .= $this->getLanguageAdminClass($language, $tables);
+            $content .= $this->getLanguageAdminClass($language, $tables, $moduleDirname);
         }
         if (in_array(1, $tablePermissions)) {
             $content .= $this->getLanguageAdminPermissions($language);

class/Files/Language/LanguageModinfo.php

@@ -405,6 +405,8 @@ private function getLanguagePermissionsGroups($language)
         $ret .= $df->getDefine($language, 'GROUPS_DESC', 'Select general access permission for groups.');
         $ret .= $df->getDefine($language, 'ADMIN_GROUPS', 'Admin Group Permissions');
         $ret .= $df->getDefine($language, 'ADMIN_GROUPS_DESC', 'Which groups have access to tools and permissions page');
+        $ret .= $df->getDefine($language, 'UPLOAD_GROUPS', 'Upload Group Permissions');
+        $ret .= $df->getDefine($language, 'UPLOAD_GROUPS_DESC', 'Which groups have permissions to upload files');
 
         return $ret;
     }

class/Files/User/UserXoopsVersion.php

@@ -540,6 +540,7 @@ private function getXoopsVersionConfig($module, $tables, $language)
             $ret         .= $xCodeVConfig->getXcEqualsOperator('$xoopsGroups ', '$memberHandler->getGroupList()');
             $group       = $xCodeVConfig->getXcEqualsOperator('$groups[$group] ', '$key', null, false, "\t");
             $ret         .= $phpCodeVConfig->getPhpCodeForeach('xoopsGroups', false, 'key', 'group', $group);
+            $ret         .= $phpCodeVConfig->getPhpCodeCommentLine('General access groups');
             $groups      = [
                 'name'        => "'groups'",
                 'title'       => "'{$language}GROUPS'",
@@ -551,6 +552,22 @@ private function getXoopsVersionConfig($module, $tables, $language)
             ];
             $ret         .= $uCodeVConfig->getUserModVersion(3, $groups, 'config', '$c');
             $ret         .= $this->getSimpleString('++$c;');
+
+            $ret         .= $phpCodeVConfig->getPhpCodeCommentLine('Upload groups');
+            $uplgroups   = [
+                'name'        => "'upload_groups'",
+                'title'       => "'{$language}UPLOAD_GROUPS'",
+                'description' => "'{$language}UPLOAD_GROUPS_DESC'",
+                'formtype'    => "'select_multi'",
+                'valuetype'   => "'array'",
+                'default'     => '$groups',
+                'options'     => '$groups',
+            ];
+            $ret         .= $uCodeVConfig->getUserModVersion(3, $uplgroups, 'config', '$c');
+            $ret         .= $this->getSimpleString('++$c;');
+
+
+
             $ret         .= $phpCodeVConfig->getPhpCodeCommentLine('Get Admin groups');
             $ret         .= $xCodeVConfig->getXcEqualsOperator('$criteria ', 'new \CriteriaCompo()');
             $ret         .= $this->getSimpleString("\$criteria->add( new \Criteria( 'group_type', 'Admin' ) );");
@@ -560,8 +577,8 @@ private function getXoopsVersionConfig($module, $tables, $language)
             $ret         .= $phpCodeVConfig->getPhpCodeForeach('adminXoopsGroups', false, 'key', 'adminGroup', $adminGroup);
             $adminGroups = [
                 'name'        => "'admin_groups'",
-                'title'       => "'{$language}GROUPS'",
-                'description' => "'{$language}GROUPS_DESC'",
+                'title'       => "'{$language}ADMIN_GROUPS'",
+                'description' => "'{$language}ADMIN_GROUPS_DESC'",
                 'formtype'    => "'select_multi'",
                 'valuetype'   => "'array'",
                 'default'     => '$adminGroups',

docs/changelog.txt

@@ -8,6 +8,7 @@
 - fixed bug with save permissions in admin pages (goffy)
 - fixed bugs in tpl creation (goffy)
 - improved tpl creation (goffy)
+- added check for upload permission to form class (goffy)
 *************************************************************
 THIS IS LAST VERSION WHICH CREATES MODULES WITHOUT NAMESPACES
 *************************************************************