This page lists files in the current directory. You can view content, get download/execute commands for Wget, Curl, or PowerShell, or filter the list using wildcards (e.g., `*.sh`).
wget 'https://sme10.lists2.roe3.org/kodbox/app/controller/comment/auth.class.php'<?php
/*
* @link http://kodcloud.com/
* @author warlee | e-mail:kodcloud@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kodcloud.com/tools/license/license.txt
*/
/**
* 评论操作权限旁路拦截;
*
* ## 文档/分享评论:
* - 有comment权限: 可查看评论
* - 有编辑权限: 可添加,删除自己评论
* - 拥有者:可删除任何评论 (可设置权限)
*/
class CommentAuth extends Controller {
function __construct() {
parent::__construct();
$this->model = Model("Comment");
}
// 评论操作权限统一拦截检测
public function autoCheck(){
switch(strtolower(ACTION)){
case 'comment.index.listdata':
case 'comment.index.prasiseuserlist':
case 'comment.index.startargetuserlist':
$this->canView($this->in['targetType'],$this->in['targetID']);
break;
case 'comment.index.add':
case 'comment.index.startarget':
$this->canEdit($this->in['targetType'],$this->in['targetID']);
break;
case 'comment.index.remove':
$info = $this->info($this->in['id']);
$this->checkSelf($info,'remove');
$this->canRemove($info['targetType'],$info['targetID'],$info);
break;
case 'comment.index.edit':
$info = $this->info($this->in['id']);
$this->checkSelf($info,'edit');
$this->canEdit($info['targetType'],$info['targetID']);
break;
case 'comment.index.prasise':
$info = $this->info($this->in['id']);
$this->canEdit($info['targetType'],$info['targetID']);
break;
case 'comment.index.listbyuser':
KodUser::checkRoot();
break;
case 'comment.index.listself':;break;
case 'comment.index.listchildren':
$info = $this->info($this->in['pid']);
$this->canView($info['targetType'],$info['targetID']);
break;
}
}
private function canView($targetType,$targetID){
$this->checkType($targetType,$targetID);
$this->checkPathAuth($targetType,$targetID,'view');
}
private function canEdit($targetType,$targetID){ //添加or点赞;
$this->checkType($targetType,$targetID);
$this->checkPathAuth($targetType,$targetID,'edit');
}
private function canRemove($targetType,$targetID,$info){
$this->checkType($targetType,$targetID);
$this->checkPathAuth($targetType,$targetID,'remove',$info);
}
// 检测是否为操作自己的数据; 编辑自己的评论,删除自己的评论;
// 第三方业务, 可以自定义checkSelf是否允许自己编辑或删除; 允许谁编辑或删除(默认允许自己编辑或删除)
private function checkSelf($info,$action='edit'){
if($this->checkHook('comment.checkSelf',$info['targetType'],$info['targetID'],$action)) return true;
if($info['userID'] == USER_ID) return true;
if(KodUser::isRoot()) return true;
show_json(LNG('explorer.noPermissionAction'),false);
}
private function checkHook($event,$targetType,$targetID,$param=''){
$checkKey = $event.'.'.$targetType.'.'.$targetID.'.'.$param;
$GLOBALS[$checkKey] = false;
Hook::trigger($event,$targetType,$targetID,$param);
if($GLOBALS[$checkKey]) return true;
}
// 目前只允许对文档,分享发表评论;
private function checkType($targetType,$targetID){
if($this->checkHook('comment.checkType',$targetType,$targetID,'')) return true;
$allowType = array(
CommentModel::TYPE_SOURCE,
CommentModel::TYPE_SHARE,
);
if( !in_array($targetType,$allowType) ||
!$targetType ||
!$targetID){
show_json(LNG('common.invalidParam'),false);
}
}
// 文档or内部分享评论权限检测;
private function checkPathAuth($targetType,$targetID,$action,$param = false){
if($this->checkHook('comment.checkAuth',$targetType,$targetID,$action)) return true;
$typePath = array(
CommentModel::TYPE_SOURCE,
CommentModel::TYPE_SHARE,
);
if( !in_array($targetType,$typePath)) return;
if($targetType == CommentModel::TYPE_SOURCE){
$pathInfo = Model("Source")->pathInfo($targetID,true);
}else if($targetType == CommentModel::TYPE_SHARE){
$shareInfo = Model('Share')->getInfoAuth($targetID);
if(!$shareInfo){show_json(LNG('common.notExists'),false);}
if($shareInfo['userID'] == USER_ID){return true;} // 自己的分享;
$pathInfo = isset($shareInfo['sourceInfo']) ? $shareInfo['sourceInfo']:false;
if($pathInfo){$pathInfo['auth'] = $shareInfo['auth'];} // 物理路径处理;
}
if(!$pathInfo){ // || $pathInfo['isDelete'] == '1'
show_json(LNG('common.notExists'),false);
}
$authValue = $pathInfo['auth']['authValue'];
$auth = Model('Auth');
if(!$pathInfo['auth'] &&
$pathInfo['targetType'] == 'user' &&
$pathInfo['targetID'] == USER_ID){
return true; //自己的文档;
}
if($auth->authCheckRoot($authValue)) return true;//拥有者, 管理权限;read/write/delete;
if(!$auth->authCheckComment($authValue)){ //评论列表权限;
show_json(LNG('explorer.noPermissionAction'),false);
}
//查看列表:有comment权限; 可以读取列表;
if($action == 'view') return true;
// 添加/点赞: 有编辑权限,才能操作
if( $action == 'edit' &&
!$auth->authCheckEdit($authValue)){
show_json(LNG('explorer.noPermissionAction'),false);
}
// 删除: 有编辑权限,才能删除自己的评论
if( $action == 'remove' &&
!$auth->authCheckEdit($authValue) &&
$param['userID'] != USER_ID
){
show_json(LNG('explorer.noPermissionAction'),false);
}
}
private function info($id){
return $this->model->where(array("commentID"=>$id))->find();
}
}wget 'https://sme10.lists2.roe3.org/kodbox/app/controller/comment/index.class.php'<?php
/*
* @link http://kodcloud.com/
* @author warlee | e-mail:kodcloud@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kodcloud.com/tools/license/license.txt
*/
class commentIndex extends Controller {
private $model;
public function __construct(){
parent::__construct();
$this->model = Model("Comment");
Action('comment.auth')->autoCheck();
}
public function test(){
}
/**
* 评论列表
*
* 通用请求参数:sortField|sortType; page|pageNum
* CommentModel::TYPE_SHARE|TYPE_SOURCE|TYPE_USER|TYPE_GROUP
*/
public function listData(){
$data = Input::getArray(array(
"targetType" => array("check"=>"number"),
"targetID" => array("check"=>"number"),
"idFrom" => array("check"=>"number","default"=>0),
"idTo" => array("check"=>"number","default"=>0),
));
// $this->in['pageNum'] = 5;
$list = $this->model->listData($data);
// 自动标记已读;
if(USER_ID && !$data['idFrom'] && !!$data['idTo']){
Action("comment.topic")->read();
}
show_json($list,!!$list);
}
/**
* 添加评论
*/
public function add(){
$data = Input::getArray(array(
"targetType" => array("check"=>"number"),
"targetID" => array("check"=>"number"),
"content" => array("check"=>"require"),
"pid" => array("check"=>"number","default"=>0),
));
$data['userID'] = USER_ID;
$result = $this->model->addComment($data);
show_json($result,true);
}
// 目标本身点赞用户列表
public function starUserList(){
$data = Input::getArray(array(
"targetType" => array("check"=>"number"),
"targetID" => array("check"=>"number"),
));
$result = $this->model->addComment($data);
show_json($result,true);
}
// 评论编辑;
public function edit(){
$data = Input::getArray(array(
"id" => array("check"=>"number"),
"content" => array("check"=>"require"),
));
$result = $this->model->edit($data['id'],$data['continue']);
show_json($result,true);
}
/**
* 删除评论
*/
public function remove(){
$id = Input::get("id","number");
$result = $this->model->remove($id);
show_json($result,!!$result);
}
/**
* 点赞or取消赞
*/
public function prasise(){
$id = Input::get("id","number");
$result = $this->model->prasise($id);
show_json($result,!!$result);
}
// 直接点赞目标对象;(点赞文章or文件)
public function starTarget(){
$data = Input::getArray(array(
"targetType" => array("check"=>"number"),
"targetID" => array("check"=>"number"),
));
$result = $this->model->starTarget($data['targetType'],$data['targetID']);
show_json($result,true);
}
// 直接点赞目标对象;(点赞文章or文件); {count:xx,userList:[{},...]}
public function starTargetUserList(){
$data = Input::getArray(array(
"targetType" => array("check"=>"number"),
"targetID" => array("check"=>"number"),
));
$result = $this->model->starTargetUserList($data['targetType'],$data['targetID']);
show_json($result,true);
}
// 获取评论点赞信息; {count:xx,userList:[{},...]}
public function prasiseUserList(){
$id = Input::get("id","number");
$result = $this->model->prasiseUserList($id);
show_json($result,true);
}
/**
* 查询用户评论
*
* 通用请求参数:sortField|sortType; page|pageNum
*/
public function listByUser(){
$userID = Input::get("userID","number");
$data = array('userID'=>$userID);
$list = $this->model->listData($data);
show_json($list,!!$list);
}
// 自己的评论;
public function listSelf(){
$data = array('userID'=>USER_ID);
$list = $this->model->listData($data);
show_json($list,!!$list);
}
/**
* 评论子评论
*/
public function listChildren(){
$pid = Input::get("pid","number");
$data = array('pid'=>$pid);
$list = $this->model->listData($data);
show_json($list,!!$list);
}
}wget 'https://sme10.lists2.roe3.org/kodbox/app/controller/comment/topic.class.php'<?php
/*
* @link http://kodcloud.com/
* @author warlee | e-mail:kodcloud@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kodcloud.com/tools/license/license.txt
*/
/**
* 聊天列表主题相关;
*
* index // 聊天对象列表; 按最后评论时间降序;
* notify // 获取聊天对象个数;
* readAll // 全部已读
* read // 聊天对象已读;
*/
class commentTopic extends Controller {
public function __construct(){
parent::__construct();
$this->model = Model("Comment");
}
public function index(){
$chatTopic = $this->chatTopic();
foreach ($chatTopic as $key => $item) {
$id = $item['targetID'];
$where = array(
'targetType' => $item['targetType'],
'targetID' => $id,
);
$listLast = $this->model->limit(1)->listData($where);
$last = $listLast['list'][0];
switch($item['targetType']){
case CommentModel::TYPE_SHARE:
$last['target'] = Action("explorer.userShare")->sharePathInfo($id);
break;
case CommentModel::TYPE_SOURCE:
$last['target'] = Model('Source')->pathInfo($id);
break;
case CommentModel::TYPE_USER:
$last['target'] = Model('User')->getInfo($id);
break;
case CommentModel::TYPE_GROUP:
$last['target'] = Model('Group')->getInfo($id);
break;
case CommentModel::TYPE_TOPIC:
break;
default:break;
}
$chatTopic[$key] = array_merge($last,$item);
}
$chatTopic = array_values($chatTopic);
$chatTopic = array_sort_by($chatTopic,'createTime',true);
show_json($chatTopic);
}
// 通知更新获取;
public function notify(){
$chatTopic = $this->chatTopic();
foreach ($chatTopic as &$item) {
$where = array(
'targetType' => $item['targetType'],
'targetID' => $item['targetID'],
'commentID' => array(">",$item['readLast']),
);
//该主题:未读消息数;
$item['newCount'] = $this->model->where($where)->count();
};unset($item);
$chatTopic = array_values($chatTopic);
show_json($chatTopic);
}
// 全部已读
public function readAll(){
$chatTopic = $this->chatTopic();
foreach ($chatTopic as $item) {
$this->readItem($item['targetType'],$item['targetID']);
}
show_json($chatTopic);
}
public function read(){
$item = Input::getArray(array(
"targetType" => array("check"=>"in","param"=>CommentModel::$TYPEALL),
"targetID" => array("check"=>"number"),
));
$this->readItem($item['targetType'],$item['targetID']);
}
// 某讨论主题已读; 用户/部门
private function readItem($targetType,$targetID){
$key = "userChatReadLast_".USER_ID;
$topic = Cache::get($key);
$topic = $topic ? $topic : array();
$where = array(
'targetType' => $targetType,
'targetID' => $targetID,
);
$topicMax = $this->model->where($where)->max('commentID');
$topic[$targetType.'_'.$targetID] = $topicMax;
Cache::set($key,$topic);
}
// 自己参与的讨论主题: 文档/分享;部门/用户/群聊;
// 主题只包含: 用户,部门,关注文档; 群聊; [数据自动构建;] 没有评论过也会有该主题;
private function chatTopic(){return array();
$field = 'targetType,targetID';
$where = array("userID"=> USER_ID);
$topic = $this->model->field($field)->where($where)->group($field)->select();
$topicList = array();
$topicRead = Cache::get("userChatReadLast_".USER_ID);
foreach($topic as $item){
$id = $item['targetType'].'_'.$item['targetID'];
$item['readLast'] = isset($topicRead[$id]) ? $topicRead[$id]:0;
$topicList[$id] = $item;
}
return $topicList;
}
}