Index: core/kernel/db/cat_event_handler.php =================================================================== --- core/kernel/db/cat_event_handler.php (revision 12940) +++ core/kernel/db/cat_event_handler.php (working copy) @@ -254,6 +254,7 @@ function OnPaste(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1) || !$this->_checkPastePermission($event)) { + $event->status = erFAIL; return; } @@ -291,6 +292,7 @@ function OnMassDelete(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -2419,6 +2421,7 @@ } if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: core/kernel/db/db_event_handler.php =================================================================== --- core/kernel/db/db_event_handler.php (revision 12940) +++ core/kernel/db/db_event_handler.php (working copy) @@ -1204,6 +1204,7 @@ function OnDelete(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -1300,6 +1301,7 @@ function OnMassDelete(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -1404,7 +1406,9 @@ } else { $this->Application->RemoveVar($changes_var_name); + $event->status = erFAIL; } + $this->clearSelectedIDs($event); $event->redirect_params = Array('opener' => 'u'); @@ -1667,6 +1671,7 @@ function iterateItems(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -1724,6 +1729,7 @@ function OnMassClone(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: core/units/categories/categories_event_handler.php =================================================================== --- core/units/categories/categories_event_handler.php (revision 12940) +++ core/units/categories/categories_event_handler.php (working copy) @@ -984,6 +984,7 @@ function OnMassDelete(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -1104,6 +1105,7 @@ function OnPaste(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1) || !$this->_checkPastePermission($event)) { + $event->status = erFAIL; return ; } @@ -1388,6 +1390,7 @@ } if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -2062,6 +2065,11 @@ */ function OnChangePriority(&$event) { + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return; + } + $object =& $event->getObject( Array('skip_autoload' => true) ); $ids = $this->StoreSelectedIDs($event); @@ -2106,6 +2114,11 @@ */ function OnRecalculatePriorities(&$event) { + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return; + } + $priority_helper =& $this->Application->recallObject('PriorityHelper'); /* @var $priority_helper kPriorityHelper */ Index: core/units/config_search/config_search_event_handler.php =================================================================== --- core/units/config_search/config_search_event_handler.php (revision 12940) +++ core/units/config_search/config_search_event_handler.php (working copy) @@ -56,14 +56,17 @@ */ function OnUpdate(&$event) { - if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - parent::OnUpdate($event); - - $conf_update = new kEvent('conf:OnUpdate'); - $conf_update->redirect = false; - $this->Application->HandleEvent($conf_update); + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return ; } + parent::OnUpdate($event); + + $conf_update = new kEvent('conf:OnUpdate'); + $conf_update->redirect = false; + $this->Application->HandleEvent($conf_update); + $event->SetRedirectParam('opener', 's'); // keeps module and section in REQUEST to ensure, that last admin template will work Index: core/units/configuration/configuration_event_handler.php =================================================================== --- core/units/configuration/configuration_event_handler.php (revision 12940) +++ core/units/configuration/configuration_event_handler.php (working copy) @@ -197,70 +197,73 @@ */ function OnUpdate(&$event) { - if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return ; + } - // 1. save user selected module root category - $new_category_id = getArrayValue($items_info, 'ModuleRootCategory', 'VariableValue'); - if ($new_category_id !== false) { - unset($items_info['ModuleRootCategory']); - } + $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); - $object =& $event->getObject( Array('skip_autoload' => true) ); - /* @var $object kDBItem */ + // 1. save user selected module root category + $new_category_id = getArrayValue($items_info, 'ModuleRootCategory', 'VariableValue'); + if ($new_category_id !== false) { + unset($items_info['ModuleRootCategory']); + } - if ($items_info) { - $has_error = false; - foreach ($items_info as $id => $field_values) { - $object->Clear(); // clear validation errors from previous variable - $object->Load($id); - $object->SetFieldsFromHash($field_values); + $object =& $event->getObject( Array('skip_autoload' => true) ); + /* @var $object kDBItem */ - if (!$object->Update($id)) { - // don't stop when error found ! - $has_error = true; - } + if ($items_info) { + $has_error = false; + foreach ($items_info as $id => $field_values) { + $object->Clear(); // clear validation errors from previous variable + $object->Load($id); + $object->SetFieldsFromHash($field_values); + + if (!$object->Update($id)) { + // don't stop when error found ! + $has_error = true; } - - $event->status = $has_error ? erFAIL : erSUCCESS; } - if ($event->status == erSUCCESS) { - if ($new_category_id !== false) { - // root category was submitted - $module = $this->Application->GetVar('module'); - $root_category_id = $this->Application->findModule('Name', $module, 'RootCat'); + $event->status = $has_error ? erFAIL : erSUCCESS; + } - if ($root_category_id != $new_category_id) { - // root category differs from one in db - $fields_hash = Array('RootCat' => $new_category_id); - $this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'Modules', 'Name = '.$this->Conn->qstr($module)); - } + if ($event->status == erSUCCESS) { + if ($new_category_id !== false) { + // root category was submitted + $module = $this->Application->GetVar('module'); + $root_category_id = $this->Application->findModule('Name', $module, 'RootCat'); + + if ($root_category_id != $new_category_id) { + // root category differs from one in db + $fields_hash = Array('RootCat' => $new_category_id); + $this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'Modules', 'Name = '.$this->Conn->qstr($module)); } + } - // reset cache - $changed = $this->Application->GetVar($event->getPrefixSpecial() . '_changed', Array ()); - $require_refresh = Array ( - 'AdvancedUserManagement', 'Site_Name', 'AdminConsoleInterface' - ); + // reset cache + $changed = $this->Application->GetVar($event->getPrefixSpecial() . '_changed', Array ()); + $require_refresh = Array ( + 'AdvancedUserManagement', 'Site_Name', 'AdminConsoleInterface' + ); - $refresh_sections = array_intersect($require_refresh, $changed); - $require_full_refresh = Array ('Site_Name', 'AdminConsoleInterface'); + $refresh_sections = array_intersect($require_refresh, $changed); + $require_full_refresh = Array ('Site_Name', 'AdminConsoleInterface'); - if (array_intersect($require_full_refresh, $changed)) { - $event->SetRedirectParam('refresh_all', 1); - } elseif ($refresh_sections) { - // reset sections too, because of AdvancedUserManagement - $event->SetRedirectParam('refresh_tree', 1); - } + if (array_intersect($require_full_refresh, $changed)) { + $event->SetRedirectParam('refresh_all', 1); + } elseif ($refresh_sections) { + // reset sections too, because of AdvancedUserManagement + $event->SetRedirectParam('refresh_tree', 1); + } - $this->Application->UnitConfigReader->ResetParsedData($refresh_sections ? true : false); - } - elseif ($this->Application->GetVar('errors_' . $event->getPrefixSpecial())) { - // because we have list out there, and this is item - $this->Application->removeObject( $event->getPrefixSpecial() ); - } + $this->Application->UnitConfigReader->ResetParsedData($refresh_sections ? true : false); } + elseif ($this->Application->GetVar('errors_' . $event->getPrefixSpecial())) { + // because we have list out there, and this is item + $this->Application->removeObject( $event->getPrefixSpecial() ); + } // keeps module and section in REQUEST to ensure, that last admin template will work $event->SetRedirectParam('module', $this->Application->GetVar('module')); Index: core/units/content/content_eh.php =================================================================== --- core/units/content/content_eh.php (revision 12940) +++ core/units/content/content_eh.php (working copy) @@ -29,7 +29,8 @@ $user_id = $this->Application->RecallVar('user_id'); // user can change top category - $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, 0); + $top_category = $this->Application->findModule('Name', 'Core', 'RootCat'); + $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, $top_category); return $perm_helper->finalizePermissionCheck($event, $perm_status); } Index: core/units/email_events/email_events_event_handler.php =================================================================== --- core/units/email_events/email_events_event_handler.php (revision 12940) +++ core/units/email_events/email_events_event_handler.php (working copy) @@ -85,6 +85,11 @@ */ function OnFrontOnly(&$event) { + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return ; + } + $ids = implode(',', $this->StoreSelectedIDs($event)); $table_name = $this->Application->getUnitOption($event->Prefix, 'TableName'); @@ -108,6 +113,11 @@ return ; } + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return ; + } + $items_info = $this->Application->GetVar('u'); if ($items_info) { $user_id = array_shift( array_keys($items_info) ); Index: core/units/fck/fck_eh.php =================================================================== --- core/units/fck/fck_eh.php (revision 12940) +++ core/units/fck/fck_eh.php (working copy) @@ -79,13 +79,17 @@ } $res.= ""; - echo $res; - } + echo $res; + } - function OnRenameFile(&$event) { $event->status = erSTOP; + + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + return; + } + $old_name = $this->Application->GetVar('old_name'); $new_name = $this->Application->GetVar('new_name'); $folder = $this->Application->GetVar('folder'); @@ -117,6 +121,11 @@ function OnDeleteFiles(&$event) { $event->status = erSTOP; + + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + return; + } + $files = trim($this->Application->GetVar('files'),'|'); // echo $files; $a_files = explode('|', $files); @@ -150,6 +159,10 @@ { $event->status = erSTOP; + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + return; + } + $new_folder = $this->Application->GetVar('new_folder'); $current_folder = $this->Application->GetVar('current_folder'); $folderPath = WRITEABLE . '/user_files' . '/' . $current_folder . "/" . $new_folder; @@ -181,6 +194,11 @@ function OnUploadFile(&$event) { $event->status = erSTOP; + + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + return; + } + $fck_helper =& $this->Application->recallObject('FCKHelper'); /* @var fck_helper fckFCKHelper*/ $fck_helper->UploadFile(); Index: core/units/forms/forms_eh.php =================================================================== --- core/units/forms/forms_eh.php (revision 12940) +++ core/units/forms/forms_eh.php (working copy) @@ -82,8 +82,11 @@ function OnMassDelete(&$event) { parent::OnMassDelete($event); - $this->Conn->Query('DELETE FROM '.TABLE_PREFIX.'Cache WHERE VarName = "sections_parsed"'); - $this->Application->StoreVar('RefreshStructureTree', 1); + + if ($event->status == erSUCCESS) { + $this->Conn->Query('DELETE FROM '.TABLE_PREFIX.'Cache WHERE VarName = "sections_parsed"'); + $this->Application->StoreVar('RefreshStructureTree', 1); + } } /** Index: core/units/images/image_event_handler.php =================================================================== --- core/units/images/image_event_handler.php (revision 12940) +++ core/units/images/image_event_handler.php (working copy) @@ -246,6 +246,11 @@ */ function OnMassDelete(&$event) { + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return; + } + $event->status=erSUCCESS; $temp =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler'); Index: core/units/languages/languages_event_handler.php =================================================================== --- core/units/languages/languages_event_handler.php (revision 12940) +++ core/units/languages/languages_event_handler.php (working copy) @@ -70,6 +70,7 @@ function OnSetPrimary(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -263,6 +264,7 @@ function OnImportLanguage(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -313,6 +315,7 @@ function OnExportLanguage(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -408,6 +411,11 @@ */ function OnSynchronizeLanguages(&$event) { + if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; + return; + } + // get language list with primary language first $sql = 'SELECT LanguageId FROM ' . TABLE_PREFIX . 'Language Index: core/units/modules/modules_event_handler.php =================================================================== --- core/units/modules/modules_event_handler.php (revision 12940) +++ core/units/modules/modules_event_handler.php (working copy) @@ -58,6 +58,7 @@ function moduleAction(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return ; } Index: core/units/skins/skin_eh.php =================================================================== --- core/units/skins/skin_eh.php (revision 12940) +++ core/units/skins/skin_eh.php (working copy) @@ -49,6 +49,7 @@ function OnSetPrimary(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: core/units/themes/themes_eh.php =================================================================== --- core/units/themes/themes_eh.php (revision 12940) +++ core/units/themes/themes_eh.php (working copy) @@ -39,6 +39,7 @@ function OnSetPrimary(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: core/units/users/users_event_handler.php =================================================================== --- core/units/users/users_event_handler.php (revision 12940) +++ core/units/users/users_event_handler.php (working copy) @@ -1394,10 +1394,10 @@ function OnMassResetSettings(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - $event->status=erSUCCESS; $ids = $this->StoreSelectedIDs($event); $default_user_id = $this->Application->ConfigValue('DefaultSettingsUserId'); @@ -1593,6 +1593,7 @@ function OnMassCloneUsers(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: in-auction/units/error_log/error_log_eh.php =================================================================== --- in-auction/units/error_log/error_log_eh.php (revision 12940) +++ in-auction/units/error_log/error_log_eh.php (working copy) @@ -57,15 +57,11 @@ */ function OnDeleteAll(&$event) { - if (!$this->Application->isAdminUser) { + if (!$this->Application->isAdminUser || $this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - return; - } - $event->status=erSUCCESS; - // get current list without per_page $list =& $this->Application->recallObject($event->Prefix_Special, 'err-ebay_List', Array('per_page'=>-1, 'skip_counting'=>true) ); Index: in-auction/units/listing/listing_eh.php =================================================================== --- in-auction/units/listing/listing_eh.php (revision 12940) +++ in-auction/units/listing/listing_eh.php (working copy) @@ -154,15 +154,11 @@ */ function OnDeleteAll(&$event) { - if (!$this->Application->isAdminUser) { + if (!$this->Application->isAdminUser || $this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - return; - } - $event->status=erSUCCESS; - // get current list without per_page $list =& $this->Application->recallObject($event->Prefix_Special, 'l-ebay_List', Array('per_page'=>-1, 'skip_counting'=>true) ); @@ -1095,13 +1091,10 @@ function OnArchive(&$event) { - if (!$this->Application->isAdminUser) { + if (!$this->Application->isAdminUser || $this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - return; - } - $event->status=erSUCCESS; $this->StoreSelectedIDs($event); $event->setEventParam('ids', $this->getSelectedIDs($event) ); @@ -1126,13 +1119,10 @@ function OnEndItem(&$event) { - if (!$this->Application->isAdminUser) { + if (!$this->Application->isAdminUser || $this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - return; - } - $event->status=erSUCCESS; $this->StoreSelectedIDs($event); $event->setEventParam('ids', $this->getSelectedIDs($event) ); @@ -1167,13 +1157,10 @@ function OnArchiveAll(&$event) { - if (!$this->Application->isAdminUser) { + if (!$this->Application->isAdminUser || $this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { - return; - } - $event->status=erSUCCESS; // get current list without per_page Index: in-commerce/units/affiliate_payment_types/affiliate_payment_types_event_handler.php =================================================================== --- in-commerce/units/affiliate_payment_types/affiliate_payment_types_event_handler.php (revision 12940) +++ in-commerce/units/affiliate_payment_types/affiliate_payment_types_event_handler.php (working copy) @@ -64,9 +64,9 @@ function OnMassDelete($event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - $event->status=erSUCCESS; $this->StoreSelectedIDs($event); $event->setEventParam('ids', $this->getSelectedIDs($event) ); Index: in-commerce/units/affiliate_plans/affiliate_plans_event_handler.php =================================================================== --- in-commerce/units/affiliate_plans/affiliate_plans_event_handler.php (revision 12940) +++ in-commerce/units/affiliate_plans/affiliate_plans_event_handler.php (working copy) @@ -68,9 +68,9 @@ function OnMassDelete($event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } - $event->status=erSUCCESS; $ids = $this->StoreSelectedIDs($event); $event->setEventParam('ids', $ids ); Index: in-commerce/units/affiliates/affiliates_event_handler.php =================================================================== --- in-commerce/units/affiliates/affiliates_event_handler.php (revision 12940) +++ in-commerce/units/affiliates/affiliates_event_handler.php (working copy) @@ -452,6 +452,7 @@ function iterateItems(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: in-commerce/units/currencies/currencies_event_handler.php =================================================================== --- in-commerce/units/currencies/currencies_event_handler.php (revision 12940) +++ in-commerce/units/currencies/currencies_event_handler.php (working copy) @@ -42,6 +42,7 @@ function OnSetPrimary(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -135,6 +136,7 @@ function OnUpdateRate(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -172,6 +174,7 @@ function OnUpdateRates(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: in-commerce/units/orders/orders_event_handler.php =================================================================== --- in-commerce/units/orders/orders_event_handler.php (revision 12940) +++ in-commerce/units/orders/orders_event_handler.php (working copy) @@ -1629,6 +1629,7 @@ function MassInventoryAction(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -1650,6 +1651,7 @@ function InventoryAction(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } Index: in-link/units/link_validation/link_validation_eh.php =================================================================== --- in-link/units/link_validation/link_validation_eh.php (revision 12940) +++ in-link/units/link_validation/link_validation_eh.php (working copy) @@ -404,6 +404,7 @@ function iterateItems(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; } @@ -444,6 +445,7 @@ function OnDeleteLinks(&$event) { if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { + $event->status = erFAIL; return; }