proc_doc ad_intranet_header { } {Intranet look and feel} { set page_title [ad_partner_upvar page_title] set context_bar [ad_partner_upvar context_bar] set graphic "/pages/graphics/ad_intranet_logo.jpg" return [ad_graphics_header $page_title "" $graphic] } # Now we define some generic header and footer procedures # that can be used to set-up the generic ArsDigita look and feel proc_doc ad_graphics_header { {page_title ""} {extra_stuff_for_document_head ""} { graphic_source "/pages/graphics/ad_logo_sm.gif" } } {writes HEAD, TITLE, and BODY tags to start off pages in a consistent fashion} { if { [empty_string_p $page_title] } { # If we didn't get a title as an argument, look for it in the calling environment set page_title [ad_partner_upvar page_title] } if { [empty_string_p $extra_stuff_for_document_head] } { # look for it in the calling environment set extra_stuff_for_document_head [ad_partner_upvar extra_stuff_for_document_head] } set context_bar [ad_partner_upvar context_bar] # height=88 width=95 vspace=10> set html " [ad_header $page_title $extra_stuff_for_document_head] [ad_partner_default_font] [ad_partner_default_font]

[ad_partner_default_font "size=2"]$context_bar

$page_title

" return $html } # redirect for old press stuff proc_doc ad_custom_redirect_press {} {Redirects /press/* to /press/index.tcl} { ns_returnredirect /press/index.tcl } ns_register_proc GET /press/*.html ad_custom_redirect_press ns_register_proc POST /press/*.html ad_custom_redirect_press ## BBoard security hack proc_doc bboard_restrict_access_to_group args { Restricts access to a bboard if it has a group_id set for the specified topic_id or msg_id } { set form [ns_getform] if { [empty_string_p $form] } { ns_log Notice "bboard_restrict_access_to_group: empty form" return filter_ok } # 3 ways to identify a message - see if we have any of them! set topic_id [ns_set get $form topic_id] set msg_id [ns_set get $form msg_id] set refers_to [ns_set get $form refers_to] if { [empty_string_p topic_id] && [empty_string_p msg_id] && [empty_string_p refers_to] } { # Don't have a msg_id or topic_id or refers_to - can't do anything... # Grant access by default return filter_ok } set db [ns_db gethandle subquery] if { [empty_string_p topic_id] } { # Get the topic id from whatever identifier we have if { [empty_string_p msg_id] } { set msg_id $refers_to } set topic_id [database_to_tcl_string $db \ "select topic_id from bboard where msg_id='[DoubleApos $msg_id]'"] } set user_id [ad_get_user_id] set has_access_p 0 if { $user_id > 0 } { set has_access_p [database_to_tcl_string $db \ "select case when count(1) = 0 then 0 else 1 end from bboard_topics t where t.group_id is null or ad_group_member_p($user_id, t.group_id) = 't'"] if { $has_access_p == 0 } { # Check if this is an intranet authorized user - they # get to see everything! set has_access_p [im_user_is_authorized_p $db $user_id] } } elseif {$user_id == 0} { # the user isnt loged in set has_access_p [database_to_tcl_string $db \ "select case when count(1) = 0 then 0 else 1 end from bboard_topics t where t.topic_id = '$topic_id' and t.group_id is null"] } ns_db releasehandle $db if { $has_access_p == 0 } { ad_return_error "Access denied" "This section of the bboard is restricted. You must either be a member of the group who owns this topic or an authorized user of the [ad_parameter SystemName] intranet. You can login as someone else if you like." return filter_return } return filter_ok } ad_register_filter preauth HEAD /bboard/* bboard_restrict_access_to_group ad_register_filter preauth GET /bboard/* bboard_restrict_access_to_group ad_register_filter preauth POST /bboard/* bboard_restrict_access_to_group