9 سال پیش · ed5988f4f7
--- a/SE/se-lib/FileStorageAcl.php
+++ b/SE/se-lib/FileStorageAcl.php
@@ -25,6 +25,14 @@ class FileStorageAcl {
 
				     // $cols[] = 'exists';
			
 
				     return $cols;
			
 
				   }
			
 
				+  public function getFieldIdByName($fieldName) {
			
 
				+    $fields = $this->getRealFieldListByIdZasob();
			
 
				+		if (empty($fieldName)) return null;
			
 
				+		foreach ($fields as $idField => $vFieldName) {
			
 
				+			if ($vFieldName == $fieldName) return $idField;
			
 
				+		}
			
 
				+		return null;
			
 
				+	}
			
 
				   public function isIntegerField($fieldName) {
			
 
				     if ('id' == $fieldName) return true;
			
 
				     if ('size' == $fieldName) return true;
			
@@ -70,6 +78,26 @@ class FileStorageAcl {
 
				     //   [cols] => Array( [0] => ID
			
 
				     //                    [1] => test_date
			
 
				     //                    [2] => A_STATUS )
			
 
				+    //   [ogc:Filter] => "<ogc:Filter><ogc:PropertyIsEqualTo><ogc:PropertyName>id</ogc:PropertyName><ogc:Literal>35</ogc:Literal></ogc:Filter>"
			
 
				+    $sqlWhereAddOgcFilter = '';
			
 
				+    $ogcFilter = V::get('ogc:Filter', '', $params);
			
 
				+    if (!empty($ogcFilter)) {
			
 
				+      Lib::loadClass('ParseOgcFilter');
			
 
				+      $parser = new ParseOgcFilter();
			
 
				+      $parser->loadOgcFilter($ogcFilter);
			
 
				+      $queryWhereBuilder = $parser->convertToSqlQueryWhereBuilder();
			
 
				+      $usedFields = $queryWhereBuilder->getUsedFields();
			
 
				+      foreach ($usedFields as $fldName) {
			
 
				+        if (!$this->getFieldIdByName($fldName)) throw new Exception("Not allowed PropertyName '{$fldName}'");
			
 
				+      }
			
 
				+      $sqlWhereAddOgcFilter = $queryWhereBuilder->getQueryWhere('t');
			
 
				+      if (!empty($sqlWhereAddOgcFilter)) $sqlWhereAddOgcFilter = " and {$sqlWhereAddOgcFilter}";
			
 
				+      DBG::_('DBG_DS', '>1', "ogc:Filter parser", $parser, __CLASS__, __FUNCTION__, __LINE__);
			
 
				+      DBG::_('DBG_DS', '>1', "ogc:Filter queryWhereBuilder", $queryWhereBuilder, __CLASS__, __FUNCTION__, __LINE__);
			
 
				+      DBG::_('DBG_DS', '>1', "ogc:Filter usedFields", $usedFields, __CLASS__, __FUNCTION__, __LINE__);
			
 
				+      DBG::_('DBG_DS', '>1', "ogc:Filter sqlWhereAddOgcFilter", $sqlWhereAddOgcFilter, __CLASS__, __FUNCTION__, __LINE__);
			
 
				+    }
			
 
				+
			
 
				     $sqlTblName = FileStorage::getTableName();
			
 
				     $sqlUserLogin = User::getLogin();
			
 
				     $rows = array_map(function($row) {
			
@@ -103,6 +131,7 @@ class FileStorageAcl {
 
				     		, INET_NTOA(t.A_USER_IP) as IP
			
 
				     	from `{$sqlTblName}` t
			
 
				       where t.`A_RECORD_CREATE_AUTHOR` = '{$sqlUserLogin}'
			
 
				+        {$sqlWhereAddOgcFilter}
			
 
				     	order by ID DESC
			
 
				     	limit {$sqlLimit} offset {$sqlOffset}
			
 
				     "));
			
--- a/SE/se-lib/ParseOgcFilter.php
+++ b/SE/se-lib/ParseOgcFilter.php
@@ -146,27 +146,18 @@ OGC_FILTER_XML_FILE;
 
				 
			
 
				 	public function _convertOgcFilterToCmdList($ogcFilterXmlString) {
			
 
				 		$convertOgcFilterXslString = @file_get_contents(APP_PATH_SCHEMA . DS . 'wfs' . DS . 'convertOgcFilterToXmlTaskList.xsl');
			
 
				-		if (false === $convertOgcFilterXslString) {
			
 
				-			throw new HttpException("Cannot find file 'convertOgcFilter...'", 404);
			
 
				-		} else if (empty($convertOgcFilterXslString)) {
			
 
				-			throw new HttpException("Empty file 'convertOgcFilter...'", 404);
			
 
				-		}
			
 
				+		if (false === $convertOgcFilterXslString) throw new HttpException("Cannot find file 'convertOgcFilter...'", 404);
			
 
				+		if (empty($convertOgcFilterXslString)) throw new HttpException("Empty file 'convertOgcFilter...'", 404);
			
 
				 
			
 
				 		$requestXml = new DOMDocument();
			
 
				 		$isFileCorrect = @$requestXml->loadXml($ogcFilterXmlString);
			
 
				-		if (false === $isFileCorrect) {
			
 
				-			throw new HttpException("Parse error for ogc filter", 400);
			
 
				-		}
			
 
				+		if (false === $isFileCorrect) throw new HttpException("Parse error for ogc filter", 400);
			
 
				 		$convertOgcFilterXsl = new DOMDocument();
			
 
				 		$isFileCorrect = @$convertOgcFilterXsl->loadXml($convertOgcFilterXslString);
			
 
				-		if (false === $isFileCorrect) {
			
 
				-			throw new HttpException("Parse error for file 'convertOgcFilter...'", 500);
			
 
				-		}
			
 
				+		if (false === $isFileCorrect) throw new HttpException("Parse error for file 'convertOgcFilter...'", 500);
			
 
				 		$proc = new XSLTProcessor();
			
 
				 		$isImported = $proc->importStylesheet($convertOgcFilterXsl);
			
 
				-		if (false === $isImported) {
			
 
				-			throw new HttpException("XSLT Parse error for import 'convertOgcFilter...'", 500);
			
 
				-		}
			
 
				+		if (false === $isImported) throw new HttpException("XSLT Parse error for import 'convertOgcFilter...'", 500);
			
 
				 		return $proc->transformToXML($requestXml);
			
 
				 	}