Squiz Matrix  4.12.2
 All Data Structures Namespaces Functions Variables Pages
user_group_edit_fns.inc
1 <?php
17 require_once SQ_CORE_PACKAGE_PATH.'/folder/folder_edit_fns.inc';
18 
31 {
32 
33 
39  {
40  $this->Folder_Edit_Fns();
41 
42  }//end constructor
43 
44 
53  function getCurrentRestrictions(&$asset)
54  {
55  $db = MatrixDAL::getDb();
56 
57  $sql = 'SELECT type_code, screen, section
58  FROM '.SQ_TABLE_RUNNING_PREFIX.'ast_edit_access ';
59  $where = 'userid = :userid';
60  $where = $GLOBALS['SQ_SYSTEM']->constructRollbackWhereClause($where);
61 
62  try {
63  $query = MatrixDAL::preparePdoQuery($sql.$where);
64  MatrixDAL::bindValueToPdo($query, 'userid', $asset->id);
65 
66  $result = MatrixDAL::executePdoGroupedAssoc($query);
67  } catch (Exception $e) {
68  throw new Exception('Unable to get current restriction information for userid #'.$asset->id.' due to the following database error:'.$e->getMessage());
69  }//end try catch
70 
71  return $result;
72 
73  }//end getCurrentRestrictions()
74 
75 
88  function isRestricted(&$asset, $prefix)
89  {
90  $current = $this->getCurrentRestrictions($asset);
91  return !empty($current);
92 
93  }//end isRestricted()
94 
95 
106  function paintTypeRestrictions(&$asset, &$o, $prefix)
107  {
108  $current = $this->getCurrentRestrictions($asset);
109  $admin_access = $asset->adminAccess('security');
110 
111  if (empty($current) && !$admin_access) {
112  $o->openField('');
113  $o->note(translate('user_group_unrestricted_access_granted'));
114  $o->closeField();
115  }
116 
117  foreach ($current as $type_code => $type_data) {
118  if ($type_code == '0') continue;
119 
120  $o->openSection($type_code);
121  $o->openField('');
122  ?>
123  <table class="sq-backend-table">
124  <tr>
125  <td class="sq-backend-table-header" style="width: 75%;"><?php echo translate('screen_name'); ?></td>
126  <?php if ($admin_access) {
127  ?><td class="sq-backend-table-header" style="width: 25%;"><?php echo translate('remove_question'); ?></td><?php
128  }
129  ?></tr>
130  <?php
131  $granted_screens = Array();
132  foreach ($type_data as $screen_data) {
133  $granted_screens[] = $screen_data['screen'];
134  if ($screen_data['screen'] == '0') {
135  $screen_name = '<b>'.translate('all_screens').'</b>';
136  } else {
137  $screen_name = ucwords(str_replace('_', '', $screen_data['screen']));
138  }
139  ?>
140  <tr>
141  <td class="sq-backend-table-cell"><?php echo $screen_name; ?></td>
142  <?php if ($admin_access) {
143  ?><td class="sq-backend-table-cell">
144  <?php check_box($prefix.'_remove_type_screen['.$type_code.']['.$screen_data['screen'].']'); ?>
145  </td>
146  <?php
147  }
148  ?>
149  </tr>
150  <?php
151  }
152  ?>
153  </table>
154 
155  <?php
156  if ($admin_access) {
157  if (!in_array('0', $granted_screens)) {
158  $ei = new Asset_Edit_Interface($type_code);
159 
160  $GLOBALS['SQ_SYSTEM']->am->includeAsset($type_code);
161  $asset = new $type_code();
162  $ef = $asset->getEditFns();
163 
164  $screens = Array(' ' => ''); // first option is blank
165  $screens['0'] = '-- '.translate('all_screens').' --'; // second option is 'All Screens'
166  foreach (array_keys($ef->static_screens) as $screen) {
167  if (in_array($screen, $granted_screens)) continue;
168  $screens[$screen] = ucfirst($screen);
169  }
170  foreach (array_keys($ei->getScreens()) as $screen) {
171  if (in_array($screen, $granted_screens)) continue;
172  $screens[$screen] = ucfirst($screen);
173  }
174 
175  echo '<br />'.translate('grant_screen_access').' ';
176  combo_box($prefix.'_add_type_screen['.$type_code.']', $screens, FALSE, Array());
177  } else {
178  echo '<br />'.translate('granted_unrestricted_access_explanation');
179  if (count($current[$type_code]) == 1) {
180  echo '<br />'.translate('remove_all_screens_explanation');
181  }
182  }
183  }
184 
185  $o->closeField();
186  $o->closeSection();
187  }//end foreach type code
188 
189  // allow them to restrict access to asset types
190  if ($admin_access) {
191  $uc_types = Array();
192  $types = $GLOBALS['SQ_SYSTEM']->am->getTypeList();
193  asort($types);
194  foreach ($types as $type) {
195  if (isset($current[$type])) continue;
196  $uc_types[$type] = ucwords(str_replace('_',' ', $type));
197  }
198 
199  $o->openSection(translate('restrict_screen_access_to_new_type'));
200  $o->openField('');
201  combo_box($prefix.'_restrict_types', $uc_types, TRUE, '', 6);
202  $o->closeField();
203  $o->closeSection();
204  }
205 
206  return $admin_access;
207 
208  }//end paintTypeRestrictions()
209 
210 
221  function processTypeRestrictions(&$asset, &$o, $prefix)
222  {
223  $GLOBALS['SQ_SYSTEM']->changeDatabaseConnection('db2');
224  $db = MatrixDAL::getDb();
225  $current = $this->getCurrentRestrictions($asset);
226 
227  $GLOBALS['SQ_SYSTEM']->doTransaction('BEGIN');
228 
229  $bind_vars = Array (
230  'userid' => $asset->id,
231  );
232 
234  // ADD ACCESS FOR NEW ASSET TYPES //
236  if (isset($_POST[$prefix.'_restrict_types'])) {
237  $new_types = $_POST[$prefix.'_restrict_types'];
238 
239 
240  foreach ($new_types as $type) {
241  if (isset($current[$type])) continue;
242 
243  $bind_vars['type_code'] = $type;
244  $bind_vars['screen'] = 'details';
245 
246  try {
247  $result = MatrixDAL::executeQuery('user_group', 'addScreenSectionRestrictionForUser', $bind_vars);
248  } catch (Exception $e) {
249  throw new Exception('Unable to add access for new asset type due to the following database error:'.$e->getMessage());
250  }//end try catch
251  }//end foreach
252 
253  }//end if
254 
255 
257  // REMOVE ACCESS TO SCREENS //
259  if (isset($_POST[$prefix.'_remove_type_screen'])) {
260  $doomed_screens = $_POST[$prefix.'_remove_type_screen'];
261  foreach ($doomed_screens as $type_code => $screen_data) {
262  // Here we set the type code for the bind variable array.
263  $bind_vars['type_code'] = $type_code;
264  $bind_vars['screen'] = 'details';
265 
266  foreach ($screen_data as $doomed_screen => $on) {
267 
268  if ($doomed_screen == '0' && count($current[$type_code]) == 1) {
269  // deleting the All Screens option without having a fall back
270  // option to stop this whole type being deleted
271  // so we'll add one
272  try {
273  $result = MatrixDAL::executeQuery('user_group', 'addScreenSectionRestrictionForUser', $bind_vars);
274  } catch (Exception $e) {
275  throw new Exception('Unable to add access for userid #'.$asset->id.' due to the following database error:'.$e->getMessage());
276  }//end try catch
277  }
278  // note that we need to put quote around the doomed screen to ensure
279  // it is treated like a string and thus does not blow away all entries
280  // for the type code from the DB
281 
282  $bind_vars['screen'] = $doomed_screen;
283 
284  try {
285  $result = MatrixDAL::executeQuery('user_group', 'deleteAccessRestrictionForUser', $bind_vars);
286  } catch (Exception $e) {
287  throw new Exception('Unable to delete access for userid #'.$asset->id.' due to the following database error:'.$e->getMessage());
288  }//end try catch
289 
290  }//end foreach doomed screen
291  }//end foreach type code
292  }//end if
293 
294 
296  // GRANT ACCESS TO SCREENS //
298  if (isset($_POST[$prefix.'_add_type_screen'])) {
299  $new_screens = $_POST[$prefix.'_add_type_screen'];
300 
301  foreach ($new_screens as $type_code => $new_screen) {
302  if (trim($new_screen) == '') continue;
303  // Here we set the type code for the bind variable array.
304  $bind_vars['type_code'] = $type_code;
305  $bind_vars['screen'] = $new_screen;
306 
307  try {
308  $result = MatrixDAL::executeQuery('user_group', 'addScreenSectionRestrictionForUser', $bind_vars);
309  } catch (Exception $e) {
310  throw new Exception('Unable to add access for new asset type due to the following database error:'.$e->getMessage());
311  }//end try catch
312 
313  }//end foreach
314  }//end if
315 
316  $GLOBALS['SQ_SYSTEM']->doTransaction('COMMIT');
317  $GLOBALS['SQ_SYSTEM']->restoreDatabaseConnection();
318 
319  return TRUE;
320 
321  }//end processTypeRestrictions()
322 
323 
334  function paintPreferences(&$asset, &$o, $prefix)
335  {
336  $write_access = $asset->adminAccess('preferences');
337 
338  $pref_file_path = $asset->data_path.'/.preferences.inc';
339  if (is_file($pref_file_path)) {
340  include $pref_file_path;
341  $custom_preferences = $preferences;
342  } else {
343  $custom_preferences = Array();
344  }
345 
346  include SQ_DATA_PATH.'/private/conf/preferences.inc';
347 
348  foreach ($preferences as $type_code => $pref_vars) {
349  $o->openSection($GLOBALS['SQ_SYSTEM']->am->getTypeInfo($type_code, 'name').' Preferences');
350  // load up the asset (for locale) and prefs to display
351  $GLOBALS['SQ_SYSTEM']->am->includeAsset($type_code);
352  $path = SQ_SYSTEM_ROOT.'/'.$GLOBALS['SQ_SYSTEM']->am->getTypeInfo($type_code, 'dir').'/'.$type_code.'_prefs.inc';
353  require_once $path;
354  $pref_name = $type_code.'_Prefs';
355  $prefs = new $pref_name($pref_file_path);
356 
357  foreach ($pref_vars as $var_name => $var_data) {
358  $o->openField(translate($var_data['name']));
359  if (isset($custom_preferences[$type_code][$var_name])) {
360  echo '<p>'.translate('preference_currently_customised');
361  if ($write_access) {
362  echo '<br />';
363  check_box($prefix.'_revert['.$type_code.']['.$var_name.']');
364  echo ' <b>'.translate('revert_to_global_preferences').'</b>';
365  }
366  echo '</p>';
367  $prefs->paintBackend($o, $write_access, $var_name);
368  } else {
369  echo '<p>'.translate('preference_not_customised');
370  if ($write_access) {
371  echo '<br />';
372  check_box($prefix.'_customise['.$type_code.']['.$var_name.']');
373  echo ' <b>'.translate('customise_this_preference').'</b>';
374  }
375  echo '</p>';
376  }
377  $o->closeField();
378  }
379  $o->closeSection();
380  }
381 
382  return $write_access;
383 
384  }//end paintPreferences()
385 
386 
397  function processPreferences(&$asset, &$o, $prefix)
398  {
399  if (!$asset->adminAccess('preferences')) return FALSE;
400 
401  $new_preferences = Array();
402 
403  if (isset($_POST[$prefix.'_customise'])) {
404  // customising global preferences
405  include SQ_DATA_PATH.'/private/conf/preferences.inc';
406  foreach ($_POST[$prefix.'_customise'] as $type_code => $var_data) {
407  foreach ($var_data as $var_name => $on) {
408  if (isset($preferences[$type_code][$var_name])) {
409  $new_preferences[$type_code][$var_name] = $preferences[$type_code][$var_name];
410  }
411  }
412  }
413  }
414 
415  $pref_file_path = $asset->data_path.'/.preferences.inc';
416  if (is_file($pref_file_path)) {
417  include $pref_file_path;
418  foreach ($preferences as $type_code => $pref_vars) {
419  $path = SQ_SYSTEM_ROOT.'/'.$GLOBALS['SQ_SYSTEM']->am->getTypeInfo($type_code, 'dir').'/'.$type_code.'_prefs.inc';
420  require_once $path;
421  $pref_name = $type_code.'_Prefs';
422  $prefs = new $pref_name();
423  foreach ($pref_vars as $var_name => $var_data) {
424  if (!isset($_POST[$prefix.'_revert'][$type_code][$var_name])) {
425  if ($prefs->processBackend($o, TRUE, $var_name)) {
426  $new_preferences[$type_code][$var_name] = $prefs->pref_vars[$var_name];
427  }
428  }
429  }
430  }
431  }
432 
433  require_once SQ_FUDGE_PATH.'/general/file_system.inc';
434  $str = '<'.'?php $preferences = '.var_export($new_preferences, TRUE).'; ?'.'>';
435  if (!is_dir($asset->data_path) && !create_directory($asset->data_path)) {
436  return FALSE;
437  }
438  if (!string_to_file($str, $asset->data_path.'/.preferences.inc')) {
439  return FALSE;
440  }
441 
442  return TRUE;
443 
444  }//end processPreferences()
445 
446 
459  function _printRoleTable($prefix, $pag_id, $roles, $write_access=FALSE, $include_userid=FALSE)
460  {
461  if (empty($roles)) return;
462 
463  ?>
464  <table class="sq-backend-table">
465  <tr>
466  <?php
467  if ($include_userid) {
468  ?><th class="sq-backend-table-header"><?php echo translate('role_assigned_to'); ?></td><?php
469  }
470  ?>
471  <th class="sq-backend-table-header"><?php echo translate('role'); ?></td>
472  <th class="sq-backend-table-header">Asset for which the role is to be performed</td>
473  <?php
474  if ($write_access) {
475  ?><th class="sq-backend-table-header"><?php echo translate('role_reassign'); ?></td><?php
476  }
477  ?>
478  </tr>
479  <?php
480 
481  $num_roles = 0;
482  $num_printed = 0;
483  $roles_pointer = 0;
484  $num_per_page = 10;
485 
486  $start_printing_at = array_get_index($_REQUEST, $prefix.$pag_id.'_start_at', 0);
487  $role_tag_lines = Array();
488  $user_tag_lines = Array();
489  $asset_tag_lines = Array();
490 
491  foreach ($roles as $roleid => $userids) {
492  foreach ($userids as $userid => $assetids) {
493  $num_roles += count($assetids);
494  foreach ($assetids as $assetid) {
495  if ($roles_pointer < $start_printing_at) {
496  $roles_pointer++;
497  continue;
498  }
499  if ($roles_pointer >= $start_printing_at + $num_per_page) {
500  break 2;
501  }
502 
503  if (!isset($asset_tag_lines[$assetid])) {
504  $asset_tag_lines[$assetid] = get_asset_tag_line($assetid);
505  }
506  if (!isset($role_tag_lines[$roleid])) {
507  $role_tag_lines[$roleid] = get_asset_tag_line($roleid);
508  }
509 
510  ?>
511  <tr>
512  <?php
513  if ($include_userid) {
514  if (!isset($user_tag_lines[$userid])) {
515  $user_tag_lines[$userid] = get_asset_tag_line($userid);
516  }
517  ?><td class="sq-backend-table-cell"><?php echo $user_tag_lines[$userid]; ?></td><?php
518  }
519  ?>
520  <td class="sq-backend-table-cell"><?php echo $role_tag_lines[$roleid] ?></td>
521  <td class="sq-backend-table-cell"><?php echo get_asset_tag_line($assetid); ?></td>
522  <?php
523  if ($write_access) {
524  ?><td class="sq-backend-table-cell"><?php echo check_box($prefix.'_reassign[]', $assetid); ?></td><?php
525  }
526  ?>
527  </tr>
528  <?php
529  $roles_pointer++;
530  }//end foreach
531  }//end foreach
532  }//end foreach
533 
534  if ($num_roles > $num_per_page) {
535  ?>
536  <tr>
537  <td colspan="3" align="center" class="sq-backend-table-header">
538  <?php
539  hidden_field($prefix.$pag_id.'_start_at', $start_printing_at);
540  if ($start_printing_at > 0) {
541  ?><a style="text-decoration: none;" href="#" onClick="Javascript: set_hidden_field('<?php echo $prefix.$pag_id; ?>_start_at', '<?php echo $start_printing_at - $num_per_page; ?>'); set_hidden_field('process_form', '0'); submit_form(); return false;"><?php
542  } else {
543  ?><span style="color: #84848F"><?php
544  }
545  ?>
546  &lt;&lt; <?php echo translate('previous_page');
547 
548  if ($start_printing_at > 0) {
549  echo '</a>';
550  } else {
551  echo '</span>';
552  }
553  ?>
554  &nbsp;<b><?php echo translate('page_number', (floor($start_printing_at / $num_per_page) + 1), ceil($num_roles / $num_per_page)); ?></b>&nbsp;
555 
556  <?php
557  if (($start_printing_at + $num_per_page) < $num_roles) {
558  ?><a style="text-decoration: none;" href="#" onClick="Javascript: set_hidden_field('<?php echo $prefix.$pag_id; ?>_start_at', '<?php echo $start_printing_at + $num_per_page; ?>'); set_hidden_field('process_form', '0'); submit_form(); return false;"><?php
559  } else {
560  ?><span style="color: #84848F"><?php
561  }
562 
563  echo translate('next_page'); ?> &gt;&gt;
564  <?php
565  if (($start_printing_at + $num_per_page) < $num_roles) {
566  echo '</a>';
567  } else {
568  echo '</span>';
569  }
570  ?>
571  </td>
572  </tr>
573  <?php
574  }//end if
575  ?>
576  </table>
577  <?php
578 
579  }//end _printRoleTable()
580 
581 
592  function paintRoles(&$asset, &$o, $prefix)
593  {
594  $write_access = $asset->adminAccess('roles');
595  $string_code_suffix = ($asset instanceof User_Group) ? 'group' : 'user';
596 
597  $o->openSection(translate('role_directly_assigned_section_'.$string_code_suffix));
598  $o->openRaw();
599 
600  if (SQ_CONF_ENABLE_ROLES_PERM_SYSTEM == '0' && SQ_CONF_ENABLE_ROLES_WF_SYSTEM == '0') {
601  echo translate('roles_system_disabled');
602  } else {
603  $roles = $GLOBALS['SQ_SYSTEM']->am->getRole(NULL, NULL, $asset->id, TRUE, FALSE, FALSE, FALSE);
604  if (empty($roles)) {
605  echo translate('no_roles_set');
606  } else {
607  $this->_printRoleTable($prefix, 'direct', $roles, $write_access);
608  if ($write_access) {
609  echo translate('role_new_user').': ';
610  echo asset_finder($prefix.'_reassignee', 0, Array('user' => 'D', 'user_group' => 'D'));
611  }
612  }
613  }
614 
615  $o->closeRaw();
616  $o->closeSection();
617 
618  $group_descendants = $GLOBALS['SQ_SYSTEM']->am->getTypeDescendants('user_group', TRUE);
619  $group_descendants = array_diff($group_descendants, Array('role'));
620 
621  $parents = $GLOBALS['SQ_SYSTEM']->am->getParents($asset->id);
622 
623  $roles = Array();
624  $parent_groups = Array();
625  foreach ($parents as $assetid => $type_code) {
626  if (in_array($type_code, $group_descendants)) {
627  $roles += $GLOBALS['SQ_SYSTEM']->am->getRole(NULL, NULL, $assetid, TRUE, FALSE, FALSE, FALSE);
628  $normal_role = $GLOBALS['SQ_SYSTEM']->am->getRole(NULL, NULL, $assetid, TRUE, FALSE, FALSE, FALSE);
629  foreach ($normal_role as $roleid => $userids) {
630  foreach ($userids as $userid => $assetids) {
631  foreach ($assetids as $assetid) {
632  $roles[$roleid][$userid][] = $assetid;
633  $roles[$roleid][$userid] = array_unique($roles[$roleid][$userid]);
634  }
635  }
636  }
637  } else {
638  $global_role = $GLOBALS['SQ_SYSTEM']->am->getRole(NULL, $assetid, 0, TRUE, FALSE, FALSE, FALSE);
639  foreach ($global_role as $roleid => $userids) {
640  foreach ($userids[0] as $assetid) {
641  $roles[$roleid][$roleid][] = $assetid;
642  $roles[$roleid][$roleid] = array_unique($roles[$roleid][$roleid]);
643  }
644  }
645  }
646  }
647 
648  if (!empty($roles)) {
649  $o->openSection(translate('role_indirectly_assigned_section_'.$string_code_suffix));
650  $o->openRaw();
651  $this->_printRoleTable($prefix, 'indirect', $roles, FALSE, TRUE);
652  $o->closeRaw();
653  $o->closeSection();
654  }
655 
656  return $write_access;
657 
658  }//end paintRoles()
659 
660 
671  function processRoles(&$asset, &$o, $prefix)
672  {
673  $reassignee = 0;
674  if (isset($_REQUEST[$prefix.'_reassignee'])) {
675  $reassignee = array_get_index($_REQUEST[$prefix.'_reassignee'], 'assetid', 0);
676  }
677 
678  if (!$reassignee) return;
679 
680  $am = $GLOBALS['SQ_SYSTEM']->am;
681 
682  $roles = $GLOBALS['SQ_SYSTEM']->am->getRole(NULL, NULL, $asset->id, TRUE);
683  $reassign_assetids = array_get_index($_REQUEST, $prefix.'_reassign', Array());
684 
685  $role_vars = Array();
686  foreach ($roles as $roleid => $userids) {
687  foreach ($userids as $userid => $assetids) {
688  $changes = array_intersect($reassign_assetids, $assetids);
689  if (!empty($changes)) {
690  $role_vars['add'][$roleid][] = $reassignee;
691  $role_vars['delete'][$roleid][] = $userid;
692  }
693  }
694  }
695 
696  if (!empty($reassign_assetids)) {
697  $hh = $GLOBALS['SQ_SYSTEM']->getHipoHerder();
698 
699  $vars = Array(
700  'assets' => $am->getAssetInfo($reassign_assetids, Array(), FALSE, 'type_code'),
701  'role_changes' => $role_vars,
702  'dependants_only' => TRUE,
703  );
704 
705  $hh->queueHipo('hipo_job_edit_roles', $vars);
706  }
707 
708  return TRUE;
709 
710  }//end processRoles()
711 
712 
713 }//end class
714 
715 ?>