Xibo

Merge lp:~dangarner/xibo/110-server into lp:~xibo-maintainers/xibo/encke

  1. 110-server
  2. Merge into encke
Proposed by Dan Garner
Status: Merged
Merged at revision: not available
Proposed branch: lp:~dangarner/xibo/110-server
Merge into: lp:~xibo-maintainers/xibo/encke
Diff against target: 1753 lines (+962/-426)
11 files modified
server/install/database/20.php (+41/-0)
server/install/database/20.sql (+25/-0)
server/install/database/21.sql (+5/-0)
server/lib/data/usergroup.data.class.php (+259/-0)
server/lib/include.php (+9/-2)
server/lib/js/group.js (+27/-1)
server/lib/pages/displaygroup.class.php (+3/-3)
server/lib/pages/group.class.php (+173/-33)
server/lib/pages/schedule.class.php (+2/-1)
server/lib/pages/user.class.php (+352/-345)
server/modules/module_user_general.php (+66/-41)
To merge this branch: bzr merge lp:~dangarner/xibo/110-server
Reviewer Review Type Date Requested Status
Xibo Maintainters Pending
Review via email: mp+16620@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'server/install/database/20.php'
2--- server/install/database/20.php 2009-10-14 18:15:10 +0000
3+++ server/install/database/20.php 2009-12-28 14:14:15 +0000
4@@ -36,6 +36,9 @@
5 // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs
6 $this->UpdateSchedules();
7
8+ // Create groups for all current users
9+ $this->UpdateUserGroups();
10+
11 return true;
12 }
13
14@@ -129,5 +132,43 @@
15 }
16 }
17 }
18+
19+ /**
20+ * We need to update the user groups
21+ */
22+ private function UpdateUserGroups()
23+ {
24+ $db =& $this->db;
25+
26+ // Get all the current users in the system
27+ $SQL = "SELECT UserID, groupID, UserName FROM `user`";
28+
29+ if (!$result = $db->query($SQL))
30+ {
31+ trigger_error("Error creating user groups", E_USER_ERROR);
32+ }
33+
34+ while ($row = $db->get_assoc_row($result))
35+ {
36+ // For each display create a display group and link it to the display
37+ $ugid = 0;
38+ $userID = Kit::ValidateParam($row['UserID'], _INT);
39+ $groupID = Kit::ValidateParam($row['groupID'], _INT);
40+ $username = Kit::ValidateParam($row['UserName'], _STRING);
41+
42+ $ug = new UserGroup($db);
43+
44+ // For each one create a user specific group
45+ if (!$ugId = $ug->Add($username, 1))
46+ {
47+ trigger_error("Error creating user groups", E_USER_ERROR);
48+ }
49+
50+ // Link to the users own userspecific group and also to the one they were already on
51+ $ug->Link($ugId, $userID);
52+
53+ $ug->Link($groupID, $userID);
54+ }
55+ }
56 }
57 ?>
58\ No newline at end of file
59
60=== modified file 'server/install/database/20.sql'
61--- server/install/database/20.sql 2009-10-09 20:28:23 +0000
62+++ server/install/database/20.sql 2009-12-28 14:14:15 +0000
63@@ -147,6 +147,31 @@
64 ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`;
65 ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`;
66
67+
68+/* Users and Groups */
69+CREATE TABLE IF NOT EXISTS `lkusergroup` (
70+ `LkUserGroupID` int(11) NOT NULL auto_increment,
71+ `GroupID` int(11) NOT NULL,
72+ `UserID` int(11) NOT NULL,
73+ PRIMARY KEY (`LkUserGroupID`),
74+ KEY `GroupID` (`GroupID`),
75+ KEY `UserID` (`UserID`)
76+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
77+
78+/* Add the user specific flag to groups */
79+ALTER TABLE `group` ADD `IsUserSpecific` TINYINT NOT NULL DEFAULT '0';
80+
81+
82+/* Add contraints to the new table */
83+ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `GroupID` ) REFERENCES `group` (
84+`groupID`
85+);
86+
87+ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `UserID` ) REFERENCES `user` (
88+`UserID`
89+);
90+
91+
92 /* VERSION UPDATE */
93 /* Set the version table, etc */
94 UPDATE `version` SET `app_ver` = '1.1.0';
95
96=== modified file 'server/install/database/21.sql'
97--- server/install/database/21.sql 2009-10-28 21:28:04 +0000
98+++ server/install/database/21.sql 2009-12-28 14:14:15 +0000
99@@ -8,6 +8,11 @@
100 /* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */
101 ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
102
103+/* Remove the groupID from the user record. */
104+ALTER TABLE `user` DROP FOREIGN KEY `user_ibfk_3` ;
105+
106+ALTER TABLE `user` DROP `groupID` ;
107+
108 /* VERSION UPDATE */
109 /* Set the version table, etc */
110 UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE';
111
112=== added file 'server/lib/data/usergroup.data.class.php'
113--- server/lib/data/usergroup.data.class.php 1970-01-01 00:00:00 +0000
114+++ server/lib/data/usergroup.data.class.php 2009-12-28 14:14:15 +0000
115@@ -0,0 +1,259 @@
116+<?php
117+/*
118+ * Xibo - Digitial Signage - http://www.xibo.org.uk
119+ * Copyright (C) 2009 Daniel Garner
120+ *
121+ * This file is part of Xibo.
122+ *
123+ * Xibo is free software: you can redistribute it and/or modify
124+ * it under the terms of the GNU Affero General Public License as published by
125+ * the Free Software Foundation, either version 3 of the License, or
126+ * any later version.
127+ *
128+ * Xibo is distributed in the hope that it will be useful,
129+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
130+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
131+ * GNU Affero General Public License for more details.
132+ *
133+ * You should have received a copy of the GNU Affero General Public License
134+ * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
135+ */
136+defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
137+
138+class UserGroup extends Data
139+{
140+ public function __construct(database $db)
141+ {
142+ parent::__construct($db);
143+ }
144+
145+ /**
146+ * Adds a User Group to Xibo
147+ * @return
148+ * @param $UserGroup Object
149+ * @param $isDisplaySpecific Object
150+ * @param $description Object[optional]
151+ */
152+ public function Add($group, $isUserSpecific)
153+ {
154+ $db =& $this->db;
155+
156+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Add');
157+
158+ // Create the SQL
159+ $SQL = "";
160+ $SQL .= "INSERT ";
161+ $SQL .= "INTO `group` ";
162+ $SQL .= " ( ";
163+ $SQL .= " `group` , ";
164+ $SQL .= " IsUserSpecific ";
165+ $SQL .= " ) ";
166+ $SQL .= " VALUES ";
167+ $SQL .= " ( ";
168+ $SQL .= sprintf(" '%s', ", $db->escape_string($group));
169+ $SQL .= sprintf(" %d ", $isUserSpecific);
170+ $SQL .= " )";
171+
172+ if (!$groupID = $db->insert_query($SQL))
173+ {
174+ trigger_error($db->error());
175+ $this->SetError(25000, __('Could not add User Group'));
176+
177+ return false;
178+ }
179+
180+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Add');
181+
182+ return $groupID;
183+ }
184+
185+ /**
186+ * Edits an existing Xibo Display Group
187+ * @return
188+ * @param $userGroupID Object
189+ * @param $UserGroup Object
190+ */
191+ public function Edit($userGroupID, $userGroup)
192+ {
193+ $db =& $this->db;
194+
195+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Edit');
196+
197+ // Create the SQL
198+ $SQL = "";
199+ $SQL .= "UPDATE `group` ";
200+ $SQL .= sprintf("SET `group` = '%s' ", $db->escape_string($userGroup));
201+ $SQL .= sprintf("WHERE GroupID = %d", $userGroupID);
202+
203+ if (!$db->query($SQL))
204+ {
205+ trigger_error($db->error());
206+ $this->SetError(25005, __('Could not edit User Group'));
207+
208+ return false;
209+ }
210+
211+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Edit');
212+
213+ return true;
214+ }
215+
216+ /**
217+ * Deletes an Xibo User Group
218+ * @return
219+ * @param $userGroupID Object
220+ */
221+ public function Delete($userGroupID)
222+ {
223+ $db =& $this->db;
224+
225+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Delete');
226+
227+ $SQL = sprintf("DELETE FROM `group` WHERE GroupID = %d", $userGroupID);
228+
229+ Debug::LogEntry($db, 'audit', $SQL);
230+
231+ if (!$db->query($SQL))
232+ {
233+ trigger_error($db->error());
234+ $this->SetError(25015,__('Unable to delete User Group.'));
235+ return false;
236+ }
237+
238+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Delete');
239+
240+ return true;
241+ }
242+
243+ /**
244+ * Links a User to a User Group
245+ * @return
246+ * @param $userGroupID Object
247+ * @param $userID Object
248+ */
249+ public function Link($userGroupID, $userID)
250+ {
251+ $db =& $this->db;
252+
253+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Link');
254+
255+ $SQL = "";
256+ $SQL .= "INSERT ";
257+ $SQL .= "INTO lkusergroup ";
258+ $SQL .= " ( ";
259+ $SQL .= " GroupID, ";
260+ $SQL .= " UserID ";
261+ $SQL .= " ) ";
262+ $SQL .= " VALUES ";
263+ $SQL .= " ( ";
264+ $SQL .= sprintf(" %d, %d ", $userGroupID, $userID);
265+ $SQL .= " )";
266+
267+ if (!$db->query($SQL))
268+ {
269+ trigger_error($db->error());
270+ $this->SetError(25005, __('Could not Link User Group to User'));
271+
272+ return false;
273+ }
274+
275+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Link');
276+
277+ return true;
278+ }
279+
280+ /**
281+ * Unlinks a Display from a Display Group
282+ * @return
283+ * @param $userGroupID Object
284+ * @param $userID Object
285+ */
286+ public function Unlink($userGroupID, $userID)
287+ {
288+ $db =& $this->db;
289+
290+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Unlink');
291+
292+ $SQL = "";
293+ $SQL .= "DELETE FROM ";
294+ $SQL .= " lkusergroup ";
295+ $SQL .= sprintf(" WHERE GroupID = %d AND UserID = %d ", $userGroupID, $userID);
296+
297+ if (!$db->query($SQL))
298+ {
299+ trigger_error($db->error());
300+ $this->SetError(25007, __('Could not Unlink User from User Group'));
301+
302+ return false;
303+ }
304+
305+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Unlink');
306+
307+ return true;
308+ }
309+
310+ /**
311+ * Edits the User Group associated with a User
312+ * @return
313+ * @param $userID Object
314+ * @param $userName Object
315+ */
316+ public function EditUserGroup($userID, $userName)
317+ {
318+ $db =& $this->db;
319+
320+ Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'EditUserGroup');
321+
322+ // Get the UserGroupID for this UserID
323+ $SQL = "";
324+ $SQL .= "SELECT `group`.GroupID ";
325+ $SQL .= "FROM `group` ";
326+ $SQL .= " INNER JOIN lkusergroup ";
327+ $SQL .= " ON lkusergroup.GroupID = `group`.groupID ";
328+ $SQL .= "WHERE `group`.IsUserSpecific = 1 ";
329+ $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userID);
330+
331+ if (!$result = $db->query($SQL))
332+ {
333+ trigger_error($db->error());
334+ $this->SetError(25005, __('Unable to get the UserGroup for this User.'));
335+
336+ return false;
337+ }
338+
339+ $row = $db->get_assoc_row($result);
340+ $userGroupID = $row['GroupID'];
341+
342+ if ($userGroupID == '')
343+ {
344+ // We should always have 1 display specific UserGroup for a display.
345+ // Do we a) Error here and give up?
346+ // b) Create one and link it up?
347+ // $this->SetError(25006, __('Unable to get the UserGroup for this Display'));
348+
349+ if (!$userGroupID = $this->Add($userName, 1))
350+ {
351+ $this->SetError(25001, __('Could not add a user group for this user.'));
352+
353+ return false;
354+ }
355+
356+ // Link the Two together
357+ if (!$this->Link($userGroupID, $userID))
358+ {
359+ $this->SetError(25001, __('Could not link the new user with its group.'));
360+
361+ return false;
362+ }
363+ }
364+ else
365+ {
366+ if (!$this->Edit($userGroupID, $userName)) return false;
367+ }
368+
369+ Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'EditUserGroup');
370+
371+ return true;
372+ }
373+}
374+?>
375\ No newline at end of file
376
377=== modified file 'server/lib/include.php'
378--- server/lib/include.php 2009-05-16 18:40:19 +0000
379+++ server/lib/include.php 2009-12-28 14:14:15 +0000
380@@ -88,8 +88,15 @@
381 // create a database class instance
382 $db = new database();
383
384-if (!$db->connect_db($dbhost, $dbuser, $dbpass)) trigger_error($db->error(), E_USER_WARNING);
385-if (!$db->select_db($dbname)) trigger_error($db->error(), E_USER_WARNING);
386+if (!$db->connect_db($dbhost, $dbuser, $dbpass))
387+{
388+ die('Xibo has a database connection problem.');
389+}
390+
391+if (!$db->select_db($dbname))
392+{
393+ die('Xibo has a database connection problem.');
394+}
395
396 date_default_timezone_set(Config::GetSetting($db, "defaultTimezone"));
397
398
399=== modified file 'server/lib/js/group.js'
400--- server/lib/js/group.js 2009-01-04 12:59:11 +0000
401+++ server/lib/js/group.js 2009-12-28 14:14:15 +0000
402@@ -1,6 +1,6 @@
403 /*
404 * Xibo - Digitial Signage - http://www.xibo.org.uk
405- * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer
406+ * Copyright (C) 2009 Daniel Garner
407 *
408 * This file is part of Xibo.
409 *
410@@ -17,3 +17,29 @@
411 * You should have received a copy of the GNU Affero General Public License
412 * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
413 */
414+function ManageMembersCallBack()
415+{
416+ $("#usersIn, #usersOut").sortable({
417+ connectWith: '.connectedSortable',
418+ dropOnEmpty: true
419+ }).disableSelection();
420+}
421+
422+function MembersSubmit() {
423+ // Serialise the form and then submit it via Ajax.
424+ var href = $("#usersIn").attr('href') + "&ajax=true";
425+
426+ // Get the two lists
427+ serializedData = $("#usersIn").sortable('serialize');
428+
429+ $.ajax({
430+ type: "post",
431+ url: href,
432+ cache: false,
433+ dataType: "json",
434+ data: serializedData,
435+ success: XiboSubmitResponse
436+ });
437+
438+ return;
439+}
440\ No newline at end of file
441
442=== modified file 'server/lib/pages/displaygroup.class.php'
443--- server/lib/pages/displaygroup.class.php 2009-09-17 22:42:36 +0000
444+++ server/lib/pages/displaygroup.class.php 2009-12-28 14:14:15 +0000
445@@ -321,7 +321,7 @@
446 if(!$resultIn = $db->query($SQL))
447 {
448 trigger_error($db->error());
449- trigger_error(__('Error getting Displays'));
450+ trigger_error(__('Error getting Displays'), E_USER_ERROR);
451 }
452
453 // Displays not in group
454@@ -340,7 +340,7 @@
455 if(!$resultOut = $db->query($SQL))
456 {
457 trigger_error($db->error());
458- trigger_error(__('Error getting Displays'));
459+ trigger_error(__('Error getting Displays'), E_USER_ERROR);
460 }
461
462 // Now we have an IN and an OUT results object which we can use to build our lists
463@@ -598,7 +598,7 @@
464 if(!$resultIn = $db->query($SQL))
465 {
466 trigger_error($db->error());
467- trigger_error(__('Error getting Displays'));
468+ trigger_error(__('Error getting Displays'), E_USER_ERROR);
469 }
470
471 while($row = $db->get_assoc_row($resultIn))
472
473=== modified file 'server/lib/pages/group.class.php'
474--- server/lib/pages/group.class.php 2009-07-10 19:45:55 +0000
475+++ server/lib/pages/group.class.php 2009-12-28 14:14:15 +0000
476@@ -1,7 +1,7 @@
477 <?php
478 /*
479 * Xibo - Digitial Signage - http://www.xibo.org.uk
480- * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer
481+ * Copyright (C) 2006,2007,2008,2009 Daniel Garner and James Packer
482 *
483 * This file is part of Xibo.
484 *
485@@ -25,7 +25,6 @@
486 private $db;
487 private $user;
488 private $isadmin = false;
489- private $has_permissions = true;
490
491 private $sub_page = "";
492
493@@ -33,9 +32,6 @@
494 private $groupid;
495 private $group = "";
496
497- //lkpage group
498- private $lkpagegroupid;
499- private $pageid;
500
501 //init
502 function __construct(database $db, user $user)
503@@ -72,6 +68,9 @@
504
505 $this->group = $aRow['Group'];
506 }
507+
508+ // Include the group data classes
509+ include_once('lib/data/usergroup.data.class.php');
510 }
511
512 function on_page_load()
513@@ -146,7 +145,7 @@
514 SELECT group.group,
515 group.groupID
516 FROM `group`
517- WHERE 1 = 1
518+ WHERE IsUserSpecific = 0
519 END;
520 if ($filter_name != '')
521 {
522@@ -166,6 +165,7 @@
523 $msgName = __('Name');
524 $msgAction = __('Action');
525 $msgEdit = __('Edit');
526+ $msgMembers = __('Group Members');
527 $msgPageSec = __('Page Security');
528 $msgMenuSec = __('Menu Security');
529 $msgDispSec = __('Display Security');
530@@ -200,9 +200,9 @@
531 {
532 $buttons = <<<END
533 <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button>
534+ <button class="XiboFormButton" href="index.php?p=group&q=MembersForm&groupid=$groupid"><span>$msgMembers</span></button>
535 <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button>
536 <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button>
537- <button class="XiboFormButton" href="index.php?p=group&q=DisplayGroupSecurityForm&groupid=$groupid"><span>$msgDispSec</span></button>
538 <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button>
539 END;
540 }
541@@ -471,32 +471,27 @@
542 */
543 function add()
544 {
545- $db =& $this->db;
546- $group = Kit::GetParam('group', _POST, _STRING);
547- $userid = $_SESSION['userid'];
548-
549- //check on required fields
550- if ($group == "")
551- {
552- Kit::Redirect(array('success'=>false, 'message' => __('Group Name cannot be empty.')));
553- }
554-
555- //add the group record
556- $SQL = "INSERT INTO `group` (`group`) ";
557- $SQL .= sprintf(" VALUES ('%s') ", $db->escape_string($group));
558-
559- if (!$db->query($SQL))
560- {
561- trigger_error($db->error());
562- Kit::Redirect(array('success'=>false, 'message' => __('Error adding a new group.')));
563- }
564-
565- // Construct the Response
566- $response = array();
567- $response['success'] = true;
568- $response['message'] = __('Added the Group');
569-
570- Kit::Redirect($response);
571+ $db =& $this->db;
572+ $response = new ResponseManager();
573+
574+ $group = Kit::GetParam('group', _POST, _STRING);
575+ $userid = $_SESSION['userid'];
576+
577+ //check on required fields
578+ if ($group == '')
579+ {
580+ trigger_error(__('Group Name cannot be empty.'), E_USER_ERROR);
581+ }
582+
583+ $userGroupObject = new UserGroup($db);
584+
585+ if (!$userGroupObject->Add($group, 0))
586+ {
587+ trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
588+ }
589+
590+ $response->SetFormSubmitResponse(__('Added the Group'), false);
591+ $response->Respond();
592 }
593
594 /**
595@@ -828,5 +823,150 @@
596
597 Kit::Redirect($response);
598 }
599+
600+ /**
601+ * Shows the Members of a Group
602+ */
603+ public function MembersForm()
604+ {
605+ $db =& $this->db;
606+ $response = new ResponseManager();
607+ $groupID = Kit::GetParam('groupid', _REQUEST, _INT);
608+
609+ // There needs to be two lists here.
610+
611+ // Users in group
612+ $SQL = "";
613+ $SQL .= "SELECT user.UserID, ";
614+ $SQL .= " user.UserName ";
615+ $SQL .= "FROM `user` ";
616+ $SQL .= " INNER JOIN lkusergroup ";
617+ $SQL .= " ON lkusergroup.UserID = user.UserID ";
618+ $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
619+
620+ if(!$resultIn = $db->query($SQL))
621+ {
622+ trigger_error($db->error());
623+ trigger_error(__('Error getting Groups'), E_USER_ERROR);
624+ }
625+
626+ // Users not in group
627+ $SQL = "";
628+ $SQL .= "SELECT user.UserID, ";
629+ $SQL .= " user.UserName ";
630+ $SQL .= "FROM `user` ";
631+ $SQL .= " WHERE user.UserID NOT IN ( ";
632+ $SQL .= " SELECT user.UserID ";
633+ $SQL .= " FROM `user` ";
634+ $SQL .= " INNER JOIN lkusergroup ";
635+ $SQL .= " ON lkusergroup.UserID = user.UserID ";
636+ $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
637+ $SQL .= " )";
638+
639+ if(!$resultOut = $db->query($SQL))
640+ {
641+ trigger_error($db->error());
642+ trigger_error(__('Error getting Users'), E_USER_ERROR);
643+ }
644+
645+ // Now we have an IN and an OUT results object which we can use to build our lists
646+ $listIn = '<ul id="usersIn" href="index.php?p=group&q=SetMembers&GroupID=' . $groupID . '" class="connectedSortable">';
647+
648+ while($row = $db->get_assoc_row($resultIn))
649+ {
650+ // For each item output a LI
651+ $userID = Kit::ValidateParam($row['UserID'], _INT);
652+ $userName = Kit::ValidateParam($row['UserName'], _STRING);
653+
654+ $listIn .= '<li id="UserID_' . $userID . '"class="li-sortable">' . $userName . '</li>';
655+ }
656+ $listIn .= '</ul>';
657+
658+ $listOut = '<ul id="usersOut" class="connectedSortable">';
659+
660+ while($row = $db->get_assoc_row($resultOut))
661+ {
662+ // For each item output a LI
663+ $userID = Kit::ValidateParam($row['UserID'], _INT);
664+ $userName = Kit::ValidateParam($row['UserName'], _STRING);
665+
666+ $listOut .= '<li id="UserID_' . $userID . '" class="li-sortable">' . $userName . '</li>';
667+ }
668+ $listOut .= '</ul>';
669+
670+ // Build the final form.
671+ $form = '<div class="connectedlist"><h3>Members</h3>' . $listIn . '</div><div class="connectedlist"><h3>Non-members</h3>' . $listOut . '</div>';
672+
673+ $response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'ManageMembersCallBack');
674+ $response->AddButton(__('Help'), "XiboHelpRender('index.php?p=help&q=Display&Topic=Users&Category=Groups')");
675+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
676+ $response->AddButton(__('Save'), 'MembersSubmit()');
677+ $response->Respond();
678+ }
679+
680+ /**
681+ * Sets the Members of a group
682+ * @return
683+ */
684+ public function SetMembers()
685+ {
686+ $db =& $this->db;
687+ $response = new ResponseManager();
688+ $groupObject = new UserGroup($db);
689+
690+ $groupID = Kit::GetParam('GroupID', _REQUEST, _INT);
691+ $users = Kit::GetParam('UserID', _POST, _ARRAY, array());
692+ $members = array();
693+
694+ // Users in group
695+ $SQL = "";
696+ $SQL .= "SELECT user.UserID, ";
697+ $SQL .= " user.UserName ";
698+ $SQL .= "FROM `user` ";
699+ $SQL .= " INNER JOIN lkusergroup ";
700+ $SQL .= " ON lkusergroup.UserID = user.UserID ";
701+ $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
702+
703+ if(!$resultIn = $db->query($SQL))
704+ {
705+ trigger_error($db->error());
706+ trigger_error(__('Error getting Users'));
707+ }
708+
709+ while($row = $db->get_assoc_row($resultIn))
710+ {
711+ // Test whether this ID is in the array or not
712+ $userID = Kit::ValidateParam($row['UserID'], _INT);
713+
714+ if(!in_array($userID, $users))
715+ {
716+ // Its currently assigned but not in the $displays array
717+ // so we unassign
718+ if (!$groupObject->Unlink($groupID, $userID))
719+ {
720+ trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
721+ }
722+ }
723+ else
724+ {
725+ $members[] = $userID;
726+ }
727+ }
728+
729+ foreach($users as $userID)
730+ {
731+ // Add any that are missing
732+ if(!in_array($userID, $members))
733+ {
734+ if (!$groupObject->Link($groupID, $userID))
735+ {
736+ trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
737+ }
738+ }
739+ }
740+
741+ $response->SetFormSubmitResponse(__('Group membership set'), false);
742+ $response->Respond();
743+ }
744 }
745 ?>
746\ No newline at end of file
747
748=== modified file 'server/lib/pages/schedule.class.php'
749--- server/lib/pages/schedule.class.php 2009-10-28 20:03:37 +0000
750+++ server/lib/pages/schedule.class.php 2009-12-28 14:14:15 +0000
751@@ -1073,6 +1073,7 @@
752
753 $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y')));
754 $dateText = date("d/m/Y", $date);
755+ $hiddenDateText = date("m/d/Y", $date);
756 $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY);
757
758 // need to do some user checking here
759@@ -1087,7 +1088,7 @@
760
761 $form = <<<END
762 <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post">
763- <input type="hidden" id="fromdt" name="fromdt" value="" />
764+ <input type="hidden" id="fromdt" name="fromdt" value="$hiddenDateText" />
765 <input type="hidden" id="todt" name="todt" value="" />
766 <input type="hidden" id="rectodt" name="rectodt" value="" />
767 <table style="width:100%;">
768
769=== modified file 'server/lib/pages/user.class.php'
770--- server/lib/pages/user.class.php 2009-10-28 21:28:04 +0000
771+++ server/lib/pages/user.class.php 2009-12-28 14:14:15 +0000
772@@ -26,15 +26,6 @@
773 private $user;
774 private $sub_page;
775
776- //database fields
777- private $userid;
778- private $username;
779- private $password;
780- private $usertypeid;
781- private $email;
782- private $homepage;
783- private $groupid;
784-
785 /**
786 * Contructor
787 *
788@@ -43,33 +34,11 @@
789 */
790 function __construct(database $db, user $user)
791 {
792- $this->db =& $db;
793- $this->user =& $user;
794-
795- $this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view');
796- $userid = Kit::GetParam('userID', _REQUEST, _INT, 0);
797-
798- if($userid != 0)
799- {
800- $this->sub_page = "edit";
801-
802- $this->userid = $userid;
803-
804- $sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user";
805- $sql .= sprintf(" WHERE userID = %d", $userid);
806-
807- if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR);
808-
809- while($aRow = $db->get_row($results))
810- {
811- $this->username = Kit::ValidateParam($aRow[0], _USERNAME);
812- $this->password = Kit::ValidateParam($aRow[1], _PASSWORD);
813- $this->usertypeid = Kit::ValidateParam($aRow[2], _INT);
814- $this->email = Kit::ValidateParam($aRow[3], _STRING);
815- $this->groupid = Kit::ValidateParam($aRow[4], _INT);
816- $this->homepage = Kit::ValidateParam($aRow[5], _STRING);
817- }
818- }
819+ $this->db =& $db;
820+ $this->user =& $user;
821+
822+ // Include the group data classes
823+ include_once('lib/data/usergroup.data.class.php');
824 }
825
826 function on_page_load()
827@@ -90,61 +59,77 @@
828 */
829 function AddUser ()
830 {
831- $db =& $this->db;
832- $response = new ResponseManager();
833-
834- $user = Kit::GetParam('username', _POST, _USERNAME);
835- $password = md5(Kit::GetParam('password', _POST, _USERNAME));
836- $usertypeid = Kit::GetParam('usertypeid', _POST, _INT);
837- $email = Kit::GetParam('email', _POST, _STRING);
838- $groupid = Kit::GetParam('groupid', _POST, _INT);
839-
840- // Construct the Homepage
841- $homepage = "dashboard";
842-
843- // Validation
844- if ($user=="")
845- {
846- trigger_error("Please enter a User Name.", E_USER_ERROR);
847- }
848- if ($password=="")
849- {
850- trigger_error("Please enter a Password.", E_USER_ERROR);
851- }
852- if ($email == "")
853- {
854- trigger_error("Please enter an Email Address.", E_USER_ERROR);
855- }
856-
857- if ($homepage == "") $homepage = "dashboard";
858-
859- //Check for duplicate user name
860- $sqlcheck = " ";
861- $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user));
862-
863- if(!$sqlcheckresult = $db->query($sqlcheck))
864- {
865- trigger_error($db->error());
866- trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
867- }
868-
869- if($db->num_rows($sqlcheckresult) != 0)
870- {
871- trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
872- }
873-
874- //Ready to enter the user into the database
875- $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)";
876- $query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)";
877-
878- if(!$id = $db->insert_query($query))
879- {
880- trigger_error($db->error());
881- trigger_error("Error adding that user", E_USER_ERROR);
882- }
883-
884- $response->SetFormSubmitResponse('User Saved.');
885- $response->Respond();
886+ $db =& $this->db;
887+ $response = new ResponseManager();
888+
889+ $username = Kit::GetParam('username', _POST, _STRING);
890+ $password = Kit::GetParam('password', _POST, _STRING);
891+ $password = md5($password);
892+ $email = Kit::GetParam('email', _POST, _STRING);
893+ $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
894+ $homepage = Kit::GetParam('homepage', _POST, _STRING);
895+ $pass_change = isset($_POST['pass_change']);
896+
897+ // Construct the Homepage
898+ $homepage = "dashboard";
899+
900+ // Validation
901+ if ($username=="")
902+ {
903+ trigger_error("Please enter a User Name.", E_USER_ERROR);
904+ }
905+ if ($password=="")
906+ {
907+ trigger_error("Please enter a Password.", E_USER_ERROR);
908+ }
909+ if ($email == "")
910+ {
911+ trigger_error("Please enter an Email Address.", E_USER_ERROR);
912+ }
913+
914+ if ($homepage == "") $homepage = "dashboard";
915+
916+ //Check for duplicate user name
917+ $sqlcheck = " ";
918+ $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($username));
919+
920+ if(!$sqlcheckresult = $db->query($sqlcheck))
921+ {
922+ trigger_error($db->error());
923+ trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
924+ }
925+
926+ if($db->num_rows($sqlcheckresult) != 0)
927+ {
928+ trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
929+ }
930+
931+ //Ready to enter the user into the database
932+ $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)";
933+ $query .= " VALUES ('$username', '$password', $usertypeid, '$email', '$homepage')";
934+
935+ if(!$id = $db->insert_query($query))
936+ {
937+ trigger_error($db->error());
938+ trigger_error("Error adding that user", E_USER_ERROR);
939+ }
940+
941+ // Add the user group
942+ $userGroupObject = new UserGroup($db);
943+
944+ if (!$groupID = $userGroupObject->Add($username, 1))
945+ {
946+ // We really want to delete the new user...
947+ //TODO: Delete the new user
948+
949+ // And then error
950+ trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
951+ }
952+
953+ $userGroupObject->Link($groupID, $id);
954+
955+ $response->SetFormSubmitResponse('User Saved.');
956+ $response->Respond();
957 }
958
959 /**
960@@ -154,79 +139,90 @@
961 */
962 function EditUser()
963 {
964- $db =& $this->db;
965- $response = new ResponseManager();
966-
967- $error = "";
968-
969- $userID = Kit::GetParam('userid', _POST, _INT, 0);
970- $username = $_POST['username'];
971- $password = md5($_POST['password']);
972- $email = $_POST['email'];
973- $usertypeid = $_POST['usertypeid'];
974- $homepage = $_POST['homepage'];
975- $groupid = $_POST['groupid'];
976- $pass_change = isset($_POST['pass_change']);
977-
978- // Validation
979- if ($username == "")
980- {
981- trigger_error("Please enter a User Name.", E_USER_ERROR);
982- }
983- if ($password == "")
984- {
985- trigger_error("Please enter a Password.", E_USER_ERROR);
986- }
987- if ($email == "")
988- {
989- trigger_error("Please enter an Email Address.", E_USER_ERROR);
990- }
991-
992- if ($homepage == "") $homepage = "dashboard";
993-
994- //Check for duplicate user name
995- $sqlcheck = " ";
996- $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";
997-
998- if (!$sqlcheckresult = $db->query($sqlcheck))
999- {
1000- trigger_error($db->error());
1001- trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
1002- }
1003-
1004- if ($db->num_rows($sqlcheckresult) != 0)
1005- {
1006- trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
1007- }
1008-
1009- //Everything is ok - run the update
1010- $sql = "UPDATE user SET UserName = '$username'";
1011- if ($pass_change)
1012- {
1013- $sql .= ", UserPassword = '$password'";
1014- }
1015-
1016- $sql .= ", email = '$email' ";
1017- if ($homepage == 'dashboard')
1018- {
1019- //acts as a reset
1020- $sql .= ", homepage='$homepage' ";
1021- }
1022-
1023- if ($usertypeid != "")
1024- {
1025- $sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid ";
1026- }
1027- $sql .= " WHERE UserID = ". $userID . "";
1028-
1029- if (!$db->query($sql))
1030- {
1031- trigger_error($db->error());
1032- trigger_error("Error updating that user", E_USER_ERROR);
1033- }
1034-
1035- $response->SetFormSubmitResponse('User Saved.');
1036- $response->Respond();
1037+ $db =& $this->db;
1038+ $response = new ResponseManager();
1039+
1040+ $userID = Kit::GetParam('userid', _POST, _INT, 0);
1041+ $username = Kit::GetParam('username', _POST, _STRING);
1042+ $password = Kit::GetParam('password', _POST, _STRING);
1043+ $password = md5($password);
1044+ $email = Kit::GetParam('email', _POST, _STRING);
1045+ $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
1046+ $homepage = Kit::GetParam('homepage', _POST, _STRING);
1047+ $pass_change = isset($_POST['pass_change']);
1048+
1049+ // Validation
1050+ if ($username == "")
1051+ {
1052+ trigger_error("Please enter a User Name.", E_USER_ERROR);
1053+ }
1054+ if ($password == "")
1055+ {
1056+ trigger_error("Please enter a Password.", E_USER_ERROR);
1057+ }
1058+ if ($email == "")
1059+ {
1060+ trigger_error("Please enter an Email Address.", E_USER_ERROR);
1061+ }
1062+
1063+ if ($homepage == "") $homepage = "dashboard";
1064+
1065+ //Check for duplicate user name
1066+ $sqlcheck = " ";
1067+ $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";
1068+
1069+ if (!$sqlcheckresult = $db->query($sqlcheck))
1070+ {
1071+ trigger_error($db->error());
1072+ trigger_error(__("Cant get this user's name. Please try another."), E_USER_ERROR);
1073+ }
1074+
1075+ if ($db->num_rows($sqlcheckresult) != 0)
1076+ {
1077+ trigger_error(__("Could Not Complete, Duplicate User Name Exists"), E_USER_ERROR);
1078+ }
1079+
1080+ //Everything is ok - run the update
1081+ $sql = "UPDATE user SET UserName = '$username'";
1082+ if ($pass_change)
1083+ {
1084+ $sql .= ", UserPassword = '$password'";
1085+ }
1086+
1087+ $sql .= ", email = '$email' ";
1088+ if ($homepage == 'dashboard')
1089+ {
1090+ //acts as a reset
1091+ $sql .= ", homepage='$homepage' ";
1092+ }
1093+
1094+ if ($usertypeid != "")
1095+ {
1096+ $sql .= ", usertypeid = " . $usertypeid;
1097+ }
1098+
1099+ $sql .= " WHERE UserID = ". $userID . "";
1100+
1101+ if (!$db->query($sql))
1102+ {
1103+ trigger_error($db->error());
1104+ trigger_error("Error updating that user", E_USER_ERROR);
1105+ }
1106+
1107+ // Update the group to follow suit
1108+ $userGroupObject = new UserGroup($db);
1109+
1110+ if (!$userGroupObject->EditUserGroup($userID, $username))
1111+ {
1112+ // We really want to delete the new user...
1113+ //TODO: Delete the new user
1114+
1115+ // And then error
1116+ trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
1117+ }
1118+
1119+ $response->SetFormSubmitResponse('User Saved.');
1120+ $response->Respond();
1121 }
1122
1123 /**
1124@@ -237,30 +233,44 @@
1125 */
1126 function DeleteUser()
1127 {
1128- $db =& $this->db;
1129- $response = new ResponseManager();
1130- $userid = Kit::GetParam('userid', _POST, _INT, 0);
1131-
1132- $sqldel = "DELETE FROM user";
1133- $sqldel .= " WHERE UserID = ". $userid . "";
1134-
1135- if (!$db->query($sqldel))
1136- {
1137- trigger_error($db->error());
1138- trigger_error("This user has been active, you may only retire them.", E_USER_ERROR);
1139- }
1140-
1141- // We should delete this users sessions record.
1142- $SQL = "DELETE FROM session WHERE userID = $userid ";
1143-
1144- if (!$db->query($sqldel))
1145- {
1146- trigger_error($db->error());
1147- trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR);
1148- }
1149-
1150- $response->SetFormSubmitResponse('User Deleted.');
1151- $response->Respond();
1152+ $db =& $this->db;
1153+ $user =& $this->user;
1154+
1155+ $response = new ResponseManager();
1156+ $userid = Kit::GetParam('userid', _POST, _INT, 0);
1157+ $groupID = $user->getGroupFromID($userid, true);
1158+
1159+ // Firstly delete the group for this user
1160+ $userGroupObject = new UserGroup($db);
1161+
1162+ $userGroupObject->Unlink($groupID, $userid);
1163+
1164+ if (!$userGroupObject->Delete($groupID))
1165+ {
1166+ trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
1167+ }
1168+
1169+ // Delete the user
1170+ $sqldel = "DELETE FROM user";
1171+ $sqldel .= " WHERE UserID = ". $userid . "";
1172+
1173+ if (!$db->query($sqldel))
1174+ {
1175+ trigger_error($db->error());
1176+ trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR);
1177+ }
1178+
1179+ // We should delete this users sessions record.
1180+ $SQL = "DELETE FROM session WHERE userID = $userid ";
1181+
1182+ if (!$db->query($sqldel))
1183+ {
1184+ trigger_error($db->error());
1185+ trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR);
1186+ }
1187+
1188+ $response->SetFormSubmitResponse(__('User Deleted.'));
1189+ $response->Respond();
1190 }
1191
1192 /**
1193@@ -276,21 +286,20 @@
1194 $itemName = $_REQUEST['usertypeid'];
1195 $username = $_REQUEST['username'];
1196
1197- $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group ";
1198+ $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage ";
1199 $sql .= " FROM user ";
1200- $sql .= " INNER JOIN `group` ON user.groupid = group.groupID ";
1201 $sql .= " WHERE 1=1 ";
1202 if ($_SESSION['usertype']==3)
1203 {
1204- $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";
1205+ $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";
1206 }
1207 if($itemName!="all")
1208 {
1209- $sql .= " AND usertypeid=\"" . $itemName . "\"";
1210+ $sql .= " AND usertypeid=\"" . $itemName . "\"";
1211 }
1212 if ($username != "")
1213 {
1214- $sql .= " AND UserName LIKE '%$username%' ";
1215+ $sql .= " AND UserName LIKE '%$username%' ";
1216 }
1217 $sql .= " ORDER by UserName";
1218
1219@@ -310,7 +319,6 @@
1220 <th>Homepage</th>
1221 <th>Layout</th>
1222 <th>Email</th>
1223- <th>Group</th>
1224 <th>Action</th>
1225 </tr>
1226 </thead>
1227@@ -321,12 +329,12 @@
1228 {
1229 $userID = $aRow[0];
1230 $userName = $aRow[1];
1231- $usertypeid = $aRow[2];
1232+ $usertypeid = $aRow[2];
1233 $loggedin = $aRow[3];
1234- $lastaccessed = $aRow[4];
1235+ $lastaccessed = $aRow[4];
1236 $email = $aRow[5];
1237 $homepage = $aRow[6];
1238- $group = $aRow[7];
1239+ $groupid = $user->getGroupFromID($userID, true);
1240
1241 if($loggedin==1)
1242 {
1243@@ -372,18 +380,19 @@
1244 $table .= "<td>" . $homepageArray[0] . "</td>";
1245 $table .= "<td>" . $layout . "</td>";
1246 $table .= "<td>" . $email . "</td>";
1247- $table .= "<td>" . $group . "</td>";
1248 $table .= "<td>";
1249
1250 if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
1251 {
1252- $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';
1253- $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>';
1254- }
1255- else
1256- {
1257- $table .= "</td>";
1258- }
1259+ $msgPageSec = __('Page Security');
1260+ $msgMenuSec = __('Menu Security');
1261+
1262+ $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';
1263+ $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button>';
1264+ $table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>';
1265+ $table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>';
1266+ }
1267+ $table .= "</td>";
1268 $table .= "</tr>";
1269 }
1270 $table .= "</tbody></table></div>";
1271@@ -398,18 +407,8 @@
1272 */
1273 function displayPage()
1274 {
1275- $db =& $this->db;
1276-
1277- switch ($this->sub_page)
1278- {
1279-
1280- case 'view':
1281- include('template/pages/user_view.php');
1282- break;
1283-
1284- default:
1285- break;
1286- }
1287+ $db =& $this->db;
1288+ include('template/pages/user_view.php');
1289 }
1290
1291 /**
1292@@ -454,140 +453,148 @@
1293 }
1294
1295 /**
1296- * Displays the Add user form (from Ajax)
1297+ * Displays the User form (from Ajax)
1298 * @return
1299 */
1300 function DisplayForm()
1301 {
1302- $db =& $this->db;
1303- $user =& $this->user;
1304- $response = new ResponseManager();
1305-
1306- $helpManager = new HelpManager($db, $user);
1307-
1308- //ajax request handler
1309-
1310- $userid = $this->userid;
1311- $username = $this->username;
1312- $password = $this->password;
1313- $usertypeid = $this->usertypeid;
1314- $email = $this->email;
1315- $homepage = $this->homepage;
1316- $groupid = $this->groupid;
1317-
1318- // Help UI
1319- $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);
1320- $passHelp = $helpManager->HelpIcon("The Password for this user.", true);
1321- $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);
1322- $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);
1323- $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);
1324- $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);
1325- $groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true);
1326-
1327- $homepageOption = '';
1328- $override_option = '';
1329-
1330- //What form are we displaying
1331- if ($userid == "")
1332- {
1333- //add form
1334- $action = "index.php?p=user&q=AddUser";
1335- }
1336- else
1337- {
1338- //edit form
1339- $action = "index.php?p=user&q=EditUser";
1340-
1341- //split the homepage into its component parts (if it needs to be)
1342- if (strpos($homepage,'&') !== false)
1343- {
1344- $homepage = substr($homepage, 0, strpos($homepage,'&'));
1345- }
1346-
1347- //make the homepage dropdown
1348- $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);
1349-
1350- $homepageOption = <<<END
1351- <tr>
1352- <td><label for="homepage">Homepage<span class="required">*</span></label></td>
1353- <td>$homepageHelp $homepage_list</td>
1354- </tr>
1355+ $db =& $this->db;
1356+ $user =& $this->user;
1357+ $response = new ResponseManager();
1358+ $helpManager = new HelpManager($db, $user);
1359+
1360+ $userid = Kit::GetParam('userID', _GET, _INT);
1361+
1362+ $SQL = "";
1363+ $SQL .= "SELECT UserName , ";
1364+ $SQL .= " UserPassword, ";
1365+ $SQL .= " usertypeid , ";
1366+ $SQL .= " email , ";
1367+ $SQL .= " homepage ";
1368+ $SQL .= "FROM `user`";
1369+ $SQL .= sprintf(" WHERE userID = %d", $userid);
1370+
1371+ if(!$results = $db->query($SQL))
1372+ {
1373+ trigger_error($db->error());
1374+ trigger_error(__('Error getting user information.'), E_USER_ERROR);
1375+ }
1376+
1377+ while($aRow = $db->get_row($results))
1378+ {
1379+ $username = Kit::ValidateParam($aRow[0], _USERNAME);
1380+ $password = Kit::ValidateParam($aRow[1], _PASSWORD);
1381+ $usertypeid = Kit::ValidateParam($aRow[2], _INT);
1382+ $email = Kit::ValidateParam($aRow[3], _STRING);
1383+ $homepage = Kit::ValidateParam($aRow[4], _STRING);
1384+ }
1385+
1386+ // Help UI
1387+ $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);
1388+ $passHelp = $helpManager->HelpIcon("The Password for this user.", true);
1389+ $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);
1390+ $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);
1391+ $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);
1392+ $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);
1393+
1394+ $homepageOption = '';
1395+ $override_option = '';
1396+
1397+ //What form are we displaying
1398+ if ($userid == "")
1399+ {
1400+ //add form
1401+ $action = "index.php?p=user&q=AddUser";
1402+ }
1403+ else
1404+ {
1405+ //edit form
1406+ $action = "index.php?p=user&q=EditUser";
1407+
1408+ //split the homepage into its component parts (if it needs to be)
1409+ if (strpos($homepage,'&') !== false)
1410+ {
1411+ $homepage = substr($homepage, 0, strpos($homepage,'&'));
1412+ }
1413+
1414+ //make the homepage dropdown
1415+ $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);
1416+
1417+ $homepageOption = <<<END
1418+ <tr>
1419+ <td><label for="homepage">Homepage<span class="required">*</span></label></td>
1420+ <td>$homepageHelp $homepage_list</td>
1421+ </tr>
1422 END;
1423-
1424- $override_option = <<<FORM
1425- <td>Override Password?</td>
1426- <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>
1427+
1428+ $override_option = <<<FORM
1429+ <td>Override Password?</td>
1430+ <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>
1431 FORM;
1432- }
1433-
1434- //get us the user type if we dont have it (for the default value)
1435- if($usertypeid=="")
1436- {
1437- $usertype = Config::GetSetting($db,"defaultUsertype");
1438-
1439- $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";
1440- if(!$results = $db->query($SQL))
1441- {
1442- trigger_error($db->error());
1443- trigger_error("Can not get Usertype information", E_USER_ERROR);
1444- }
1445- $row = $db->get_row($results);
1446- $usertypeid = $row['0'];
1447- }
1448-
1449- //group list
1450- $group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid);
1451-
1452- if ($_SESSION['usertype']==1)
1453- {
1454- //usertype list
1455- $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);
1456-
1457- $usertypeOption = <<<END
1458- <tr>
1459- <td><label for="usertypeid">User Type <span class="required">*</span></label></td>
1460- <td>$usertypeHelp $usertype_list</td>
1461- </tr>
1462- <tr>
1463- <td><label for="groupid">Group <span class="required">*</span></label></td>
1464- <td>$groupHelp $group_list</td>
1465- </tr>
1466-END;
1467- }
1468- else
1469- {
1470- $usertypeOption = "";
1471- }
1472-
1473-
1474- $form = <<<END
1475- <form id="UserForm" class="XiboForm" method='post' action='$action'>
1476- <input type='hidden' name='userid' value='$userid'>
1477- <table>
1478- <tr>
1479- <td><label for="username">User Name<span class="required">*</span></label></td>
1480- <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>
1481- </tr>
1482- <tr>
1483- <td><label for="password">Password<span class="required">*</span></label></td>
1484- <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>
1485- $override_option
1486- </tr>
1487- <tr>
1488- <td><label for="email">Email Address<span class="required">*</span></label></td>
1489- <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>
1490- </tr>
1491- $homepageOption
1492- $usertypeOption
1493- </table>
1494- </form>
1495-END;
1496-
1497- $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
1498- $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');
1499- $response->AddButton(__('Cancel'), 'XiboDialogClose()');
1500- $response->AddButton(__('Save'), '$("#UserForm").submit()');
1501- $response->Respond();
1502+ }
1503+
1504+ //get us the user type if we dont have it (for the default value)
1505+ if($usertypeid=="")
1506+ {
1507+ $usertype = Config::GetSetting($db,"defaultUsertype");
1508+
1509+ $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";
1510+ if(!$results = $db->query($SQL))
1511+ {
1512+ trigger_error($db->error());
1513+ trigger_error("Can not get Usertype information", E_USER_ERROR);
1514+ }
1515+ $row = $db->get_row($results);
1516+ $usertypeid = $row['0'];
1517+ }
1518+
1519+
1520+ if ($_SESSION['usertype']==1)
1521+ {
1522+ //usertype list
1523+ $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);
1524+
1525+ $usertypeOption = <<<END
1526+ <tr>
1527+ <td><label for="usertypeid">User Type <span class="required">*</span></label></td>
1528+ <td>$usertypeHelp $usertype_list</td>
1529+ </tr>
1530+END;
1531+ }
1532+ else
1533+ {
1534+ $usertypeOption = "";
1535+ }
1536+
1537+
1538+ $form = <<<END
1539+ <form id="UserForm" class="XiboForm" method='post' action='$action'>
1540+ <input type='hidden' name='userid' value='$userid'>
1541+ <table>
1542+ <tr>
1543+ <td><label for="username">User Name<span class="required">*</span></label></td>
1544+ <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>
1545+ </tr>
1546+ <tr>
1547+ <td><label for="password">Password<span class="required">*</span></label></td>
1548+ <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>
1549+ $override_option
1550+ </tr>
1551+ <tr>
1552+ <td><label for="email">Email Address<span class="required email">*</span></label></td>
1553+ <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>
1554+ </tr>
1555+ $homepageOption
1556+ $usertypeOption
1557+ </table>
1558+ </form>
1559+END;
1560+
1561+ $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
1562+ $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');
1563+ $response->AddButton(__('Cancel'), 'XiboDialogClose()');
1564+ $response->AddButton(__('Save'), '$("#UserForm").submit()');
1565+ $response->Respond();
1566 }
1567
1568 /**
1569
1570=== modified file 'server/modules/module_user_general.php'
1571--- server/modules/module_user_general.php 2009-10-28 21:28:04 +0000
1572+++ server/modules/module_user_general.php 2009-12-28 14:14:15 +0000
1573@@ -93,7 +93,7 @@
1574 $db =& $this->db;
1575 global $session;
1576
1577- $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid, groupID FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password));
1578+ $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password));
1579
1580 if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR);
1581
1582@@ -114,7 +114,6 @@
1583 $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT);
1584 $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME);
1585 $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT);
1586- $_SESSION['groupid'] = Kit::ValidateParam($results[4], _INT);
1587
1588 $this->usertypeid = $_SESSION['usertype'];
1589 $this->userid = $_SESSION['userid'];
1590@@ -230,32 +229,52 @@
1591
1592 function getGroupFromID($id, $returnID = false)
1593 {
1594- $db =& $this->db;
1595-
1596- $SQL = sprintf("SELECT group.group, group.groupID FROM user INNER JOIN `group` ON group.groupID = user.groupID WHERE userid = %d", $id);
1597-
1598- if(!$results = $db->query($SQL))
1599- {
1600- trigger_error("Error looking up user information (group)");
1601- trigger_error($db->error());
1602- }
1603-
1604- if ($db->num_rows($results)==0)
1605- {
1606- if ($returnID)
1607- {
1608- return "1";
1609- }
1610- return "Users";
1611- }
1612-
1613- $row = $db->get_row($results);
1614-
1615- if ($returnID)
1616- {
1617- return $row[1];
1618- }
1619- return $row[0];
1620+ $db =& $this->db;
1621+
1622+ $SQL = "";
1623+ $SQL .= "SELECT group.group, ";
1624+ $SQL .= " group.groupID ";
1625+ $SQL .= "FROM `user` ";
1626+ $SQL .= " INNER JOIN lkusergroup ";
1627+ $SQL .= " ON lkusergroup.UserID = user.UserID ";
1628+ $SQL .= " INNER JOIN `group` ";
1629+ $SQL .= " ON group.groupID = lkusergroup.GroupID ";
1630+ $SQL .= sprintf("WHERE `user`.userid = %d ", $id);
1631+ $SQL .= "AND `group`.IsUserSpecific = 1";
1632+
1633+ if(!$results = $db->query($SQL))
1634+ {
1635+ trigger_error($db->error());
1636+ trigger_error("Error looking up user information (group)", E_USER_ERROR);
1637+ }
1638+
1639+ if ($db->num_rows($results) == 0)
1640+ {
1641+ // Every user should have a group?
1642+ // Add one in!
1643+ include_once('lib/data/usergroup.data.class.php');
1644+
1645+ $userGroupObject = new UserGroup($db);
1646+ if (!$groupID = $userGroupObject->Add('Unknown user id: ' . $id, 1))
1647+ {
1648+ // Error
1649+ trigger_error(__('User does not have a group and Xibo is unable to add one.'), E_USER_ERROR);
1650+ }
1651+
1652+ // Link the two
1653+ $userGroupObject->Link($groupID, $id);
1654+
1655+ if ($returnID) return $groupID;
1656+ return 'Unknown';
1657+ }
1658+
1659+ $row = $db->get_row($results);
1660+
1661+ if ($returnID)
1662+ {
1663+ return $row[1];
1664+ }
1665+ return $row[0];
1666 }
1667
1668 function getUserTypeFromID($id, $returnID = false)
1669@@ -426,7 +445,6 @@
1670 $userid =& $this->userid;
1671
1672 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);
1673- $groupid = $this->getGroupFromID($userid, true);
1674
1675 // Check the security
1676 if ($usertype == 1)
1677@@ -447,14 +465,16 @@
1678
1679 // we have access to only the pages assigned to this group
1680 $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid ";
1681- $SQL .= sprintf(" WHERE lkpagegroup.groupid = %d AND pages.name = '%s' ", $groupid, $db->escape_string($page));
1682+ $SQL .= " INNER JOIN lkusergroup ";
1683+ $SQL .= " ON lkpagegroup.groupID = lkusergroup.GroupID ";
1684+ $SQL .= sprintf(" WHERE lkusergroup.UserID = %d AND pages.name = '%s' ", $userid, $db->escape_string($page));
1685
1686 Debug::LogEntry($db, 'audit', $SQL);
1687
1688 if (!$results = $db->query($SQL))
1689 {
1690 trigger_error($db->error());
1691- trigger_error('Can not get the page security for this group [' . $groupid . '] and page [' . $page . ']');
1692+ trigger_error('Can not get the page security for this user [' . $userid . '] and page [' . $page . ']');
1693 }
1694
1695 if ($db->num_rows($results) < 1)
1696@@ -477,8 +497,7 @@
1697 {
1698 $db =& $this->db;
1699 $userid =& $this->userid;
1700- $usertypeid = Kit::GetParam('usertype', _SESSION, _INT);
1701- $groupid = $this->getGroupFromID($userid, true);
1702+ $usertypeid = Kit::GetParam('usertype', _SESSION, _INT);
1703
1704 Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid));
1705
1706@@ -497,15 +516,17 @@
1707 $SQL .= " ON pages.pageID = menuitem.PageID ";
1708 if ($usertypeid != 1)
1709 {
1710- $SQL .= " INNER JOIN lkmenuitemgroup ";
1711- $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID ";
1712- $SQL .= " INNER JOIN `group` ";
1713- $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID ";
1714+ $SQL .= " INNER JOIN lkmenuitemgroup ";
1715+ $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID ";
1716+ $SQL .= " INNER JOIN `group` ";
1717+ $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID ";
1718+ $SQL .= " INNER JOIN lkusergroup ";
1719+ $SQL .= " ON group.groupID = lkusergroup.GroupID ";
1720 }
1721 $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu));
1722 if ($usertypeid != 1)
1723 {
1724- $SQL .= sprintf(" AND group.groupid = %d", $groupid);
1725+ $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userid);
1726 }
1727 $SQL .= " ORDER BY menuitem.Sequence";
1728
1729@@ -596,7 +617,6 @@
1730
1731 // Populate the array of display group ids we are authed against
1732 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);
1733- $groupid = $this->getGroupFromID($userid, true);
1734
1735 $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific ";
1736 $SQL .= " FROM displaygroup ";
1737@@ -607,10 +627,15 @@
1738 if ($usertype != 1)
1739 {
1740 $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID ";
1741- $SQL .= sprintf(" WHERE lkgroupdg.GroupID = %d ", $groupid);
1742+ $SQL .= " INNER JOIN lkusergroup ON lkgroupdg.GroupID = lkusergroup.GroupID ";
1743 }
1744-
1745+
1746 $SQL .= " WHERE display.licensed = 1 ";
1747+
1748+ if ($usertype != 1)
1749+ {
1750+ $SQL .= sprintf(" AND lkusergroup.UserID = %d ", $userid);
1751+ }
1752
1753 Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth');
1754

Subscribers

People subscribed via source and target branches