Merge lp:~dangarner/xibo/110-server into lp:~xibo-maintainers/xibo/encke
- 110-server
- Merge into encke
Proposed by
Dan Garner
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | not available | ||||
Proposed branch: | lp:~dangarner/xibo/110-server | ||||
Merge into: | lp:~xibo-maintainers/xibo/encke | ||||
Diff against target: |
1753 lines (+962/-426) 11 files modified
server/install/database/20.php (+41/-0) server/install/database/20.sql (+25/-0) server/install/database/21.sql (+5/-0) server/lib/data/usergroup.data.class.php (+259/-0) server/lib/include.php (+9/-2) server/lib/js/group.js (+27/-1) server/lib/pages/displaygroup.class.php (+3/-3) server/lib/pages/group.class.php (+173/-33) server/lib/pages/schedule.class.php (+2/-1) server/lib/pages/user.class.php (+352/-345) server/modules/module_user_general.php (+66/-41) |
||||
To merge this branch: | bzr merge lp:~dangarner/xibo/110-server | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Xibo Maintainters | Pending | ||
Review via email: mp+16620@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'server/install/database/20.php' |
2 | --- server/install/database/20.php 2009-10-14 18:15:10 +0000 |
3 | +++ server/install/database/20.php 2009-12-28 14:14:15 +0000 |
4 | @@ -36,6 +36,9 @@ |
5 | // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs |
6 | $this->UpdateSchedules(); |
7 | |
8 | + // Create groups for all current users |
9 | + $this->UpdateUserGroups(); |
10 | + |
11 | return true; |
12 | } |
13 | |
14 | @@ -129,5 +132,43 @@ |
15 | } |
16 | } |
17 | } |
18 | + |
19 | + /** |
20 | + * We need to update the user groups |
21 | + */ |
22 | + private function UpdateUserGroups() |
23 | + { |
24 | + $db =& $this->db; |
25 | + |
26 | + // Get all the current users in the system |
27 | + $SQL = "SELECT UserID, groupID, UserName FROM `user`"; |
28 | + |
29 | + if (!$result = $db->query($SQL)) |
30 | + { |
31 | + trigger_error("Error creating user groups", E_USER_ERROR); |
32 | + } |
33 | + |
34 | + while ($row = $db->get_assoc_row($result)) |
35 | + { |
36 | + // For each display create a display group and link it to the display |
37 | + $ugid = 0; |
38 | + $userID = Kit::ValidateParam($row['UserID'], _INT); |
39 | + $groupID = Kit::ValidateParam($row['groupID'], _INT); |
40 | + $username = Kit::ValidateParam($row['UserName'], _STRING); |
41 | + |
42 | + $ug = new UserGroup($db); |
43 | + |
44 | + // For each one create a user specific group |
45 | + if (!$ugId = $ug->Add($username, 1)) |
46 | + { |
47 | + trigger_error("Error creating user groups", E_USER_ERROR); |
48 | + } |
49 | + |
50 | + // Link to the users own userspecific group and also to the one they were already on |
51 | + $ug->Link($ugId, $userID); |
52 | + |
53 | + $ug->Link($groupID, $userID); |
54 | + } |
55 | + } |
56 | } |
57 | ?> |
58 | \ No newline at end of file |
59 | |
60 | === modified file 'server/install/database/20.sql' |
61 | --- server/install/database/20.sql 2009-10-09 20:28:23 +0000 |
62 | +++ server/install/database/20.sql 2009-12-28 14:14:15 +0000 |
63 | @@ -147,6 +147,31 @@ |
64 | ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`; |
65 | ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`; |
66 | |
67 | + |
68 | +/* Users and Groups */ |
69 | +CREATE TABLE IF NOT EXISTS `lkusergroup` ( |
70 | + `LkUserGroupID` int(11) NOT NULL auto_increment, |
71 | + `GroupID` int(11) NOT NULL, |
72 | + `UserID` int(11) NOT NULL, |
73 | + PRIMARY KEY (`LkUserGroupID`), |
74 | + KEY `GroupID` (`GroupID`), |
75 | + KEY `UserID` (`UserID`) |
76 | +) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; |
77 | + |
78 | +/* Add the user specific flag to groups */ |
79 | +ALTER TABLE `group` ADD `IsUserSpecific` TINYINT NOT NULL DEFAULT '0'; |
80 | + |
81 | + |
82 | +/* Add contraints to the new table */ |
83 | +ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `GroupID` ) REFERENCES `group` ( |
84 | +`groupID` |
85 | +); |
86 | + |
87 | +ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `UserID` ) REFERENCES `user` ( |
88 | +`UserID` |
89 | +); |
90 | + |
91 | + |
92 | /* VERSION UPDATE */ |
93 | /* Set the version table, etc */ |
94 | UPDATE `version` SET `app_ver` = '1.1.0'; |
95 | |
96 | === modified file 'server/install/database/21.sql' |
97 | --- server/install/database/21.sql 2009-10-28 21:28:04 +0000 |
98 | +++ server/install/database/21.sql 2009-12-28 14:14:15 +0000 |
99 | @@ -8,6 +8,11 @@ |
100 | /* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */ |
101 | ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL; |
102 | |
103 | +/* Remove the groupID from the user record. */ |
104 | +ALTER TABLE `user` DROP FOREIGN KEY `user_ibfk_3` ; |
105 | + |
106 | +ALTER TABLE `user` DROP `groupID` ; |
107 | + |
108 | /* VERSION UPDATE */ |
109 | /* Set the version table, etc */ |
110 | UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE'; |
111 | |
112 | === added file 'server/lib/data/usergroup.data.class.php' |
113 | --- server/lib/data/usergroup.data.class.php 1970-01-01 00:00:00 +0000 |
114 | +++ server/lib/data/usergroup.data.class.php 2009-12-28 14:14:15 +0000 |
115 | @@ -0,0 +1,259 @@ |
116 | +<?php |
117 | +/* |
118 | + * Xibo - Digitial Signage - http://www.xibo.org.uk |
119 | + * Copyright (C) 2009 Daniel Garner |
120 | + * |
121 | + * This file is part of Xibo. |
122 | + * |
123 | + * Xibo is free software: you can redistribute it and/or modify |
124 | + * it under the terms of the GNU Affero General Public License as published by |
125 | + * the Free Software Foundation, either version 3 of the License, or |
126 | + * any later version. |
127 | + * |
128 | + * Xibo is distributed in the hope that it will be useful, |
129 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
130 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
131 | + * GNU Affero General Public License for more details. |
132 | + * |
133 | + * You should have received a copy of the GNU Affero General Public License |
134 | + * along with Xibo. If not, see <http://www.gnu.org/licenses/>. |
135 | + */ |
136 | +defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser."); |
137 | + |
138 | +class UserGroup extends Data |
139 | +{ |
140 | + public function __construct(database $db) |
141 | + { |
142 | + parent::__construct($db); |
143 | + } |
144 | + |
145 | + /** |
146 | + * Adds a User Group to Xibo |
147 | + * @return |
148 | + * @param $UserGroup Object |
149 | + * @param $isDisplaySpecific Object |
150 | + * @param $description Object[optional] |
151 | + */ |
152 | + public function Add($group, $isUserSpecific) |
153 | + { |
154 | + $db =& $this->db; |
155 | + |
156 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Add'); |
157 | + |
158 | + // Create the SQL |
159 | + $SQL = ""; |
160 | + $SQL .= "INSERT "; |
161 | + $SQL .= "INTO `group` "; |
162 | + $SQL .= " ( "; |
163 | + $SQL .= " `group` , "; |
164 | + $SQL .= " IsUserSpecific "; |
165 | + $SQL .= " ) "; |
166 | + $SQL .= " VALUES "; |
167 | + $SQL .= " ( "; |
168 | + $SQL .= sprintf(" '%s', ", $db->escape_string($group)); |
169 | + $SQL .= sprintf(" %d ", $isUserSpecific); |
170 | + $SQL .= " )"; |
171 | + |
172 | + if (!$groupID = $db->insert_query($SQL)) |
173 | + { |
174 | + trigger_error($db->error()); |
175 | + $this->SetError(25000, __('Could not add User Group')); |
176 | + |
177 | + return false; |
178 | + } |
179 | + |
180 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Add'); |
181 | + |
182 | + return $groupID; |
183 | + } |
184 | + |
185 | + /** |
186 | + * Edits an existing Xibo Display Group |
187 | + * @return |
188 | + * @param $userGroupID Object |
189 | + * @param $UserGroup Object |
190 | + */ |
191 | + public function Edit($userGroupID, $userGroup) |
192 | + { |
193 | + $db =& $this->db; |
194 | + |
195 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Edit'); |
196 | + |
197 | + // Create the SQL |
198 | + $SQL = ""; |
199 | + $SQL .= "UPDATE `group` "; |
200 | + $SQL .= sprintf("SET `group` = '%s' ", $db->escape_string($userGroup)); |
201 | + $SQL .= sprintf("WHERE GroupID = %d", $userGroupID); |
202 | + |
203 | + if (!$db->query($SQL)) |
204 | + { |
205 | + trigger_error($db->error()); |
206 | + $this->SetError(25005, __('Could not edit User Group')); |
207 | + |
208 | + return false; |
209 | + } |
210 | + |
211 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Edit'); |
212 | + |
213 | + return true; |
214 | + } |
215 | + |
216 | + /** |
217 | + * Deletes an Xibo User Group |
218 | + * @return |
219 | + * @param $userGroupID Object |
220 | + */ |
221 | + public function Delete($userGroupID) |
222 | + { |
223 | + $db =& $this->db; |
224 | + |
225 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Delete'); |
226 | + |
227 | + $SQL = sprintf("DELETE FROM `group` WHERE GroupID = %d", $userGroupID); |
228 | + |
229 | + Debug::LogEntry($db, 'audit', $SQL); |
230 | + |
231 | + if (!$db->query($SQL)) |
232 | + { |
233 | + trigger_error($db->error()); |
234 | + $this->SetError(25015,__('Unable to delete User Group.')); |
235 | + return false; |
236 | + } |
237 | + |
238 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Delete'); |
239 | + |
240 | + return true; |
241 | + } |
242 | + |
243 | + /** |
244 | + * Links a User to a User Group |
245 | + * @return |
246 | + * @param $userGroupID Object |
247 | + * @param $userID Object |
248 | + */ |
249 | + public function Link($userGroupID, $userID) |
250 | + { |
251 | + $db =& $this->db; |
252 | + |
253 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Link'); |
254 | + |
255 | + $SQL = ""; |
256 | + $SQL .= "INSERT "; |
257 | + $SQL .= "INTO lkusergroup "; |
258 | + $SQL .= " ( "; |
259 | + $SQL .= " GroupID, "; |
260 | + $SQL .= " UserID "; |
261 | + $SQL .= " ) "; |
262 | + $SQL .= " VALUES "; |
263 | + $SQL .= " ( "; |
264 | + $SQL .= sprintf(" %d, %d ", $userGroupID, $userID); |
265 | + $SQL .= " )"; |
266 | + |
267 | + if (!$db->query($SQL)) |
268 | + { |
269 | + trigger_error($db->error()); |
270 | + $this->SetError(25005, __('Could not Link User Group to User')); |
271 | + |
272 | + return false; |
273 | + } |
274 | + |
275 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Link'); |
276 | + |
277 | + return true; |
278 | + } |
279 | + |
280 | + /** |
281 | + * Unlinks a Display from a Display Group |
282 | + * @return |
283 | + * @param $userGroupID Object |
284 | + * @param $userID Object |
285 | + */ |
286 | + public function Unlink($userGroupID, $userID) |
287 | + { |
288 | + $db =& $this->db; |
289 | + |
290 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Unlink'); |
291 | + |
292 | + $SQL = ""; |
293 | + $SQL .= "DELETE FROM "; |
294 | + $SQL .= " lkusergroup "; |
295 | + $SQL .= sprintf(" WHERE GroupID = %d AND UserID = %d ", $userGroupID, $userID); |
296 | + |
297 | + if (!$db->query($SQL)) |
298 | + { |
299 | + trigger_error($db->error()); |
300 | + $this->SetError(25007, __('Could not Unlink User from User Group')); |
301 | + |
302 | + return false; |
303 | + } |
304 | + |
305 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Unlink'); |
306 | + |
307 | + return true; |
308 | + } |
309 | + |
310 | + /** |
311 | + * Edits the User Group associated with a User |
312 | + * @return |
313 | + * @param $userID Object |
314 | + * @param $userName Object |
315 | + */ |
316 | + public function EditUserGroup($userID, $userName) |
317 | + { |
318 | + $db =& $this->db; |
319 | + |
320 | + Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'EditUserGroup'); |
321 | + |
322 | + // Get the UserGroupID for this UserID |
323 | + $SQL = ""; |
324 | + $SQL .= "SELECT `group`.GroupID "; |
325 | + $SQL .= "FROM `group` "; |
326 | + $SQL .= " INNER JOIN lkusergroup "; |
327 | + $SQL .= " ON lkusergroup.GroupID = `group`.groupID "; |
328 | + $SQL .= "WHERE `group`.IsUserSpecific = 1 "; |
329 | + $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userID); |
330 | + |
331 | + if (!$result = $db->query($SQL)) |
332 | + { |
333 | + trigger_error($db->error()); |
334 | + $this->SetError(25005, __('Unable to get the UserGroup for this User.')); |
335 | + |
336 | + return false; |
337 | + } |
338 | + |
339 | + $row = $db->get_assoc_row($result); |
340 | + $userGroupID = $row['GroupID']; |
341 | + |
342 | + if ($userGroupID == '') |
343 | + { |
344 | + // We should always have 1 display specific UserGroup for a display. |
345 | + // Do we a) Error here and give up? |
346 | + // b) Create one and link it up? |
347 | + // $this->SetError(25006, __('Unable to get the UserGroup for this Display')); |
348 | + |
349 | + if (!$userGroupID = $this->Add($userName, 1)) |
350 | + { |
351 | + $this->SetError(25001, __('Could not add a user group for this user.')); |
352 | + |
353 | + return false; |
354 | + } |
355 | + |
356 | + // Link the Two together |
357 | + if (!$this->Link($userGroupID, $userID)) |
358 | + { |
359 | + $this->SetError(25001, __('Could not link the new user with its group.')); |
360 | + |
361 | + return false; |
362 | + } |
363 | + } |
364 | + else |
365 | + { |
366 | + if (!$this->Edit($userGroupID, $userName)) return false; |
367 | + } |
368 | + |
369 | + Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'EditUserGroup'); |
370 | + |
371 | + return true; |
372 | + } |
373 | +} |
374 | +?> |
375 | \ No newline at end of file |
376 | |
377 | === modified file 'server/lib/include.php' |
378 | --- server/lib/include.php 2009-05-16 18:40:19 +0000 |
379 | +++ server/lib/include.php 2009-12-28 14:14:15 +0000 |
380 | @@ -88,8 +88,15 @@ |
381 | // create a database class instance |
382 | $db = new database(); |
383 | |
384 | -if (!$db->connect_db($dbhost, $dbuser, $dbpass)) trigger_error($db->error(), E_USER_WARNING); |
385 | -if (!$db->select_db($dbname)) trigger_error($db->error(), E_USER_WARNING); |
386 | +if (!$db->connect_db($dbhost, $dbuser, $dbpass)) |
387 | +{ |
388 | + die('Xibo has a database connection problem.'); |
389 | +} |
390 | + |
391 | +if (!$db->select_db($dbname)) |
392 | +{ |
393 | + die('Xibo has a database connection problem.'); |
394 | +} |
395 | |
396 | date_default_timezone_set(Config::GetSetting($db, "defaultTimezone")); |
397 | |
398 | |
399 | === modified file 'server/lib/js/group.js' |
400 | --- server/lib/js/group.js 2009-01-04 12:59:11 +0000 |
401 | +++ server/lib/js/group.js 2009-12-28 14:14:15 +0000 |
402 | @@ -1,6 +1,6 @@ |
403 | /* |
404 | * Xibo - Digitial Signage - http://www.xibo.org.uk |
405 | - * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer |
406 | + * Copyright (C) 2009 Daniel Garner |
407 | * |
408 | * This file is part of Xibo. |
409 | * |
410 | @@ -17,3 +17,29 @@ |
411 | * You should have received a copy of the GNU Affero General Public License |
412 | * along with Xibo. If not, see <http://www.gnu.org/licenses/>. |
413 | */ |
414 | +function ManageMembersCallBack() |
415 | +{ |
416 | + $("#usersIn, #usersOut").sortable({ |
417 | + connectWith: '.connectedSortable', |
418 | + dropOnEmpty: true |
419 | + }).disableSelection(); |
420 | +} |
421 | + |
422 | +function MembersSubmit() { |
423 | + // Serialise the form and then submit it via Ajax. |
424 | + var href = $("#usersIn").attr('href') + "&ajax=true"; |
425 | + |
426 | + // Get the two lists |
427 | + serializedData = $("#usersIn").sortable('serialize'); |
428 | + |
429 | + $.ajax({ |
430 | + type: "post", |
431 | + url: href, |
432 | + cache: false, |
433 | + dataType: "json", |
434 | + data: serializedData, |
435 | + success: XiboSubmitResponse |
436 | + }); |
437 | + |
438 | + return; |
439 | +} |
440 | \ No newline at end of file |
441 | |
442 | === modified file 'server/lib/pages/displaygroup.class.php' |
443 | --- server/lib/pages/displaygroup.class.php 2009-09-17 22:42:36 +0000 |
444 | +++ server/lib/pages/displaygroup.class.php 2009-12-28 14:14:15 +0000 |
445 | @@ -321,7 +321,7 @@ |
446 | if(!$resultIn = $db->query($SQL)) |
447 | { |
448 | trigger_error($db->error()); |
449 | - trigger_error(__('Error getting Displays')); |
450 | + trigger_error(__('Error getting Displays'), E_USER_ERROR); |
451 | } |
452 | |
453 | // Displays not in group |
454 | @@ -340,7 +340,7 @@ |
455 | if(!$resultOut = $db->query($SQL)) |
456 | { |
457 | trigger_error($db->error()); |
458 | - trigger_error(__('Error getting Displays')); |
459 | + trigger_error(__('Error getting Displays'), E_USER_ERROR); |
460 | } |
461 | |
462 | // Now we have an IN and an OUT results object which we can use to build our lists |
463 | @@ -598,7 +598,7 @@ |
464 | if(!$resultIn = $db->query($SQL)) |
465 | { |
466 | trigger_error($db->error()); |
467 | - trigger_error(__('Error getting Displays')); |
468 | + trigger_error(__('Error getting Displays'), E_USER_ERROR); |
469 | } |
470 | |
471 | while($row = $db->get_assoc_row($resultIn)) |
472 | |
473 | === modified file 'server/lib/pages/group.class.php' |
474 | --- server/lib/pages/group.class.php 2009-07-10 19:45:55 +0000 |
475 | +++ server/lib/pages/group.class.php 2009-12-28 14:14:15 +0000 |
476 | @@ -1,7 +1,7 @@ |
477 | <?php |
478 | /* |
479 | * Xibo - Digitial Signage - http://www.xibo.org.uk |
480 | - * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer |
481 | + * Copyright (C) 2006,2007,2008,2009 Daniel Garner and James Packer |
482 | * |
483 | * This file is part of Xibo. |
484 | * |
485 | @@ -25,7 +25,6 @@ |
486 | private $db; |
487 | private $user; |
488 | private $isadmin = false; |
489 | - private $has_permissions = true; |
490 | |
491 | private $sub_page = ""; |
492 | |
493 | @@ -33,9 +32,6 @@ |
494 | private $groupid; |
495 | private $group = ""; |
496 | |
497 | - //lkpage group |
498 | - private $lkpagegroupid; |
499 | - private $pageid; |
500 | |
501 | //init |
502 | function __construct(database $db, user $user) |
503 | @@ -72,6 +68,9 @@ |
504 | |
505 | $this->group = $aRow['Group']; |
506 | } |
507 | + |
508 | + // Include the group data classes |
509 | + include_once('lib/data/usergroup.data.class.php'); |
510 | } |
511 | |
512 | function on_page_load() |
513 | @@ -146,7 +145,7 @@ |
514 | SELECT group.group, |
515 | group.groupID |
516 | FROM `group` |
517 | - WHERE 1 = 1 |
518 | + WHERE IsUserSpecific = 0 |
519 | END; |
520 | if ($filter_name != '') |
521 | { |
522 | @@ -166,6 +165,7 @@ |
523 | $msgName = __('Name'); |
524 | $msgAction = __('Action'); |
525 | $msgEdit = __('Edit'); |
526 | + $msgMembers = __('Group Members'); |
527 | $msgPageSec = __('Page Security'); |
528 | $msgMenuSec = __('Menu Security'); |
529 | $msgDispSec = __('Display Security'); |
530 | @@ -200,9 +200,9 @@ |
531 | { |
532 | $buttons = <<<END |
533 | <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button> |
534 | + <button class="XiboFormButton" href="index.php?p=group&q=MembersForm&groupid=$groupid"><span>$msgMembers</span></button> |
535 | <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button> |
536 | <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button> |
537 | - <button class="XiboFormButton" href="index.php?p=group&q=DisplayGroupSecurityForm&groupid=$groupid"><span>$msgDispSec</span></button> |
538 | <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button> |
539 | END; |
540 | } |
541 | @@ -471,32 +471,27 @@ |
542 | */ |
543 | function add() |
544 | { |
545 | - $db =& $this->db; |
546 | - $group = Kit::GetParam('group', _POST, _STRING); |
547 | - $userid = $_SESSION['userid']; |
548 | - |
549 | - //check on required fields |
550 | - if ($group == "") |
551 | - { |
552 | - Kit::Redirect(array('success'=>false, 'message' => __('Group Name cannot be empty.'))); |
553 | - } |
554 | - |
555 | - //add the group record |
556 | - $SQL = "INSERT INTO `group` (`group`) "; |
557 | - $SQL .= sprintf(" VALUES ('%s') ", $db->escape_string($group)); |
558 | - |
559 | - if (!$db->query($SQL)) |
560 | - { |
561 | - trigger_error($db->error()); |
562 | - Kit::Redirect(array('success'=>false, 'message' => __('Error adding a new group.'))); |
563 | - } |
564 | - |
565 | - // Construct the Response |
566 | - $response = array(); |
567 | - $response['success'] = true; |
568 | - $response['message'] = __('Added the Group'); |
569 | - |
570 | - Kit::Redirect($response); |
571 | + $db =& $this->db; |
572 | + $response = new ResponseManager(); |
573 | + |
574 | + $group = Kit::GetParam('group', _POST, _STRING); |
575 | + $userid = $_SESSION['userid']; |
576 | + |
577 | + //check on required fields |
578 | + if ($group == '') |
579 | + { |
580 | + trigger_error(__('Group Name cannot be empty.'), E_USER_ERROR); |
581 | + } |
582 | + |
583 | + $userGroupObject = new UserGroup($db); |
584 | + |
585 | + if (!$userGroupObject->Add($group, 0)) |
586 | + { |
587 | + trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
588 | + } |
589 | + |
590 | + $response->SetFormSubmitResponse(__('Added the Group'), false); |
591 | + $response->Respond(); |
592 | } |
593 | |
594 | /** |
595 | @@ -828,5 +823,150 @@ |
596 | |
597 | Kit::Redirect($response); |
598 | } |
599 | + |
600 | + /** |
601 | + * Shows the Members of a Group |
602 | + */ |
603 | + public function MembersForm() |
604 | + { |
605 | + $db =& $this->db; |
606 | + $response = new ResponseManager(); |
607 | + $groupID = Kit::GetParam('groupid', _REQUEST, _INT); |
608 | + |
609 | + // There needs to be two lists here. |
610 | + |
611 | + // Users in group |
612 | + $SQL = ""; |
613 | + $SQL .= "SELECT user.UserID, "; |
614 | + $SQL .= " user.UserName "; |
615 | + $SQL .= "FROM `user` "; |
616 | + $SQL .= " INNER JOIN lkusergroup "; |
617 | + $SQL .= " ON lkusergroup.UserID = user.UserID "; |
618 | + $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); |
619 | + |
620 | + if(!$resultIn = $db->query($SQL)) |
621 | + { |
622 | + trigger_error($db->error()); |
623 | + trigger_error(__('Error getting Groups'), E_USER_ERROR); |
624 | + } |
625 | + |
626 | + // Users not in group |
627 | + $SQL = ""; |
628 | + $SQL .= "SELECT user.UserID, "; |
629 | + $SQL .= " user.UserName "; |
630 | + $SQL .= "FROM `user` "; |
631 | + $SQL .= " WHERE user.UserID NOT IN ( "; |
632 | + $SQL .= " SELECT user.UserID "; |
633 | + $SQL .= " FROM `user` "; |
634 | + $SQL .= " INNER JOIN lkusergroup "; |
635 | + $SQL .= " ON lkusergroup.UserID = user.UserID "; |
636 | + $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); |
637 | + $SQL .= " )"; |
638 | + |
639 | + if(!$resultOut = $db->query($SQL)) |
640 | + { |
641 | + trigger_error($db->error()); |
642 | + trigger_error(__('Error getting Users'), E_USER_ERROR); |
643 | + } |
644 | + |
645 | + // Now we have an IN and an OUT results object which we can use to build our lists |
646 | + $listIn = '<ul id="usersIn" href="index.php?p=group&q=SetMembers&GroupID=' . $groupID . '" class="connectedSortable">'; |
647 | + |
648 | + while($row = $db->get_assoc_row($resultIn)) |
649 | + { |
650 | + // For each item output a LI |
651 | + $userID = Kit::ValidateParam($row['UserID'], _INT); |
652 | + $userName = Kit::ValidateParam($row['UserName'], _STRING); |
653 | + |
654 | + $listIn .= '<li id="UserID_' . $userID . '"class="li-sortable">' . $userName . '</li>'; |
655 | + } |
656 | + $listIn .= '</ul>'; |
657 | + |
658 | + $listOut = '<ul id="usersOut" class="connectedSortable">'; |
659 | + |
660 | + while($row = $db->get_assoc_row($resultOut)) |
661 | + { |
662 | + // For each item output a LI |
663 | + $userID = Kit::ValidateParam($row['UserID'], _INT); |
664 | + $userName = Kit::ValidateParam($row['UserName'], _STRING); |
665 | + |
666 | + $listOut .= '<li id="UserID_' . $userID . '" class="li-sortable">' . $userName . '</li>'; |
667 | + } |
668 | + $listOut .= '</ul>'; |
669 | + |
670 | + // Build the final form. |
671 | + $form = '<div class="connectedlist"><h3>Members</h3>' . $listIn . '</div><div class="connectedlist"><h3>Non-members</h3>' . $listOut . '</div>'; |
672 | + |
673 | + $response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'ManageMembersCallBack'); |
674 | + $response->AddButton(__('Help'), "XiboHelpRender('index.php?p=help&q=Display&Topic=Users&Category=Groups')"); |
675 | + $response->AddButton(__('Cancel'), 'XiboDialogClose()'); |
676 | + $response->AddButton(__('Save'), 'MembersSubmit()'); |
677 | + $response->Respond(); |
678 | + } |
679 | + |
680 | + /** |
681 | + * Sets the Members of a group |
682 | + * @return |
683 | + */ |
684 | + public function SetMembers() |
685 | + { |
686 | + $db =& $this->db; |
687 | + $response = new ResponseManager(); |
688 | + $groupObject = new UserGroup($db); |
689 | + |
690 | + $groupID = Kit::GetParam('GroupID', _REQUEST, _INT); |
691 | + $users = Kit::GetParam('UserID', _POST, _ARRAY, array()); |
692 | + $members = array(); |
693 | + |
694 | + // Users in group |
695 | + $SQL = ""; |
696 | + $SQL .= "SELECT user.UserID, "; |
697 | + $SQL .= " user.UserName "; |
698 | + $SQL .= "FROM `user` "; |
699 | + $SQL .= " INNER JOIN lkusergroup "; |
700 | + $SQL .= " ON lkusergroup.UserID = user.UserID "; |
701 | + $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); |
702 | + |
703 | + if(!$resultIn = $db->query($SQL)) |
704 | + { |
705 | + trigger_error($db->error()); |
706 | + trigger_error(__('Error getting Users')); |
707 | + } |
708 | + |
709 | + while($row = $db->get_assoc_row($resultIn)) |
710 | + { |
711 | + // Test whether this ID is in the array or not |
712 | + $userID = Kit::ValidateParam($row['UserID'], _INT); |
713 | + |
714 | + if(!in_array($userID, $users)) |
715 | + { |
716 | + // Its currently assigned but not in the $displays array |
717 | + // so we unassign |
718 | + if (!$groupObject->Unlink($groupID, $userID)) |
719 | + { |
720 | + trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); |
721 | + } |
722 | + } |
723 | + else |
724 | + { |
725 | + $members[] = $userID; |
726 | + } |
727 | + } |
728 | + |
729 | + foreach($users as $userID) |
730 | + { |
731 | + // Add any that are missing |
732 | + if(!in_array($userID, $members)) |
733 | + { |
734 | + if (!$groupObject->Link($groupID, $userID)) |
735 | + { |
736 | + trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); |
737 | + } |
738 | + } |
739 | + } |
740 | + |
741 | + $response->SetFormSubmitResponse(__('Group membership set'), false); |
742 | + $response->Respond(); |
743 | + } |
744 | } |
745 | ?> |
746 | \ No newline at end of file |
747 | |
748 | === modified file 'server/lib/pages/schedule.class.php' |
749 | --- server/lib/pages/schedule.class.php 2009-10-28 20:03:37 +0000 |
750 | +++ server/lib/pages/schedule.class.php 2009-12-28 14:14:15 +0000 |
751 | @@ -1073,6 +1073,7 @@ |
752 | |
753 | $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y'))); |
754 | $dateText = date("d/m/Y", $date); |
755 | + $hiddenDateText = date("m/d/Y", $date); |
756 | $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY); |
757 | |
758 | // need to do some user checking here |
759 | @@ -1087,7 +1088,7 @@ |
760 | |
761 | $form = <<<END |
762 | <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post"> |
763 | - <input type="hidden" id="fromdt" name="fromdt" value="" /> |
764 | + <input type="hidden" id="fromdt" name="fromdt" value="$hiddenDateText" /> |
765 | <input type="hidden" id="todt" name="todt" value="" /> |
766 | <input type="hidden" id="rectodt" name="rectodt" value="" /> |
767 | <table style="width:100%;"> |
768 | |
769 | === modified file 'server/lib/pages/user.class.php' |
770 | --- server/lib/pages/user.class.php 2009-10-28 21:28:04 +0000 |
771 | +++ server/lib/pages/user.class.php 2009-12-28 14:14:15 +0000 |
772 | @@ -26,15 +26,6 @@ |
773 | private $user; |
774 | private $sub_page; |
775 | |
776 | - //database fields |
777 | - private $userid; |
778 | - private $username; |
779 | - private $password; |
780 | - private $usertypeid; |
781 | - private $email; |
782 | - private $homepage; |
783 | - private $groupid; |
784 | - |
785 | /** |
786 | * Contructor |
787 | * |
788 | @@ -43,33 +34,11 @@ |
789 | */ |
790 | function __construct(database $db, user $user) |
791 | { |
792 | - $this->db =& $db; |
793 | - $this->user =& $user; |
794 | - |
795 | - $this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view'); |
796 | - $userid = Kit::GetParam('userID', _REQUEST, _INT, 0); |
797 | - |
798 | - if($userid != 0) |
799 | - { |
800 | - $this->sub_page = "edit"; |
801 | - |
802 | - $this->userid = $userid; |
803 | - |
804 | - $sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user"; |
805 | - $sql .= sprintf(" WHERE userID = %d", $userid); |
806 | - |
807 | - if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR); |
808 | - |
809 | - while($aRow = $db->get_row($results)) |
810 | - { |
811 | - $this->username = Kit::ValidateParam($aRow[0], _USERNAME); |
812 | - $this->password = Kit::ValidateParam($aRow[1], _PASSWORD); |
813 | - $this->usertypeid = Kit::ValidateParam($aRow[2], _INT); |
814 | - $this->email = Kit::ValidateParam($aRow[3], _STRING); |
815 | - $this->groupid = Kit::ValidateParam($aRow[4], _INT); |
816 | - $this->homepage = Kit::ValidateParam($aRow[5], _STRING); |
817 | - } |
818 | - } |
819 | + $this->db =& $db; |
820 | + $this->user =& $user; |
821 | + |
822 | + // Include the group data classes |
823 | + include_once('lib/data/usergroup.data.class.php'); |
824 | } |
825 | |
826 | function on_page_load() |
827 | @@ -90,61 +59,77 @@ |
828 | */ |
829 | function AddUser () |
830 | { |
831 | - $db =& $this->db; |
832 | - $response = new ResponseManager(); |
833 | - |
834 | - $user = Kit::GetParam('username', _POST, _USERNAME); |
835 | - $password = md5(Kit::GetParam('password', _POST, _USERNAME)); |
836 | - $usertypeid = Kit::GetParam('usertypeid', _POST, _INT); |
837 | - $email = Kit::GetParam('email', _POST, _STRING); |
838 | - $groupid = Kit::GetParam('groupid', _POST, _INT); |
839 | - |
840 | - // Construct the Homepage |
841 | - $homepage = "dashboard"; |
842 | - |
843 | - // Validation |
844 | - if ($user=="") |
845 | - { |
846 | - trigger_error("Please enter a User Name.", E_USER_ERROR); |
847 | - } |
848 | - if ($password=="") |
849 | - { |
850 | - trigger_error("Please enter a Password.", E_USER_ERROR); |
851 | - } |
852 | - if ($email == "") |
853 | - { |
854 | - trigger_error("Please enter an Email Address.", E_USER_ERROR); |
855 | - } |
856 | - |
857 | - if ($homepage == "") $homepage = "dashboard"; |
858 | - |
859 | - //Check for duplicate user name |
860 | - $sqlcheck = " "; |
861 | - $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user)); |
862 | - |
863 | - if(!$sqlcheckresult = $db->query($sqlcheck)) |
864 | - { |
865 | - trigger_error($db->error()); |
866 | - trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); |
867 | - } |
868 | - |
869 | - if($db->num_rows($sqlcheckresult) != 0) |
870 | - { |
871 | - trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); |
872 | - } |
873 | - |
874 | - //Ready to enter the user into the database |
875 | - $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)"; |
876 | - $query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)"; |
877 | - |
878 | - if(!$id = $db->insert_query($query)) |
879 | - { |
880 | - trigger_error($db->error()); |
881 | - trigger_error("Error adding that user", E_USER_ERROR); |
882 | - } |
883 | - |
884 | - $response->SetFormSubmitResponse('User Saved.'); |
885 | - $response->Respond(); |
886 | + $db =& $this->db; |
887 | + $response = new ResponseManager(); |
888 | + |
889 | + $username = Kit::GetParam('username', _POST, _STRING); |
890 | + $password = Kit::GetParam('password', _POST, _STRING); |
891 | + $password = md5($password); |
892 | + $email = Kit::GetParam('email', _POST, _STRING); |
893 | + $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0); |
894 | + $homepage = Kit::GetParam('homepage', _POST, _STRING); |
895 | + $pass_change = isset($_POST['pass_change']); |
896 | + |
897 | + // Construct the Homepage |
898 | + $homepage = "dashboard"; |
899 | + |
900 | + // Validation |
901 | + if ($username=="") |
902 | + { |
903 | + trigger_error("Please enter a User Name.", E_USER_ERROR); |
904 | + } |
905 | + if ($password=="") |
906 | + { |
907 | + trigger_error("Please enter a Password.", E_USER_ERROR); |
908 | + } |
909 | + if ($email == "") |
910 | + { |
911 | + trigger_error("Please enter an Email Address.", E_USER_ERROR); |
912 | + } |
913 | + |
914 | + if ($homepage == "") $homepage = "dashboard"; |
915 | + |
916 | + //Check for duplicate user name |
917 | + $sqlcheck = " "; |
918 | + $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($username)); |
919 | + |
920 | + if(!$sqlcheckresult = $db->query($sqlcheck)) |
921 | + { |
922 | + trigger_error($db->error()); |
923 | + trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); |
924 | + } |
925 | + |
926 | + if($db->num_rows($sqlcheckresult) != 0) |
927 | + { |
928 | + trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); |
929 | + } |
930 | + |
931 | + //Ready to enter the user into the database |
932 | + $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)"; |
933 | + $query .= " VALUES ('$username', '$password', $usertypeid, '$email', '$homepage')"; |
934 | + |
935 | + if(!$id = $db->insert_query($query)) |
936 | + { |
937 | + trigger_error($db->error()); |
938 | + trigger_error("Error adding that user", E_USER_ERROR); |
939 | + } |
940 | + |
941 | + // Add the user group |
942 | + $userGroupObject = new UserGroup($db); |
943 | + |
944 | + if (!$groupID = $userGroupObject->Add($username, 1)) |
945 | + { |
946 | + // We really want to delete the new user... |
947 | + //TODO: Delete the new user |
948 | + |
949 | + // And then error |
950 | + trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
951 | + } |
952 | + |
953 | + $userGroupObject->Link($groupID, $id); |
954 | + |
955 | + $response->SetFormSubmitResponse('User Saved.'); |
956 | + $response->Respond(); |
957 | } |
958 | |
959 | /** |
960 | @@ -154,79 +139,90 @@ |
961 | */ |
962 | function EditUser() |
963 | { |
964 | - $db =& $this->db; |
965 | - $response = new ResponseManager(); |
966 | - |
967 | - $error = ""; |
968 | - |
969 | - $userID = Kit::GetParam('userid', _POST, _INT, 0); |
970 | - $username = $_POST['username']; |
971 | - $password = md5($_POST['password']); |
972 | - $email = $_POST['email']; |
973 | - $usertypeid = $_POST['usertypeid']; |
974 | - $homepage = $_POST['homepage']; |
975 | - $groupid = $_POST['groupid']; |
976 | - $pass_change = isset($_POST['pass_change']); |
977 | - |
978 | - // Validation |
979 | - if ($username == "") |
980 | - { |
981 | - trigger_error("Please enter a User Name.", E_USER_ERROR); |
982 | - } |
983 | - if ($password == "") |
984 | - { |
985 | - trigger_error("Please enter a Password.", E_USER_ERROR); |
986 | - } |
987 | - if ($email == "") |
988 | - { |
989 | - trigger_error("Please enter an Email Address.", E_USER_ERROR); |
990 | - } |
991 | - |
992 | - if ($homepage == "") $homepage = "dashboard"; |
993 | - |
994 | - //Check for duplicate user name |
995 | - $sqlcheck = " "; |
996 | - $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID "; |
997 | - |
998 | - if (!$sqlcheckresult = $db->query($sqlcheck)) |
999 | - { |
1000 | - trigger_error($db->error()); |
1001 | - trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); |
1002 | - } |
1003 | - |
1004 | - if ($db->num_rows($sqlcheckresult) != 0) |
1005 | - { |
1006 | - trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); |
1007 | - } |
1008 | - |
1009 | - //Everything is ok - run the update |
1010 | - $sql = "UPDATE user SET UserName = '$username'"; |
1011 | - if ($pass_change) |
1012 | - { |
1013 | - $sql .= ", UserPassword = '$password'"; |
1014 | - } |
1015 | - |
1016 | - $sql .= ", email = '$email' "; |
1017 | - if ($homepage == 'dashboard') |
1018 | - { |
1019 | - //acts as a reset |
1020 | - $sql .= ", homepage='$homepage' "; |
1021 | - } |
1022 | - |
1023 | - if ($usertypeid != "") |
1024 | - { |
1025 | - $sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid "; |
1026 | - } |
1027 | - $sql .= " WHERE UserID = ". $userID . ""; |
1028 | - |
1029 | - if (!$db->query($sql)) |
1030 | - { |
1031 | - trigger_error($db->error()); |
1032 | - trigger_error("Error updating that user", E_USER_ERROR); |
1033 | - } |
1034 | - |
1035 | - $response->SetFormSubmitResponse('User Saved.'); |
1036 | - $response->Respond(); |
1037 | + $db =& $this->db; |
1038 | + $response = new ResponseManager(); |
1039 | + |
1040 | + $userID = Kit::GetParam('userid', _POST, _INT, 0); |
1041 | + $username = Kit::GetParam('username', _POST, _STRING); |
1042 | + $password = Kit::GetParam('password', _POST, _STRING); |
1043 | + $password = md5($password); |
1044 | + $email = Kit::GetParam('email', _POST, _STRING); |
1045 | + $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0); |
1046 | + $homepage = Kit::GetParam('homepage', _POST, _STRING); |
1047 | + $pass_change = isset($_POST['pass_change']); |
1048 | + |
1049 | + // Validation |
1050 | + if ($username == "") |
1051 | + { |
1052 | + trigger_error("Please enter a User Name.", E_USER_ERROR); |
1053 | + } |
1054 | + if ($password == "") |
1055 | + { |
1056 | + trigger_error("Please enter a Password.", E_USER_ERROR); |
1057 | + } |
1058 | + if ($email == "") |
1059 | + { |
1060 | + trigger_error("Please enter an Email Address.", E_USER_ERROR); |
1061 | + } |
1062 | + |
1063 | + if ($homepage == "") $homepage = "dashboard"; |
1064 | + |
1065 | + //Check for duplicate user name |
1066 | + $sqlcheck = " "; |
1067 | + $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID "; |
1068 | + |
1069 | + if (!$sqlcheckresult = $db->query($sqlcheck)) |
1070 | + { |
1071 | + trigger_error($db->error()); |
1072 | + trigger_error(__("Cant get this user's name. Please try another."), E_USER_ERROR); |
1073 | + } |
1074 | + |
1075 | + if ($db->num_rows($sqlcheckresult) != 0) |
1076 | + { |
1077 | + trigger_error(__("Could Not Complete, Duplicate User Name Exists"), E_USER_ERROR); |
1078 | + } |
1079 | + |
1080 | + //Everything is ok - run the update |
1081 | + $sql = "UPDATE user SET UserName = '$username'"; |
1082 | + if ($pass_change) |
1083 | + { |
1084 | + $sql .= ", UserPassword = '$password'"; |
1085 | + } |
1086 | + |
1087 | + $sql .= ", email = '$email' "; |
1088 | + if ($homepage == 'dashboard') |
1089 | + { |
1090 | + //acts as a reset |
1091 | + $sql .= ", homepage='$homepage' "; |
1092 | + } |
1093 | + |
1094 | + if ($usertypeid != "") |
1095 | + { |
1096 | + $sql .= ", usertypeid = " . $usertypeid; |
1097 | + } |
1098 | + |
1099 | + $sql .= " WHERE UserID = ". $userID . ""; |
1100 | + |
1101 | + if (!$db->query($sql)) |
1102 | + { |
1103 | + trigger_error($db->error()); |
1104 | + trigger_error("Error updating that user", E_USER_ERROR); |
1105 | + } |
1106 | + |
1107 | + // Update the group to follow suit |
1108 | + $userGroupObject = new UserGroup($db); |
1109 | + |
1110 | + if (!$userGroupObject->EditUserGroup($userID, $username)) |
1111 | + { |
1112 | + // We really want to delete the new user... |
1113 | + //TODO: Delete the new user |
1114 | + |
1115 | + // And then error |
1116 | + trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
1117 | + } |
1118 | + |
1119 | + $response->SetFormSubmitResponse('User Saved.'); |
1120 | + $response->Respond(); |
1121 | } |
1122 | |
1123 | /** |
1124 | @@ -237,30 +233,44 @@ |
1125 | */ |
1126 | function DeleteUser() |
1127 | { |
1128 | - $db =& $this->db; |
1129 | - $response = new ResponseManager(); |
1130 | - $userid = Kit::GetParam('userid', _POST, _INT, 0); |
1131 | - |
1132 | - $sqldel = "DELETE FROM user"; |
1133 | - $sqldel .= " WHERE UserID = ". $userid . ""; |
1134 | - |
1135 | - if (!$db->query($sqldel)) |
1136 | - { |
1137 | - trigger_error($db->error()); |
1138 | - trigger_error("This user has been active, you may only retire them.", E_USER_ERROR); |
1139 | - } |
1140 | - |
1141 | - // We should delete this users sessions record. |
1142 | - $SQL = "DELETE FROM session WHERE userID = $userid "; |
1143 | - |
1144 | - if (!$db->query($sqldel)) |
1145 | - { |
1146 | - trigger_error($db->error()); |
1147 | - trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR); |
1148 | - } |
1149 | - |
1150 | - $response->SetFormSubmitResponse('User Deleted.'); |
1151 | - $response->Respond(); |
1152 | + $db =& $this->db; |
1153 | + $user =& $this->user; |
1154 | + |
1155 | + $response = new ResponseManager(); |
1156 | + $userid = Kit::GetParam('userid', _POST, _INT, 0); |
1157 | + $groupID = $user->getGroupFromID($userid, true); |
1158 | + |
1159 | + // Firstly delete the group for this user |
1160 | + $userGroupObject = new UserGroup($db); |
1161 | + |
1162 | + $userGroupObject->Unlink($groupID, $userid); |
1163 | + |
1164 | + if (!$userGroupObject->Delete($groupID)) |
1165 | + { |
1166 | + trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
1167 | + } |
1168 | + |
1169 | + // Delete the user |
1170 | + $sqldel = "DELETE FROM user"; |
1171 | + $sqldel .= " WHERE UserID = ". $userid . ""; |
1172 | + |
1173 | + if (!$db->query($sqldel)) |
1174 | + { |
1175 | + trigger_error($db->error()); |
1176 | + trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR); |
1177 | + } |
1178 | + |
1179 | + // We should delete this users sessions record. |
1180 | + $SQL = "DELETE FROM session WHERE userID = $userid "; |
1181 | + |
1182 | + if (!$db->query($sqldel)) |
1183 | + { |
1184 | + trigger_error($db->error()); |
1185 | + trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR); |
1186 | + } |
1187 | + |
1188 | + $response->SetFormSubmitResponse(__('User Deleted.')); |
1189 | + $response->Respond(); |
1190 | } |
1191 | |
1192 | /** |
1193 | @@ -276,21 +286,20 @@ |
1194 | $itemName = $_REQUEST['usertypeid']; |
1195 | $username = $_REQUEST['username']; |
1196 | |
1197 | - $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group "; |
1198 | + $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage "; |
1199 | $sql .= " FROM user "; |
1200 | - $sql .= " INNER JOIN `group` ON user.groupid = group.groupID "; |
1201 | $sql .= " WHERE 1=1 "; |
1202 | if ($_SESSION['usertype']==3) |
1203 | { |
1204 | - $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " "; |
1205 | + $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " "; |
1206 | } |
1207 | if($itemName!="all") |
1208 | { |
1209 | - $sql .= " AND usertypeid=\"" . $itemName . "\""; |
1210 | + $sql .= " AND usertypeid=\"" . $itemName . "\""; |
1211 | } |
1212 | if ($username != "") |
1213 | { |
1214 | - $sql .= " AND UserName LIKE '%$username%' "; |
1215 | + $sql .= " AND UserName LIKE '%$username%' "; |
1216 | } |
1217 | $sql .= " ORDER by UserName"; |
1218 | |
1219 | @@ -310,7 +319,6 @@ |
1220 | <th>Homepage</th> |
1221 | <th>Layout</th> |
1222 | <th>Email</th> |
1223 | - <th>Group</th> |
1224 | <th>Action</th> |
1225 | </tr> |
1226 | </thead> |
1227 | @@ -321,12 +329,12 @@ |
1228 | { |
1229 | $userID = $aRow[0]; |
1230 | $userName = $aRow[1]; |
1231 | - $usertypeid = $aRow[2]; |
1232 | + $usertypeid = $aRow[2]; |
1233 | $loggedin = $aRow[3]; |
1234 | - $lastaccessed = $aRow[4]; |
1235 | + $lastaccessed = $aRow[4]; |
1236 | $email = $aRow[5]; |
1237 | $homepage = $aRow[6]; |
1238 | - $group = $aRow[7]; |
1239 | + $groupid = $user->getGroupFromID($userID, true); |
1240 | |
1241 | if($loggedin==1) |
1242 | { |
1243 | @@ -372,18 +380,19 @@ |
1244 | $table .= "<td>" . $homepageArray[0] . "</td>"; |
1245 | $table .= "<td>" . $layout . "</td>"; |
1246 | $table .= "<td>" . $email . "</td>"; |
1247 | - $table .= "<td>" . $group . "</td>"; |
1248 | $table .= "<td>"; |
1249 | |
1250 | if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid'])) |
1251 | { |
1252 | - $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>'; |
1253 | - $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>'; |
1254 | - } |
1255 | - else |
1256 | - { |
1257 | - $table .= "</td>"; |
1258 | - } |
1259 | + $msgPageSec = __('Page Security'); |
1260 | + $msgMenuSec = __('Menu Security'); |
1261 | + |
1262 | + $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>'; |
1263 | + $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button>'; |
1264 | + $table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>'; |
1265 | + $table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>'; |
1266 | + } |
1267 | + $table .= "</td>"; |
1268 | $table .= "</tr>"; |
1269 | } |
1270 | $table .= "</tbody></table></div>"; |
1271 | @@ -398,18 +407,8 @@ |
1272 | */ |
1273 | function displayPage() |
1274 | { |
1275 | - $db =& $this->db; |
1276 | - |
1277 | - switch ($this->sub_page) |
1278 | - { |
1279 | - |
1280 | - case 'view': |
1281 | - include('template/pages/user_view.php'); |
1282 | - break; |
1283 | - |
1284 | - default: |
1285 | - break; |
1286 | - } |
1287 | + $db =& $this->db; |
1288 | + include('template/pages/user_view.php'); |
1289 | } |
1290 | |
1291 | /** |
1292 | @@ -454,140 +453,148 @@ |
1293 | } |
1294 | |
1295 | /** |
1296 | - * Displays the Add user form (from Ajax) |
1297 | + * Displays the User form (from Ajax) |
1298 | * @return |
1299 | */ |
1300 | function DisplayForm() |
1301 | { |
1302 | - $db =& $this->db; |
1303 | - $user =& $this->user; |
1304 | - $response = new ResponseManager(); |
1305 | - |
1306 | - $helpManager = new HelpManager($db, $user); |
1307 | - |
1308 | - //ajax request handler |
1309 | - |
1310 | - $userid = $this->userid; |
1311 | - $username = $this->username; |
1312 | - $password = $this->password; |
1313 | - $usertypeid = $this->usertypeid; |
1314 | - $email = $this->email; |
1315 | - $homepage = $this->homepage; |
1316 | - $groupid = $this->groupid; |
1317 | - |
1318 | - // Help UI |
1319 | - $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true); |
1320 | - $passHelp = $helpManager->HelpIcon("The Password for this user.", true); |
1321 | - $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true); |
1322 | - $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true); |
1323 | - $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true); |
1324 | - $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true); |
1325 | - $groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true); |
1326 | - |
1327 | - $homepageOption = ''; |
1328 | - $override_option = ''; |
1329 | - |
1330 | - //What form are we displaying |
1331 | - if ($userid == "") |
1332 | - { |
1333 | - //add form |
1334 | - $action = "index.php?p=user&q=AddUser"; |
1335 | - } |
1336 | - else |
1337 | - { |
1338 | - //edit form |
1339 | - $action = "index.php?p=user&q=EditUser"; |
1340 | - |
1341 | - //split the homepage into its component parts (if it needs to be) |
1342 | - if (strpos($homepage,'&') !== false) |
1343 | - { |
1344 | - $homepage = substr($homepage, 0, strpos($homepage,'&')); |
1345 | - } |
1346 | - |
1347 | - //make the homepage dropdown |
1348 | - $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage); |
1349 | - |
1350 | - $homepageOption = <<<END |
1351 | - <tr> |
1352 | - <td><label for="homepage">Homepage<span class="required">*</span></label></td> |
1353 | - <td>$homepageHelp $homepage_list</td> |
1354 | - </tr> |
1355 | + $db =& $this->db; |
1356 | + $user =& $this->user; |
1357 | + $response = new ResponseManager(); |
1358 | + $helpManager = new HelpManager($db, $user); |
1359 | + |
1360 | + $userid = Kit::GetParam('userID', _GET, _INT); |
1361 | + |
1362 | + $SQL = ""; |
1363 | + $SQL .= "SELECT UserName , "; |
1364 | + $SQL .= " UserPassword, "; |
1365 | + $SQL .= " usertypeid , "; |
1366 | + $SQL .= " email , "; |
1367 | + $SQL .= " homepage "; |
1368 | + $SQL .= "FROM `user`"; |
1369 | + $SQL .= sprintf(" WHERE userID = %d", $userid); |
1370 | + |
1371 | + if(!$results = $db->query($SQL)) |
1372 | + { |
1373 | + trigger_error($db->error()); |
1374 | + trigger_error(__('Error getting user information.'), E_USER_ERROR); |
1375 | + } |
1376 | + |
1377 | + while($aRow = $db->get_row($results)) |
1378 | + { |
1379 | + $username = Kit::ValidateParam($aRow[0], _USERNAME); |
1380 | + $password = Kit::ValidateParam($aRow[1], _PASSWORD); |
1381 | + $usertypeid = Kit::ValidateParam($aRow[2], _INT); |
1382 | + $email = Kit::ValidateParam($aRow[3], _STRING); |
1383 | + $homepage = Kit::ValidateParam($aRow[4], _STRING); |
1384 | + } |
1385 | + |
1386 | + // Help UI |
1387 | + $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true); |
1388 | + $passHelp = $helpManager->HelpIcon("The Password for this user.", true); |
1389 | + $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true); |
1390 | + $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true); |
1391 | + $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true); |
1392 | + $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true); |
1393 | + |
1394 | + $homepageOption = ''; |
1395 | + $override_option = ''; |
1396 | + |
1397 | + //What form are we displaying |
1398 | + if ($userid == "") |
1399 | + { |
1400 | + //add form |
1401 | + $action = "index.php?p=user&q=AddUser"; |
1402 | + } |
1403 | + else |
1404 | + { |
1405 | + //edit form |
1406 | + $action = "index.php?p=user&q=EditUser"; |
1407 | + |
1408 | + //split the homepage into its component parts (if it needs to be) |
1409 | + if (strpos($homepage,'&') !== false) |
1410 | + { |
1411 | + $homepage = substr($homepage, 0, strpos($homepage,'&')); |
1412 | + } |
1413 | + |
1414 | + //make the homepage dropdown |
1415 | + $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage); |
1416 | + |
1417 | + $homepageOption = <<<END |
1418 | + <tr> |
1419 | + <td><label for="homepage">Homepage<span class="required">*</span></label></td> |
1420 | + <td>$homepageHelp $homepage_list</td> |
1421 | + </tr> |
1422 | END; |
1423 | - |
1424 | - $override_option = <<<FORM |
1425 | - <td>Override Password?</td> |
1426 | - <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td> |
1427 | + |
1428 | + $override_option = <<<FORM |
1429 | + <td>Override Password?</td> |
1430 | + <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td> |
1431 | FORM; |
1432 | - } |
1433 | - |
1434 | - //get us the user type if we dont have it (for the default value) |
1435 | - if($usertypeid=="") |
1436 | - { |
1437 | - $usertype = Config::GetSetting($db,"defaultUsertype"); |
1438 | - |
1439 | - $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'"; |
1440 | - if(!$results = $db->query($SQL)) |
1441 | - { |
1442 | - trigger_error($db->error()); |
1443 | - trigger_error("Can not get Usertype information", E_USER_ERROR); |
1444 | - } |
1445 | - $row = $db->get_row($results); |
1446 | - $usertypeid = $row['0']; |
1447 | - } |
1448 | - |
1449 | - //group list |
1450 | - $group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid); |
1451 | - |
1452 | - if ($_SESSION['usertype']==1) |
1453 | - { |
1454 | - //usertype list |
1455 | - $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid); |
1456 | - |
1457 | - $usertypeOption = <<<END |
1458 | - <tr> |
1459 | - <td><label for="usertypeid">User Type <span class="required">*</span></label></td> |
1460 | - <td>$usertypeHelp $usertype_list</td> |
1461 | - </tr> |
1462 | - <tr> |
1463 | - <td><label for="groupid">Group <span class="required">*</span></label></td> |
1464 | - <td>$groupHelp $group_list</td> |
1465 | - </tr> |
1466 | -END; |
1467 | - } |
1468 | - else |
1469 | - { |
1470 | - $usertypeOption = ""; |
1471 | - } |
1472 | - |
1473 | - |
1474 | - $form = <<<END |
1475 | - <form id="UserForm" class="XiboForm" method='post' action='$action'> |
1476 | - <input type='hidden' name='userid' value='$userid'> |
1477 | - <table> |
1478 | - <tr> |
1479 | - <td><label for="username">User Name<span class="required">*</span></label></td> |
1480 | - <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td> |
1481 | - </tr> |
1482 | - <tr> |
1483 | - <td><label for="password">Password<span class="required">*</span></label></td> |
1484 | - <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td> |
1485 | - $override_option |
1486 | - </tr> |
1487 | - <tr> |
1488 | - <td><label for="email">Email Address<span class="required">*</span></label></td> |
1489 | - <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td> |
1490 | - </tr> |
1491 | - $homepageOption |
1492 | - $usertypeOption |
1493 | - </table> |
1494 | - </form> |
1495 | -END; |
1496 | - |
1497 | - $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px'); |
1498 | - $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")'); |
1499 | - $response->AddButton(__('Cancel'), 'XiboDialogClose()'); |
1500 | - $response->AddButton(__('Save'), '$("#UserForm").submit()'); |
1501 | - $response->Respond(); |
1502 | + } |
1503 | + |
1504 | + //get us the user type if we dont have it (for the default value) |
1505 | + if($usertypeid=="") |
1506 | + { |
1507 | + $usertype = Config::GetSetting($db,"defaultUsertype"); |
1508 | + |
1509 | + $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'"; |
1510 | + if(!$results = $db->query($SQL)) |
1511 | + { |
1512 | + trigger_error($db->error()); |
1513 | + trigger_error("Can not get Usertype information", E_USER_ERROR); |
1514 | + } |
1515 | + $row = $db->get_row($results); |
1516 | + $usertypeid = $row['0']; |
1517 | + } |
1518 | + |
1519 | + |
1520 | + if ($_SESSION['usertype']==1) |
1521 | + { |
1522 | + //usertype list |
1523 | + $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid); |
1524 | + |
1525 | + $usertypeOption = <<<END |
1526 | + <tr> |
1527 | + <td><label for="usertypeid">User Type <span class="required">*</span></label></td> |
1528 | + <td>$usertypeHelp $usertype_list</td> |
1529 | + </tr> |
1530 | +END; |
1531 | + } |
1532 | + else |
1533 | + { |
1534 | + $usertypeOption = ""; |
1535 | + } |
1536 | + |
1537 | + |
1538 | + $form = <<<END |
1539 | + <form id="UserForm" class="XiboForm" method='post' action='$action'> |
1540 | + <input type='hidden' name='userid' value='$userid'> |
1541 | + <table> |
1542 | + <tr> |
1543 | + <td><label for="username">User Name<span class="required">*</span></label></td> |
1544 | + <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td> |
1545 | + </tr> |
1546 | + <tr> |
1547 | + <td><label for="password">Password<span class="required">*</span></label></td> |
1548 | + <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td> |
1549 | + $override_option |
1550 | + </tr> |
1551 | + <tr> |
1552 | + <td><label for="email">Email Address<span class="required email">*</span></label></td> |
1553 | + <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td> |
1554 | + </tr> |
1555 | + $homepageOption |
1556 | + $usertypeOption |
1557 | + </table> |
1558 | + </form> |
1559 | +END; |
1560 | + |
1561 | + $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px'); |
1562 | + $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")'); |
1563 | + $response->AddButton(__('Cancel'), 'XiboDialogClose()'); |
1564 | + $response->AddButton(__('Save'), '$("#UserForm").submit()'); |
1565 | + $response->Respond(); |
1566 | } |
1567 | |
1568 | /** |
1569 | |
1570 | === modified file 'server/modules/module_user_general.php' |
1571 | --- server/modules/module_user_general.php 2009-10-28 21:28:04 +0000 |
1572 | +++ server/modules/module_user_general.php 2009-12-28 14:14:15 +0000 |
1573 | @@ -93,7 +93,7 @@ |
1574 | $db =& $this->db; |
1575 | global $session; |
1576 | |
1577 | - $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid, groupID FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password)); |
1578 | + $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password)); |
1579 | |
1580 | if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR); |
1581 | |
1582 | @@ -114,7 +114,6 @@ |
1583 | $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT); |
1584 | $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME); |
1585 | $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT); |
1586 | - $_SESSION['groupid'] = Kit::ValidateParam($results[4], _INT); |
1587 | |
1588 | $this->usertypeid = $_SESSION['usertype']; |
1589 | $this->userid = $_SESSION['userid']; |
1590 | @@ -230,32 +229,52 @@ |
1591 | |
1592 | function getGroupFromID($id, $returnID = false) |
1593 | { |
1594 | - $db =& $this->db; |
1595 | - |
1596 | - $SQL = sprintf("SELECT group.group, group.groupID FROM user INNER JOIN `group` ON group.groupID = user.groupID WHERE userid = %d", $id); |
1597 | - |
1598 | - if(!$results = $db->query($SQL)) |
1599 | - { |
1600 | - trigger_error("Error looking up user information (group)"); |
1601 | - trigger_error($db->error()); |
1602 | - } |
1603 | - |
1604 | - if ($db->num_rows($results)==0) |
1605 | - { |
1606 | - if ($returnID) |
1607 | - { |
1608 | - return "1"; |
1609 | - } |
1610 | - return "Users"; |
1611 | - } |
1612 | - |
1613 | - $row = $db->get_row($results); |
1614 | - |
1615 | - if ($returnID) |
1616 | - { |
1617 | - return $row[1]; |
1618 | - } |
1619 | - return $row[0]; |
1620 | + $db =& $this->db; |
1621 | + |
1622 | + $SQL = ""; |
1623 | + $SQL .= "SELECT group.group, "; |
1624 | + $SQL .= " group.groupID "; |
1625 | + $SQL .= "FROM `user` "; |
1626 | + $SQL .= " INNER JOIN lkusergroup "; |
1627 | + $SQL .= " ON lkusergroup.UserID = user.UserID "; |
1628 | + $SQL .= " INNER JOIN `group` "; |
1629 | + $SQL .= " ON group.groupID = lkusergroup.GroupID "; |
1630 | + $SQL .= sprintf("WHERE `user`.userid = %d ", $id); |
1631 | + $SQL .= "AND `group`.IsUserSpecific = 1"; |
1632 | + |
1633 | + if(!$results = $db->query($SQL)) |
1634 | + { |
1635 | + trigger_error($db->error()); |
1636 | + trigger_error("Error looking up user information (group)", E_USER_ERROR); |
1637 | + } |
1638 | + |
1639 | + if ($db->num_rows($results) == 0) |
1640 | + { |
1641 | + // Every user should have a group? |
1642 | + // Add one in! |
1643 | + include_once('lib/data/usergroup.data.class.php'); |
1644 | + |
1645 | + $userGroupObject = new UserGroup($db); |
1646 | + if (!$groupID = $userGroupObject->Add('Unknown user id: ' . $id, 1)) |
1647 | + { |
1648 | + // Error |
1649 | + trigger_error(__('User does not have a group and Xibo is unable to add one.'), E_USER_ERROR); |
1650 | + } |
1651 | + |
1652 | + // Link the two |
1653 | + $userGroupObject->Link($groupID, $id); |
1654 | + |
1655 | + if ($returnID) return $groupID; |
1656 | + return 'Unknown'; |
1657 | + } |
1658 | + |
1659 | + $row = $db->get_row($results); |
1660 | + |
1661 | + if ($returnID) |
1662 | + { |
1663 | + return $row[1]; |
1664 | + } |
1665 | + return $row[0]; |
1666 | } |
1667 | |
1668 | function getUserTypeFromID($id, $returnID = false) |
1669 | @@ -426,7 +445,6 @@ |
1670 | $userid =& $this->userid; |
1671 | |
1672 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); |
1673 | - $groupid = $this->getGroupFromID($userid, true); |
1674 | |
1675 | // Check the security |
1676 | if ($usertype == 1) |
1677 | @@ -447,14 +465,16 @@ |
1678 | |
1679 | // we have access to only the pages assigned to this group |
1680 | $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid "; |
1681 | - $SQL .= sprintf(" WHERE lkpagegroup.groupid = %d AND pages.name = '%s' ", $groupid, $db->escape_string($page)); |
1682 | + $SQL .= " INNER JOIN lkusergroup "; |
1683 | + $SQL .= " ON lkpagegroup.groupID = lkusergroup.GroupID "; |
1684 | + $SQL .= sprintf(" WHERE lkusergroup.UserID = %d AND pages.name = '%s' ", $userid, $db->escape_string($page)); |
1685 | |
1686 | Debug::LogEntry($db, 'audit', $SQL); |
1687 | |
1688 | if (!$results = $db->query($SQL)) |
1689 | { |
1690 | trigger_error($db->error()); |
1691 | - trigger_error('Can not get the page security for this group [' . $groupid . '] and page [' . $page . ']'); |
1692 | + trigger_error('Can not get the page security for this user [' . $userid . '] and page [' . $page . ']'); |
1693 | } |
1694 | |
1695 | if ($db->num_rows($results) < 1) |
1696 | @@ -477,8 +497,7 @@ |
1697 | { |
1698 | $db =& $this->db; |
1699 | $userid =& $this->userid; |
1700 | - $usertypeid = Kit::GetParam('usertype', _SESSION, _INT); |
1701 | - $groupid = $this->getGroupFromID($userid, true); |
1702 | + $usertypeid = Kit::GetParam('usertype', _SESSION, _INT); |
1703 | |
1704 | Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid)); |
1705 | |
1706 | @@ -497,15 +516,17 @@ |
1707 | $SQL .= " ON pages.pageID = menuitem.PageID "; |
1708 | if ($usertypeid != 1) |
1709 | { |
1710 | - $SQL .= " INNER JOIN lkmenuitemgroup "; |
1711 | - $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID "; |
1712 | - $SQL .= " INNER JOIN `group` "; |
1713 | - $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID "; |
1714 | + $SQL .= " INNER JOIN lkmenuitemgroup "; |
1715 | + $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID "; |
1716 | + $SQL .= " INNER JOIN `group` "; |
1717 | + $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID "; |
1718 | + $SQL .= " INNER JOIN lkusergroup "; |
1719 | + $SQL .= " ON group.groupID = lkusergroup.GroupID "; |
1720 | } |
1721 | $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu)); |
1722 | if ($usertypeid != 1) |
1723 | { |
1724 | - $SQL .= sprintf(" AND group.groupid = %d", $groupid); |
1725 | + $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userid); |
1726 | } |
1727 | $SQL .= " ORDER BY menuitem.Sequence"; |
1728 | |
1729 | @@ -596,7 +617,6 @@ |
1730 | |
1731 | // Populate the array of display group ids we are authed against |
1732 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); |
1733 | - $groupid = $this->getGroupFromID($userid, true); |
1734 | |
1735 | $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific "; |
1736 | $SQL .= " FROM displaygroup "; |
1737 | @@ -607,10 +627,15 @@ |
1738 | if ($usertype != 1) |
1739 | { |
1740 | $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID "; |
1741 | - $SQL .= sprintf(" WHERE lkgroupdg.GroupID = %d ", $groupid); |
1742 | + $SQL .= " INNER JOIN lkusergroup ON lkgroupdg.GroupID = lkusergroup.GroupID "; |
1743 | } |
1744 | - |
1745 | + |
1746 | $SQL .= " WHERE display.licensed = 1 "; |
1747 | + |
1748 | + if ($usertype != 1) |
1749 | + { |
1750 | + $SQL .= sprintf(" AND lkusergroup.UserID = %d ", $userid); |
1751 | + } |
1752 | |
1753 | Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth'); |
1754 |