Xibo

Merge lp:~dangarner/xibo/110-server into lp:~xibo-maintainers/xibo/encke

  1. 110-server
  2. Merge into encke
Proposed by Dan Garner
Status: Merged
Merged at revision: not available
Proposed branch: lp:~dangarner/xibo/110-server
Merge into: lp:~xibo-maintainers/xibo/encke
Diff against target: 1753 lines (+962/-426)
11 files modified
server/install/database/20.php (+41/-0)
server/install/database/20.sql (+25/-0)
server/install/database/21.sql (+5/-0)
server/lib/data/usergroup.data.class.php (+259/-0)
server/lib/include.php (+9/-2)
server/lib/js/group.js (+27/-1)
server/lib/pages/displaygroup.class.php (+3/-3)
server/lib/pages/group.class.php (+173/-33)
server/lib/pages/schedule.class.php (+2/-1)
server/lib/pages/user.class.php (+352/-345)
server/modules/module_user_general.php (+66/-41)
To merge this branch: bzr merge lp:~dangarner/xibo/110-server
Reviewer Review Type Date Requested Status
Xibo Maintainters Pending
Review via email: mp+16620@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'server/install/database/20.php'
--- server/install/database/20.php 2009-10-14 18:15:10 +0000
+++ server/install/database/20.php 2009-12-28 14:14:15 +0000
@@ -36,6 +36,9 @@
36 // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs36 // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs
37 $this->UpdateSchedules();37 $this->UpdateSchedules();
3838
39 // Create groups for all current users
40 $this->UpdateUserGroups();
41
39 return true;42 return true;
40 }43 }
4144
@@ -129,5 +132,43 @@
129 }132 }
130 }133 }
131 }134 }
135
136 /**
137 * We need to update the user groups
138 */
139 private function UpdateUserGroups()
140 {
141 $db =& $this->db;
142
143 // Get all the current users in the system
144 $SQL = "SELECT UserID, groupID, UserName FROM `user`";
145
146 if (!$result = $db->query($SQL))
147 {
148 trigger_error("Error creating user groups", E_USER_ERROR);
149 }
150
151 while ($row = $db->get_assoc_row($result))
152 {
153 // For each display create a display group and link it to the display
154 $ugid = 0;
155 $userID = Kit::ValidateParam($row['UserID'], _INT);
156 $groupID = Kit::ValidateParam($row['groupID'], _INT);
157 $username = Kit::ValidateParam($row['UserName'], _STRING);
158
159 $ug = new UserGroup($db);
160
161 // For each one create a user specific group
162 if (!$ugId = $ug->Add($username, 1))
163 {
164 trigger_error("Error creating user groups", E_USER_ERROR);
165 }
166
167 // Link to the users own userspecific group and also to the one they were already on
168 $ug->Link($ugId, $userID);
169
170 $ug->Link($groupID, $userID);
171 }
172 }
132}173}
133?>174?>
134\ No newline at end of file175\ No newline at end of file
135176
=== modified file 'server/install/database/20.sql'
--- server/install/database/20.sql 2009-10-09 20:28:23 +0000
+++ server/install/database/20.sql 2009-12-28 14:14:15 +0000
@@ -147,6 +147,31 @@
147ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`;147ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`;
148ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`;148ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`;
149149
150
151/* Users and Groups */
152CREATE TABLE IF NOT EXISTS `lkusergroup` (
153 `LkUserGroupID` int(11) NOT NULL auto_increment,
154 `GroupID` int(11) NOT NULL,
155 `UserID` int(11) NOT NULL,
156 PRIMARY KEY (`LkUserGroupID`),
157 KEY `GroupID` (`GroupID`),
158 KEY `UserID` (`UserID`)
159) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
160
161/* Add the user specific flag to groups */
162ALTER TABLE `group` ADD `IsUserSpecific` TINYINT NOT NULL DEFAULT '0';
163
164
165/* Add contraints to the new table */
166ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `GroupID` ) REFERENCES `group` (
167`groupID`
168);
169
170ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `UserID` ) REFERENCES `user` (
171`UserID`
172);
173
174
150/* VERSION UPDATE */175/* VERSION UPDATE */
151/* Set the version table, etc */176/* Set the version table, etc */
152UPDATE `version` SET `app_ver` = '1.1.0';177UPDATE `version` SET `app_ver` = '1.1.0';
153178
=== modified file 'server/install/database/21.sql'
--- server/install/database/21.sql 2009-10-28 21:28:04 +0000
+++ server/install/database/21.sql 2009-12-28 14:14:15 +0000
@@ -8,6 +8,11 @@
8/* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */8/* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */
9ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;9ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
1010
11/* Remove the groupID from the user record. */
12ALTER TABLE `user` DROP FOREIGN KEY `user_ibfk_3` ;
13
14ALTER TABLE `user` DROP `groupID` ;
15
11/* VERSION UPDATE */16/* VERSION UPDATE */
12/* Set the version table, etc */17/* Set the version table, etc */
13UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE';18UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE';
1419
=== added file 'server/lib/data/usergroup.data.class.php'
--- server/lib/data/usergroup.data.class.php 1970-01-01 00:00:00 +0000
+++ server/lib/data/usergroup.data.class.php 2009-12-28 14:14:15 +0000
@@ -0,0 +1,259 @@
1<?php
2/*
3 * Xibo - Digitial Signage - http://www.xibo.org.uk
4 * Copyright (C) 2009 Daniel Garner
5 *
6 * This file is part of Xibo.
7 *
8 * Xibo is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * any later version.
12 *
13 * Xibo is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
20 */
21defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
22
23class UserGroup extends Data
24{
25 public function __construct(database $db)
26 {
27 parent::__construct($db);
28 }
29
30 /**
31 * Adds a User Group to Xibo
32 * @return
33 * @param $UserGroup Object
34 * @param $isDisplaySpecific Object
35 * @param $description Object[optional]
36 */
37 public function Add($group, $isUserSpecific)
38 {
39 $db =& $this->db;
40
41 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Add');
42
43 // Create the SQL
44 $SQL = "";
45 $SQL .= "INSERT ";
46 $SQL .= "INTO `group` ";
47 $SQL .= " ( ";
48 $SQL .= " `group` , ";
49 $SQL .= " IsUserSpecific ";
50 $SQL .= " ) ";
51 $SQL .= " VALUES ";
52 $SQL .= " ( ";
53 $SQL .= sprintf(" '%s', ", $db->escape_string($group));
54 $SQL .= sprintf(" %d ", $isUserSpecific);
55 $SQL .= " )";
56
57 if (!$groupID = $db->insert_query($SQL))
58 {
59 trigger_error($db->error());
60 $this->SetError(25000, __('Could not add User Group'));
61
62 return false;
63 }
64
65 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Add');
66
67 return $groupID;
68 }
69
70 /**
71 * Edits an existing Xibo Display Group
72 * @return
73 * @param $userGroupID Object
74 * @param $UserGroup Object
75 */
76 public function Edit($userGroupID, $userGroup)
77 {
78 $db =& $this->db;
79
80 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Edit');
81
82 // Create the SQL
83 $SQL = "";
84 $SQL .= "UPDATE `group` ";
85 $SQL .= sprintf("SET `group` = '%s' ", $db->escape_string($userGroup));
86 $SQL .= sprintf("WHERE GroupID = %d", $userGroupID);
87
88 if (!$db->query($SQL))
89 {
90 trigger_error($db->error());
91 $this->SetError(25005, __('Could not edit User Group'));
92
93 return false;
94 }
95
96 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Edit');
97
98 return true;
99 }
100
101 /**
102 * Deletes an Xibo User Group
103 * @return
104 * @param $userGroupID Object
105 */
106 public function Delete($userGroupID)
107 {
108 $db =& $this->db;
109
110 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Delete');
111
112 $SQL = sprintf("DELETE FROM `group` WHERE GroupID = %d", $userGroupID);
113
114 Debug::LogEntry($db, 'audit', $SQL);
115
116 if (!$db->query($SQL))
117 {
118 trigger_error($db->error());
119 $this->SetError(25015,__('Unable to delete User Group.'));
120 return false;
121 }
122
123 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Delete');
124
125 return true;
126 }
127
128 /**
129 * Links a User to a User Group
130 * @return
131 * @param $userGroupID Object
132 * @param $userID Object
133 */
134 public function Link($userGroupID, $userID)
135 {
136 $db =& $this->db;
137
138 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Link');
139
140 $SQL = "";
141 $SQL .= "INSERT ";
142 $SQL .= "INTO lkusergroup ";
143 $SQL .= " ( ";
144 $SQL .= " GroupID, ";
145 $SQL .= " UserID ";
146 $SQL .= " ) ";
147 $SQL .= " VALUES ";
148 $SQL .= " ( ";
149 $SQL .= sprintf(" %d, %d ", $userGroupID, $userID);
150 $SQL .= " )";
151
152 if (!$db->query($SQL))
153 {
154 trigger_error($db->error());
155 $this->SetError(25005, __('Could not Link User Group to User'));
156
157 return false;
158 }
159
160 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Link');
161
162 return true;
163 }
164
165 /**
166 * Unlinks a Display from a Display Group
167 * @return
168 * @param $userGroupID Object
169 * @param $userID Object
170 */
171 public function Unlink($userGroupID, $userID)
172 {
173 $db =& $this->db;
174
175 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Unlink');
176
177 $SQL = "";
178 $SQL .= "DELETE FROM ";
179 $SQL .= " lkusergroup ";
180 $SQL .= sprintf(" WHERE GroupID = %d AND UserID = %d ", $userGroupID, $userID);
181
182 if (!$db->query($SQL))
183 {
184 trigger_error($db->error());
185 $this->SetError(25007, __('Could not Unlink User from User Group'));
186
187 return false;
188 }
189
190 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Unlink');
191
192 return true;
193 }
194
195 /**
196 * Edits the User Group associated with a User
197 * @return
198 * @param $userID Object
199 * @param $userName Object
200 */
201 public function EditUserGroup($userID, $userName)
202 {
203 $db =& $this->db;
204
205 Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'EditUserGroup');
206
207 // Get the UserGroupID for this UserID
208 $SQL = "";
209 $SQL .= "SELECT `group`.GroupID ";
210 $SQL .= "FROM `group` ";
211 $SQL .= " INNER JOIN lkusergroup ";
212 $SQL .= " ON lkusergroup.GroupID = `group`.groupID ";
213 $SQL .= "WHERE `group`.IsUserSpecific = 1 ";
214 $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userID);
215
216 if (!$result = $db->query($SQL))
217 {
218 trigger_error($db->error());
219 $this->SetError(25005, __('Unable to get the UserGroup for this User.'));
220
221 return false;
222 }
223
224 $row = $db->get_assoc_row($result);
225 $userGroupID = $row['GroupID'];
226
227 if ($userGroupID == '')
228 {
229 // We should always have 1 display specific UserGroup for a display.
230 // Do we a) Error here and give up?
231 // b) Create one and link it up?
232 // $this->SetError(25006, __('Unable to get the UserGroup for this Display'));
233
234 if (!$userGroupID = $this->Add($userName, 1))
235 {
236 $this->SetError(25001, __('Could not add a user group for this user.'));
237
238 return false;
239 }
240
241 // Link the Two together
242 if (!$this->Link($userGroupID, $userID))
243 {
244 $this->SetError(25001, __('Could not link the new user with its group.'));
245
246 return false;
247 }
248 }
249 else
250 {
251 if (!$this->Edit($userGroupID, $userName)) return false;
252 }
253
254 Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'EditUserGroup');
255
256 return true;
257 }
258}
259?>
0\ No newline at end of file260\ No newline at end of file
1261
=== modified file 'server/lib/include.php'
--- server/lib/include.php 2009-05-16 18:40:19 +0000
+++ server/lib/include.php 2009-12-28 14:14:15 +0000
@@ -88,8 +88,15 @@
88// create a database class instance88// create a database class instance
89$db = new database();89$db = new database();
9090
91if (!$db->connect_db($dbhost, $dbuser, $dbpass)) trigger_error($db->error(), E_USER_WARNING);91if (!$db->connect_db($dbhost, $dbuser, $dbpass))
92if (!$db->select_db($dbname)) trigger_error($db->error(), E_USER_WARNING);92{
93 die('Xibo has a database connection problem.');
94}
95
96if (!$db->select_db($dbname))
97{
98 die('Xibo has a database connection problem.');
99}
93100
94date_default_timezone_set(Config::GetSetting($db, "defaultTimezone"));101date_default_timezone_set(Config::GetSetting($db, "defaultTimezone"));
95102
96103
=== modified file 'server/lib/js/group.js'
--- server/lib/js/group.js 2009-01-04 12:59:11 +0000
+++ server/lib/js/group.js 2009-12-28 14:14:15 +0000
@@ -1,6 +1,6 @@
1/*1/*
2 * Xibo - Digitial Signage - http://www.xibo.org.uk2 * Xibo - Digitial Signage - http://www.xibo.org.uk
3 * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer3 * Copyright (C) 2009 Daniel Garner
4 *4 *
5 * This file is part of Xibo.5 * This file is part of Xibo.
6 *6 *
@@ -17,3 +17,29 @@
17 * You should have received a copy of the GNU Affero General Public License17 * You should have received a copy of the GNU Affero General Public License
18 * along with Xibo. If not, see <http://www.gnu.org/licenses/>.18 * along with Xibo. If not, see <http://www.gnu.org/licenses/>.
19 */ 19 */
20function ManageMembersCallBack()
21{
22 $("#usersIn, #usersOut").sortable({
23 connectWith: '.connectedSortable',
24 dropOnEmpty: true
25 }).disableSelection();
26}
27
28function MembersSubmit() {
29 // Serialise the form and then submit it via Ajax.
30 var href = $("#usersIn").attr('href') + "&ajax=true";
31
32 // Get the two lists
33 serializedData = $("#usersIn").sortable('serialize');
34
35 $.ajax({
36 type: "post",
37 url: href,
38 cache: false,
39 dataType: "json",
40 data: serializedData,
41 success: XiboSubmitResponse
42 });
43
44 return;
45}
20\ No newline at end of file46\ No newline at end of file
2147
=== modified file 'server/lib/pages/displaygroup.class.php'
--- server/lib/pages/displaygroup.class.php 2009-09-17 22:42:36 +0000
+++ server/lib/pages/displaygroup.class.php 2009-12-28 14:14:15 +0000
@@ -321,7 +321,7 @@
321 if(!$resultIn = $db->query($SQL))321 if(!$resultIn = $db->query($SQL))
322 {322 {
323 trigger_error($db->error());323 trigger_error($db->error());
324 trigger_error(__('Error getting Displays'));324 trigger_error(__('Error getting Displays'), E_USER_ERROR);
325 }325 }
326 326
327 // Displays not in group327 // Displays not in group
@@ -340,7 +340,7 @@
340 if(!$resultOut = $db->query($SQL))340 if(!$resultOut = $db->query($SQL))
341 {341 {
342 trigger_error($db->error());342 trigger_error($db->error());
343 trigger_error(__('Error getting Displays'));343 trigger_error(__('Error getting Displays'), E_USER_ERROR);
344 }344 }
345 345
346 // Now we have an IN and an OUT results object which we can use to build our lists346 // Now we have an IN and an OUT results object which we can use to build our lists
@@ -598,7 +598,7 @@
598 if(!$resultIn = $db->query($SQL))598 if(!$resultIn = $db->query($SQL))
599 {599 {
600 trigger_error($db->error());600 trigger_error($db->error());
601 trigger_error(__('Error getting Displays'));601 trigger_error(__('Error getting Displays'), E_USER_ERROR);
602 }602 }
603 603
604 while($row = $db->get_assoc_row($resultIn))604 while($row = $db->get_assoc_row($resultIn))
605605
=== modified file 'server/lib/pages/group.class.php'
--- server/lib/pages/group.class.php 2009-07-10 19:45:55 +0000
+++ server/lib/pages/group.class.php 2009-12-28 14:14:15 +0000
@@ -1,7 +1,7 @@
1<?php1<?php
2/*2/*
3 * Xibo - Digitial Signage - http://www.xibo.org.uk3 * Xibo - Digitial Signage - http://www.xibo.org.uk
4 * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer4 * Copyright (C) 2006,2007,2008,2009 Daniel Garner and James Packer
5 *5 *
6 * This file is part of Xibo.6 * This file is part of Xibo.
7 *7 *
@@ -25,7 +25,6 @@
25 private $db;25 private $db;
26 private $user;26 private $user;
27 private $isadmin = false;27 private $isadmin = false;
28 private $has_permissions = true;
29 28
30 private $sub_page = "";29 private $sub_page = "";
31 30
@@ -33,9 +32,6 @@
33 private $groupid;32 private $groupid;
34 private $group = "";33 private $group = "";
35 34
36 //lkpage group
37 private $lkpagegroupid;
38 private $pageid;
39 35
40 //init36 //init
41 function __construct(database $db, user $user) 37 function __construct(database $db, user $user)
@@ -72,6 +68,9 @@
72 68
73 $this->group = $aRow['Group'];69 $this->group = $aRow['Group'];
74 }70 }
71
72 // Include the group data classes
73 include_once('lib/data/usergroup.data.class.php');
75 }74 }
76 75
77 function on_page_load() 76 function on_page_load()
@@ -146,7 +145,7 @@
146 SELECT group.group,145 SELECT group.group,
147 group.groupID146 group.groupID
148 FROM `group`147 FROM `group`
149 WHERE 1 = 1148 WHERE IsUserSpecific = 0
150END;149END;
151 if ($filter_name != '') 150 if ($filter_name != '')
152 {151 {
@@ -166,6 +165,7 @@
166 $msgName = __('Name');165 $msgName = __('Name');
167 $msgAction = __('Action');166 $msgAction = __('Action');
168 $msgEdit = __('Edit');167 $msgEdit = __('Edit');
168 $msgMembers = __('Group Members');
169 $msgPageSec = __('Page Security');169 $msgPageSec = __('Page Security');
170 $msgMenuSec = __('Menu Security');170 $msgMenuSec = __('Menu Security');
171 $msgDispSec = __('Display Security');171 $msgDispSec = __('Display Security');
@@ -200,9 +200,9 @@
200 {200 {
201 $buttons = <<<END201 $buttons = <<<END
202 <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button>202 <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button>
203 <button class="XiboFormButton" href="index.php?p=group&q=MembersForm&groupid=$groupid"><span>$msgMembers</span></button>
203 <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button>204 <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button>
204 <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button>205 <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button>
205 <button class="XiboFormButton" href="index.php?p=group&q=DisplayGroupSecurityForm&groupid=$groupid"><span>$msgDispSec</span></button>
206 <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button>206 <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button>
207END;207END;
208 }208 }
@@ -471,32 +471,27 @@
471 */471 */
472 function add() 472 function add()
473 {473 {
474 $db =& $this->db;474 $db =& $this->db;
475 $group = Kit::GetParam('group', _POST, _STRING);475 $response = new ResponseManager();
476 $userid = $_SESSION['userid'];476
477 477 $group = Kit::GetParam('group', _POST, _STRING);
478 //check on required fields478 $userid = $_SESSION['userid'];
479 if ($group == "") 479
480 {480 //check on required fields
481 Kit::Redirect(array('success'=>false, 'message' => __('Group Name cannot be empty.')));481 if ($group == '')
482 }482 {
483 483 trigger_error(__('Group Name cannot be empty.'), E_USER_ERROR);
484 //add the group record484 }
485 $SQL = "INSERT INTO `group` (`group`) ";485
486 $SQL .= sprintf(" VALUES ('%s') ", $db->escape_string($group));486 $userGroupObject = new UserGroup($db);
487 487
488 if (!$db->query($SQL)) 488 if (!$userGroupObject->Add($group, 0))
489 {489 {
490 trigger_error($db->error());490 trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
491 Kit::Redirect(array('success'=>false, 'message' => __('Error adding a new group.')));491 }
492 }492
493 493 $response->SetFormSubmitResponse(__('Added the Group'), false);
494 // Construct the Response494 $response->Respond();
495 $response = array();
496 $response['success'] = true;
497 $response['message'] = __('Added the Group');
498
499 Kit::Redirect($response);
500 }495 }
501 496
502 /**497 /**
@@ -828,5 +823,150 @@
828 823
829 Kit::Redirect($response);824 Kit::Redirect($response);
830 }825 }
826
827 /**
828 * Shows the Members of a Group
829 */
830 public function MembersForm()
831 {
832 $db =& $this->db;
833 $response = new ResponseManager();
834 $groupID = Kit::GetParam('groupid', _REQUEST, _INT);
835
836 // There needs to be two lists here.
837
838 // Users in group
839 $SQL = "";
840 $SQL .= "SELECT user.UserID, ";
841 $SQL .= " user.UserName ";
842 $SQL .= "FROM `user` ";
843 $SQL .= " INNER JOIN lkusergroup ";
844 $SQL .= " ON lkusergroup.UserID = user.UserID ";
845 $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
846
847 if(!$resultIn = $db->query($SQL))
848 {
849 trigger_error($db->error());
850 trigger_error(__('Error getting Groups'), E_USER_ERROR);
851 }
852
853 // Users not in group
854 $SQL = "";
855 $SQL .= "SELECT user.UserID, ";
856 $SQL .= " user.UserName ";
857 $SQL .= "FROM `user` ";
858 $SQL .= " WHERE user.UserID NOT IN ( ";
859 $SQL .= " SELECT user.UserID ";
860 $SQL .= " FROM `user` ";
861 $SQL .= " INNER JOIN lkusergroup ";
862 $SQL .= " ON lkusergroup.UserID = user.UserID ";
863 $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
864 $SQL .= " )";
865
866 if(!$resultOut = $db->query($SQL))
867 {
868 trigger_error($db->error());
869 trigger_error(__('Error getting Users'), E_USER_ERROR);
870 }
871
872 // Now we have an IN and an OUT results object which we can use to build our lists
873 $listIn = '<ul id="usersIn" href="index.php?p=group&q=SetMembers&GroupID=' . $groupID . '" class="connectedSortable">';
874
875 while($row = $db->get_assoc_row($resultIn))
876 {
877 // For each item output a LI
878 $userID = Kit::ValidateParam($row['UserID'], _INT);
879 $userName = Kit::ValidateParam($row['UserName'], _STRING);
880
881 $listIn .= '<li id="UserID_' . $userID . '"class="li-sortable">' . $userName . '</li>';
882 }
883 $listIn .= '</ul>';
884
885 $listOut = '<ul id="usersOut" class="connectedSortable">';
886
887 while($row = $db->get_assoc_row($resultOut))
888 {
889 // For each item output a LI
890 $userID = Kit::ValidateParam($row['UserID'], _INT);
891 $userName = Kit::ValidateParam($row['UserName'], _STRING);
892
893 $listOut .= '<li id="UserID_' . $userID . '" class="li-sortable">' . $userName . '</li>';
894 }
895 $listOut .= '</ul>';
896
897 // Build the final form.
898 $form = '<div class="connectedlist"><h3>Members</h3>' . $listIn . '</div><div class="connectedlist"><h3>Non-members</h3>' . $listOut . '</div>';
899
900 $response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'ManageMembersCallBack');
901 $response->AddButton(__('Help'), "XiboHelpRender('index.php?p=help&q=Display&Topic=Users&Category=Groups')");
902 $response->AddButton(__('Cancel'), 'XiboDialogClose()');
903 $response->AddButton(__('Save'), 'MembersSubmit()');
904 $response->Respond();
905 }
906
907 /**
908 * Sets the Members of a group
909 * @return
910 */
911 public function SetMembers()
912 {
913 $db =& $this->db;
914 $response = new ResponseManager();
915 $groupObject = new UserGroup($db);
916
917 $groupID = Kit::GetParam('GroupID', _REQUEST, _INT);
918 $users = Kit::GetParam('UserID', _POST, _ARRAY, array());
919 $members = array();
920
921 // Users in group
922 $SQL = "";
923 $SQL .= "SELECT user.UserID, ";
924 $SQL .= " user.UserName ";
925 $SQL .= "FROM `user` ";
926 $SQL .= " INNER JOIN lkusergroup ";
927 $SQL .= " ON lkusergroup.UserID = user.UserID ";
928 $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
929
930 if(!$resultIn = $db->query($SQL))
931 {
932 trigger_error($db->error());
933 trigger_error(__('Error getting Users'));
934 }
935
936 while($row = $db->get_assoc_row($resultIn))
937 {
938 // Test whether this ID is in the array or not
939 $userID = Kit::ValidateParam($row['UserID'], _INT);
940
941 if(!in_array($userID, $users))
942 {
943 // Its currently assigned but not in the $displays array
944 // so we unassign
945 if (!$groupObject->Unlink($groupID, $userID))
946 {
947 trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
948 }
949 }
950 else
951 {
952 $members[] = $userID;
953 }
954 }
955
956 foreach($users as $userID)
957 {
958 // Add any that are missing
959 if(!in_array($userID, $members))
960 {
961 if (!$groupObject->Link($groupID, $userID))
962 {
963 trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
964 }
965 }
966 }
967
968 $response->SetFormSubmitResponse(__('Group membership set'), false);
969 $response->Respond();
970 }
831}971}
832?>972?>
833\ No newline at end of file973\ No newline at end of file
834974
=== modified file 'server/lib/pages/schedule.class.php'
--- server/lib/pages/schedule.class.php 2009-10-28 20:03:37 +0000
+++ server/lib/pages/schedule.class.php 2009-12-28 14:14:15 +0000
@@ -1073,6 +1073,7 @@
1073 1073
1074 $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y')));1074 $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y')));
1075 $dateText = date("d/m/Y", $date);1075 $dateText = date("d/m/Y", $date);
1076 $hiddenDateText = date("m/d/Y", $date);
1076 $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY);1077 $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY);
1077 1078
1078 // need to do some user checking here1079 // need to do some user checking here
@@ -1087,7 +1088,7 @@
1087 1088
1088 $form = <<<END1089 $form = <<<END
1089 <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post">1090 <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post">
1090 <input type="hidden" id="fromdt" name="fromdt" value="" />1091 <input type="hidden" id="fromdt" name="fromdt" value="$hiddenDateText" />
1091 <input type="hidden" id="todt" name="todt" value="" />1092 <input type="hidden" id="todt" name="todt" value="" />
1092 <input type="hidden" id="rectodt" name="rectodt" value="" />1093 <input type="hidden" id="rectodt" name="rectodt" value="" />
1093 <table style="width:100%;">1094 <table style="width:100%;">
10941095
=== modified file 'server/lib/pages/user.class.php'
--- server/lib/pages/user.class.php 2009-10-28 21:28:04 +0000
+++ server/lib/pages/user.class.php 2009-12-28 14:14:15 +0000
@@ -26,15 +26,6 @@
26 private $user;26 private $user;
27 private $sub_page;27 private $sub_page;
28 28
29 //database fields
30 private $userid;
31 private $username;
32 private $password;
33 private $usertypeid;
34 private $email;
35 private $homepage;
36 private $groupid;
37
38 /**29 /**
39 * Contructor30 * Contructor
40 *31 *
@@ -43,33 +34,11 @@
43 */34 */
44 function __construct(database $db, user $user) 35 function __construct(database $db, user $user)
45 {36 {
46 $this->db =& $db;37 $this->db =& $db;
47 $this->user =& $user;38 $this->user =& $user;
48 39
49 $this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view');40 // Include the group data classes
50 $userid = Kit::GetParam('userID', _REQUEST, _INT, 0);41 include_once('lib/data/usergroup.data.class.php');
51
52 if($userid != 0)
53 {
54 $this->sub_page = "edit";
55
56 $this->userid = $userid;
57
58 $sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user";
59 $sql .= sprintf(" WHERE userID = %d", $userid);
60
61 if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR);
62
63 while($aRow = $db->get_row($results))
64 {
65 $this->username = Kit::ValidateParam($aRow[0], _USERNAME);
66 $this->password = Kit::ValidateParam($aRow[1], _PASSWORD);
67 $this->usertypeid = Kit::ValidateParam($aRow[2], _INT);
68 $this->email = Kit::ValidateParam($aRow[3], _STRING);
69 $this->groupid = Kit::ValidateParam($aRow[4], _INT);
70 $this->homepage = Kit::ValidateParam($aRow[5], _STRING);
71 }
72 }
73 }42 }
7443
75 function on_page_load() 44 function on_page_load()
@@ -90,61 +59,77 @@
90 */59 */
91 function AddUser () 60 function AddUser ()
92 {61 {
93 $db =& $this->db;62 $db =& $this->db;
94 $response = new ResponseManager();63 $response = new ResponseManager();
9564
96 $user = Kit::GetParam('username', _POST, _USERNAME);65 $username = Kit::GetParam('username', _POST, _STRING);
97 $password = md5(Kit::GetParam('password', _POST, _USERNAME));66 $password = Kit::GetParam('password', _POST, _STRING);
98 $usertypeid = Kit::GetParam('usertypeid', _POST, _INT);67 $password = md5($password);
99 $email = Kit::GetParam('email', _POST, _STRING);68 $email = Kit::GetParam('email', _POST, _STRING);
100 $groupid = Kit::GetParam('groupid', _POST, _INT);69 $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
101 70 $homepage = Kit::GetParam('homepage', _POST, _STRING);
102 // Construct the Homepage71 $pass_change = isset($_POST['pass_change']);
103 $homepage = "dashboard";72
10473 // Construct the Homepage
105 // Validation74 $homepage = "dashboard";
106 if ($user=="")75
107 {76 // Validation
108 trigger_error("Please enter a User Name.", E_USER_ERROR);77 if ($username=="")
109 } 78 {
110 if ($password=="") 79 trigger_error("Please enter a User Name.", E_USER_ERROR);
111 {80 }
112 trigger_error("Please enter a Password.", E_USER_ERROR);81 if ($password=="")
113 }82 {
114 if ($email == "") 83 trigger_error("Please enter a Password.", E_USER_ERROR);
115 {84 }
116 trigger_error("Please enter an Email Address.", E_USER_ERROR);85 if ($email == "")
117 } 86 {
118 87 trigger_error("Please enter an Email Address.", E_USER_ERROR);
119 if ($homepage == "") $homepage = "dashboard";88 }
12089
121 //Check for duplicate user name90 if ($homepage == "") $homepage = "dashboard";
122 $sqlcheck = " ";91
123 $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user));92 //Check for duplicate user name
12493 $sqlcheck = " ";
125 if(!$sqlcheckresult = $db->query($sqlcheck)) 94 $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($username));
126 {95
127 trigger_error($db->error());96 if(!$sqlcheckresult = $db->query($sqlcheck))
128 trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); 97 {
129 }98 trigger_error($db->error());
130 99 trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
131 if($db->num_rows($sqlcheckresult) != 0) 100 }
132 {101
133 trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);102 if($db->num_rows($sqlcheckresult) != 0)
134 }103 {
135 104 trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
136 //Ready to enter the user into the database105 }
137 $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)";106
138 $query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)";107 //Ready to enter the user into the database
139 108 $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)";
140 if(!$id = $db->insert_query($query)) 109 $query .= " VALUES ('$username', '$password', $usertypeid, '$email', '$homepage')";
141 {110
142 trigger_error($db->error());111 if(!$id = $db->insert_query($query))
143 trigger_error("Error adding that user", E_USER_ERROR);112 {
144 }113 trigger_error($db->error());
145114 trigger_error("Error adding that user", E_USER_ERROR);
146 $response->SetFormSubmitResponse('User Saved.');115 }
147 $response->Respond();116
117 // Add the user group
118 $userGroupObject = new UserGroup($db);
119
120 if (!$groupID = $userGroupObject->Add($username, 1))
121 {
122 // We really want to delete the new user...
123 //TODO: Delete the new user
124
125 // And then error
126 trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
127 }
128
129 $userGroupObject->Link($groupID, $id);
130
131 $response->SetFormSubmitResponse('User Saved.');
132 $response->Respond();
148 }133 }
149134
150 /**135 /**
@@ -154,79 +139,90 @@
154 */139 */
155 function EditUser() 140 function EditUser()
156 {141 {
157 $db =& $this->db;142 $db =& $this->db;
158 $response = new ResponseManager();143 $response = new ResponseManager();
159 144
160 $error = "";145 $userID = Kit::GetParam('userid', _POST, _INT, 0);
161146 $username = Kit::GetParam('username', _POST, _STRING);
162 $userID = Kit::GetParam('userid', _POST, _INT, 0);147 $password = Kit::GetParam('password', _POST, _STRING);
163 $username = $_POST['username'];148 $password = md5($password);
164 $password = md5($_POST['password']);149 $email = Kit::GetParam('email', _POST, _STRING);
165 $email = $_POST['email'];150 $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
166 $usertypeid = $_POST['usertypeid'];151 $homepage = Kit::GetParam('homepage', _POST, _STRING);
167 $homepage = $_POST['homepage'];152 $pass_change = isset($_POST['pass_change']);
168 $groupid = $_POST['groupid'];153
169 $pass_change = isset($_POST['pass_change']);154 // Validation
170155 if ($username == "")
171 // Validation156 {
172 if ($username == "")157 trigger_error("Please enter a User Name.", E_USER_ERROR);
173 {158 }
174 trigger_error("Please enter a User Name.", E_USER_ERROR);159 if ($password == "")
175 } 160 {
176 if ($password == "") 161 trigger_error("Please enter a Password.", E_USER_ERROR);
177 {162 }
178 trigger_error("Please enter a Password.", E_USER_ERROR);163 if ($email == "")
179 }164 {
180 if ($email == "") 165 trigger_error("Please enter an Email Address.", E_USER_ERROR);
181 {166 }
182 trigger_error("Please enter an Email Address.", E_USER_ERROR);167
183 } 168 if ($homepage == "") $homepage = "dashboard";
184 169
185 if ($homepage == "") $homepage = "dashboard";170 //Check for duplicate user name
186171 $sqlcheck = " ";
187 //Check for duplicate user name172 $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";
188 $sqlcheck = " ";173
189 $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";174 if (!$sqlcheckresult = $db->query($sqlcheck))
190175 {
191 if (!$sqlcheckresult = $db->query($sqlcheck)) 176 trigger_error($db->error());
192 {177 trigger_error(__("Cant get this user's name. Please try another."), E_USER_ERROR);
193 trigger_error($db->error());178 }
194 trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); 179
195 }180 if ($db->num_rows($sqlcheckresult) != 0)
196 181 {
197 if ($db->num_rows($sqlcheckresult) != 0) 182 trigger_error(__("Could Not Complete, Duplicate User Name Exists"), E_USER_ERROR);
198 {183 }
199 trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);184
200 }185 //Everything is ok - run the update
201186 $sql = "UPDATE user SET UserName = '$username'";
202 //Everything is ok - run the update187 if ($pass_change)
203 $sql = "UPDATE user SET UserName = '$username'";188 {
204 if ($pass_change) 189 $sql .= ", UserPassword = '$password'";
205 {190 }
206 $sql .= ", UserPassword = '$password'";191
207 }192 $sql .= ", email = '$email' ";
208 193 if ($homepage == 'dashboard')
209 $sql .= ", email = '$email' ";194 {
210 if ($homepage == 'dashboard')195 //acts as a reset
211 {196 $sql .= ", homepage='$homepage' ";
212 //acts as a reset197 }
213 $sql .= ", homepage='$homepage' ";198
214 }199 if ($usertypeid != "")
215 200 {
216 if ($usertypeid != "")201 $sql .= ", usertypeid = " . $usertypeid;
217 {202 }
218 $sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid ";203
219 }204 $sql .= " WHERE UserID = ". $userID . "";
220 $sql .= " WHERE UserID = ". $userID . "";205
221206 if (!$db->query($sql))
222 if (!$db->query($sql)) 207 {
223 {208 trigger_error($db->error());
224 trigger_error($db->error());209 trigger_error("Error updating that user", E_USER_ERROR);
225 trigger_error("Error updating that user", E_USER_ERROR);210 }
226 }211
227212 // Update the group to follow suit
228 $response->SetFormSubmitResponse('User Saved.');213 $userGroupObject = new UserGroup($db);
229 $response->Respond();214
215 if (!$userGroupObject->EditUserGroup($userID, $username))
216 {
217 // We really want to delete the new user...
218 //TODO: Delete the new user
219
220 // And then error
221 trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
222 }
223
224 $response->SetFormSubmitResponse('User Saved.');
225 $response->Respond();
230 }226 }
231227
232 /**228 /**
@@ -237,30 +233,44 @@
237 */233 */
238 function DeleteUser() 234 function DeleteUser()
239 {235 {
240 $db =& $this->db;236 $db =& $this->db;
241 $response = new ResponseManager();237 $user =& $this->user;
242 $userid = Kit::GetParam('userid', _POST, _INT, 0);238
243239 $response = new ResponseManager();
244 $sqldel = "DELETE FROM user";240 $userid = Kit::GetParam('userid', _POST, _INT, 0);
245 $sqldel .= " WHERE UserID = ". $userid . "";241 $groupID = $user->getGroupFromID($userid, true);
246242
247 if (!$db->query($sqldel)) 243 // Firstly delete the group for this user
248 {244 $userGroupObject = new UserGroup($db);
249 trigger_error($db->error());245
250 trigger_error("This user has been active, you may only retire them.", E_USER_ERROR);246 $userGroupObject->Unlink($groupID, $userid);
251 }247
252248 if (!$userGroupObject->Delete($groupID))
253 // We should delete this users sessions record.249 {
254 $SQL = "DELETE FROM session WHERE userID = $userid ";250 trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
255 251 }
256 if (!$db->query($sqldel)) 252
257 {253 // Delete the user
258 trigger_error($db->error());254 $sqldel = "DELETE FROM user";
259 trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR);255 $sqldel .= " WHERE UserID = ". $userid . "";
260 }256
261 257 if (!$db->query($sqldel))
262 $response->SetFormSubmitResponse('User Deleted.');258 {
263 $response->Respond();259 trigger_error($db->error());
260 trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR);
261 }
262
263 // We should delete this users sessions record.
264 $SQL = "DELETE FROM session WHERE userID = $userid ";
265
266 if (!$db->query($sqldel))
267 {
268 trigger_error($db->error());
269 trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR);
270 }
271
272 $response->SetFormSubmitResponse(__('User Deleted.'));
273 $response->Respond();
264 }274 }
265275
266 /**276 /**
@@ -276,21 +286,20 @@
276 $itemName = $_REQUEST['usertypeid'];286 $itemName = $_REQUEST['usertypeid'];
277 $username = $_REQUEST['username'];287 $username = $_REQUEST['username'];
278288
279 $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group ";289 $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage ";
280 $sql .= " FROM user ";290 $sql .= " FROM user ";
281 $sql .= " INNER JOIN `group` ON user.groupid = group.groupID ";
282 $sql .= " WHERE 1=1 ";291 $sql .= " WHERE 1=1 ";
283 if ($_SESSION['usertype']==3) 292 if ($_SESSION['usertype']==3)
284 {293 {
285 $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";294 $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";
286 }295 }
287 if($itemName!="all") 296 if($itemName!="all")
288 {297 {
289 $sql .= " AND usertypeid=\"" . $itemName . "\"";298 $sql .= " AND usertypeid=\"" . $itemName . "\"";
290 }299 }
291 if ($username != "") 300 if ($username != "")
292 {301 {
293 $sql .= " AND UserName LIKE '%$username%' "; 302 $sql .= " AND UserName LIKE '%$username%' ";
294 }303 }
295 $sql .= " ORDER by UserName";304 $sql .= " ORDER by UserName";
296 305
@@ -310,7 +319,6 @@
310 <th>Homepage</th>319 <th>Homepage</th>
311 <th>Layout</th>320 <th>Layout</th>
312 <th>Email</th>321 <th>Email</th>
313 <th>Group</th>
314 <th>Action</th>322 <th>Action</th>
315 </tr>323 </tr>
316 </thead>324 </thead>
@@ -321,12 +329,12 @@
321 {329 {
322 $userID = $aRow[0];330 $userID = $aRow[0];
323 $userName = $aRow[1];331 $userName = $aRow[1];
324 $usertypeid = $aRow[2];332 $usertypeid = $aRow[2];
325 $loggedin = $aRow[3];333 $loggedin = $aRow[3];
326 $lastaccessed = $aRow[4];334 $lastaccessed = $aRow[4];
327 $email = $aRow[5];335 $email = $aRow[5];
328 $homepage = $aRow[6];336 $homepage = $aRow[6];
329 $group = $aRow[7];337 $groupid = $user->getGroupFromID($userID, true);
330338
331 if($loggedin==1) 339 if($loggedin==1)
332 {340 {
@@ -372,18 +380,19 @@
372 $table .= "<td>" . $homepageArray[0] . "</td>";380 $table .= "<td>" . $homepageArray[0] . "</td>";
373 $table .= "<td>" . $layout . "</td>";381 $table .= "<td>" . $layout . "</td>";
374 $table .= "<td>" . $email . "</td>";382 $table .= "<td>" . $email . "</td>";
375 $table .= "<td>" . $group . "</td>";
376 $table .= "<td>";383 $table .= "<td>";
377 384
378 if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid'])) 385 if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
379 {386 {
380 $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';387 $msgPageSec = __('Page Security');
381 $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>';388 $msgMenuSec = __('Menu Security');
382 }389
383 else 390 $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';
384 {391 $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button>';
385 $table .= "</td>";392 $table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>';
386 }393 $table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>';
394 }
395 $table .= "</td>";
387 $table .= "</tr>";396 $table .= "</tr>";
388 }397 }
389 $table .= "</tbody></table></div>";398 $table .= "</tbody></table></div>";
@@ -398,18 +407,8 @@
398 */407 */
399 function displayPage() 408 function displayPage()
400 {409 {
401 $db =& $this->db;410 $db =& $this->db;
402411 include('template/pages/user_view.php');
403 switch ($this->sub_page)
404 {
405
406 case 'view':
407 include('template/pages/user_view.php');
408 break;
409
410 default:
411 break;
412 }
413 }412 }
414 413
415 /**414 /**
@@ -454,140 +453,148 @@
454 }453 }
455454
456 /**455 /**
457 * Displays the Add user form (from Ajax)456 * Displays the User form (from Ajax)
458 * @return 457 * @return
459 */458 */
460 function DisplayForm() 459 function DisplayForm()
461 {460 {
462 $db =& $this->db;461 $db =& $this->db;
463 $user =& $this->user;462 $user =& $this->user;
464 $response = new ResponseManager();463 $response = new ResponseManager();
465 464 $helpManager = new HelpManager($db, $user);
466 $helpManager = new HelpManager($db, $user);465
467 466 $userid = Kit::GetParam('userID', _GET, _INT);
468 //ajax request handler467
469 468 $SQL = "";
470 $userid = $this->userid;469 $SQL .= "SELECT UserName , ";
471 $username = $this->username;470 $SQL .= " UserPassword, ";
472 $password = $this->password;471 $SQL .= " usertypeid , ";
473 $usertypeid = $this->usertypeid;472 $SQL .= " email , ";
474 $email = $this->email;473 $SQL .= " homepage ";
475 $homepage = $this->homepage;474 $SQL .= "FROM `user`";
476 $groupid = $this->groupid;475 $SQL .= sprintf(" WHERE userID = %d", $userid);
477 476
478 // Help UI477 if(!$results = $db->query($SQL))
479 $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);478 {
480 $passHelp = $helpManager->HelpIcon("The Password for this user.", true);479 trigger_error($db->error());
481 $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);480 trigger_error(__('Error getting user information.'), E_USER_ERROR);
482 $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);481 }
483 $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);482
484 $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);483 while($aRow = $db->get_row($results))
485 $groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true);484 {
486485 $username = Kit::ValidateParam($aRow[0], _USERNAME);
487 $homepageOption = '';486 $password = Kit::ValidateParam($aRow[1], _PASSWORD);
488 $override_option = '';487 $usertypeid = Kit::ValidateParam($aRow[2], _INT);
489488 $email = Kit::ValidateParam($aRow[3], _STRING);
490 //What form are we displaying489 $homepage = Kit::ValidateParam($aRow[4], _STRING);
491 if ($userid == "")490 }
492 {491
493 //add form492 // Help UI
494 $action = "index.php?p=user&q=AddUser";493 $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);
495 }494 $passHelp = $helpManager->HelpIcon("The Password for this user.", true);
496 else495 $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);
497 {496 $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);
498 //edit form497 $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);
499 $action = "index.php?p=user&q=EditUser";498 $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);
500 499
501 //split the homepage into its component parts (if it needs to be)500 $homepageOption = '';
502 if (strpos($homepage,'&') !== false) 501 $override_option = '';
503 {502
504 $homepage = substr($homepage, 0, strpos($homepage,'&'));503 //What form are we displaying
505 }504 if ($userid == "")
506 505 {
507 //make the homepage dropdown506 //add form
508 $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);507 $action = "index.php?p=user&q=AddUser";
509 508 }
510 $homepageOption = <<<END509 else
511 <tr>510 {
512 <td><label for="homepage">Homepage<span class="required">*</span></label></td>511 //edit form
513 <td>$homepageHelp $homepage_list</td>512 $action = "index.php?p=user&q=EditUser";
514 </tr>513
514 //split the homepage into its component parts (if it needs to be)
515 if (strpos($homepage,'&') !== false)
516 {
517 $homepage = substr($homepage, 0, strpos($homepage,'&'));
518 }
519
520 //make the homepage dropdown
521 $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);
522
523 $homepageOption = <<<END
524 <tr>
525 <td><label for="homepage">Homepage<span class="required">*</span></label></td>
526 <td>$homepageHelp $homepage_list</td>
527 </tr>
515END;528END;
516 529
517 $override_option = <<<FORM530 $override_option = <<<FORM
518 <td>Override Password?</td>531 <td>Override Password?</td>
519 <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>532 <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>
520FORM;533FORM;
521 }534 }
522535
523 //get us the user type if we dont have it (for the default value)536 //get us the user type if we dont have it (for the default value)
524 if($usertypeid=="") 537 if($usertypeid=="")
525 {538 {
526 $usertype = Config::GetSetting($db,"defaultUsertype");539 $usertype = Config::GetSetting($db,"defaultUsertype");
527540
528 $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";541 $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";
529 if(!$results = $db->query($SQL)) 542 if(!$results = $db->query($SQL))
530 {543 {
531 trigger_error($db->error());544 trigger_error($db->error());
532 trigger_error("Can not get Usertype information", E_USER_ERROR);545 trigger_error("Can not get Usertype information", E_USER_ERROR);
533 }546 }
534 $row = $db->get_row($results);547 $row = $db->get_row($results);
535 $usertypeid = $row['0'];548 $usertypeid = $row['0'];
536 }549 }
537 550
538 //group list551
539 $group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid);552 if ($_SESSION['usertype']==1)
540 553 {
541 if ($_SESSION['usertype']==1)554 //usertype list
542 {555 $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);
543 //usertype list556
544 $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);557 $usertypeOption = <<<END
545 558 <tr>
546 $usertypeOption = <<<END559 <td><label for="usertypeid">User Type <span class="required">*</span></label></td>
547 <tr>560 <td>$usertypeHelp $usertype_list</td>
548 <td><label for="usertypeid">User Type <span class="required">*</span></label></td>561 </tr>
549 <td>$usertypeHelp $usertype_list</td>562END;
550 </tr>563 }
551 <tr>564 else
552 <td><label for="groupid">Group <span class="required">*</span></label></td>565 {
553 <td>$groupHelp $group_list</td>566 $usertypeOption = "";
554 </tr> 567 }
555END;568
556 }569
557 else570 $form = <<<END
558 {571 <form id="UserForm" class="XiboForm" method='post' action='$action'>
559 $usertypeOption = "";572 <input type='hidden' name='userid' value='$userid'>
560 }573 <table>
561 574 <tr>
562 575 <td><label for="username">User Name<span class="required">*</span></label></td>
563 $form = <<<END576 <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>
564 <form id="UserForm" class="XiboForm" method='post' action='$action'>577 </tr>
565 <input type='hidden' name='userid' value='$userid'>578 <tr>
566 <table>579 <td><label for="password">Password<span class="required">*</span></label></td>
567 <tr>580 <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>
568 <td><label for="username">User Name<span class="required">*</span></label></td>581 $override_option
569 <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>582 </tr>
570 </tr>583 <tr>
571 <tr>584 <td><label for="email">Email Address<span class="required email">*</span></label></td>
572 <td><label for="password">Password<span class="required">*</span></label></td>585 <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>
573 <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>586 </tr>
574 $override_option587 $homepageOption
575 </tr>588 $usertypeOption
576 <tr>589 </table>
577 <td><label for="email">Email Address<span class="required">*</span></label></td>590 </form>
578 <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>591END;
579 </tr>592
580 $homepageOption593 $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
581 $usertypeOption594 $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');
582 </table>595 $response->AddButton(__('Cancel'), 'XiboDialogClose()');
583 </form>596 $response->AddButton(__('Save'), '$("#UserForm").submit()');
584END;597 $response->Respond();
585
586 $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
587 $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');
588 $response->AddButton(__('Cancel'), 'XiboDialogClose()');
589 $response->AddButton(__('Save'), '$("#UserForm").submit()');
590 $response->Respond();
591 }598 }
592 599
593 /**600 /**
594601
=== modified file 'server/modules/module_user_general.php'
--- server/modules/module_user_general.php 2009-10-28 21:28:04 +0000
+++ server/modules/module_user_general.php 2009-12-28 14:14:15 +0000
@@ -93,7 +93,7 @@
93 $db =& $this->db;93 $db =& $this->db;
94 global $session;94 global $session;
95 95
96 $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid, groupID FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password));96 $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password));
97 97
98 if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR);98 if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR);
9999
@@ -114,7 +114,6 @@
114 $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT);114 $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT);
115 $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME);115 $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME);
116 $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT);116 $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT);
117 $_SESSION['groupid'] = Kit::ValidateParam($results[4], _INT);
118 117
119 $this->usertypeid = $_SESSION['usertype'];118 $this->usertypeid = $_SESSION['usertype'];
120 $this->userid = $_SESSION['userid'];119 $this->userid = $_SESSION['userid'];
@@ -230,32 +229,52 @@
230229
231 function getGroupFromID($id, $returnID = false) 230 function getGroupFromID($id, $returnID = false)
232 {231 {
233 $db =& $this->db;232 $db =& $this->db;
234 233
235 $SQL = sprintf("SELECT group.group, group.groupID FROM user INNER JOIN `group` ON group.groupID = user.groupID WHERE userid = %d", $id);234 $SQL = "";
236 235 $SQL .= "SELECT group.group, ";
237 if(!$results = $db->query($SQL)) 236 $SQL .= " group.groupID ";
238 {237 $SQL .= "FROM `user` ";
239 trigger_error("Error looking up user information (group)");238 $SQL .= " INNER JOIN lkusergroup ";
240 trigger_error($db->error());239 $SQL .= " ON lkusergroup.UserID = user.UserID ";
241 }240 $SQL .= " INNER JOIN `group` ";
242 241 $SQL .= " ON group.groupID = lkusergroup.GroupID ";
243 if ($db->num_rows($results)==0) 242 $SQL .= sprintf("WHERE `user`.userid = %d ", $id);
244 {243 $SQL .= "AND `group`.IsUserSpecific = 1";
245 if ($returnID) 244
246 {245 if(!$results = $db->query($SQL))
247 return "1";246 {
248 }247 trigger_error($db->error());
249 return "Users";248 trigger_error("Error looking up user information (group)", E_USER_ERROR);
250 }249 }
251 250
252 $row = $db->get_row($results);251 if ($db->num_rows($results) == 0)
253252 {
254 if ($returnID) 253 // Every user should have a group?
255 {254 // Add one in!
256 return $row[1];255 include_once('lib/data/usergroup.data.class.php');
257 }256
258 return $row[0];257 $userGroupObject = new UserGroup($db);
258 if (!$groupID = $userGroupObject->Add('Unknown user id: ' . $id, 1))
259 {
260 // Error
261 trigger_error(__('User does not have a group and Xibo is unable to add one.'), E_USER_ERROR);
262 }
263
264 // Link the two
265 $userGroupObject->Link($groupID, $id);
266
267 if ($returnID) return $groupID;
268 return 'Unknown';
269 }
270
271 $row = $db->get_row($results);
272
273 if ($returnID)
274 {
275 return $row[1];
276 }
277 return $row[0];
259 }278 }
260 279
261 function getUserTypeFromID($id, $returnID = false) 280 function getUserTypeFromID($id, $returnID = false)
@@ -426,7 +445,6 @@
426 $userid =& $this->userid;445 $userid =& $this->userid;
427 446
428 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);447 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);
429 $groupid = $this->getGroupFromID($userid, true);
430 448
431 // Check the security449 // Check the security
432 if ($usertype == 1) 450 if ($usertype == 1)
@@ -447,14 +465,16 @@
447 465
448 // we have access to only the pages assigned to this group466 // we have access to only the pages assigned to this group
449 $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid ";467 $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid ";
450 $SQL .= sprintf(" WHERE lkpagegroup.groupid = %d AND pages.name = '%s' ", $groupid, $db->escape_string($page));468 $SQL .= " INNER JOIN lkusergroup ";
469 $SQL .= " ON lkpagegroup.groupID = lkusergroup.GroupID ";
470 $SQL .= sprintf(" WHERE lkusergroup.UserID = %d AND pages.name = '%s' ", $userid, $db->escape_string($page));
451 471
452 Debug::LogEntry($db, 'audit', $SQL);472 Debug::LogEntry($db, 'audit', $SQL);
453 473
454 if (!$results = $db->query($SQL)) 474 if (!$results = $db->query($SQL))
455 {475 {
456 trigger_error($db->error());476 trigger_error($db->error());
457 trigger_error('Can not get the page security for this group [' . $groupid . '] and page [' . $page . ']');477 trigger_error('Can not get the page security for this user [' . $userid . '] and page [' . $page . ']');
458 }478 }
459 479
460 if ($db->num_rows($results) < 1)480 if ($db->num_rows($results) < 1)
@@ -477,8 +497,7 @@
477 {497 {
478 $db =& $this->db;498 $db =& $this->db;
479 $userid =& $this->userid;499 $userid =& $this->userid;
480 $usertypeid = Kit::GetParam('usertype', _SESSION, _INT);500 $usertypeid = Kit::GetParam('usertype', _SESSION, _INT);
481 $groupid = $this->getGroupFromID($userid, true);
482 501
483 Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid));502 Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid));
484 503
@@ -497,15 +516,17 @@
497 $SQL .= " ON pages.pageID = menuitem.PageID ";516 $SQL .= " ON pages.pageID = menuitem.PageID ";
498 if ($usertypeid != 1) 517 if ($usertypeid != 1)
499 {518 {
500 $SQL .= " INNER JOIN lkmenuitemgroup ";519 $SQL .= " INNER JOIN lkmenuitemgroup ";
501 $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID ";520 $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID ";
502 $SQL .= " INNER JOIN `group` ";521 $SQL .= " INNER JOIN `group` ";
503 $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID ";522 $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID ";
523 $SQL .= " INNER JOIN lkusergroup ";
524 $SQL .= " ON group.groupID = lkusergroup.GroupID ";
504 }525 }
505 $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu));526 $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu));
506 if ($usertypeid != 1) 527 if ($usertypeid != 1)
507 {528 {
508 $SQL .= sprintf(" AND group.groupid = %d", $groupid);529 $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userid);
509 }530 }
510 $SQL .= " ORDER BY menuitem.Sequence";531 $SQL .= " ORDER BY menuitem.Sequence";
511 532
@@ -596,7 +617,6 @@
596 617
597 // Populate the array of display group ids we are authed against618 // Populate the array of display group ids we are authed against
598 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);619 $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0);
599 $groupid = $this->getGroupFromID($userid, true);
600 620
601 $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific ";621 $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific ";
602 $SQL .= " FROM displaygroup ";622 $SQL .= " FROM displaygroup ";
@@ -607,10 +627,15 @@
607 if ($usertype != 1)627 if ($usertype != 1)
608 {628 {
609 $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID ";629 $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID ";
610 $SQL .= sprintf(" WHERE lkgroupdg.GroupID = %d ", $groupid);630 $SQL .= " INNER JOIN lkusergroup ON lkgroupdg.GroupID = lkusergroup.GroupID ";
611 }631 }
612632
613 $SQL .= " WHERE display.licensed = 1 ";633 $SQL .= " WHERE display.licensed = 1 ";
634
635 if ($usertype != 1)
636 {
637 $SQL .= sprintf(" AND lkusergroup.UserID = %d ", $userid);
638 }
614 639
615 Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth');640 Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth');
616641

Subscribers

People subscribed via source and target branches