Example #1
0
 public function give()
 {
     try {
         if (!Session::uid()) {
             throw new Exception('Not enough rights');
         }
         if (!isset($_POST['budget_seed']) || !isset($_POST['source_txt']) && !isset($_POST['source_id']) || !isset($_POST['budget_note'])) {
             throw new Exception('Invalid parameters');
         }
         $budget_seed = (int) $_POST['budget_seed'];
         $source_txt = mysql_real_escape_string($_POST['source_txt']);
         $source_id = (int) $_POST['source_id'];
         $budget_note = mysql_real_escape_string($_POST['budget_note']);
         if ($budget_seed == 1) {
             $source_id = 0;
             $source = $source_txt;
             if (empty($source)) {
                 throw new Exception('Source field is mandatory');
             }
         } else {
             $source = "Amount from budget id: " . $source_id;
             if ($source_id == 0) {
                 throw new Exception('Source field is mandatory');
             }
         }
         $receiver_id = intval($_POST['receiver_id']);
         $amount = isset($_POST['amount']) ? floatval($_POST['amount']) : 0;
         $reason = mysql_real_escape_string($_POST['reason']);
         if (empty($receiver_id)) {
             throw new Exception('Receiver field is mandatory');
         }
         if (empty($amount)) {
             throw new Exception('Amount field is mandatory');
         }
         if (empty($reason)) {
             throw new Exception('For field is mandatory');
         }
         $giver = new User();
         $receiver = new User();
         if (!$giver->findUserById(Session::uid()) || !$receiver->findUserById($receiver_id)) {
             throw new Exception('Invalid user');
         }
         $stringAmount = number_format($amount, 2);
         $budget = new Budget();
         if (!$budget_seed) {
             if (!$budget->loadById($source_id)) {
                 throw new Exception('Invalid budget!');
             }
             // Check if user is owner of source budget
             if ($budget->receiver_id != Session::uid()) {
                 error_log('Possible Hacking attempt: User ' . Session::uid() . ' attempted to budget ' . $amount . ' to ' . $receiver_id . ' from budget ' . $budget->id);
                 throw new Exception('You\'re not the owner of this budget!');
             }
             $remainingFunds = $budget->getRemainingFunds();
         }
         if ($budget_seed != 1 && $amount > $budget->getRemainingFunds()) {
             throw new Exception('Not enough budget available (total: $' . $giver->getBudget() . " from budget #" . $budget->id . ")");
         }
         $receiver->setBudget($receiver->getBudget() + $amount)->save();
         $query = "\n                INSERT INTO `" . BUDGETS . "` (\n                    `giver_id`,\n                    `receiver_id`,\n                    `amount`,\n                    `remaining`,\n                    `reason`,\n                    `transfer_date`,\n                    `seed`,\n                    `source_data`,\n                    `notes`,\n                    `active`\n                ) VALUES (\n                    '" . $_SESSION['userid'] . "',\n                    '{$receiver_id}',\n                    '{$amount}',\n                    '{$amount}',\n                    '{$reason}',\n                    NOW(),\n                    '{$budget_seed}',\n                    '{$source}',\n                    '{$budget_note}',\n                    1\n                )";
         if (!mysql_unbuffered_query($query)) {
             throw new Exception('Error in query.');
         }
         $id = mysql_insert_id();
         $query = "\n                INSERT INTO `" . BUDGET_SOURCE . "` (\n                    `giver_id`,\n                    `budget_id`,\n                    `source_budget_id`,\n                    `amount_granted`,\n                    `original_amount`,\n                    `transfer_date`,\n                     `source_data`\n                ) VALUES (\n                    '" . $_SESSION['userid'] . "',\n                    '{$id}',\n                    '{$source_id}',\n                    '{$amount}',\n                    '0',\n                    NOW(),\n                    '{$source}'\n                )";
         if (!mysql_unbuffered_query($query)) {
             throw new Exception('Error in query.');
         }
         if (!$budget_seed) {
             $giver->updateBudget(-$amount, $source_id);
             $reason = $budget->reason;
         }
         $query2 = "\n                UPDATE `" . USERS . "`\n                SET `is_runner` = 1\n                WHERE `id` = {$receiver_id}\n                  AND `is_runner` = 0 ";
         if (!mysql_unbuffered_query($query2)) {
             throw new Exception('Error in query.');
         }
         Utils::systemNotification('@' . $giver->getNickname() . ' budgeted @' . $receiver->getNickname() . " \$" . number_format($amount, 2) . " for " . $reason . ".");
         Notification::notifyBudget($amount, $reason, $giver, $receiver);
         if ($budget_seed == 1) {
             Notification::notifySeedBudget($amount, $reason, $source, $giver, $receiver);
         }
         $receiver = User::find($receiver_id);
         return $this->setOutput(array('success' => true, 'message' => 'You gave ' . '$' . $stringAmount . ' budget to ' . $receiver->getNickname()));
     } catch (Exception $e) {
         return $this->setOutput(array('success' => false, 'message' => $e->getMessage()));
     }
 }
Example #2
0
 public function info($id)
 {
     $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false;
     $this->write('tab', isset($_REQUEST['tab']) ? $_REQUEST['tab'] : "");
     $reqUserId = Session::uid();
     $this->write('reqUserId', $reqUserId);
     $reqUser = new User();
     if ($reqUserId > 0) {
         $reqUser->findUserById($reqUserId);
         $budget = $reqUser->getBudget();
     }
     $this->write('reqUser', $reqUser);
     $is_runner = isset($_SESSION['is_runner']) ? $_SESSION['is_runner'] : 0;
     $is_payer = isset($_SESSION['is_payer']) ? $_SESSION['is_payer'] : 0;
     // admin posting data
     if (!empty($_POST) && ($is_runner || $is_payer) && !$action) {
         $user_id = (int) $_POST['user_id'];
         if (!empty($_POST['save-salary'])) {
             $field = 'salary';
             $value = mysql_real_escape_string($_POST['value']);
         } else {
             $field = $_POST['field'];
             $value = (int) $_POST['value'];
         }
         $updateUser = new User();
         if ($updateUser->findUserById($user_id)) {
             switch ($field) {
                 case 'salary':
                     $updateUser->setAnnual_salary($value);
                     Utils::systemNotification("A new salary has been set for @" . $updateUser->getNickname());
                     break;
                 case 'ispayer':
                     $updateUser->setIs_payer($value);
                     break;
                 case 'isrunner':
                     $updateUser->setIs_runner($value);
                     break;
                 case 'isinternal':
                     $updateUser->setIs_internal($value);
                     break;
                 case 'ispaypalverified':
                     $updateUser->setPaypal_verified($value);
                     if ($value) {
                         $updateUser->setHas_w2(false);
                     }
                     break;
                 case 'isw2employee':
                     $updateUser->setHas_w2($value);
                     if ($value) {
                         $updateUser->setPaypal_verified(false);
                         $updateUser->setw9_status('not-applicable');
                     }
                     break;
                 case 'manager':
                     $updateUser->setManager($value);
                     if ($value) {
                         $manager = new User();
                         $manager->findUserById($value);
                         // Send journal notification
                         Utils::systemNotification("The manager for @" . $updateUser->getNickname() . " is now set to @" . $manager->getNickname());
                     } else {
                         Utils::systemNotification("The manager for @" . $updateUser->getNickname() . " has been removed");
                     }
                     break;
                 case 'referrer':
                     $updateUser->setReferred_by($value);
                     if ($value) {
                         $referrer = new User();
                         $referrer->findUserById($value);
                         // Send journal notification
                         Utils::systemNotification("The referrer for @" . $updateUser->getNickname() . " is now set to @" . $referrer->getNickname());
                     } else {
                         Utils::systemNotification("The referrer for @" . $updateUser->getNickname() . " has been removed");
                     }
                     break;
                 case 'isactive':
                     $updateUser->setIs_active($value);
                     break;
                 default:
                     break;
             }
             $updateUser->save();
             $response = array('succeeded' => true, 'message' => 'User details updated successfully');
             echo json_encode($response);
             exit(0);
         } else {
             die(json_encode(array('succeeded' => false, 'message' => 'Error: Could not determine the user_id')));
         }
     }
     $user = new User();
     $user = User::find($id ? $id : Session::uid());
     $userId = $user->getId();
     /**
      * If we couldn't find a valid User, return an ErrorView
      */
     if (!$user->getId()) {
         $this->write('msg', 'That user doesn\'t exist.');
         $this->write('link', WORKLIST_URL);
         $this->view = new ErrorView();
         parent::run();
     }
     $this->write('userId', $userId);
     $this->write('user', $user);
     $this->write('Annual_Salary', $user->getAnnual_salary() > 0 ? $user->getAnnual_salary() : '');
     $this->write('manager', $user->getManager());
     $this->write('referred_by', $user->getReferred_by());
     if ($action == 'create-sandbox') {
         $result = array();
         try {
             if (!$is_runner) {
                 throw new Exception("Access Denied");
             }
             $args = array('unixusername', 'projects');
             foreach ($args as $arg) {
                 ${$arg} = mysql_real_escape_string($_REQUEST[$arg]);
             }
             $projectList = explode(",", str_replace(" ", "", $projects));
             // Create sandbox for user
             $sandboxUtil = new SandBoxUtil();
             $sandboxUtil->createSandbox($user->getUsername(), $user->getNickname(), $unixusername, $projectList);
             // If sb creation was successful, update users table
             $user->setHas_sandbox(1);
             $user->setUnixusername($unixusername);
             $user->setProjects_checkedout($projects);
             $user->save();
             // add to project_users table
             foreach ($projectList as $project) {
                 $project_id = Project::getIdFromRepo($project);
                 $user->checkoutProject($project_id);
             }
         } catch (Exception $e) {
             $result["error"] = $e->getMessage();
         }
         echo json_encode($result);
         die;
     }
     $reviewee_id = (int) $userId;
     $review = new Review();
     $this->write('reviewsList', $review->getReviews($reviewee_id, $reqUserId));
     $this->write('projects', $this->getProjectList());
     $user_projects = $user->getProjects_checkedout();
     $this->write('has_sandbox', count($user_projects) > 0);
     $users_favorite = new Users_Favorite();
     $favorite_enabled = 1;
     $favorite = $users_favorite->getMyFavoriteForUser($reqUserId, $userId);
     if (isset($favorite['favorite'])) {
         $favorite_enabled = $favorite['favorite'];
     }
     $favorite_count = $users_favorite->getUserFavoriteCount($userId);
     $this->write('favorite_count', $favorite_count);
     $this->write('favorite_enabled', $favorite_enabled);
     parent::run();
 }
Example #3
0
 public function view($id)
 {
     try {
         $project = Project::find($id);
     } catch (Exception $e) {
         $error = $e->getMessage();
         die($error);
     }
     $is_runner = !empty($_SESSION['is_runner']) ? 1 : 0;
     $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0;
     //get the project owner
     $project_user = new User();
     $project_user->findUserById($project->getOwnerId());
     $this->write('project_user', $project_user);
     $userId = Session::uid();
     if ($userId > 0) {
         Utils::initUserById($userId);
         $user = new User();
         $user->findUserById($userId);
         // @TODO: this is overwritten below..  -- lithium
         $nick = $user->getNickname();
         $userbudget = $user->getBudget();
         $budget = number_format($userbudget);
         $is_owner = $project->isOwner($user->getId());
         $is_admin = $user->getIs_admin();
     } else {
         $is_owner = false;
         $is_admin = false;
     }
     $runners = $project->getRunners();
     if (isset($_REQUEST['save_project']) && ($is_runner || $is_payer || $is_owner)) {
         $project->setDescription($_REQUEST['description'])->setShortDescription($_REQUEST['short_description']);
         $project->setWebsite($_REQUEST['website']);
         $cr_anyone = $_REQUEST['cr_anyone'] ? 1 : 0;
         $cr_3_favorites = $_REQUEST['cr_3_favorites'] ? 1 : 0;
         $cr_project_admin = isset($_REQUEST['cr_project_admin']) ? 1 : 0;
         $cr_users_specified = isset($_REQUEST['cr_users_specified']) ? 1 : 0;
         $cr_job_runner = isset($_REQUEST['cr_job_runner']) ? 1 : 0;
         $internal = isset($_REQUEST['internal']) ? 1 : 0;
         $require_sandbox = isset($_REQUEST['require_sandbox']) ? 1 : 0;
         $hipchat_enabled = isset($_REQUEST['hipchat_enabled']) ? 1 : 0;
         $project->setCrAnyone($cr_anyone);
         $project->setCrFav($cr_3_favorites);
         $project->setCrAdmin($cr_project_admin);
         $project->setCrRunner($cr_job_runner);
         $project->setCrUsersSpecified($cr_users_specified);
         $project->setHipchatEnabled($hipchat_enabled);
         $project->setHipchatNotificationToken($_REQUEST['hipchat_notification_token']);
         $project->setHipchatRoom($_REQUEST['hipchat_room']);
         $project->setHipchatColor($_REQUEST['hipchat_color']);
         if ($user->getIs_admin()) {
             $project->setInternal($internal);
         }
         if ($user->getIs_admin()) {
             $project->setRequireSandbox($require_sandbox);
         }
         if ($_REQUEST['logoProject'] != "") {
             $project->setLogo(basename($_REQUEST['logoProject']));
         }
         $project->save();
         // we clear post to prevent the page from redirecting
         $_POST = array();
     }
     $project_id = $project->getProjectId();
     $hide_project_column = true;
     // save,edit,delete roles <mikewasmie 16-jun-2011>
     if ($is_runner || $is_payer || $project->isOwner($userId)) {
         if (isset($_POST['save_role'])) {
             $args = array('role_title', 'percentage', 'min_amount');
             foreach ($args as $arg) {
                 ${$arg} = mysql_real_escape_string($_POST[$arg]);
             }
             $role_id = $project->addRole($project_id, $role_title, $percentage, $min_amount);
         }
         if (isset($_POST['edit_role'])) {
             $args = array('role_id', 'role_title', 'percentage', 'min_amount');
             foreach ($args as $arg) {
                 ${$arg} = mysql_real_escape_string($_POST[$arg]);
             }
             $res = $project->editRole($role_id, $role_title, $percentage, $min_amount);
         }
         if (isset($_POST['delete_role'])) {
             $role_id = mysql_real_escape_string($_POST['role_id']);
             $res = $project->deleteRole($role_id);
         }
     }
     /* Prevent reposts on refresh */
     if (!empty($_POST)) {
         unset($_POST);
         header('Location: ' . $projectName);
         exit;
     }
     $edit_mode = false;
     if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'edit' && ($is_admin || $is_owner)) {
         $edit_mode = true;
     }
     $this->write('project', $project);
     $this->write('edit_mode', $edit_mode);
     $this->write('is_owner', $is_owner);
     parent::run();
 }
Example #4
0
 public function listView($projectName = null, $filterName = null)
 {
     $this->view = new JobsView();
     // $nick is setup above.. and then overwritten here -- lithium
     $nick = '';
     $userId = Session::uid();
     if ($userId > 0) {
         Utils::initUserById($userId);
         $user = new User();
         $user->findUserById($userId);
         // @TODO: this is overwritten below..  -- lithium
         $nick = $user->getNickname();
         $userbudget = $user->getBudget();
         $budget = number_format($userbudget);
         $this->is_internal = $user->isInternal();
     }
     $this->is_runner = !empty($_SESSION['is_runner']) ? 1 : 0;
     $is_payer = !empty($_SESSION['is_payer']) ? 1 : 0;
     $is_admin = !empty($_SESSION['is_admin']) ? 1 : 0;
     $workitem = new WorkItem();
     $queryFilter = empty($_REQUEST['query']) ? '' : $_REQUEST['query'];
     $this->write('queryFilter', $queryFilter);
     $this->write('followingFilter', $filterName != null && $filterName == "following" ? true : false);
     if ($projectName != null && $projectName != "all") {
         $project = Project::find($projectName);
         $this->write('projectFilter', $project ? $project->getProjectId() : 0);
     } else {
         $this->write('projectFilter', 0);
     }
     if ($filterName != null && $filterName != "following") {
         $this->write('statusFilter', $filterName);
     } else {
         $this->write('statusFilter', empty($queryFilter) ? 'Active' : 'All');
     }
     $this->write('labelsFilter', array_slice(func_get_args(), 2));
     // Prevent reposts on refresh
     if (!empty($_POST)) {
         unset($_POST);
         $this->view = null;
         Utils::redirect('./jobs');
         exit;
     }
     $worklist_id = isset($_REQUEST['job_id']) ? intval($_REQUEST['job_id']) : 0;
     $this->write('req_status', isset($_GET['status']) ? $_GET['status'] : '');
     $this->write('review_only', isset($_GET['status']) && $_GET['status'] == 'needs-review' ? 'true' : 'false');
     parent::run();
 }