/**
* Checks for a role
*
* @param string $roleName
* @return boolean
*/
public function hasRole($role)
{
if (!$this->loggedIn) {
return false;
}
return $this->user->hasRole($role);
}
public function testRoles()
{
$user = new User();
$user->role = User::ROLE_ADMIN;
$this->assertTrue($user->isAdmin());
$this->assertTrue($user->hasRole(User::ROLE_ADMIN));
$this->assertTrue($user->hasRole(User::ROLE_POWER));
$this->assertTrue($user->hasRole(User::ROLE_USER));
$user->role = User::ROLE_USER;
$this->assertTrue($user->hasRole(User::ROLE_USER));
$this->assertFalse($user->hasRole(User::ROLE_ADMIN));
}
public function postAdd()
{
$rules = ['firstname' => 'required|min:2', 'lastname' => 'required|min:2', 'address' => 'required|min:5', 'phone' => 'required|min:7'];
if (!Auth::check()) {
array_push($rules, ['email' => 'required|email|unique:users']);
}
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return Redirect::to("checkout")->withErrors($validator)->withInput(Input::except(''));
} else {
if (Auth::check()) {
$user = User::find(Auth::user()->id);
} else {
$user = new User();
$user->email = Input::get('email');
$password = str_random(10);
$user->password = Hash::make($password);
}
$user->firstname = Input::get('firstname');
$user->lastname = Input::get('lastname');
$user->address = Input::get('address');
$user->phone = Input::get('phone');
if ($user->save()) {
$role = Role::where('name', '=', 'Customer')->first();
if (!$user->hasRole("Customer")) {
$user->roles()->attach($role->id);
}
$order = new Order();
$order->user_id = $user->id;
$order->status_id = OrderStatus::where('title', '=', 'Новый')->first()->id;
$order->comment = 'Телефон: <b>' . $user->phone . '</b><br>Адрес: <b>' . $user->address . '</b><br>Комментарий покупателя: ' . '<i>' . Input::get('comment') . '</i>';
if ($order->save()) {
$cart = Cart::content();
foreach ($cart as $product) {
$orderDetails = new OrderDetails();
$orderDetails->order_id = $order->id;
$orderDetails->product_id = $product->id;
$orderDetails->quantity = $product->qty;
$orderDetails->price = $product->price;
$orderDetails->save();
}
}
if (!Auth::check()) {
Mail::send('mail.registration', ['firstname' => $user->firstname, 'login' => $user->email, 'password' => $password, 'setting' => Config::get('setting')], function ($message) {
$message->to(Input::get('email'))->subject("Регистрация прошла успешно");
});
}
$orderId = $order->id;
Mail::send('mail.order', ['cart' => $cart, 'order' => $order, 'phone' => $user->phone, 'user' => $user->firstname . ' ' . $user->lastname], function ($message) use($orderId) {
$message->to(Input::get('email'))->subject("Ваша заявка №{$orderId} принята");
});
Cart::destroy();
return Redirect::to("checkout/thanks/spasibo-vash-zakaz-prinyat")->with('successcart', 'ok', ['cart' => $cart]);
}
}
}
?>
<br/>
Modifié le <?php
echo $user->nice_modification_date;
?>
</td>
</tr>
<tr>
<td colspan="4">
<table>
<tr>
<td>Roles:</td>
<?php
$result = mysql_query("SELECT id_role, name FROM webfinance_roles") or wf_mysqldie();
while ($role = mysql_fetch_assoc($result)) {
printf("<td><input type='checkbox' name='role[]' %s value='%s' >%s</td>", $User->hasRole($role['name'], $user->id_user) > 0 ? "checked" : "", $role['name'], $role['name']);
}
?>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="4" style="text-align: center;">
<?php
$save_off = '/imgs/boutons/' . urlencode(_('Save') . "_off_" . $User->prefs->theme) . ".png";
$save_on = '/imgs/boutons/' . urlencode(_('Save') . "_on_" . $User->prefs->theme) . ".png";
$cancel_off = '/imgs/boutons/' . urlencode(_('Cancel') . "_off_" . $User->prefs->theme) . ".png";
$cancel_on = '/imgs/boutons/' . urlencode(_('Cancel') . "_on_" . $User->prefs->theme) . ".png";
?>
<img onclick="checkForm(document.forms['userdata']);" src="<?php
/**
* Check whether a user has one of our defined rights
*
* We define extra rights; this function checks to see if a
* user has one of them.
*
* @param User $user User being checked
* @param string $right Right we're checking
* @param boolean &$result out, result of the check
*
* @return boolean hook result
*/
function onUserRightsCheck($user, $right, &$result)
{
switch ($right) {
case self::REVIEWFLAGS:
case self::CLEARFLAGS:
$result = $user->hasRole('moderator');
return false;
// done processing!
}
return true;
// unchanged!
}
function canDelete(User $user = null)
{
if (null === $user) {
return false;
}
$is_admin = $user->hasRole("contact_editor");
$is_private = $this->private_to_user_id == $user->id;
return $is_private || $is_admin;
}
/**
* This func returns paginated evaluation result search result
*
* @param unknown_type $maxPercent max percent
* @param unknown_type $minPercent min percent
* @param unknown_type $eventId event id
* @param unknown_type $status status
* @param unknown_type $limit the limit per page
*
* @access public
* @return void
*/
function formatSearchEvaluationResult($maxPercent, $minPercent, $eventId, $status, $limit)
{
$matrixAry = array();
$assignedGroupIDs = array();
$course_id = isset($this->params['form']['course_id']) ? $this->params['form']['course_id'] : "0";
$conditions = $course_id == "A" ? $eventId == "A" ? User::hasRole('superadmin') || User::hasRole('admin') ? array() : array('Event.creator_id' => $this->Auth->user('id')) : array('Event.id' => $eventId) : ($eventId == "A" ? array('Event.course_id' => $course_id) : array('Event.id' => $eventId));
$conditions['event_template_type_id !='] = '3';
$this->Event->recursive = -1;
$events = $this->Event->find('all', array('conditions' => $conditions));
foreach ($events as $event) {
switch ($status) {
case "listNotReviewed":
$assignedGroupIDs = array_merge($assignedGroupIDs, $this->GroupEvent->getNotReviewed($event['Event']['id']));
break;
case "late":
$assignedGroupIDs = array_merge($assignedGroupIDs, $this->GroupEvent->getLate($event['Event']['id']));
break;
case "low":
$eventTypeId = $event['Event']['event_template_type_id'];
$assignedGroupIDs = array_merge($assignedGroupIDs, $this->GroupEvent->getLowMark($event['Event']['id'], $eventTypeId, $maxPercent, $minPercent));
break;
default:
//$assignedGroupIDs = $this->GroupEvent->getGroupIDsByEventId($eventId);
$assignedGroupIDs = array_merge($assignedGroupIDs, $this->GroupEvent->getGroupsByEventId($event['Event']['id']));
break;
}
}
if (!empty($assignedGroupIDs)) {
$assignedGroups = array();
// retrieve string of group ids
for ($i = 0; $i < count($assignedGroupIDs); $i++) {
$groupid = $assignedGroupIDs[$i]['GroupEvent']['group_id'];
$groupEventId = $assignedGroupIDs[$i]['GroupEvent']['id'];
$group = $this->Group->find('first', array('conditions' => array('Group.id' => $groupid)));
$assignedGroups[$i] = $group;
//Get Members whom completed evaluation
$numOfCompletedCount = $this->EvaluationSubmission->numCountInGroupCompleted($groupEventId);
//Check to see if all members are completed this evaluation
$numMembers = $this->GroupsMembers->find('count', array('conditions' => 'group_id=' . $group['Group']['id']));
$numOfCompletedCount == $numMembers ? $completeStatus = 1 : ($completeStatus = 0);
//Get release status
$groupEvent = $this->GroupEvent->getGroupEventByEventIdGroupId($assignedGroupIDs[$i]['GroupEvent']['event_id'], $group['Group']['id']);
$released = $this->Evaluation->getGroupReleaseStatus($groupEvent);
$assignedGroups[$i]['Group']['complete_status'] = $completeStatus;
$assignedGroups[$i]['Group']['num_completed'] = $numOfCompletedCount;
$assignedGroups[$i]['Group']['num_members'] = $numMembers;
$assignedGroups[$i]['Group']['marked'] = $assignedGroupIDs[$i]['GroupEvent']['marked'];
$assignedGroups[$i]['Group']['grade_release_status'] = $released['grade_release_status'];
$assignedGroups[$i]['Group']['comment_release_status'] = $released['comment_release_status'];
$assignedGroups[$i]['Group']['event_title'] = $this->Event->getEventTitleById($assignedGroupIDs[$i]['GroupEvent']['event_id']);
$assignedGroups[$i]['Group']['event_id'] = $assignedGroupIDs[$i]['GroupEvent']['event_id'];
}
$evlResult['Evaluation']['assignedGroups'] = $assignedGroups;
} else {
$evlResult['Evaluation']['assignedGroups'] = array();
}
$paging['style'] = 'ajax';
$paging['count'] = count($assignedGroupIDs);
$paging['show'] = array('10', '25', '50', 'all');
$paging['limit'] = $limit;
$matrixAry['data'] = $evlResult;
$matrixAry['paging'] = $paging;
return $matrixAry;
}
function building()
{
//Get the user home library
$user = new User();
$user->id = $this->user_id;
$user->find(true);
//get the home location
$homeLocation = new Location();
$homeLocation->locationId = $user->homeLocationId;
$homeLocation->find(true);
//If the user is scoped to just see holdings for their location, only make the list available for that location
//unless the user a library admin
$scopeToLocation = false;
if ($homeLocation->useScope == 1 && $homeLocation->restrictSearchByLocation) {
if ($user->hasRole('opacAdmin') || $user->hasRole('libraryAdmin')) {
$scopeToLocation = false;
} else {
$scopeToLocation = true;
}
}
$buildings = array();
if ($scopeToLocation) {
//publish to all locations
$buildings[] = $homeLocation->facetLabel;
} else {
//publish to all locations for the library
$location = new Location();
$location->libraryId = $homeLocation->libraryId;
$location->find();
while ($location->fetch()) {
$buildings[] = $location->facetLabel;
}
}
return $buildings;
}
$balance = $balance_lines[$tr->id];
$balance_color = $balance > 0 ? "#e0ffe0" : "#ffe0e0";
$fmt_balance = number_format($balance, 2, ',', ' ');
// Formated balance
$help_edit = addslashes(_('Click to modify this transaction'));
$class = $count % 2 ? "row_odd" : "row_even";
if ($tr->type == "prevision" and $tr->ts_date < mktime(23, 59, 59, date("m"), date("d") - 1, date("Y"))) {
$class = "row_error";
}
$file = "";
$File = new FileTransaction();
$files = $File->getFiles($tr->id);
foreach ($files as $file_object) {
$file .= sprintf("<a href='save_transaction?action=file&id_file=%d' title='%s'><img src='/imgs/icons/attachment.png'/></a>", $file_object->id_file, $file_object->name);
}
if (isset($view) and $view == "edit" and $User->hasRole("manager", $_SESSION['id_user'])) {
?>
<input type="hidden" name="query" value="?view=edit&<?php
echo $GLOBALS['_SERVER']['QUERY_STRING'];
?>
" />
<tr class="<?php
echo $class;
?>
">
<td>
<input type="checkbox" id="chk_<?php
echo $tr->id;
?>
" name="chk[]" onchange="updateCheck(<?php
function getDonationsForApproval($poc_id = 0, $donation_status = 'TO_BE_APPROVED_BY_POC')
{
global $sql;
$user = new User($poc_id);
if (!$user->hasRole($user->role_ids['CFR POC'])) {
return $this->_error("User '{$user->user['name']}' is not a POC. Only POCs have approval option.");
}
$volunteers = $user->getSubordinates();
if (!$volunteers) {
return $this->_error("This user don't have any volunteers under them.");
}
$donations = $sql->getById("SELECT D.id, D.donation_status, D.eighty_g_required, D.created_at, D.updated_at, D.updated_by, D.donation_amount AS amount,\n\t\t\t\tU.id AS user_id, CONCAT(U.first_name,' ',U.last_name) AS user_name, DON.id AS donor_id, CONCAT(DON.first_name, ' ', DON.last_name) AS donor_name\n\t\t\tFROM donations D \n\t\t\tINNER JOIN users U ON D.fundraiser_id=U.id\n\t\t\tINNER JOIN donours DON ON DON.id=D.donour_id\n\t\t\tWHERE donation_status='{$donation_status}' AND D.fundraiser_id IN (" . implode(",", array_keys($volunteers)) . ")");
return $donations;
}
?>
" />
<input type="hidden" name="id_user" value="<?php
echo $Client->id_user;
?>
" />
<table border="0" cellspacing="5" cellpadding="0" class="fiche_prospect">
<tr>
<td width="100%"><input type="text" name="nom" value="<?php
echo preg_replace('/"/', '\\"', $Client->nom);
?>
" style="font-size: 18px; font-weight: bold; width: 510px; border-top: none; border-left: none; border-right: none;" /><br/></td>
<td nowrap>
<?php
if ($User->hasRole("manager", $_SESSION['id_user']) || $User->hasRole("employee", $_SESSION['id_user'])) {
?>
<input style="width: 75px; background: #eee; color: #7f7f7f; border: solid 1px #aaa;" id="submit_button" onclick="submitForm(this.form);" type="button" value="<?php
echo _('Save');
?>
" />
<input style="width: 75px; background: #eee; color: #7f7f7f; border: solid 1px #aaa;" id="cancel_button" type="button" onclick="window.location='fiche_prospect.php?id=<?php
echo $facture->id_client;
?>
';" value="<?php
echo _('Cancel');
?>
" />
<input style="width: 75px; background: #eee; color: #7f7f7f; border: solid 1px #aaa;" id="delete_button" type="button" onclick="confirmDelete(<?php
echo $Client->id;
?>
public function updateEntity($id, $data)
{
// need to have special handling depending upon role of user
// how inefficient is it to spin up a new user object here? Calling service will already have done just that?
// contributor role users can't pending state (for review by admin)
$user = new User($this->userid, $this->tenantid);
if ($user->hasRole('contributor', $this->tenantid)) {
$data->{"status"} = 'Pending';
}
return parent::updateEntity($id, $data);
}
default:
echo ' - Erreur inconnue';
break;
}
*/
$output = array();
// Déclarer les objets d'accès aux donées publiques et privées.
// Inclure le code du service qui doit fournir une fonction execService().
// Il doit aussi redéfinir la variable $ROLE qui donne le role nécessaire
// à l'appel de ce service. Si $ROLE est vide, tout le monde est autorisé.
$ROLE = microtime();
// Random role for security reason.
include "svc/{$service}.php";
$json = "null";
$user = new User();
if ($user->hasRole($ROLE)) {
try {
$json = json_encode(execService($input, $user));
} catch (FatalException $e) {
$json = "#" + json_encode(array("id" => $e->getCode(), "msg" => $e->getMessage()));
} catch (Exception $e) {
echo "<pre>";
echo $e->getMessage();
echo "</pre>\n";
$json = "#null";
}
} else {
$json = "!" . json_encode($ROLE);
}
// Fermer la connexion à la base de données.
$DB = null;
