/** * Displays the default admin page, which simply contains instructions on what each administrative function does */ function displayDefaultAdminPage() { $ac = new AccessController(); $this->engine->assign('acl', $ac->isAuthorized(false, array('act' => 'adm_default', 'vm_action' => 'display_acl_situations'))); $this->engine->assign('search_registry', $ac->isAuthorized(false, array('act' => 'adm_default', 'vm_action' => 'process_update_phonetics'))); $this->engine->assign('clear_cache', $ac->isAuthorized(false, array('act' => 'adm_default', 'vm_action' => 'process_clear_cache'))); $this->engine->assign('audit_acl', $ac->isAuthorized(false, array('act' => 'adm_default', 'vm_action' => 'process_audit_acl'))); $this->engine->display('admin/default.tpl.php'); }
public function preDispatch() { $ret = AccessController::preDispatch(); if ($ret === FALSE) { return FALSE; } $this->setNoViewRender(true); return TRUE; }
/** * The function that decides what to do and which page to view. * * @param $getvars an associative array, representing the GET variables * from the URL * @return void */ function controlHandler($getvars) { global $dao; //first authorize the user $ac = new AccessController($getvars); if (!$ac->isAuthorized()) { return; } //if authorized, move on to displaying the correct page switch ($getvars['vm_action']) { case 'process_add': global $dao; /* * First set up a Volunteer object to store all of the * POST data */ if ($_SESSION['logged_in'] && !$dao->isVolunteer($_SESSION['user_id'])) { $v = new Volunteer(); $v->info['ids'] = array(); $v->p_uuid = $_SESSION['user_id']; $shn_user = true; } else { if (isset($getvars['p_uuid'])) { $v = new Volunteer($getvars['p_uuid']); $shn_user = false; } else { $v = new Volunteer(); $v->info['ids'] = array(); $shn_user = false; } } $v->info['full_name'] = $getvars['full_name']; $v->info['ids'][$getvars['id_type']] = trim($getvars['serial']); $v->info['gender'] = $getvars['gender']; $v->info['dob'] = $getvars['dob']; $v->info['date_start'] = $getvars['start_date']; $v->info['date_end'] = $getvars['end_date']; $v->info['hour_start'] = $getvars['hrs_avail_start']; $v->info['hour_end'] = $getvars['hrs_avail_end']; $v->info['occupation'] = $getvars['occupation']; $v->info['affiliation'] = $getvars['affiliation']; $v->info['special_needs'] = $getvars['special_needs']; $v->info['locations'] = array(); shn_get_parents(shn_location_get_form_submit_loc(), $v->info['locations']); $v->info['contact'] = array(); // put every input that begins with 'contact_' into the contact array foreach ($getvars as $key => $value) { if (substr($key, 0, strlen('contact_')) == 'contact_') { $v->info['contact'][substr($key, strlen('contact_'))] = $value; } } $v->info['contact_prefer'] = $getvars['prefered_confirm_medium']; //add skills information $v_skills = array(); $skill_ids = $dao->getSkillIDs(); foreach ($skill_ids as $skill) { if ($getvars["SKILL_{$skill}"] == 'on') { $v_skills[] = $skill; } } $v->info['skills'] = $v_skills; //add Sahana account information if necessary if ($getvars['reg_account'] == 'true') { $v->info['account_info'] = array('account_name' => $getvars['full_name'], 'user_name' => $getvars['user_name'], 'pass' => $getvars['pass1']); $v->p_uuid = $getvars['existing_puuid']; } View::View($v); /* * Check to see if the POST data is valid and act accordingly */ if ($this->validateAddForm($getvars = array_merge($_REQUEST, $_FILES))) { $v->save($shn_user); // picture $p = $_FILES['picture']; if (!empty($p['tmp_name'])) { $pic = new VMPicture(); $pic->original = file_get_contents($p['tmp_name']); $pic->name = $p['name']; $pic->type = $p['type']; $pic->size = $p['size']; $pic->p_uuid = $v->p_uuid; if ($pic->resize()) { $pic->save(); } else { add_error(_("The image file is invalid, or is not of a supported type.")); } } add_confirmation(_('Changes saved.')); //if we just created a Sahana account, direct the user to log in if (!$_SESSION['logged_in']) { $this->displayPleaseLogin(); } else { $this->displayVolunteer($v->p_uuid); } } else { if (!empty($getvars['p_uuid'])) { $this->addVolunteer(new Volunteer($getvars['p_uuid'])); } else { $this->addVolunteer(); } } break; case 'display_add': View::View(); if ($dao->isVolunteer($_SESSION['user_id'])) { //if this user is a volunteer already, display the edit form $this->addVolunteer(new Volunteer($_SESSION['user_id'])); } else { //otherwise display the add form $this->addVolunteer(); } break; case 'display_edit': View::View(); $this->addVolunteer(new Volunteer($getvars['p_uuid'])); break; case 'display_confirm_delete': View::View(); $this->confirmDelete($getvars['p_uuid']); break; case 'display_change_pass': View::View(); $this->changePass($_SESSION['user_id']); break; case 'process_change_pass': global $global; require_once $global['approot'] . 'inc/lib_security/lib_auth.inc'; if ($this->validateChangePassForm($getvars = $_REQUEST)) { if (shn_change_password($getvars['p_uuid'], $getvars['cur_pass'], $getvars['pass1']) === true) { add_error(SHN_ERR_VM_PASSWORD_NOT_MATCH); $this->changePass($getvars['p_uuid']); } else { add_confirmation(_("Your Password has been updated")); } } else { $this->changePass($getvars['p_uuid']); } break; case 'process_delete': $v = new Volunteer(); $v->delete($getvars['p_uuid']); View::View(); $this->displayConfirmation('The requested user was deleted.'); $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true); $this->listVolunteers($dao->getVolunteers(), $extra_opts); break; case 'display_list_all': View::View(); $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true); $this->listVolunteers($dao->getVolunteers(), $extra_opts); $this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_all"); break; case 'display_list_assigned': View::View(); $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true); $this->listVolunteers($dao->getVolunteers(null, VM_SHOW_ALL_VOLUNTEERS_ASSIGNED), $extra_opts); $this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_assigned"); break; case 'display_mailbox': View::View(new Volunteer($_SESSION['user_id'])); $this->displayMailbox($getvars['box']); break; case 'display_message': /* * Since we are passing $_SESSION['user_id'] as the p_uuid of the user here, * we can only view the message (i.e., the query will only succeed) if it belongs * to the current logged in user. Therefore, there is no need for extra access * control checks on displaying a message here. */ View::View(); $this->displayMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box']); break; case 'process_delete_message': global $dao; $dao->deleteMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box'] != 'outbox'); //add_confirmation('_(Message has been deleted')); View::View(new Volunteer($_SESSION['user_id'])); $this->displayMailbox($getvars['box']); break; case 'display_send_message': $this->displaySendMessageForm(); break; case 'process_send_message': global $dao; if ($this->validateSendMessageForm($getvars = $_REQUEST)) { $message = stripslashes($getvars['message']); $message = strtr($message, array("'" => "\\'")); //have to escape any single quotes otherwise querying won't work $dao->sendMessage($_SESSION['user_id'], $getvars['to'], $message); add_confirmation(_("Message Sent")); } else { $to_list = array(); $to = $getvars['to']; if (isset($to)) { foreach ($to as $person) { $to_list[$person] = $dao->getPersonName($person); } } $this->displaySendMessageForm($to_list); } break; case 'display_search': $advanced = $getvars['advanced'] == 'true'; $this->openSearchForm(); $this->displaySearchForm($advanced); break; case 'process_search': global $dao, $global; include_once $global['approot'] . 'mod/vm/lib/vm_validate.inc'; View::View(); //print_r($getvars); $vol_name = $getvars['vol_name']; //name to search by $vol_id = $getvars['vol_iden']; //Identification number to search by $loose = false; $soundslike = false; $start_date = $getvars['start_date']; //availability start $end_date = $getvars['end_date']; //availability end $skills_matching = $getvars['skills_matching'] == 'and_skills' ? VM_SKILLS_ALL : VM_SKILLS_ANY; //search for all or any of the skills present $unassigned = $getvars['unassigned'] == 'true'; //true to search for only unassigned volunteers $assigning = $getvars['assigning']; //true if we are using the search to assign volunteers $advanced = $getvars['advanced'] == 'true'; //true if we are using an advanced search $just_assigned_vol = $getvars['p_uuid'] != '' && $assigning; //true if we just assigned a volunteer to a project (nice to know if no results are found to not display an error) $date_constraint = $getvars['date_constraint'] == 'full_date'; //true if we must check for availability for the entire date range specified, false to check for any portion of the data range $positions = $getvars['positions']; if ($assigning) { $assigning_proj = $getvars['proj_id']; } else { $assigning_proj = null; } $location = ''; if (shn_vm_location_selected()) { $location = shn_location_get_form_submit_loc(); } $skills = array(); $skill_ids = $dao->getSkillIDs(); foreach ($skill_ids as $sk) { if ($getvars["SKILL_{$sk}"] == 'on') { $skills[] = $sk; } } //if we're not using the search results to do assigning, open the form here so that all of our paging navigation //will also be part of the form if (!$assigning) { $this->openSearchForm(); } //Validate the fields if ($this->validateSearchForm($getvars)) { //get the search results and display them $results = $dao->getVolSearchResults($vol_id, $vol_name, $skills, $skills_matching, $start_date, $end_date, $location, $date_constraint, $unassigned, $loose, $soundslike, $assigning_proj); $this->displaySearchResults($results, $assigning, $assigning_proj, $advanced, $just_assigned_vol, $positions); } if (!$assigning) { $this->displaySearchForm($advanced, false); } else { $this->displaySearchForm(true, true); } break; case 'display_single': $v = new Volunteer($getvars['p_uuid']); View::View($v); $this->displayVolunteer($getvars['p_uuid']); break; case 'process_remove_picture': $dao->deletePicture($dao->getPictureID($_GET['id'])); View::View(); if (empty($getvars['p_uuid'])) { $this->addVolunteer(); } else { $this->addVolunteer(new Volunteer($getvars['p_uuid'])); } break; case 'display_portal': View::View(new Volunteer($_SESSION['user_id'])); $this->displayPortal(); break; case 'display_report_all': View::View(); $this->displayVolunteerReport($dao->getVolunteersForReport()); break; case 'display_custom_report_select_for_mgrs': $this->displayCustomReportFilterForMgrs($dao->listProjects($_SESSION['user_id'], true, true)); break; case 'display_custom_report_select': View::View(); $projects = array('ALL_PROJECTS' => '(all)') + $dao->listProjects(null, false, true); $orgs = array('ALL_ORGS' => '(all)') + $dao->getOrganizations(true); $this->displayCustomReportFilter($projects, $orgs, $dao->getVolunteerNames(true)); break; case 'display_custom_report': View::View(); $extra_opts = array(); $proj_id = null; $org_id = null; $vols = array(); if (isset($getvars['proj_id']) && $getvars['proj_id'] != 'ALL_PROJECTS') { $proj_id = $getvars['proj_id']; $extra_opts['reportProjName'] = $dao->getProjectName($proj_id); } if (isset($getvars['org_id']) && $getvars['org_id'] != 'ALL_ORGS') { $org_id = $getvars['org_id']; $temp = $dao->getOrganizationInfo($org_id); $extra_opts['reportOrgName'] = $temp['name']; } if (!empty($getvars['vols']) && is_array($getvars['vols'])) { $extra_opts['reportingSpecificVolunteers'] = true; $vols = $getvars['vols']; } $this->displayVolunteerReport($dao->getVolunteersForReport($proj_id, $org_id, $vols), $extra_opts); break; case 'display_modify_skills': $this->displayModifySkills(); break; case 'process_add_skill': global $global; require_once $global['approot'] . 'mod/vm/lib/vm_validate.inc'; if (empty($getvars['skill_desc']) || empty($getvars['skill_code'])) { add_error(_('Please specify both a skill description and skill code')); } else { //validate skill code length if (strlen(trim($getvars['skill_code'])) < 4 || strlen(trim($getvars['skill_code'])) > 5) { add_error(_('Skill code should be 4 - 5 letters')); } else { $find = array("/ *" . VM_SKILLS_DELIMETER . " */", "/^ +/", "/ +\$/"); $replace = array("-", '', ''); $description = preg_replace($find, $replace, $getvars['skill_desc']); if (!$dao->addSkill($getvars['skill_code'], $description)) { add_error(_('The specified skill code already exists. Please choose another')); } else { add_confirmation("Skill '{$description}' added"); unset($_POST); } } } $this->displayModifySkills(); break; case 'process_remove_skill': if (!empty($_REQUEST['skills'])) { foreach ($_REQUEST['skills'] as $code) { $dao->removeSkill($code); add_confirmation("Deleted {$code}"); } } $this->displayModifySkills(); break; case 'display_approval_management': //currently only site manager approval is allowed, later credential approval will be added $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR')); break; case 'process_approval_modifications': //currently only site manager approval is allowed, later credential approval will be added $dao->updateAbilityStatus($getvars['vol_id'], 'MGR', isset($getvars['approve'])); add_confirmation(_('Approval information has been updated')); $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR')); break; case 'process_approval_upgrades': //currently only site manager approval is allowed, later credential approval will be added $dao->updateAbilityStatus($getvars['vol_id'], 'MGR', true); add_confirmation(_('Approval information has been updated')); $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR')); break; case 'process_log_time': $start = strtotime($getvars['startDate'] . ' ' . $getvars['startTime']); if (empty($getvars['numHours'])) { $end = strtotime($getvars['endDate'] . ' ' . $getvars['endTime']); } else { $end = $start + $getvars['numHours'] * 60 * 60; } if (($e = validateShiftTimes($start, $end)) === VM_OK) { if ($dao->logShift($getvars['p_uuid'], $getvars['pos_id'], $start, $end)) { $this->displayConfirmation('Your time was logged successfully.'); $v = new Volunteer($getvars['p_uuid']); View::View($v); $this->displayVolunteer($getvars['p_uuid']); } else { add_error(_("There was a problem logging your time. Please go back and try again.")); } } else { add_error(_("Error logging time:") . $e); $this->showLogTime($getvars['p_uuid'], $getvars['pos_id']); } break; case 'review_hours': if (empty($getvars['proj_id'])) { $this->displaySelectReviewHours(); } else { $this->displayReviewHours($getvars['proj_id']); } break; case 'process_review_hours': $this->dao->reviewShift($getvars['shift_id'], $getvars['status']); $this->displayReviewHours($getvars['p_uuid'], $getvars['pos_id']); break; default: if ($_SESSION['logged_in']) { View::View(new Volunteer($_SESSION['user_id'])); $this->displayPortal(); } } }
/** * Handles control for all administrative functions */ public function controlHandler($getvars) { //first authorize the user $ac = new AccessController($getvars); if (!$ac->isAuthorized()) { return; } View::View(); $this->displayAdminHMenu(); global $dao; switch ($getvars['vm_action']) { case 'display_acl_situations': $this->displayAdminACL($dao->getAccessRequestsForDisplay()); break; case 'display_acl_modify': if (empty($getvars['request'])) { add_error(SHN_ERR_VM_NO_REQUEST); $this->displayAdminACL($dao->getAccessRequestsForDisplay()); } else { $split = preg_split("/&/", $getvars['request']); $act = $split[0]; $vm_action = $split[1]; $this->displayAdminACLModify($act, $vm_action, $dao->getAccessRequestDescription($act, $vm_action), $dao->getSpecificAccessRequestConstraints($act, $vm_action), $dao->getPossibleAccessConstraints(), $dao->getDBTables()); } break; case 'process_update_phonetics': $dao->updatePhonetics(); add_confirmation(_('The Search Registry has been updated.')); $this->displayDefaultAdminPage(); break; case 'process_acl_modifications': $dao->removeConstraints($getvars['acl_act'], $getvars['acl_vm_action']); //first update the special constraints $possible_constraints = $dao->getPossibleAccessConstraints(); foreach ($possible_constraints as $code => $description) { if ($getvars["constraint_{$code}_req"] == 'on') { $dao->addConstraint($getvars['acl_act'], $getvars['acl_vm_action'], $code); } } //now update the data classification constraints $tables = array(); foreach ($getvars as $name => $value) { $matches = array(); if ($value == 'on' && preg_match("/table_(\\w+|_)_req_(\\w)/", $name, $matches)) { //arrange the permissions into the 'crud' format $table_name = $matches[1]; $permission = $matches[2]; if (!isset($tables[$table_name])) { $tables[$table_name] = $permission; } else { $current_permissions = $tables[$table_name]; if ($permission == 'c') { $tables[$table_name] = 'c' . $current_permissions; } else { if ($permission == 'r') { if (substr_count($tables[$table_name], 'c') > 0) { $tables[$table_name] = 'cr' . substr($current_permissions, 1); } else { $tables[$table_name] = 'r' . $current_permissions; } } else { if ($permission == 'u') { if (substr_count($tables[$table_name], 'd') > 0) { $tables[$table_name] = substr($current_permissions, 0, strlen($current_permissions) - 1) . 'ud'; } else { $tables[$table_name] = $current_permissions . 'u'; } } else { //($permission == 'd') $tables[$table_name] = $current_permissions . 'd'; } } } } } } $dao->updateClassificationConstraints($getvars['acl_act'], $getvars['acl_vm_action'], $tables); add_confirmation(_('Access control modifications have been saved')); $this->displayAdminACL($dao->getAccessRequestsForDisplay()); break; case 'process_clear_cache': $this->engine->clear_cache(); add_confirmation(_('Template cache has been cleared')); $this->displayDefaultAdminPage(); break; case 'process_audit_acl': global $global; //first process any changes if necessary if ($getvars['process_action'] != '') { if ($getvars['process_action'] == 'add_request') { $dao->addAccessRequest($getvars['request_act'], $getvars['request_vm_action'], $getvars['request_desc']); } else { if ($getvars['process_action'] == 'remove_request') { $dao->removeAccessRequest($getvars['request_act'], $getvars['request_vm_action']); } else { $dao->classifyTable($getvars['table_to_classify'], $getvars['classification_level']); } } add_confirmation(_('ACL settings have been updated.')); } $path = $global['approot'] . 'mod/vm/controller/'; //an array for all controller files to test with each key being the 'act' URL parameter associated with it $files = array('adm_default' => 'AdminController.php', 'project' => 'ProjectController.php', 'volunteer' => 'VolunteerController.php'); //an array to store all act and vm_action combinations that are not in the database $bad_requests = array(); $current_requests = $dao->getAccessRequests(); foreach ($files as $act => $file_name) { $handle = fopen($path . $file_name, 'r'); $contents = fread($handle, filesize($path . $file_name)); //temporary, should restrict results to within controlHandler() function preg_match_all("/case\\s+('|\")(\\w+)('|\")\\s*?:/", $contents, $cases); foreach ($cases[2] as $vm_action) { if (isset($current_requests[$act])) { if (isset($current_requests[$act][$vm_action])) { unset($current_requests[$act][$vm_action]); } else { $bad_requests[] = array('act' => $act, 'vm_action' => $vm_action); } } else { $bad_requests[] = array('act' => $act, 'vm_action' => $vm_action); } } //ignore default cases that aren't referenced because they will get picked up by the controller's default action unset($current_requests[$act]['default']); if (empty($current_requests[$act])) { unset($current_requests[$act]); } fclose($handle); } //now look for any unclassified tables/views $tables = $dao->getDBTables(); $unclassified_tables = array(); foreach ($tables as $table) { if (substr($table, 0, 3) == 'vm_') { if (!$dao->isClassified($table)) { $unclassified_tables[] = $table; } } } //display the information $this->displayACLAudit($bad_requests, $current_requests, $unclassified_tables, $dao->getDataClassificationLevels()); break; default: $this->displayDefaultAdminPage(); break; } }
function displayProject($p, $showVolunteersAssigned = true) { global $global, $dao; $this->engine->assign('info', $this->model->info); $volunteers = $dao->getVolunteers($p->proj_id); $numVolunteers = $dao->getVolunteersInProject($p->proj_id); // get location hierarchy require_once $global['approot'] . 'inc/lib_location.inc'; $parents = array(); shn_get_parents($p->info['location_id'], $parents); $locations = array(); if (!empty($parents)) { foreach ($parents as $loc_id) { if ($loc_id != 'NULL') { $loc = $dao->getLocation($loc_id); $locations[] = $loc['name']; } } } /* * The sorting here just for using in Taiwan. */ krsort($locations); $locations = join("-->", $locations); $projectExpired = false; if ($p->info['end_date'] == '0000-00-00') { $endDate = ''; } else { $endDate = $p->info['end_date']; if (strtotime($p->info['end_date'] . ' 23:59:59') < mktime()) { $projectExpired = true; } } $projectManager = $dao->getProjectManager($p->proj_id); $this->engine->assign('projectExpired', $projectExpired); $this->engine->assign('info', $p->info); $this->engine->assign('start_date', $p->info['start_date'] == '0000-00-00' ? '' : $p->info['start_date']); $this->engine->assign('end_date', $p->info['end_date'] == '0000-00-00' ? '' : $p->info['end_date']); $this->engine->assign('location', $locations); $this->engine->assign('skills', $dao->getVolSkillsTree($p->proj_id, true)); $this->engine->assign('requiredVolunteers', $dao->getRequiredVolunteers($p->proj_id)); $this->engine->assign('numVolunteers', $numVolunteers); $this->engine->assign('showVolunteersAssigned', $showVolunteersAssigned); $this->engine->assign('proj_id', $p->proj_id); $this->engine->assign('projectManager', $projectManager['full_name'] . '(' . (!empty($projectManager['option_description']) ? _($projectManager['option_description']) : '') . ':' . $projectManager['contact_value'] . ')'); $this->engine->assign('position_title', $p->ptype_title); $this->engine->assign('positions', $p->positions); $ac = new AccessController(); $this->engine->assign('edit_auth', $ac->isAuthorized(false, $ac->buildURLParams('project', 'display_edit', array('proj_id' => $p->proj_id)))); $this->engine->assign('delete_auth', $ac->isAuthorized(false, $ac->buildURLParams('project', 'display_confirm_delete', array('proj_id' => $p->proj_id)))); $this->engine->assign('add_pos_auth', $ac->isAuthorized(false, $ac->buildURLParams('project', 'add_position', array('proj_id' => $p->proj_id)))); $this->engine->assign('delete_pos_auth', $ac->isAuthorized(false, $ac->buildURLParams('project', 'remove_position', array('proj_id' => $p->proj_id)))); $this->engine->assign('assign_auth', $ac->isAuthorized(false, $ac->buildURLParams('project', 'display_assign', array('proj_id' => $p->proj_id)))); $this->engine->display('project/display.tpl.php'); if ($showVolunteersAssigned && $numVolunteers > 0) { $extra_opts = array('showPictures' => true, 'showLocation' => true, 'showRemove' => !$projectExpired, 'modifyProjId' => $p->proj_id, 'showPositions' => true, 'showHours' => true); $vView = new VolunteerView(); $vView->listVolunteers($volunteers, $extra_opts); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_single&proj_id={$p->proj_id}"); } }
/** * The function that decides what to do and which page to view. * * @param $getvars an associative array, representing the GET variables * from the URL * @return void */ function controlHandler($getvars) { global $dao, $global; include_once $global['approot'] . 'inc/lib_location.inc'; //first authorize the user $ac = new AccessController($getvars); if (!$ac->isAuthorized()) { return; } // temporary, to support older 'action' instead of 'vm_action' $vm_action = $getvars['vm_action'] ? $getvars['vm_action'] : $getvars['action']; switch ($vm_action) { case 'display_single': $p = new Project($getvars['proj_id']); $this->displayProject($p); break; case 'display_add': $this->addProject(); break; case 'display_edit': $this->addProject(new Project($getvars['proj_id'])); break; case 'display_closure_edit': if ($dao->isSiteManagerForProject($_SESSION['user_id'], $getvars['proj_id'])) { if (!empty($_POST)) { $dao->saveClosureReport($getvars['proj_id'], $_POST); $this->displayConfirmation(_('Changes Saved.')); echo '<script type="text/javascript">'; echo 'setTimeout(\'location.href="?mod=vm&act=project&vm_action=display_closure_report&proj_id=' . $getvars['proj_id'] . '"\',1500);'; echo '</script>'; } else { $this->editClosure($getvars['proj_id']); } } break; case 'display_closure_report': $this->viewClosure($getvars['proj_id']); break; case 'display_closure_reports': $this->listClosureReports(); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_closure_reports"); break; case 'process_add': $p = new Project($getvars['proj_id']); $p->info['name'] = $getvars['name']; $p->info['description'] = $getvars['description']; $p->info['start_date'] = $getvars['start_date']; $p->info['end_date'] = $getvars['end_date']; $p->info['mgr_id'] = $getvars['manager']; $p->info['locations'] = array(); shn_get_parents(shn_location_get_form_submit_loc(), $p->info['locations']); if ($this->validateAddForm($getvars)) { $p->save(); $this->displayConfirmation(_('Changes Saved.')); $this->displayProject($p); } else { $this->addProject(); } break; case 'process_delete': $p = new Project(); $p->delete($getvars['proj_id']); View::View(); $this->displayConfirmation('The requested Project was deleted.'); $this->listProjects(); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=default"); break; case 'display_confirm_delete': View::View(); $this->confirmDelete($getvars['proj_id']); break; case 'display_select_project': View::View(); if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_proj_vol' => 'ru'), false)) { $projects = $dao->listProjects($_SESSION['user_id'], true); } else { $projects = $dao->listProjects(); } $this->displaySelectProjectForAssignmentForm($projects); break; case 'display_assign': View::View(); if ($getvars['proj_id'] == '') { add_error(SHN_ERR_VM_NO_PROJECT); //if the user is just a site manager who got here due to overriding access control, only display his projects, otherwise display all if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_vol_position' => 'ru'), false)) { $projects = $dao->listProjects($_SESSION['user_id'], true); } else { $projects = $dao->listProjects(); } $this->displaySelectProjectForAssignmentForm($projects); } else { if ($this->validateAssignForm($getvars)) { $p_uuid = $this->getAssigningVolId($getvars); $dao->assignVolunteerToPosition($p_uuid, $getvars['pos_id_' . $p_uuid]); add_confirmation(_('Volunteer has been successfully assigned')); } $p = new Project($getvars['proj_id']); $this->assignVol($getvars['proj_id'], $p->positions); } break; case 'process_remove_from_project': $dao->deleteFromProject($getvars['p_uuid'], $getvars['proj_id']); $p = new Project($getvars['proj_id']); $this->displayProject($p); break; case 'display_my_list': $this->listProjects($_SESSION['user_id']); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_my_list"); break; case 'display_coming_list': echo _('The items listed below are projects that will start from today or after today.'); echo '<div align="right"><a href="?mod=vm&act=project">' . _('View all projects') . '</a></div>'; $this->listComingProjects(); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=display_coming_list"); break; case 'process_add_position': if ($getvars['pos_id'] != null) { $p = new Position($getvars['pos_id']); } else { $p = new Position(); } $p->proj_id = $getvars['proj_id']; $p->ptype_id = $getvars['ptype_id']; $p->description = $getvars['description']; $p->title = $getvars['title']; $p->numSlots = $getvars['numSlots']; $p->payrate = $getvars['payrate']; if ($this->validateAddPosition($getvars)) { $dao->savePosition($p); //$this->displayConfirmation("Position assignment has been added to {$p->position_title}"); $this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $p->proj_id)); } else { $this->addPosition($p); } break; case 'add_position': //this case only displays the form to add/edit a position if ($getvars['pos_id']) { $p = new Position($getvars['pos_id']); } else { $p = new Position(); } if (isset($getvars['proj_id'])) { $p->proj_id = $getvars['proj_id']; } $this->addPosition($p); break; case 'remove_position': $dao->removePosition($getvars['pos_id']); $this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $getvars['proj_id'])); break; default: echo '<div align="right"><a href="?mod=vm&act=project&vm_action=display_coming_list">' . _('View coming projects') . '</a></div>'; $this->listProjects(); $this->showPagingNavigation("index.php?mod=vm&act=project&vm_action=default"); break; } }
/** * Register access session has not been setted * @access public */ public function registerAccess() { include_once $_SERVER['DOCUMENT_ROOT'] . "resources/library/controller/AccessController.php"; try { $access = new AccessController(); $access->registerAccess(); } catch (Exception $e) { // do something or nothing } }