public function up()
{
$this->createTable('db_user', array('primary' => 'dbUserID'), array(array('dbUserID', 'integer'), array('dbUserName', 'string', array('limit' => 20)), array('dbUserPW', 'string', array('limit' => 50)), array('dbUserFullName', 'string', array('limit' => 50, 'null' => true)), array('dbUserActive', 'string', array('limit' => 1, 'default' => 'Y')), array('ACLstring', 'text', array('null' => true, 'limit' => '1M'))));
$this->createIndex('db_user', array('dbUserName'));
// reset db metadata cache
QFrame_Db_Table::scanDb();
// create some default data
$admin = new DbUserModel(array('dbUserName' => 'admin', 'dbUserPW' => 'admin', 'dbUserFullName' => 'Administrator'));
$admin->save();
$user = new DbUserModel(array('dbUserName' => 'user', 'dbUserPW' => 'user', 'dbUserFullName' => 'User'));
$user->save();
}
/**
* Change the current user's password
*/
public function passwdAction()
{
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
$this->flash('error', 'You must be logged in to change your password');
$this->_redirector->gotoRouteAndExit(array('action' => 'login'));
}
$request = $this->getRequest();
if ($request->isPost()) {
$auth_adapter = new QFrame_Auth_Adapter($auth->getIdentity(), $this->_getParam('old'));
if (!$auth->authenticate($auth_adapter)->isValid()) {
$this->flashNow('error', 'Current password is invalid');
} elseif ($this->_getParam('new1') !== $this->_getParam('new2')) {
$this->flashNow('error', 'New passwords do not match');
} elseif ($this->_getParam('old') === $this->_getParam('new1')) {
$this->flashNow('error', 'New password is the same as current password');
} else {
$user = DbUserModel::findByUsername($auth->getIdentity());
$user->dbUserPW = $this->_getParam('new1');
$user->dbUserPWChange = 'N';
$user->save();
$this->logout('Password successfully changed');
}
}
}
private function auth()
{
// perform mock authentication
$auth_adapter = new QFrame_Auth_Adapter('sample1', 'password');
$auth = Zend_Auth::getInstance();
$auth->authenticate($auth_adapter);
// authorize the sample1 user with the admin role and give the admin role
// all possible global rights
$adminRole = RoleModel::find(4);
$adminRole->grant('view');
$adminRole->grant('edit');
$adminRole->grant('approve');
$adminRole->grant('administer');
$adminRole->save();
$user = new DbUserModel(array('dbUserID' => 1));
$user->addRole($adminRole);
}
/**
* Build the list of tabs (at the top of the window)
*
* @return string
*/
protected function buildPages()
{
$controller = Zend_Controller_Front::getInstance()->getRequest()->getControllerName();
$pages[] = array('label' => 'Questions', 'url' => $this->view->url(array('controller' => 'index'), null, true), 'current' => !($this instanceof QFrame_Controller_Admin || $this instanceof CompareController), 'external' => false);
if ($this->_user !== null && $this->_user->hasAccess('administer')) {
$pages[] = array('label' => 'Administration', 'url' => $this->view->url(array('controller' => 'admin'), null, true), 'current' => $this instanceof QFrame_Controller_Admin, 'external' => false);
}
if ($this->_user !== null && $this->_user->hasAccess('compare')) {
$pages[] = array('label' => 'Compare', 'url' => $this->view->url(array('controller' => 'compare'), null, true), 'current' => $this instanceof CompareController, 'external' => false);
}
if (isset(QFrame_Config::instance()->help_url)) {
$pages[] = array('label' => 'Online Help', 'url' => QFrame_Config::instance()->help_url, 'current' => false, 'external' => true);
}
return $pages;
}
public function up()
{
$this->createTable('role', array('primary' => 'roleID'), array(array('roleID', 'integer'), array('roleDescription', 'string', array('limit' => 128, 'null' => true)), array('ACLstring', 'text', array('null' => true, 'limit' => '1M'))));
$this->createTable('assignment', array('primary' => 'assignmentID'), array(array('dbUserID', 'integer'), array('roleID', 'integer'), array('assignmentID', 'integer'), array('comments', 'text', array('null' => true))));
$this->createIndex('assignment', array('dbUserID', 'roleID'));
// reset db metadata cache
QFrame_Db_Table::scanDb();
// give the admin user full global rights
$adminRole = RoleModel::create(array('roleDescription' => 'Administrators'));
$adminRole->grant('view');
$adminRole->grant('edit');
$adminRole->grant('approve');
$adminRole->grant('administer');
$adminRole->save();
DbUserModel::findByUsername('admin')->addRole($adminRole)->save();
}
/**
* Authenticates the user specified in the constructor
*
* @return Zend_Auth_Result
*/
public function authenticate()
{
// if we are set up to auto-admin, go ahead and do that
if ($this->admin) {
$user = new DbUserModel(array('autoAdmin' => true));
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user);
}
$user = DbUserModel::findByUsername($this->username);
if (is_null($user)) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, null);
}
if (!$user->authenticate($this->password)) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
}
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->username);
}
$core_path = _path(dirname(__FILE__), '..', 'core');
/*
* Set up a bunch of path constants that the application will use to refer
* to various application directories
*/
include _path(dirname(__FILE__), '..', 'core', 'paths.php');
/*
* Deal with environment stuff including determining the current environment
* and loading the configuration stuff for that environment
*/
include _path(CORE_PATH, 'env.php');
/*
* Include file that contains pure configuration (used for testing)
* as well as routing. Also include the file that sets up database
* "stuff".
*/
include _path(CORE_PATH, 'database.php');
/*
* Set up any dynamic properties (properties that rely on current environment configuration)
*/
include _path($core_path, 'dynamic.php');
/*
* Change the password
*/
$user = DbUserModel::findByUsername($username);
if ($user === NULL) {
die("Username {$username} not found.\n\n");
}
$user->dbUserPW = $password;
$user->save();
print "Password changed.\n\n";
/**
* Saves the page currently being edited
*/
public function saveAction()
{
try {
$page = new PageModel(array('pageID' => $this->_getParam('id'), 'depth' => 'page'));
$lock = $this->lockPage($page, 'edit');
$attachments = array();
$auth = Zend_Auth::getInstance();
$user = DbUserModel::findByUsername($auth->getIdentity());
$responses = array();
foreach ($this->_getAllParams() as $key => $value) {
// if the element's name begins 'qXXX' where X is a digit
if (preg_match('/^q(\\d+)(.*)$/', $key, $matches)) {
$questionID = intval($matches[1]);
$remainder = $matches[2];
// if the element name consists of *only* 'qXXX' or qXXX_mXXX for multiple select question types
if ($remainder == '' || preg_match('/^_m(\\d+)$/', $remainder)) {
$q = new QuestionModel(array('questionID' => $questionID));
$response = $q->getResponse();
if ($response->state == 2) {
$this->flash('error', 'You cannot modify a response that has been approved');
$this->_redirector->gotoRouteAndExit(array('action' => 'view', 'id' => $page->pageID));
}
if (strlen($value) > 0) {
$responses[$questionID]['value'][] = $value;
}
} elseif ($remainder == "_addl_mod" && intval($this->_getParam("q{$questionID}_addl_mod"))) {
$responses[$questionID]['addl'] = $this->_getParam("q{$questionID}_addl");
} elseif ($remainder == "_privateNote_mod" && intval($this->_getParam("q{$questionID}_privateNote_mod"))) {
$responses[$questionID]['pNote'] = $this->_getParam("q{$questionID}_privateNote");
} elseif ($remainder == '_attachments') {
$question = new QuestionModel(array('questionID' => $questionID));
foreach ($value as $file) {
$fileModel = new FileModel($question);
$properties = Spyc::YAMLLoad(PROJECT_PATH . '/tmp/.' . $file);
$fileModel->storeFilename(PROJECT_PATH . '/tmp/' . $file, $properties);
}
} elseif (preg_match('/^_file(\\d+)_delete$/', $remainder, $matches) && $value === 'true') {
$question = new QuestionModel(array('questionID' => $questionID));
$fileModel = new FileModel($question);
$fileModel->delete(intval($matches[1]));
}
}
}
foreach ($responses as $questionID => $data) {
$q = new QuestionModel(array('questionID' => $questionID));
$response = $q->getResponse();
if (isset($data['value'])) {
$response->responseText = join(',', $data['value']);
}
if (isset($data['addl'])) {
$response->additionalInfo = $data['addl'];
}
if (isset($data['pNote'])) {
$response->privateNote = $data['pNote'];
}
$response->save($user);
}
/* If there are any file uploads that didn't auto-upload before the user saved */
foreach ($_FILES as $name => $file) {
if ($file['size'] > 0) {
$question = new QuestionModel(array('questionID' => intVal($name)));
$fileModel = new FileModel($question);
$properties = array('filename' => $file['name'], 'mime' => $file['type']);
$fileModel->storeFilename($file['tmp_name'], $properties);
}
}
$page = new PageModel(array('pageID' => $this->_getParam('id'), 'depth' => 'response'));
$page->save();
$instance = new InstanceModel(array('instanceID' => $page->instanceID, 'depth' => 'page'));
$instance->save();
} catch (Exception $e) {
$this->view->error = $e->getMessage();
}
$this->view->setRenderLayout(false);
}
public function testGettingAutoAdmin()
{
$user = new DbUserModel(array('autoAdmin' => true));
$page = new PageModel(array('pageID' => 1, 'depth' => 'page'));
$this->assertTrue($user->hasAccess('admin'));
$this->assertTrue($user->hasAnyAccess($page));
}
/**
* Load instances associated with this questionnaire instance
*/
private function _loadInstances()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = DbUserModel::findByUsername($auth->getIdentity());
} else {
throw new Exception("Hey, no loading instances without being logged in");
}
$where = self::$questionnaireTable->getAdapter()->quoteInto('questionnaireID = ?', intVal($this->questionnaireID));
$instanceRowset = self::$instanceTable->fetchAll($where, 'instanceName ASC');
$this->instances = array();
foreach ($instanceRowset as $iRow) {
$this->instances[] = new InstanceModel(array('instanceID' => $iRow->instanceID, 'depth' => $this->depth));
}
$this->instancesIndex = 0;
}
/**
* Loads Model Pages
*/
private function _loadModelPages()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = DbUserModel::findByUsername($auth->getIdentity());
} else {
throw new Exception("Hey, no loading pages without being logged in");
}
$rows = self::$pageTable->fetchRows('instanceID', $this->instance->instanceID, 'seqNumber', $this->instance->instanceID);
$this->modelPages = array();
foreach ($rows as $row) {
$page = new PageModel(array('pageID' => $row->pageID, 'depth' => 'page'));
$modelPage = new ModelPageModel(array('modelID' => $this->modelRow->modelID, 'pageID' => $row->pageID, 'depth' => $this->depth, 'instance' => $this->compareInstance));
if ($user->hasAnyAccess($page)) {
$this->modelPages[] = $modelPage;
}
}
}
/**
* Load pages associated with this InstanceModel
*/
private function _loadPages()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = DbUserModel::findByUsername($auth->getIdentity());
} else {
throw new Exception("Hey, no loading pages without being logged in");
}
$where = self::$pageTable->getAdapter()->quoteInto('questionnaireID = ?', $this->questionnaireID) . self::$pageTable->getAdapter()->quoteInto(' AND instanceID = ?', $this->instanceID);
$pageRowset = self::$pageTable->fetchAll($where, 'seqNumber ASC');
$this->pages = array();
foreach ($pageRowset as $tRow) {
$page = new PageModel(array('pageID' => $tRow->pageID, 'depth' => $this->depth));
if ($user->hasAnyAccess($page)) {
$this->pages[] = $page;
}
}
$this->pagesIndex = 0;
}
/**
* Remove a role from a user
*
* @param RoleModel role to remove
*/
public function removeRole(RoleModel $role)
{
if (!isset(self::$assignmentTable)) {
self::$assignmentTable = QFrame_Db_Table::getTable('assignment');
}
$adapter = self::$assignmentTable->getAdapter();
$where = $adapter->quoteInto('dbUserID = ?', intVal($this->dbUserID)) . ' AND ';
$where .= $adapter->quoteInto('roleID = ?', intVal($role->roleID));
self::$assignmentTable->delete($where);
$this->loadRoles();
}
/**
* Remove role action. Removes the requested role from the current user.
*/
public function removeRoleAction()
{
$user = new DbUserModel(array('dbUserID' => $this->_getParam('id')));
$role = RoleModel::find($this->_getParam('role'));
$user->removeRole($role);
$this->_redirector->gotoRoute(array('action' => 'roles', 'id' => $user->dbUserID));
}
/**
* Output a lock icon which also serves as a link to unlock a page (if the user has permission
* to do this)
*
* @param Array menu item array for this lock
* @param DbUserModel user that is currently logged in
* @return string
*/
public function lockIcon($menu, DbUserModel $user)
{
if ($menu['locked']) {
$user = new DbUserModel(array('dbUserID' => $menu['locked'], 'depth' => 'dbUser'));
$title = "Currently locked by '{$this->h($user->dbUserFullName)}'.";
if ($user->hasAccess('edit', $menu['page']) || $user->hasAccess('approve', $menu['page'])) {
$title .= ' Click to unlock.';
$html = $this->view->linkTo('#', $this->view->imageTag('icons/ffffff/lock_small.png', array('id' => $this->view->url(array('action' => 'unlock', 'id' => $menu['page']->pageID)), 'class' => 'inline lock tooltip', 'tooltip' => $title)));
} else {
$html = $this->view->imageTag('icons/ffffff/lock_small.png', array('class' => 'inline', 'title' => $title));
}
} else {
$html = '';
}
return $html;
}