public static function groupForm(PHPWS_Group $group)
{
$form = new PHPWS_Form('groupForm');
$members = $group->getMembers();
if ($group->getId() > 0) {
$form->addHidden('group_id', $group->getId());
$form->addSubmit('submit', dgettext('users', 'Update Group'));
} else {
$form->addSubmit('submit', dgettext('users', 'Add Group'));
}
$form->addHidden('module', 'users');
$form->addHidden('action', 'admin');
$form->addHidden('command', 'postGroup');
$form->addText('groupname', $group->getName());
$form->setLabel('groupname', dgettext('users', 'Group Name'));
$template = $form->getTemplate();
if ($group->id) {
$vars['action'] = 'admin';
$vars['group_id'] = $group->id;
$vars['command'] = 'manageMembers';
$links[] = PHPWS_Text::secureLink(dgettext('users', 'Members'), 'users', $vars);
$vars['command'] = 'setGroupPermissions';
$links[] = PHPWS_Text::secureLink(dgettext('users', 'Permissions'), 'users', $vars);
$template['LINKS'] = implode(' | ', $links);
}
$content = PHPWS_Template::process($template, 'users', 'forms/groupForm.tpl');
return $content;
}
public static function adminAction()
{
PHPWS_Core::initModClass('users', 'Group.php');
$title = $message = $content = null;
if (!Current_User::allow('users')) {
PHPWS_User::disallow(dgettext('users', 'Tried to perform an admin function in Users.'));
return;
}
$message = User_Action::getMessage();
$panel = User_Action::cpanel();
$panel->enableSecure();
if (isset($_REQUEST['command'])) {
$command = $_REQUEST['command'];
} else {
$command = $panel->getCurrentTab();
}
if (isset($_REQUEST['user_id'])) {
$user = new PHPWS_User((int) $_REQUEST['user_id']);
} else {
$user = new PHPWS_User();
}
if (isset($_REQUEST['group_id'])) {
$group = new PHPWS_Group((int) $_REQUEST['group_id']);
} else {
$group = new PHPWS_Group();
}
switch ($command) {
/** Form cases * */
/** User Forms * */
case 'new_user':
if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
$panel->setCurrentTab('new_user');
$title = dgettext('users', 'Create User');
$content = User_Form::userForm($user);
} else {
Current_User::disallow();
}
break;
case 'search_members':
self::searchMembers();
exit;
break;
case 'manage_users':
$title = dgettext('users', 'Manage Users');
$content = User_Form::manageUsers();
break;
case 'editUser':
$title = dgettext('users', 'Edit User');
$user = new PHPWS_User($_REQUEST['user_id']);
$content = User_Form::userForm($user);
break;
case 'deleteUser':
if (!Current_User::secured('users', 'delete_users')) {
Current_User::disallow();
return;
}
$user->kill();
PHPWS_Core::goBack();
break;
case 'deify_user':
if (!Current_User::authorized('users') || !Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user->deity = 1;
$user->save();
PHPWS_Core::goBack();
break;
case 'mortalize_user':
if (!Current_User::authorized('users') || !Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user->deity = 0;
$user->save();
PHPWS_Core::goBack();
break;
case 'authorization':
case 'postAuthorization':
case 'dropAuthScript':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) {
User_Action::dropAuthorization($_REQUEST['script_id']);
} elseif ($command == 'postAuthorization') {
User_Action::postAuthorization();
$message = dgettext('users', 'Authorization updated.');
}
$title = dgettext('users', 'Authorization');
$content = User_Form::authorizationSetup();
break;
case 'editScript':
$title = dgettext('users', 'Edit Authorization Script');
// no reason to edit scripts yet
break;
case 'setUserPermissions':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
if (!$user->id) {
PHPWS_Core::errorPage('404');
}
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Set User Permissions') . ' : ' . $user->getUsername();
$content = User_Form::setPermissions($user->getUserGroup());
break;
case 'deactivateUser':
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
User_Action::activateUser($_REQUEST['user_id'], false);
PHPWS_Core::goBack();
break;
case 'activateUser':
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
User_Action::activateUser($_REQUEST['user_id'], true);
PHPWS_Core::goBack();
break;
/** End User Forms * */
/* * ******************** Group Forms *********************** */
/** End User Forms * */
/* * ******************** Group Forms *********************** */
case 'setGroupPermissions':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Set Group Permissions') . ' : ' . $group->getName();
$content = User_Form::setPermissions($_REQUEST['group_id'], 'group');
break;
case 'new_group':
$title = dgettext('users', 'Create Group');
$content = User_Form::groupForm($group);
break;
case 'edit_group':
$title = dgettext('users', 'Edit Group');
$content = User_Form::groupForm($group);
break;
case 'remove_group':
$group->kill();
$title = dgettext('users', 'Manage Groups');
$content = User_Form::manageGroups();
break;
case 'manage_groups':
$panel->setCurrentTab('manage_groups');
PHPWS_Core::killSession('Last_Member_Search');
$title = dgettext('users', 'Manage Groups');
$content = User_Form::manageGroups();
break;
case 'manageMembers':
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
$content = User_Form::manageMembers($group);
break;
case 'postMembers':
if (!Current_User::authorized('users', 'add_edit_groups')) {
Current_User::disallow();
return;
}
$title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
$content = User_Form::manageMembers($group);
break;
/* * *********************** End Group Forms ****************** */
/* * *********************** Misc Forms *********************** */
/* * *********************** End Group Forms ****************** */
/* * *********************** Misc Forms *********************** */
case 'settings':
if (!Current_User::authorized('users', 'settings')) {
Current_User::disallow();
return;
}
$title = dgettext('users', 'Settings');
$content = User_Form::settings();
break;
/** End Misc Forms * */
/** Action cases * */
/** End Misc Forms * */
/** Action cases * */
case 'deify':
if (!Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user = new PHPWS_User($_REQUEST['user']);
if (isset($_GET['authorize'])) {
if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
$user->setDeity(true);
$user->save();
User_Action::sendMessage(dgettext('users', 'User deified.'), 'manage_users');
break;
} else {
User_Action::sendMessage(dgettext('users', 'User remains a lowly mortal.'), 'manage_users');
break;
}
} else {
$content = User_Form::deify($user);
}
break;
case 'mortalize':
if (!Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user = new PHPWS_User($_REQUEST['user']);
if (isset($_GET['authorize'])) {
if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
$user->setDeity(false);
$user->save();
$content = dgettext('users', 'User transformed into a lowly mortal.') . '<hr />' . User_Form::manageUsers();
break;
} else {
$content = dgettext('users', 'User remains a deity.') . '<hr />' . User_Form::manageUsers();
break;
}
} else {
$content = User_Form::mortalize($user);
}
break;
case 'postUser':
if (isset($_POST['user_id'])) {
if (!Current_User::authorized('users', 'edit_users')) {
PHPWS_User::disallow();
return;
}
} else {
// posting new user
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
}
$result = User_Action::postUser($user);
if ($result === true) {
$new_user = !(bool) $user->id;
$user->setActive(true);
$user->setApproved(true);
if (PHPWS_Error::logIfError($user->save())) {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'An error occurred when trying to save the user. Check your logs.');
break;
}
if ($new_user) {
User_Action::assignDefaultGroup($user);
if (isset($_POST['group_add']) && is_array($_POST['group_add'])) {
foreach ($_POST['group_add'] as $group_id) {
$group = new PHPWS_Group($group_id);
$group->addMember($user->_user_group);
$group->save();
}
}
}
$panel->setCurrentTab('manage_users');
if (isset($_POST['notify_user'])) {
self::notifyUser($user, $_POST['password1']);
}
if (isset($_POST['user_id'])) {
User_Action::sendMessage(dgettext('users', 'User updated.'), 'manage_users');
} elseif (Current_User::allow('users', 'edit_permissions')) {
if (isset($_POST['notify_user'])) {
User_Action::sendMessage(dgettext('users', 'New user created and notified.'), 'setUserPermissions&user_id=' . $user->id);
} else {
User_Action::sendMessage(dgettext('users', 'New user created.'), 'setUserPermissions&user_id=' . $user->id);
}
} else {
User_Action::sendMessage(dgettext('users', 'User created.'), 'new_user');
}
} else {
$message = implode('<br />', $result);
if (isset($_POST['user_id'])) {
$title = dgettext('users', 'Edit User');
} else {
$title = dgettext('users', 'Create User');
}
$content = User_Form::userForm($user);
}
break;
case 'postPermission':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
User_Action::postPermission();
User_Action::sendMessage(dgettext('users', 'Permissions updated'), $panel->getCurrentTab());
break;
case 'postGroup':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$result = User_Action::postGroup($group);
if (PHPWS_Error::isError($result)) {
$message = $result->getMessage();
$title = isset($group->id) ? dgettext('users', 'Edit Group') : dgettext('users', 'Create Group');
$content = User_form::groupForm($group);
} else {
$result = $group->save();
if (PHPWS_Error::logIfError($result)) {
$message = dgettext('users', 'An error occurred when trying to save the group.');
} else {
$message = dgettext('users', 'Group created.');
}
User_Action::sendMessage($message, 'manage_groups');
}
break;
case 'addMember':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$group->addMember($_REQUEST['member']);
$group->save();
unset($_SESSION['Last_Member_Search']);
User_Action::sendMessage(dgettext('users', 'Member added.'), 'manageMembers&group_id=' . $group->id);
break;
case 'dropMember':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$group->dropMember($_REQUEST['member']);
$group->save();
unset($_SESSION['Last_Member_Search']);
User_Action::sendMessage(dgettext('users', 'Member removed.'), 'manageMembers&group_id=' . $group->id);
break;
case 'update_settings':
if (!Current_User::authorized('users', 'settings')) {
PHPWS_User::disallow();
return;
}
$title = dgettext('users', 'Settings');
$result = User_Action::update_settings();
if ($result === true) {
$message = dgettext('users', 'User settings updated.');
} else {
$message = $result;
}
$content = User_Form::settings();
break;
case 'check_permission_tables':
if (!Current_User::authorized('users', 'settings')) {
PHPWS_User::disallow();
return;
}
$title = dgettext('users', 'Register Module Permissions');
$content = User_Action::checkPermissionTables();
break;
default:
PHPWS_Core::errorPage('404');
break;
}
$template['CONTENT'] = $content;
$template['TITLE'] = $title;
$template['MESSAGE'] = $message;
$final = PHPWS_Template::process($template, 'users', 'main.tpl');
$panel->setContent($final);
Layout::add(PHPWS_ControlPanel::display($panel->display()));
}