static function isOwner($type, $id) { if (!in_array($type, array(_STUDENT_GROUP, _INSTITUTE_GROUP, _ORGANISATION_GROUP, _PROJECT_OBJ, _PROPOSAL_OBJ))) { drupal_set_message(tt('You cannot be the owner of an entity called %1$s', $type), 'error'); return FALSE; } if (Users::isAdmin()) { //We always want the admin to be able to delete stuff for example and can expect him/her to be very //cautious about that of course return TRUE; } $key_field = self::keyField($type); $entity = db_query("SELECT * FROM " . tableName($type) . " WHERE {$key_field} = {$id}")->fetchAssoc(); //fetchAssoc returns next record (array) or false if there is none if (!$entity) { return false; } // just for projects, allow assigned mentors to also have shared ownership // so a project owner can also allow the nominated mentor to edit the project details if ($type == 'project') { if ($entity['mentor_id'] == $GLOBALS['user']->uid) { return TRUE; } } //fetchAssoc returns next record (array) or false if there is none return $entity && $entity['owner_id'] == $GLOBALS['user']->uid; }
function __construct($view, $method = null, $parameters = null) { //instantiate the load class $this->view = new View(); new Model(); //check the user $u = new Users(); //check access if ($this->access == 1 && !$u->isAdmin()) { $_SESSION['redirect'] = $view; header('Location: ' . BASE_URL . 'login/'); } else { //run any task methods if ($method) { $this->runTask($method, $parameters); } else { $this->index(); $method = 'index'; } //render the view if (file_exists('views/' . strtolower($view) . '/' . strtolower($method) . '.php')) { $this->view->load($view, $method, $this->data); } else { $this->view->load($view, 'index', $this->data); } } }
function createPage($smarty) { if (!Users::isAdmin()) { Redirect::error(403); } $smarty->assign('edit_headers', Queries::itemListHeaders(Input::get('table', 'get'))); $smarty->assign('edit_table', Queries::itemList(Input::get('table', 'get'))); return $smarty; }
function createPage($smarty) { if (!Users::isAdmin()) { Redirect::error(403); } if (Input::exists() && Input::get('action') === 'admin_item_insert') { Update::adminInsertItem(); } if (Input::exists() && Input::get('action') === 'admin_item_update') { Update::adminUpdateItem(); } if (Input::exists() && Input::get('action') === 'admin_item_delete') { Update::adminDeleteItem(); } $smarty->assign('columns', Queries::editableEntry(Input::get('table', 'get'), Input::get('id', 'get'))); return $smarty; }
function __construct($view, $method = null, $parameters = null) { $this->load = new Load(); new Model(); //check the user $u = new Users(); //check access if ($this->access == 1 && !$u->isAdmin()) { $_SESSION['redirect'] = $view; header('Location: ' . BASE_URL . 'login/'); } else { //run any task methods if ($method) { $this->runTask($method, $parameters); } else { $this->defaultTask(); } //render the view $this->load->view($view . '.php', $this->data); } }
/** * * @param array $comment * @param int $depth */ private function format_comment($comment) { if (isset($comment['parent_id'])) { $class_display = 'threaded-comment-wrapper'; $post_type = t('Replied on'); } else { $class_display = 'initial-threaded-comment-wrapper'; $post_type = t('Posted on'); } $id = $comment['id']; $this->output .= "<div id='threaded-comment-wrapper-{$id}' class='" . $class_display . "'>"; $this->output .= "\t<div class='threaded-comment'>"; $this->output .= "\t<div id='msg_threaded-comment-wrapper-{$id}'></div>"; if (Users::isAdmin()) { //$this->output .= " "; $this->output .= "\t\t\t<div class='totheright'><a href='#' onclick='ajaxCall(\"comment\", \"delete\", {id: {$id}}, \"threaded-comment-wrapper-{$id}\");'>" . t('delete') . "</a>"; $this->output .= "\t\t\t</div>"; } $this->output .= "\t\t<div class='threaded-comment-header'>"; $this->output .= "\t\t\t<span class='comment_author'>"; //<a href='#'>"; $this->output .= "\t\t\t{$comment['name']}"; $this->output .= "\t\t\t</span>"; $this->output .= "\t\t\t ({$comment['type']}) - "; $this->output .= $post_type; $this->output .= "\t\t\t "; // TODO check date $this->output .= date('F j, Y, g:i a', strtotime($comment['date_posted'])); $this->output .= "\t\t</div>"; // end header $this->output .= "\t\t<div class='threaded-comment-body'>"; $this->output .= $comment['description']; $this->output .= "\t\t\t<br/>"; $this->output .= ' <a class="reply-comment" href="">reply</a>'; $this->output .= "\t\t</div>"; // end body $this->output .= "\t</div>"; $this->output .= $this->getPostNewCommentForm($comment); }
public function action_check() { $rules = array('email' => 'required|max:60', 'password' => 'required|max:60'); $validation = Validator::make(Input::get(), $rules); if ($validation->fails()) { return Redirect::to('login'); } $email = Input::get('email'); $password = Input::get('password'); $credentials = array('username' => $email, 'password' => $password); if (Auth::attempt($credentials)) { $lastURL = Session::has('lastURL') ? Session::get('lastURL') : 'home'; Session::forget('lastURL'); if (Users::isAdmin(Auth::user()->id)) { Session::put('isAdmin', true); } else { Session::put('isAdmin', false); } return Redirect::to($lastURL); } else { return Redirect::to('login'); } }
$prev_nr = $current > 0 ? $current - 1 : FALSE; $prev_pid = $prev_nr !== FALSE ? $_SESSION['lists']['projects']['list'][$prev_nr]->pid : FALSE; $project['nav'] = array('next_pid' => $next_pid, 'next_nr' => $next_nr, 'prev_pid' => $prev_pid, 'prev_nr' => $prev_nr); break; } $current++; } } } //It might be that the project is in draft and is not returned by the browse and so it is not //present in the session lists if (!$project) { $project = Project::getProjectById($project_id, false, PDO::FETCH_ASSOC, true); } $my_id = Users::getMyId(); if ($project['state'] == 'draft' && !($project['mentor_id'] == $my_id || $project['owner_id'] == $my_id || Users::isAdmin() || Groups::isAssociate(_PROJECT_OBJ, $project_id))) { jsonBadResult(t('You cannot view this proposal. It is in draft state.')); return; } if (Users::isSuperVisor()) { $project['rate'] = Project::getRating($project_id, $my_id); } else { $project['rate'] = -2; if (Users::isStudent()) { $table = tableName('student_favourite'); $favourite = db_select($table)->fields($table)->condition('pid', $project_id)->condition('uid', $my_id)->execute()->rowCount(); $project['favourite'] = $favourite != 0; //Count the views of the students $result = db_update(tableName('project'))->condition('pid', $project_id)->fields(array('views' => $project['views'] + 1))->execute(); } }
function initBrowseProjectLayout($pid = '') { $org_id = 0; if (isset($_GET['organisation'])) { $org_id = $_GET['organisation']; } $state = null; if (isset($_GET['state'])) { $state = $_GET['state']; } $apply_projects = vals_soc_access_check('dashboard/projects/apply') ? 1 : 0; $rate_projects = Users::isSuperVisor(); $is_student = Users::isStudent(); ?> <div class="filtering" id="browse_projects"> <span id="infotext" style="margin-left: 34px"></span> <form id="project_filter"> <?php echo t('Tags'); ?> : <input type="text" name="tags" id="tags" /> <?php echo t('Organisations'); ?> : <select id="organisation" name="organisation"> <option <?php echo !$org_id ? 'selected="selected"' : ''; ?> value="0"><?php echo t('All Organisations'); ?> </option><?php $result = Organisations::getInstance()->getOrganisationsLite(); foreach ($result as $record) { $selected = $record->org_id == $org_id ? 'selected="selected" ' : ''; echo '<option ' . $selected . 'value="' . $record->org_id . '">' . $record->name . '</option>'; } ?> </select> <?php if ($is_student) { ?> <input type='button' value='<?php echo t('Filter on Favourites'); ?> ' id='favourite_filter'/> <?php } ?> <?php echo "<BR/>"; echo t('Status'); ?> : <select id="state" name="state"> <option <?php echo !$state ? 'selected="selected"' : ''; ?> value="0"><?php echo t('NA'); ?> </option><?php $states = array('draft' => 'draft', 'pending' => 'pending', 'open' => 'open', 'preselected' => 'preselected', 'active' => 'active', 'ended' => 'ended', 'archived' => 'archived'); if (!Users::isAdmin()) { if (Users::isMentor()) { unset($states['archived']); } else { unset($states['draft']); if ($is_student) { unset($states['pending'], $states['archived']); } elseif (Users::isUser()) { unset($states['archived']); } else { $states = array(); } } } foreach ($states as $key => $stat) { $selected = $key == $state ? 'selected="selected" ' : ''; echo "<option {$selected} value='{$key}'>{$stat}</option>"; } ?> </select> </form> </div> <div id="ProjectTableContainer" style="width: 700px;"></div> <script type="text/javascript"> jQuery(document).ready(function($){ window.view_settings = {}; window.view_settings.apply_projects = <?php echo $apply_projects ? 1 : 0; ?> ; window.view_settings.rate_projects = <?php echo $rate_projects ? 1 : 0; ?> ; //Prepare jTable $("#ProjectTableContainer").jtable({ //title: "Table of projects", paging: true, pageSize: 10, sorting: true, defaultSorting: "title ASC", actions: { listAction: moduleUrl + "actions/project_actions.php?action=list_search" }, fields: { pid: { key: true, create: false, edit: false, list: false }, title: { title: "Project title", width: "40%", display: function (data) { return "<a title=\"View project details\" href=\"javascript:void(0);\" onclick=\"getProjectDetail("+ data.record.pid+")\">" + data.record.title + "</a>"; }, create: false, edit: false }, name: { title: "Organisation", width: "20%" }, tags: { title: "Tags", width: "26%", create: false, edit: false }, proposal_count: { title: "Proposals", width: "12%", create: false, edit: false }, state: { title: "Status", //width: "12%", create: false, edit: false } /* , Detail: { width: "2%", title: "", sorting: false, display: function (data) { return "<a title=\"View project details\" href=\"#\" onclick=\"getProjectDetail("+ data.record.pid+")\"><span class=\"ui-icon ui-icon-info\"></span></a>"; }, create: false, edit: false } */ <?php if ($apply_projects) { ?> , Propose: { width: "2%", title: "", sorting: false, display: function (data) { return "<a title=\"Propose a project for this idea\" href=\"#\" onclick=\"getProposalFormForProject("+data.record.pid+")\">"+ "<span class=\"ui-icon ui-icon-script\"></span></a>"; }, create: false, edit: false }<?php } ?> } /* //this makes of each row a filter for that project ,recordsLoaded: function(event, data) { var browse_url = baseUrl + "dashboard/projects/browse?pid="; $(".jtable-data-row").each(function(){ var $parent = $(this); var row_id = $parent.attr("data-record-key"); $parent.children('td:first-child').click(function() { document.location.href=browse_url + row_id; }); }); } */ }); //Load project list from server on initial page load $("#ProjectTableContainer").jtable("load", { tags: $("#tags").val(), state: $("#state").val(), organisation: $("#organisation").val()<?php if ($pid) { echo ", pid: {$pid}"; } ?> }); $("#tags").keyup(function(e) { e.preventDefault(); // only auto clear when there is no tag info if(testTagInput() && $("#tags").val()==""){ $("#ProjectTableContainer").jtable("load", { tags: $("#tags").val(), state: $("#state").val(), organisation: $("#organisation").val() }); } }); $("#organisation").change(function(e) { e.preventDefault(); if(testTagInput()){ $("#ProjectTableContainer").jtable("load", { tags: $("#tags").val(), state: $("#state").val(), organisation: $("#organisation").val() }); } }); $("#state").change(function(e) { e.preventDefault(); if(testTagInput()){ $("#ProjectTableContainer").jtable("load", { tags: $("#tags").val(), state: $("#state").val(), organisation: $("#organisation").val() }); } }); <?php if ($is_student) { ?> $("#favourite_filter").click(function(e) { e.preventDefault(); //if(testTagInput()){ $("#ProjectTableContainer").jtable("load", {favourites :true}); //} }); <?php } ?> $("#project_filter").submit(function(e){ e.preventDefault(); if(testTagInput()){ $("#ProjectTableContainer").jtable("load", { tags: $("#tags").val(), state: $("#state").val(), organisation: $("#organisation").val() }); } }); // define these at the window level so that they can still be called once loaded window.getProposalFormForProject = getProposalFormForProject; window.getProjectDetail = getProjectDetail; }); </script> <?php }
?> </h3></a> <span style="color: #808080;"><i style="vertical-align: middle;" class="mdi mdi-calendar"></i> <?php echo englishConvertDate($row['post_date']); ?> <i style="vertical-align: middle;" class="mdi mdi-file"></i> <?php echo getCategoryById(getPostCategories($row['ID'])[0]); ?> </span> <p><?php echo $row['post_excerpt']; ?> </p> <p><?php echo $row['post_content']; ?> </p> <?php if (Users::getUsernameBySeassion() !== false && Users::isAdmin(Users::getUsernameBySeassion())) { ?> <div align="right"><a href="<?php echo $posts->getPostEditLink($row['ID']); ?> "><i style="vertical-align: middle;" class="mdi mdi-pencil-box-outline"></i>Edit</a></div><br> <?php } ?> </article> </div> <?php include_once 'comments.php'; getFooter();
static function updateProposal($props, $proposal_id) { if (!$props) { drupal_set_message(t('Update requested with empty (filtered) data set'), 'error'); return false; } global $user; $txn = db_transaction(); try { $uid = Users::getMyId(); if (!Users::isOfType(_STUDENT_TYPE, $uid) && !Users::isAdmin()) { drupal_set_message(t('You must be a student to submit a proposal'), 'error'); return FALSE; } //$project = Project::getProjectById($project_id); // $student_details = Users::getStudentDetails($uid); // $props['owner_id'] = $uid; // $props['org_id'] = $project['org_id']; // $props['inst_id'] = $student_details->inst_id ; // $props['supervisor_id'] = $student_details->supervisor_id ; //$props['pid'] = $project['pid']; //$props['state'] = 'draft' ; $id = db_update(tableName(_PROPOSAL_OBJ))->fields($props)->condition(self::keyField(_PROPOSAL_OBJ), $proposal_id)->execute(); // if ($id){ // //TODO: notify mentor??? // drupal_set_message('You have saved your proposal. Later you can edit it.'); // return TRUE; // } else { // drupal_set_message(tt('We could not add your %1$s.', $type), 'error'); // } return TRUE; } catch (Exception $ex) { $txn->rollback(); drupal_set_message(t('We could not update your proposal.') . (_DEBUG ? $ex->__toString() : ''), 'error'); } return FALSE; }
* * All Drupal code is released under the GNU General Public License. * See COPYRIGHT.txt and LICENSE.txt. */ /** * Root directory of Drupal installation. */ define('DRUPAL_ROOT', getcwd()); /*For some reason the server could not derive well the scheme of the url and returned something like ://<host> * in Ubuntu, giving such a malformed base url and resulting in an identical path to the base_url and thereby * an empty base_root. It is not sure whether this exists also in non-ajax calls, but it seemed better to derive the * very basic globals the same for both ajax and non-ajax. So we derive the scheme based on the HTTPS server var and * our own path derivation in initial.php. * * COPY THIS FILE TO THE ROOT OF THE INSTALLATION, REPLACING THE DRUPAL INDEX! */ include DRUPAL_ROOT . '/initial.php'; //Needed to derive the _WEB_URL which will be '' or '/vals' $scheme = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http'; $base_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . _WEB_URL; require_once DRUPAL_ROOT . '/includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); $vals_soc_pretend_possible = defined('_DEBUG') && _DEBUG && (Users::isAdmin() || defined('_VALS_SOC_TEST_ENV') && _VALS_SOC_TEST_ENV); if (Users::isAdmin() || $vals_soc_pretend_possible) { list($u, $o_state) = pretendUser(); } menu_execute_active_handler(); if ($vals_soc_pretend_possible) { restoreUser($u, $o_state); } //////// EDIT THE FILE UNDER THE ROOT IF YOU HAVE ALREADY INSTALLED THE APPLICATION
<?php include 'include.php'; module_load_include('php', 'vals_soc', 'includes/functions/ajax_functions'); module_load_include('php', 'vals_soc', 'includes/classes/ThreadedComments'); module_load_include('php', 'vals_soc', 'includes/classes/ThreadUIBuilder'); module_load_include('php', 'vals_soc', 'includes/classes/Project'); module_load_include('php', 'vals_soc', 'includes/classes/Proposal'); module_load_include('php', 'vals_soc', 'includes/classes/Institutes'); module_load_include('php', 'vals_soc', 'includes/classes/Organisations'); switch ($_GET['action']) { case 'delete': if (!Users::isAdmin()) { echo errorDiv("You cannot delete comments"); } else { $type = altSubValue($_POST, 'entity_type', ''); $id = altSubValue($_POST, 'id', ''); $entity_id = altSubValue($_POST, 'entity_id', ''); try { $result = db_delete(tableName('comment'))->condition('id', $id); } catch (Exception $e) { echo "Error " . $e->getMessage(); } echo $result ? successDiv(tt('You succesfully deleted your %1$s.', t('comment'))) : errorDiv(tt('We could not delete your %1%s.', t('comment'))); } break; case 'save': global $user; $type = altSubValue($_POST, 'entity_type', ''); $id = altSubValue($_POST, 'id', ''); $entity_id = altSubValue($_POST, 'entity_id', '');
<?php echo $form->labelEx($model, 'sex'); ?> <?php echo $form->dropdownList($model, 'sex', Users::userSex('admin'), array('class' => 'form-control')); ?> <?php echo $form->error($model, 'sex'); ?> </div> <div class="form-group"> <?php echo $form->labelEx($model, 'isAdmin'); ?> <?php echo $form->dropdownList($model, 'isAdmin', Users::isAdmin('admin'), array('class' => 'form-control')); ?> <?php echo $form->error($model, 'isAdmin'); ?> </div> <div class="form-group"> <?php echo $form->labelEx($model, 'status'); ?> <?php echo $form->dropdownList($model, 'status', Users::userStatus('admin'), array('class' => 'form-control')); ?> <?php echo $form->error($model, 'status'); ?>
public static function getUsers($member_type, $group_type = '', $group_id = '', $id = '') { global $user; $group_head = $user->uid; //todo: find out whether current user is indeed head of the group $group_type = $group_type ?: self::participationGroup($member_type); if ($group_id == 'all') { // updated to ensure we only retrieve users that belong to // one of the logged in users 'soc_user_membership ' groups. // For example, this was originally retrieving ALL mentors, // inc ones not in any of the current users organisations $group_ids = Users::isAdmin() ? null : db_query("SELECT group_id from soc_user_membership t" . " WHERE t.uid = {$group_head} AND t.type = '{$group_type}' ")->fetchCol(); if ($group_ids) { //So we know which groups and of which type membertype should be member $query = "SELECT DISTINCT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' AND um.group_id IN (" . implode(',', $group_ids) . ")"; $members = db_query($query); } else { //So the admin cannot see who are subscribed???? Used to be : return NULL; $query = "SELECT DISTINCT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' "; $members = db_query($query); } } else { if ($id) { $members = db_query("SELECT u.*,n.name as fullname from users as u " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE u.uid = '{$id}'"); } else { if ($group_id && $group_type) { $group_ids = array($group_id); } else { if ($group_type) { $key = self::keyField($group_type); $table = tableName($group_type); //get the organisation from the current user, assuming he/she is head of the organisation/group/etc $group_ids = db_query("SELECT {$key} from {$table} t" . " WHERE t.owner_id = {$group_head} ")->fetchCol(); } else { $group_ids = null; } } if ($group_ids) { //So we know which groups and of which type membertype should be member $members = db_query("SELECT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' AND um.group_id IN (" . implode(',', $group_ids) . ")"); } else { return NULL; } } } return $members; }
public static function adminDeleteItem() { if (Users::isAdmin()) { $validation = new Validate(); $validation->check($_POST, array('action' => array('name' => 'Action', 'required' => true, 'wildcard' => 'admin_item_delete'), 'table' => array('name' => 'Table Name', 'required' => true), 'id' => array('name' => 'Entry ID', 'required' => true))); if ($validation->passed()) { DB::instance()->delete(Input::get('table'), array("", "id", "=", Input::get('id'))); if (Input::get('table') === Users::safeSid() . '_assignments') { Calendar::deleteAssignment(Input::get('id')); } Notifications::addSuccess('Entry deleted!'); Redirect::to('?page=home'); } else { Notifications::addValidationFail($validation->getErrors()); } } else { Redirect::error(403); } }