/**
* Builds a page with form for edit operator's permissions.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function showFormAction(Request $request)
{
$operator = $this->getOperator();
$op_id = $request->attributes->get('operator_id');
$page = array('opid' => $op_id, 'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? '1' : '', 'errors' => array());
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Check if the target operator exists
$page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-');
// Build list of permissions which belongs to the target operator.
$checked_permissions = array();
foreach (permission_ids() as $perm => $id) {
if (is_capable($perm, $op)) {
$checked_permissions[] = $id;
}
}
// Build list of all available permissions
$page['permissionsList'] = array();
foreach (get_permission_list() as $perm) {
$perm['checked'] = in_array($perm['id'], $checked_permissions);
$page['permissionsList'][] = $perm;
}
$page['stored'] = $request->query->has('stored');
$page['title'] = getlocal('Permissions');
$page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_permissions', $page);
}
/**
* Builds a page with form for features system settings.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function showFormAction(Request $request)
{
$operator = $this->getOperator();
$page = array(
'agentId' => '',
'errors' => array(),
);
// Load all needed options and fill form with them.
$options = $this->getOptionsList();
foreach ($options as $opt) {
$page['form' . $opt] = (Settings::get($opt) == '1');
}
$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
$page['stored'] = $request->query->get('stored');
$page['title'] = getlocal('Messenger settings');
$page['menuid'] = 'settings';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
$this->getAssetManager()->attachJs('js/compiled/features.js');
return $this->render('settings_features', $page);
}
/**
* Builds a page with form for edit operator's groups.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function showFormAction(Request $request)
{
$operator = $this->getOperator();
$operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id');
// Check if the target user exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
$page = array('opid' => $op_id, 'errors' => array());
$groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups();
$can_modify = is_capable(CAN_ADMINISTRATE, $operator);
$page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-');
$page['canmodify'] = $can_modify ? '1' : '';
// Get IDs of groups the operator belongs to.
$checked_groups = array();
if ($op) {
$checked_groups = get_operator_group_ids($op_id);
}
// Get all available groups
$page['groups'] = array();
foreach ($groups as $group) {
$group['vclocalname'] = $group['vclocalname'];
$group['vclocaldescription'] = $group['vclocaldescription'];
$group['checked'] = in_array($group['groupid'], $checked_groups);
$page['groups'][] = $group;
}
$page['stored'] = $request->query->has('stored');
$page['title'] = getlocal('Operator groups');
$page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_groups', $page);
}
/**
* Generates list of all available groups.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function indexAction(Request $request)
{
$operator = $this->getOperator();
$page = array('errors' => array());
$sort_by = $request->query->get('sortby');
if (!in_array($sort_by, array('name', 'lastseen', 'weight'))) {
$sort_by = 'name';
}
$sort['by'] = $sort_by;
$sort['desc'] = $request->query->get('sortdirection', 'desc') == 'desc';
// Load and prepare groups
$groups = get_sorted_groups($sort);
foreach ($groups as &$group) {
$group['vclocalname'] = $group['vclocalname'];
$group['vclocaldescription'] = $group['vclocaldescription'];
$group['isOnline'] = group_is_online($group);
$group['isAway'] = group_is_away($group);
$group['lastTimeOnline'] = time() - ($group['ilastseen'] ? $group['ilastseen'] : time());
$group['inumofagents'] = $group['inumofagents'];
}
unset($group);
// Set values that are needed to build sorting block.
$page['groups'] = $groups;
$page['formsortby'] = $sort['by'];
$page['formsortdirection'] = $sort['desc'] ? 'desc' : 'asc';
$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
$page['availableOrders'] = array(array('id' => 'name', 'name' => getlocal('Name')), array('id' => 'lastseen', 'name' => getlocal('Last active')), array('id' => 'weight', 'name' => getlocal('Weight')));
$page['availableDirections'] = array(array('id' => 'desc', 'name' => getlocal('descending')), array('id' => 'asc', 'name' => getlocal('ascending')));
// Set other variables and render the response.
$page['title'] = getlocal('Groups');
$page['menuid'] = 'groups';
$page = array_merge($page, prepare_menu($operator));
$this->getAssetManager()->attachJs('js/compiled/groups.js');
return $this->render('groups', $page);
}
/**
* Checks the access.
*
* @param Request $request Incoming request
* @return boolean Indicates if an operator has access or not.
*/
public function __invoke(Request $request)
{
// Check if the operator is logged in
if (!parent::__invoke($request)) {
return false;
}
$operator = $this->getOperator();
$target_operator_id = $request->attributes->getInt('operator_id', false);
return is_capable(CAN_ADMINISTRATE, $operator) || is_capable(CAN_MODIFYPROFILE, $operator) && $operator['operatorid'] == $target_operator_id;
}
function thread_to_xml($thread, $link)
{
global $state_chatting, $threadstate_to_string, $threadstate_key, $mibew_encoding, $operator, $settings, $can_viewthreads, $can_takeover, $mysqlprefix;
$state = $threadstate_to_string[$thread['istate']];
$result = "<thread id=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['threadid'])) . "\" stateid=\"{$state}\"";
if ($state == "closed") {
return $result . "/>";
}
$state = getstring($threadstate_key[$thread['istate']]);
$nextagent = $thread['nextagent'] != 0 ? operator_by_id_($thread['nextagent'], $link) : null;
$threadoperator = $nextagent ? get_operator_name($nextagent) : ($thread['agentName'] ? $thread['agentName'] : "-");
if ($threadoperator == "-" && $thread['groupname']) {
$threadoperator = "- " . $thread['groupname'] . " -";
}
if (!($thread['istate'] == $state_chatting && $thread['agentId'] != $operator['operatorid'] && !is_capable($can_takeover, $operator))) {
$result .= " canopen=\"true\"";
}
if ($thread['agentId'] != $operator['operatorid'] && $thread['nextagent'] != $operator['operatorid'] && is_capable($can_viewthreads, $operator)) {
$result .= " canview=\"true\"";
}
if ($settings['enableban'] == "1") {
$result .= " canban=\"true\"";
}
$banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false;
if ($banForThread) {
$result .= " ban=\"blocked\" banid=\"" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['banid'])) . "\"";
}
$result .= " state=\"{$state}\" typing=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['userTyping'])) . "\">";
$result .= "<name>";
if ($banForThread) {
$result .= safe_htmlspecialchars(getstring('chat.client.spam.prefix'));
}
$result .= safe_htmlspecialchars(safe_htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>";
$result .= "<addr>" . safe_htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>";
$result .= "<agent>" . safe_htmlspecialchars(safe_htmlspecialchars($threadoperator)) . "</agent>";
$result .= "<time>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>";
$result .= "<modified>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>";
if ($banForThread) {
$result .= "<reason>" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['comment'])) . "</reason>";
}
$userAgent = get_useragent_version($thread['userAgent']);
$result .= "<useragent>" . safe_htmlspecialchars($userAgent) . "</useragent>";
if ($thread["shownmessageid"] != 0) {
$query = "select tmessage from {$mysqlprefix}chatmessage where messageid = " . intval($thread["shownmessageid"]);
$line = select_one_row($query, $link);
if ($line) {
$message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]);
$result .= "<message>" . safe_htmlspecialchars(safe_htmlspecialchars($message)) . "</message>";
}
}
$result .= "</thread>";
return $result;
}
/**
* Builds a page with form for add/edit operator.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function showFormAction(Request $request)
{
$operator = $this->getOperator();
$page = array('opid' => false, 'errors' => $request->attributes->get('errors', array()));
$op_id = false;
if ($request->attributes->has('operator_id')) {
// Load and validate an operator to edit
$op_id = $request->attributes->getInt('operator_id');
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Show an error if the admin password hasn't been set yet.
$no_password = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && !$request->query->has('stored');
if ($no_password) {
$page['errors'][] = getlocal('No Password set for the Administrator');
}
$page['formlogin'] = $op['vclogin'];
$page['formname'] = $op['vclocalename'];
$page['formemail'] = $op['vcemail'];
$page['formcommonname'] = $op['vccommonname'];
$page['formcode'] = $op['code'];
$page['opid'] = $op['operatorid'];
}
// Override group's fields from the request if it's needed. This
// case will take place when a save handler fails and passes the request
// to this action.
if ($request->isMethod('POST')) {
// The login field can be disabled in the form. In that case it will
// not has a value. Thus we should override login field only when it
// is set.
if ($request->request->has('login')) {
$page['formlogin'] = $request->request->get('login');
}
$page['formname'] = $request->request->get('name');
$page['formemail'] = $request->request->get('email');
$page['formcommonname'] = $request->request->get('commonname');
$page['formcode'] = $request->request->get('code');
}
$can_modify = $op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator) || is_capable(CAN_ADMINISTRATE, $operator);
$page['stored'] = $request->query->has('stored');
$page['canmodify'] = $can_modify ? '1' : '';
// The login cannot be changed for existing operators because it will
// make the stored password hash invalid.
$page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator) && !$op_id;
$page['title'] = getlocal('Operator details');
$page['menuid'] = $op_id == $operator['operatorid'] ? 'profile' : 'operators';
$page['requirePassword'] = !$op_id;
$page['formaction'] = $request->getBaseUrl() . $request->getPathInfo();
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_edit', $page);
}
/**
* Checks the access.
*
* @param Request $request Incoming request
* @return boolean Indicates if an operator has access or not.
*/
public function __invoke(Request $request)
{
// Check if the operator is logged in
if (!parent::__invoke($request)) {
return false;
}
$operator = $this->getOperator();
$permissions = $request->attributes->get('_access_permissions', array());
foreach ($permissions as $permission) {
if (!is_capable($this->resolvePermission($permission), $operator)) {
return false;
}
}
return true;
}
/**
* Builds a page with form for edit operator's avatar.
*
* @param Request $request incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function showFormAction(Request $request)
{
$operator = $this->getOperator();
$op_id = $request->attributes->get('operator_id');
$page = array('opid' => $op_id, 'errors' => $request->attributes->get('errors', array()));
$can_modify = $op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator) || is_capable(CAN_ADMINISTRATE, $operator);
// Try to load the target operator.
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found');
}
$page['avatar'] = $op['vcavatar'] ? $this->asset($op['vcavatar']) : '';
$page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-');
$page['canmodify'] = $can_modify ? '1' : '';
$page['title'] = getlocal('Upload photo');
$page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_avatar', $page);
}
/**
* Generates list of all operators in the system.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function indexAction(Request $request)
{
$operator = $this->getOperator();
$page = array('errors' => $request->attributes->get('errors', array()));
$sort['by'] = $request->query->get('sortby');
if (!in_array($sort['by'], array('login', 'commonname', 'localename', 'lastseen'))) {
$sort['by'] = 'login';
}
$sort['desc'] = $request->query->get('sortdirection', 'desc') == 'desc';
$page['formsortby'] = $sort['by'];
$page['formsortdirection'] = $sort['desc'] ? 'desc' : 'asc';
$list_options['sort'] = $sort;
if (in_isolation($operator)) {
$list_options['isolated_operator_id'] = $operator['operatorid'];
}
$operators_list = get_operators_list($list_options);
// Prepare operator to render in template
foreach ($operators_list as &$item) {
$item['vclogin'] = $item['vclogin'];
$item['vclocalename'] = $item['vclocalename'];
$item['vccommonname'] = $item['vccommonname'];
$item['isAvailable'] = operator_is_available($item);
$item['isAway'] = operator_is_away($item);
$item['lastTimeOnline'] = time() - $item['time'];
$item['isDisabled'] = operator_is_disabled($item);
}
unset($item);
$page['allowedAgents'] = $operators_list;
$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
$page['availableOrders'] = array(array('id' => 'login', 'name' => getlocal('Login')), array('id' => 'localename', 'name' => getlocal('Name')), array('id' => 'commonname', 'name' => getlocal('International name')), array('id' => 'lastseen', 'name' => getlocal('Last active')));
$page['availableDirections'] = array(array('id' => 'desc', 'name' => getlocal('descending')), array('id' => 'asc', 'name' => getlocal('ascending')));
$page['title'] = getlocal('Operators');
$page['menuid'] = 'operators';
$page = array_merge($page, prepare_menu($operator));
$this->getAssetManager()->attachJs('js/compiled/operators.js');
return $this->render('operators', $page);
}
}
} else {
if (isset($_GET['op'])) {
$opId = verifyparam('op', "/^\\d{1,9}\$/");
$op = operator_by_id($opId);
if (!$op) {
$errors[] = getlocal("no_such_operator");
$page['opid'] = topage($opId);
} else {
$page['formlogin'] = topage($op['vclogin']);
$page['formname'] = topage($op['vclocalename']);
$page['formemail'] = topage($op['vcemail']);
$page['formjabber'] = topage($op['vcjabbername']);
$page['formjabbernotify'] = $op['inotify'] != 0;
$page['formcommonname'] = topage($op['vccommonname']);
$page['opid'] = topage($op['operatorid']);
}
}
}
if (!$opId && !is_capable($can_administrate, $operator)) {
$errors[] = "You are not allowed to create operators";
}
$canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator);
$page['stored'] = isset($_GET['stored']);
$page['canmodify'] = $canmodify ? "1" : "";
$page['showjabber'] = $settings['enablejabber'] == "1";
$page['needChangePassword'] = $operator['vcpassword'] == md5('');
prepare_menu($operator);
setup_operator_settings_tabs($opId, 0);
start_html_output();
require '../view/agent.php';
/**
* Return updated threads list. API function
*
* Triggers
* {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_THREADS_ALTER} event.
*
* @param array $args Associative array of arguments. It must contains the
* following keys:
* - 'agentId': Id of the agent related to users window
* - 'revision': last revision number at client side
* @return array Array of results. It contains the following keys:
* - 'threads': array of threads changes
*/
protected function apiUpdateThreads($args)
{
$operator = $this->checkOperator($args['agentId']);
$since = $args['revision'];
// Get operator groups
if (!isset($_SESSION[SESSION_PREFIX . "operatorgroups"])) {
$_SESSION[SESSION_PREFIX . "operatorgroups"] = get_operator_groups_list($operator['operatorid']);
}
$group_ids = $_SESSION[SESSION_PREFIX . "operatorgroups"];
$db = Database::getInstance();
$query = "SELECT t.*, " . " g.vclocalname AS group_localname, " . " g.vccommonname AS group_commonname " . " FROM {thread} t LEFT OUTER JOIN {opgroup} g ON " . " t.groupid = g.groupid " . " WHERE t.lrevision > :since " . " AND t.istate <> " . Thread::STATE_INVITED . ($since == 0 ? " AND t.istate <> " . Thread::STATE_CLOSED . " AND t.istate <> " . Thread::STATE_LEFT : "") . (Settings::get('enablegroups') == '1' ? " AND (g.groupid is NULL" . ($group_ids ? " OR g.groupid IN ({$group_ids}) OR g.groupid IN " . "(SELECT parent FROM {opgroup} " . "WHERE groupid IN ({$group_ids})) " : "") . ") " : "") . " ORDER BY t.threadid";
$rows = $db->query($query, array(':since' => $since), array('return_rows' => Database::RETURN_ALL_ROWS));
$revision = $since;
$threads = array();
foreach ($rows as $row) {
// Create thread instance
$thread = Thread::createFromDbInfo($row);
// Calculate agent permissions
$can_open = !($thread->state == Thread::STATE_CHATTING && $thread->agentId != $operator['operatorid'] && !is_capable(CAN_TAKEOVER, $operator));
$can_view = $thread->agentId != $operator['operatorid'] && $thread->nextAgent != $operator['operatorid'] && is_capable(CAN_VIEWTHREADS, $operator);
$can_ban = Settings::get('enableban') == "1";
// Get ban info
$ban = Settings::get('enableban') == "1" ? Ban::loadByAddress($thread->remote) : false;
if ($ban !== false && !$ban->isExpired()) {
$ban_info = array('id' => $ban->id, 'reason' => $ban->comment);
} else {
$ban_info = false;
}
// Get user name
$user_name = get_user_name($thread->userName, $thread->remote, $thread->userId);
// Get user ip
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $thread->remote, $matches) != 0) {
$user_ip = $matches[1];
} else {
$user_ip = false;
}
// Get thread operartor name
$next_agent = $thread->nextAgent != 0 ? operator_by_id($thread->nextAgent) : false;
if ($next_agent) {
$agent_name = get_operator_name($next_agent);
} else {
if ($thread->agentName) {
$agent_name = $thread->agentName;
} else {
$group_name = get_group_name(array('vccommonname' => $row['group_commonname'], 'vclocalname' => $row['group_localname']));
if ($group_name) {
$agent_name = '-' . $group_name . '-';
} else {
$agent_name = '-';
}
}
}
// Get first message
$first_message = null;
if ($thread->shownMessageId != 0) {
$line = $db->query("SELECT tmessage FROM {message} WHERE messageid = ? LIMIT 1", array($thread->shownMessageId), array('return_rows' => Database::RETURN_ONE_ROW));
if ($line) {
$first_message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]);
}
}
$threads[] = array('id' => $thread->id, 'token' => $thread->lastToken, 'userId' => $thread->userId, 'userName' => $user_name, 'userIp' => $user_ip, 'remote' => $thread->remote, 'userAgent' => get_user_agent_version($thread->userAgent), 'agentId' => $thread->agentId, 'agentName' => $agent_name, 'canOpen' => $can_open, 'canView' => $can_view, 'canBan' => $can_ban, 'ban' => $ban_info, 'state' => $thread->state, 'totalTime' => $thread->created, 'waitingTime' => $thread->modified, 'firstMessage' => $first_message);
// Get max revision
if ($thread->lastRevision > $revision) {
$revision = $thread->lastRevision;
}
// Clean up
unset($thread);
}
// Provide an ability to alter threads list
$arguments = array('threads' => $threads);
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent(Events::USERS_UPDATE_THREADS_ALTER, $arguments);
// Send results back to the client. "array_values" function should be
// used to avoid problems with JSON conversion. If there will be gaps in
// keys (the keys are not serial) JSON Object will be produced instead
// of an Array.
return array('threads' => array_values($arguments['threads']), 'lastRevision' => $revision);
}
/**
* Prepare values to render page menu.
*
* @param array $operator An array with operators data.
* @param boolean $has_right Restricts access to menu items. If it equals to
* FALSE only "Home", "Visitors", and "Chat history" items will be displayed.
* Otherwise items set depends on operator's permissions and system settings.
* Default value is TRUE.
* @return array
*/
function prepare_menu($operator, $has_right = true)
{
$result = array();
$result['showMenu'] = true;
$result['operator'] = get_operator_name($operator);
if ($has_right) {
$result['showban'] = Settings::get('enableban') == "1";
$result['showstat'] = Settings::get('enablestatistics') == "1";
$result['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator);
$result['currentopid'] = $operator['operatorid'];
}
return $result;
}
function prepare_menu($operator, $hasright = true)
{
global $page, $settings, $can_administrate, $can_viewnotifications;
$page['operator'] = topage(get_operator_name($operator));
if ($hasright) {
loadsettings();
$page['showban'] = $settings['enableban'] == "1";
$page['showgroups'] = $settings['enablegroups'] == "1";
$page['showstat'] = $settings['enablestatistics'] == "1";
$page['shownotifications'] = is_capable($can_viewnotifications, $operator);
$page['showadmin'] = is_capable($can_administrate, $operator);
$page['currentopid'] = $operator['operatorid'];
}
}
/**
* Starts chat process.
*
* @param Request $request Incoming request.
* @return string|\Symfony\Component\HttpFoundation\RedirectResponse Rendered
* page content or a redirect response.
*/
public function startAction(Request $request)
{
$operator = $this->getOperator();
$thread_id = $request->attributes->getInt('thread_id');
// Check if the thread can be loaded.
$thread = Thread::load($thread_id);
if (!$thread || !isset($thread->lastToken)) {
return $this->showErrors(array(getlocal('Wrong thread')));
}
$view_only = $request->query->get('viewonly') == 'true';
$force_take = $request->query->get('force') == 'true';
$try_take_over = !$view_only && $thread->state == Thread::STATE_CHATTING && $operator['operatorid'] != $thread->agentId;
if ($try_take_over) {
if (!is_capable(CAN_TAKEOVER, $operator)) {
return $this->showErrors(array(getlocal('Cannot take over')));
}
if ($force_take == false) {
$link = $this->generateUrl('chat_operator_start', array('thread_id' => $thread_id, 'force' => 'true'));
$page = array('user' => $thread->userName, 'agent' => $thread->agentName, 'link' => $link, 'title' => getlocal('Change operator'));
// Show confirmation page.
return $this->render('confirm', $page);
}
}
if (!$view_only) {
if (!$thread->take($operator)) {
return $this->showErrors(array(getlocal('Cannot take thread')));
}
} elseif (!is_capable(CAN_VIEWTHREADS, $operator)) {
return $this->showErrors(array(getlocal('Cannot view threads')));
}
// Redrect the operator to initialized chat page
$redirect_to = $this->generateUrl('chat_operator', array('thread_id' => intval($thread_id), 'token' => urlencode($thread->lastToken)));
return $this->redirect($redirect_to);
}
if (!is_capable($can_administrate, $operator)) {
$errors[] = "You are not allowed to remove groups";
}
if (count($errors) == 0) {
$link = connect();
perform_query("delete from {$mysqlprefix}chatgroup where groupid = " . intval($groupid), $link);
perform_query("delete from {$mysqlprefix}chatgroupoperator where groupid = " . intval($groupid), $link);
perform_query("update {$mysqlprefix}chatthread set groupid = 0 where groupid = " . intval($groupid), $link);
mysql_close($link);
header("Location: {$mibewroot}/operator/groups.php");
exit;
}
}
function is_online($group)
{
global $settings;
return $group['ilastseen'] !== NULL && $group['ilastseen'] < $settings['online_timeout'] ? "1" : "";
}
function is_away($group)
{
global $settings;
return $group['ilastseenaway'] !== NULL && $group['ilastseenaway'] < $settings['online_timeout'] ? "1" : "";
}
$page = array();
$link = connect();
$page['groups'] = get_groups($link, true);
mysql_close($link);
$page['canmodify'] = is_capable($can_administrate, $operator);
prepare_menu($operator);
start_html_output();
require '../view/groups.php';
if (verifyparam("permissions{$id}", "/^on\$/", "") == "on") {
$new_permissions |= 1 << $perm;
} else {
$new_permissions &= ~(1 << $perm);
}
}
if (count($errors) == 0) {
update_operator_permissions($op['operatorid'], $new_permissions);
if ($opId && $_SESSION["{$mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
$_SESSION["{$mysqlprefix}operator"]['iperm'] = $new_permissions;
}
header("Location: {$webimroot}/operator/permissions.php?op={$opId}&stored");
exit;
}
}
}
$page['permissionsList'] = get_permission_list();
$page['formpermissions'] = array("");
$page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";
if ($op) {
foreach ($permission_ids as $perm => $id) {
if (is_capable($perm, $op)) {
$page['formpermissions'][] = $id;
}
}
}
$page['stored'] = isset($_GET['stored']);
prepare_menu($operator);
setup_operator_settings_tabs($opId, 3);
start_html_output();
require '../view/permissions.php';
if (!is_capable($can_viewthreads, $operator)) {
$errors = array("Cannot view threads");
start_html_output();
expand("../styles", getchatstyle(), "error.tpl");
exit;
}
}
$token = $thread['ltoken'];
header("Location: {$mibewroot}/operator/agent.php?thread=" . intval($threadid) . "&token=" . intval($token) . "&level=" . urlencode($remote_level));
exit;
}
$token = verifyparam("token", "/^\\d{1,10}\$/");
$thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {
die("wrong thread");
}
if ($thread['agentId'] != $operator['operatorid'] && !is_capable($can_viewthreads, $operator)) {
$errors = array("Cannot view threads");
start_html_output();
expand("../styles", getchatstyle(), "error.tpl");
exit;
}
setup_chatview_for_operator($thread, $operator);
start_html_output();
$pparam = verifyparam("act", "/^(redirect)\$/", "default");
if ($pparam == "redirect") {
setup_redirect_links($threadid, $token);
expand("../styles", getchatstyle(), "redirect.tpl");
} else {
expand("../styles", getchatstyle(), "chat.tpl");
}
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once '../libs/common.php';
require_once '../libs/chat.php';
require_once '../libs/operator.php';
require_once '../libs/pagination.php';
$operator = check_login();
$page = array();
$errors = array();
if (!is_capable($can_administrate, $operator)) {
die("Permission denied.");
}
setlocale(LC_TIME, getstring("time.locale"));
# locales
$all_locales = get_available_locales();
$locales_with_label = array(array('id' => '', 'name' => getlocal("notifications.locale.all")));
foreach ($all_locales as $id) {
$locales_with_label[] = array('id' => $id, 'name' => getlocal_($id, "names"));
}
$page['locales'] = $locales_with_label;
$lang = verifyparam("lang", "/^([\\w-]{2,5})?\$/", "");
if ($lang && !in_array($lang, $all_locales)) {
$lang = "";
}
# kind
/**
* Builds access condition for history select query.
*
* @param array $operator List of operator's fields.
* @return array Associative array with the following keys:
* - "condition": string, additional condition that should be used in SQL
* query's where clause.
* - "values": array, list of additional values for placeholders.
*/
protected function buildAccessCondition($operator)
{
// Administrators can view anything
if (is_capable(CAN_ADMINISTRATE, $operator)) {
return array('condition' => '', 'values' => array());
}
// Operators without "view threads" permission can view only their
// own history.
if (!is_capable(CAN_VIEWTHREADS, $operator)) {
return array('condition' => ' AND {thread}.agentid = :operator_id ', 'values' => array(':operator_id' => $operator['operatorid']));
}
// Operators who have "view threads" permission can be in isolation.
if (in_isolation($operator)) {
// This is not the best way of getting operators from adjacent
// groups, but it's the only way that does not break encapsulation
// of operators storage.
$operators = get_operators_list(array('isolated_operator_id' => $operator['operatorid']));
$operators_placeholders = array();
$counter = 0;
foreach ($operators as $op) {
$operators_placeholders[':_access_op_' . $counter] = $op['operatorid'];
$counter++;
}
$operators_in_statement = implode(', ', array_keys($operators_placeholders));
// Also the operator can view threads for the groups he belongs too.
// These threads include ones that had no related operator but were
// started for a specified group.
$groups = get_all_groups_for_operator($operator);
$groups_placeholders = array();
$counter = 0;
foreach ($groups as $group) {
$groups_placeholders[':_access_grp_' . $counter] = $group['groupid'];
$counter++;
}
$groups_in_statement = implode(', ', array_keys($groups_placeholders));
return array('condition' => ' AND (' . '{thread}.agentid IN (' . $operators_in_statement . ') ' . 'OR {thread}.groupid IN (' . $groups_in_statement . ')' . ') ', 'values' => $operators_placeholders + $groups_placeholders);
}
// It seems that the operator can view anything.
return array('condition' => '', 'values' => array());
}
