public function assignProjectTeamAction()
{
$userList = Zend_Json::decode($this->_getParam('user_list'));
if (!is_array($userList)) {
$userList = array();
}
$projectId = $this->_getParam('id');
$badUsers = array();
//These are user_ids that will be dropped for not meeting a condition below.
$requested_users = Application_Model_Users::getUsers(array_keys($userList));
$project = Application_Model_Projects::GetProjectInfo($projectId);
//When saving the team all users are sent back.
//However, users are permissioned as to what kinds of users they can add.
//Since they whole team is sent back, we simply strip out any users that they are not allowed to manipulate.
//This will then allows them to only perform actions on the users that they CAN manipulate.
//No errors are generated.
foreach ($userList as $user_id => $action) {
if (ProNav_Auth::isEmployee()) {
//Employess
if ($action == '0' && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_REMOVE_USERS)) {
//Removing users is a permission.
$badUsers[] = $user_id;
} else {
$isTriMUser = $requested_users[$user_id]->corporation_id == ProNav_Utils::TriMId;
$isCorpUser = $requested_users[$user_id]->corporation_id == $project->done_for_corporation;
$isOtherUser = !$isTriMUser && !$isCorpUser;
if ($isTriMUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_TRIM)) {
$badUsers[] = $user_id;
} else {
if ($isCorpUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_CUSTOMERS)) {
$badUsers[] = $user_id;
} else {
if ($isOtherUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_OTHERS)) {
$badUsers[] = $user_id;
}
}
}
}
} else {
//Non employees canot add users outside of the projects done for workgroup.
if (!in_array($project->done_for_workgroup, $requested_users[$user_id]->workgroups)) {
$badUsers[] = $user_id;
}
}
}
//strip out all users that should be ignored because of permission violations.
foreach ($badUsers as $user_id) {
unset($userList[$user_id]);
}
Application_Model_Projects::setProjectTeamAssignments($projectId, $userList);
$projectTeam = Application_Model_Projects::getProjectTeam($projectId);
//I return a JSON because I need to do two things
//1. Update the users table with a new table.
//2. Update the "Add/Remove Me" link to the appropriate value.
$output = array('table' => $this->view->partial('project/project-team.phtml', array('users' => $projectTeam)), 'userIsOnTeam' => array_key_exists(ProNav_Auth::getUserID(), $projectTeam));
echo Zend_Json::encode($output);
}
