/** * Write the roles associated with the user * @return Success. */ function WriteRoles() { global $c, $session; if (isset($_POST['roles']) && is_array($_POST['roles'])) { $roles = ""; $params = array(); foreach ($_POST['roles'] as $k => $v) { if ($v && $v != "off") { $roles .= $roles == '' ? '' : ', '; $roles .= AwlQuery::quote($k); } } $qry = new AwlQuery(); if ($roles == '') { $succeeded = $qry->QDo('DELETE FROM role_member WHERE user_no = ' . $this->user_no); } else { $succeeded = $qry->Begin(); $sql = 'DELETE FROM role_member WHERE user_no = ' . $this->user_no; $sql .= ' AND role_no NOT IN (SELECT role_no FROM roles WHERE role_name IN (' . $roles . ') )'; if ($succeeded) { $succeeded = $qry->QDo($sql); } $sql = 'INSERT INTO role_member (role_no, user_no)'; $sql .= ' SELECT role_no, ' . $this->user_no . ' FROM roles WHERE role_name IN (' . $roles . ')'; $sql .= ' EXCEPT SELECT role_no, user_no FROM role_member'; if ($succeeded) { $succeeded = $qry->QDo($sql); } if ($succeeded) { $qry->Commit(); } else { $qry->Rollback(); } } if (!$succeeded) { $c->messages[] = i18n('ERROR: There was a database error writing the roles information!'); $c->messages[] = i18n('Please note the time and advise the administrator of your system.'); return false; } } return true; }
function ticket_row_editor() { global $c, $id, $editor, $can_write_principal, $privilege_names; $ticketrow = new Editor("Tickets", "access_ticket"); $ticketrow->SetSubmitName('ticketrow'); if ($can_write_principal && $ticketrow->IsSubmit()) { $username = $editor->Value('username'); $ugly_path = $_POST['target']; if ($ugly_path == '/' . $username || $ugly_path == '/' . $username . '/') { $target_collection = $id; } else { $username_len = strlen($username) + 2; $sql = "SELECT collection_id FROM collection WHERE dav_name = :exact_name"; $sql .= " AND substring(dav_name FROM 1 FOR {$username_len}) = '/{$username}/'"; $params = array(':exact_name' => $ugly_path); if (!preg_match('#/$#', $ugly_path)) { $sql .= " OR dav_name = :truncated_name OR dav_name = :trailing_slash_name"; $params[':truncated_name'] = preg_replace('#[^/]*$#', '', $ugly_path); $params[':trailing_slash_name'] = $ugly_path . "/"; } $sql .= " ORDER BY LENGTH(dav_name) DESC LIMIT 1"; $qry = new AwlQuery($sql, $params); if ($qry->Exec() && $qry->rows() > 0) { $row = $qry->Fetch(); $target_collection = $row->collection_id; } else { $c->messages[] = translate('Can only add tickets for existing collection paths which you own'); return $ticketrow; } } $_POST['dav_owner_id'] = $id; $_POST['target_collection_id'] = $target_collection; $ticket_id = check_by_regex($_POST['ticket_id'], '/[A-Za-z0-9]+/'); $ticketrow->SetWhere('dav_owner_id=' . $id . ' AND ticket_id=' . AwlQuery::quote($ticket_id)); if (isset($_POST['ticket_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['ticket_privileges']); $privs_dec = privilege_to_bits($priv_names); $_POST['privileges'] = sprintf('%024s', decbin($privs_dec)); $ticketrow->Assign('privileges', $privs_dec); } $c->messages[] = translate('Creating new ticket granting privileges to this Principal'); $ticketrow->Write(); } return $ticketrow; }
/** * Builds a where clause to match the supplied keys * @param boolean $overwrite_values Controls whether the data values for the key fields will be forced to match the key values * @return string A simple SQL where clause, including the initial "WHERE", for each key / value. */ function _BuildWhereClause($overwrite_values = false) { $where = ""; foreach ($this->Keys as $k => $v) { // At least assign the key fields... if ($overwrite_values) { $this->Values->{$k} = $v; } // And build the WHERE clause $where .= $where == '' ? 'WHERE ' : ' AND '; $where .= $k . '=' . AwlQuery::quote($v); } if (isset($this->OtherWhere) && is_array($this->OtherWhere)) { foreach ($this->OtherWhere as $t => $and_where) { if (!preg_match('/^\\s*$/', $and_where)) { $where .= ($where == '' ? 'WHERE ' : ' AND (') . $and_where . ')'; } } } return $where; }