/**
* This method should be called when a user claims existing sso account
* and it turns out that the sso account he wants to use is already linked
* to existing user. In such case all accounts and permissions
* from his partial account should be relinked to his existing account.
*
* @param integer $fromUserId
* @param integer $toUserId
* @return boolean
*/
function relinkAccounts($existingUserId, $partialUserId)
{
$existingAccountIds = $this->getLinkedAccountsIds($existingUserId);
$partialAccountIds = $this->getLinkedAccountsIds($partialUserId);
$newAccounts = array_diff($partialAccountIds, $existingAccountIds);
foreach ($newAccounts as $newAccountId) {
if (!OA_Permission::setAccountAccess($newAccountId, $existingUserId)) {
return false;
}
}
return $this->addUserPermissions($existingUserId, $this->getUsersPermissions($partialUserId));
}
/**
* Links a user to an account.
*
* @param int $userId
* @param int $accountId
* @param array $aPermissions array of permissions to set (see OA_Permission.) eg:
* array(OA_PERM_SUPER_ACCOUNT, OA_PERM_BANNER_EDIT)
* @param array $aAllowedPermissions array of permissions that are allowed to be set.
* Confusingly, the array format is different from
* $aPermissions in that the permission is set in the
* array key. The array value is not used and should be set to true. eg:
* array(OA_PERM_SUPER_ACCOUNT => true, OA_PERM_BANNER_EDIT => true)
* @return boolean true on successful linking, false otherwise.
*/
private function linkUserToAccount($userId, $accountId, $aPermissions = null, $aAllowedPermissions = null)
{
if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) {
return false;
}
if (!$this->checkIdExistence('users', $userId)) {
$this->raiseError(self::ERROR_UNKNOWN_USER_ID);
return false;
}
$result = OA_Permission::setAccountAccess($accountId, $userId);
if (PEAR::isError($result)) {
$this->raiseError($result->getMessage());
return false;
}
if (!empty($aPermissions)) {
$result = OA_Permission::storeUserAccountsPermissions($aPermissions, $accountId, $userId, $aAllowedPermissions);
if (PEAR::isError($result)) {
$this->raiseError($result->getMessage());
return false;
}
}
return true;
}
function _setAccountsAndPermissions($userId, $accountPermissions)
{
foreach ($accountPermissions as $accountId => $aPermissions) {
OA_Permission::setAccountAccess($accountId, $userId);
OA_Permission::storeUserAccountsPermissions($aPermissions, $accountId, $userId);
}
}
/**
* Create the admin user and account, plus a default manager
*
* @param array $aAdmin
* @return boolean
*/
function putAdmin($aAdmin)
{
// Create Admin account
$doAccount = OA_Dal::factoryDO('accounts');
$doAccount->account_name = 'Administrator account';
$doAccount->account_type = OA_ACCOUNT_ADMIN;
$adminAccountId = $doAccount->insert();
if (!$adminAccountId) {
$this->oLogger->logError('error creating the admin account');
return false;
}
// Create Manager entity
$doAgency = OA_Dal::factoryDO('agency');
$doAgency->name = 'Default manager';
$doAgency->email = $doUser->email_address;
$doAgency->active = 1;
$agencyId = $doAgency->insert();
if (!$agencyId) {
$this->oLogger->logError('error creating the manager entity');
return false;
}
$doAgency = OA_Dal::factoryDO('agency');
if (!$doAgency->get($agencyId)) {
$this->oLogger->logError('error retrieving the manager account ID');
return false;
}
$agencyAccountId = $doAgency->account_id;
// Create Admin user
$doUser = OA_Dal::factoryDO('users');
$doUser->contact_name = 'Administrator';
$doUser->email_address = $aAdmin['email'];
$doUser->username = $aAdmin['name'];
$doUser->password = md5($aAdmin['pword']);
$doUser->default_account_id = $agencyAccountId;
$doUser->language = $aAdmin['language'];
$userId = $doUser->insert();
if (!$userId) {
$this->oLogger->logError('error creating the admin user');
return false;
}
$result = OA_Permission::setAccountAccess($adminAccountId, $userId);
if (!$result) {
$this->oLogger->logError("error creating access to admin account, account id: {$adminAccountId}, user ID: {$userId}");
return false;
}
$result = OA_Permission::setAccountAccess($agencyAccountId, $userId);
if (!$result) {
$this->oLogger->logError("error creating access to default agency account, account id: {$agencyAccountId}, user ID: {$userId}");
return false;
}
// Insert preferences and return
return $this->putDefaultPreferences($adminAccountId);
}
/**
* A method to create a new user
*
* @param array $aUser
* @return int The User Id
*/
function createUser($aUser)
{
$doUser = OA_Dal::factoryDO('users');
$doUser->setFrom($aUser);
$userId = $doUser->insert();
if (!$userId) {
return false;
}
$result = OA_Permission::setAccountAccess($this->account_id, $userId);
if (!$result) {
return false;
}
return $userId;
}
/**
* This method modifies an existing agency. Undefined fields do not change
* and defined fields with a NULL value also remain unchanged.
*
* @access public
*
* @param OA_Dll_AgencyInfo &$oAgency <br />
* <b>For adding</b><br />
* <b>Required properties:</b> agencyName<br />
* <b>Optional properties:</b> contactName, emailAddress, username, password<br />
*
* <b>For modify</b><br />
* <b>Required properties:</b> agencyId<br />
* <b>Optional properties:</b> agencyName, contactName, emailAddress<br />
*
* @return boolean True if the operation was successful
*
*/
function modify(&$oAgency)
{
if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) {
return false;
}
$agencyData = (array) $oAgency;
// Name
$agencyData['name'] = $oAgency->agencyName;
// Default fields
$agencyData['contact'] = $oAgency->contactName;
$agencyData['email'] = $oAgency->emailAddress;
if ($this->_validate($oAgency)) {
$doAgency = OA_Dal::factoryDO('agency');
if (!isset($agencyData['agencyId'])) {
$doAgency->setFrom($agencyData);
$oAgency->agencyId = $doAgency->insert();
if ($oAgency->agencyId) {
// Set the account ID
$doAgency = OA_Dal::staticGetDO('agency', $oAgency->agencyId);
$oAgency->accountId = (int) $doAgency->account_id;
}
if (isset($agencyData['username']) || isset($agencyData['userEmail'])) {
// Use the authentication plugin to create the user
$oPlugin = OA_Auth::staticGetAuthPlugin();
$userId = $oPlugin->getMatchingUserId($agencyData['userEmail'], $agencyData['username']);
$userId = $oPlugin->saveUser($userId, $agencyData['username'], $agencyData['password'], $agencyData['contactName'], $agencyData['userEmail'], $agencyData['language'], $oAgency->accountId);
if ($userId) {
// Link the user and give permission to create new accounts
$aAllowedPermissions = array(OA_PERM_SUPER_ACCOUNT => 'This string intentionally left blank. WTF?');
$aPermissions = array(OA_PERM_SUPER_ACCOUNT);
OA_Permission::setAccountAccess($oAgency->accountId, $userId);
OA_Permission::storeUserAccountsPermissions($aPermissions, $oAgency->accountId, $userId, $aAllowedPermissions);
}
}
} else {
$doAgency->get($agencyData['agencyId']);
$doAgency->setFrom($agencyData);
$doAgency->update();
}
return true;
} else {
return false;
}
}
/**
* Links user with account and set apropriate messages.
* Common method reused across user access pages
*
* @param integer $userId User ID
* @param integer $accountId Account ID
* @param array $permissions Array of permissions
* @param array $aAllowedPermissions Array of allowed permissions
*/
function linkUserToAccount($userId, $accountId, $permissions, $aAllowedPermissions)
{
if (!empty($userId)) {
if (!OA_Permission::isUserLinkedToAccount($accountId, $userId)) {
OA_Session::setMessage($GLOBALS['strUserLinkedToAccount']);
} else {
OA_Session::setMessage($GLOBALS['strUserAccountUpdated']);
}
OA_Permission::setAccountAccess($accountId, $userId);
OA_Permission::storeUserAccountsPermissions($permissions, $accountId, $userId, $aAllowedPermissions);
}
}
/**
* Create the admin user and account, plus a default manager, also
* inserts admin default timezone preferences
*
* @param array $aAdmin
* @param array $aPrefs
* @return boolean
*/
public function putAdmin($aAdmin, $aPrefs)
{
try {
// init transaction
$oDbh = OA_DB::singleton();
$useTransaction = $oDbh->supports('transactions');
if ($useTransaction) {
$oDbh->beginTransaction();
}
// Create Admin account
$doAccount = OA_Dal::factoryDO('accounts');
$doAccount->account_name = 'Administrator account';
$doAccount->account_type = OA_ACCOUNT_ADMIN;
$adminAccountId = $doAccount->insert();
if (!$adminAccountId) {
throw new Exception('error creating the admin account');
}
// Create Manager entity
$doAgency = OA_Dal::factoryDO('agency');
$doAgency->name = 'Default manager';
$doAgency->email = $aAdmin['email'];
$doAgency->active = 1;
$agencyId = $doAgency->insert();
if (!$agencyId) {
throw new Exception('error creating the manager entity');
}
$doAgency = OA_Dal::factoryDO('agency');
if (!$doAgency->get($agencyId)) {
throw new Exception('error retrieving the manager account ID');
}
$agencyAccountId = $doAgency->account_id;
// Create Admin user
$doUser = OA_Dal::factoryDO('users');
$doUser->contact_name = 'Administrator';
$doUser->email_address = $aAdmin['email'];
$doUser->username = $aAdmin['name'];
$doUser->password = md5($aAdmin['pword']);
$doUser->default_account_id = $agencyAccountId;
$doUser->language = $aAdmin['language'];
$userId = $doUser->insert();
if (!$userId) {
throw new Exception('error creating the admin user');
}
$result = OA_Permission::setAccountAccess($adminAccountId, $userId);
if (!$result) {
throw new Exception("error creating access to admin account, account id: {$adminAccountId}, user ID: {$userId}");
}
$result = OA_Permission::setAccountAccess($agencyAccountId, $userId);
if (!$result) {
throw new Exception("error creating access to default agency account, account id: {$agencyAccountId}, user ID: {$userId}");
}
$this->putDefaultPreferences($adminAccountId);
if (!$this->putTimezoneAccountPreference($aPrefs)) {
// rollback if fails
throw new Exception();
}
if ($useTransaction) {
$oDbh->commit();
}
} catch (Exception $e) {
$this->oLogger->logErrorUnlessEmpty($e->getMessage());
if ($useTransaction) {
$oDbh->rollback();
} else {
$this->_rollbackPutAdmin();
}
return false;
}
return true;
}
/**
* This method modifies an existing user. Undefined fields do not change
* and defined fields with a NULL value also remain unchanged.
*
* @access public
*
* @param OA_Dll_UserInfo $oUser
* <b>For adding</b><br />
* <b>Required properties:</b> contactName, emailAddress, defaultAccountId<br />
* <b>Optional properties:</b> username, password (both depending on the authentication type)<br />
*
* <b>For modify</b><br />
* <b>Required properties:</b> userId<br />
* <b>Optional properties:</b> contactName, emailAddress, defaultAccountId, password (depending on the authentication type)<br />
*
* @return success boolean True if the operation was successful
*
*/
function modify(&$oUser)
{
if (!isset($oUser->userId)) {
// Add
$oUser->setDefaultForAdd();
}
if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) {
return false;
}
$userData = (array) $oUser;
// Name
$userData['contact_name'] = $oUser->contactName;
$userData['email_address'] = $oUser->emailAddress;
$userData['default_account_id'] = $oUser->defaultAccountId;
// Add a reference for username and password, they might be modified during validation
$userData['username'] =& $oUser->username;
$userData['password'] =& $oUser->password;
if ($this->_validate($oUser)) {
$doUser = OA_Dal::factoryDO('users');
if (!isset($userData['userId'])) {
$doUser->setFrom($userData);
$oUser->userId = $doUser->insert();
if ($oUser->userId) {
if (!OA_Permission::setAccountAccess($oUser->defaultAccountId, $oUser->userId)) {
$this->raiseError('Could not link the user to the default account');
return false;
}
}
} else {
$doUser->get($userData['userId']);
$doUser->setFrom($userData);
$doUser->update();
}
return true;
} else {
return false;
}
}
