/** * surveypermission::surveyright() * Function responsible to process setting of permission of a user/usergroup. * @param mixed $surveyid * @return void */ function surveyright($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false; $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false; if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) { $this->getController()->error('Access denied'); } elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) { $this->getController()->error('Access denied'); } if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) { $addsummary = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>"; $addsummary .= '<div class="row"><div class="col-lg-12 content-right">'; $addsummary .= "<div class=\"jumbotron message-box\">\n"; $addsummary .= "<h2>" . gT("Edit survey permissions") . "</h2>\n"; $where = ' '; if ($postuserid) { if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) { $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id"; $resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); } } else { $where .= "sid = :sid"; $resrow = Survey::model()->find($where, array(':sid' => $surveyid)); $iOwnerID = $resrow['owner_id']; } $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions(); $aPermissions = array(); foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) { foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) { if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) { continue; } if ($CRUDValue) { if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) { $aPermissions[$sPermissionKey][$sCRUDKey] = 1; } else { $aPermissions[$sPermissionKey][$sCRUDKey] = 0; } } } } if (isset($postusergroupid) && $postusergroupid > 0) { $oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID)); if (count($oResult) > 0) { foreach ($oResult as $aRow) { Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions); } $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n"; } } else { if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) { Yii::app()->setFlashMessage(gT("Survey permissions were successfully updated.")); } else { Yii::app()->setFlashMessage(gT("Failed to update survey permissions!")); } if (App()->getRequest()->getPost('close-after-save') == 'false') { Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/set', array('action' => 'setsurveysecurity', 'surveyid' => $surveyid, 'uid' => $postuserid))); } Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/view', array('surveyid' => $surveyid))); } $addsummary .= "<br/><input class='btn btn-default' type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n"; $addsummary .= "</div></div></div>\n"; $aViewUrls['output'] = $addsummary; } else { $this->getController()->error('Access denied'); } $aData['sidemenu']['state'] = false; $surveyinfo = Survey::model()->findByPk($surveyid)->surveyinfo; $aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $surveyid . ")"; $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); }
function user($ugid, $action = 'add') { if (!Permission::model()->hasGlobalPermission('usergroups', 'read') || !in_array($action, array('add', 'remove'))) { die('access denied'); } $clang = Yii::app()->lang; $uid = (int) Yii::app()->request->getPost('uid'); $group = UserGroup::model()->findByAttributes(array('ugid' => $ugid, 'owner_id' => Yii::app()->session['loginID'])); if (empty($group)) { list($aViewUrls, $aData) = $this->index(0, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('Group not found.'))); } else { if ($uid > 0 && User::model()->findByPk($uid)) { if ($group->owner_id == $uid) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('You can not add or remove the group owner from the group.'))); } $user_in_group = UserInGroup::model()->findByPk(array('ugid' => $ugid, 'uid' => $uid)); switch ($action) { case 'add': if (empty($user_in_group) && UserInGroup::model()->insertRecords(array('ugid' => $ugid, 'uid' => $uid))) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User added.'))); } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to add user.') . '<br />' . $clang->gT('User already exists in the group.'))); } break; case 'remove': if (!empty($user_in_group) && UserInGroup::model()->deleteByPk(array('ugid' => $ugid, 'uid' => $uid))) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User removed.'))); } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to remove user.') . '<br />' . $clang->gT('User does not exist in the group.'))); } break; } } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('User not found.'))); } } $this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData); }
/** * surveypermission::surveyright() * Function responsible to process setting of permission of a user/usergroup. * @param mixed $surveyid * @return void */ function surveyright($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false; $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false; if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) { $this->getController()->error('Access denied'); } elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) { $this->getController()->error('Access denied'); } if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) { $addsummary = "<div class='header ui-widget-header'>" . gT("Edit survey permissions") . "</div>\n"; $addsummary .= "<div class='messagebox ui-corner-all'>\n"; $where = ' '; if ($postuserid) { if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) { $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id"; $resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); } } else { $where .= "sid = :sid"; $resrow = Survey::model()->find($where, array(':sid' => $surveyid)); $iOwnerID = $resrow['owner_id']; } $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions(); $aPermissions = array(); foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) { foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) { if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) { continue; } if ($CRUDValue) { if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) { $aPermissions[$sPermissionKey][$sCRUDKey] = 1; } else { $aPermissions[$sPermissionKey][$sCRUDKey] = 0; } } } } if (isset($postusergroupid) && $postusergroupid > 0) { $oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID)); if (count($oResult) > 0) { foreach ($oResult as $aRow) { Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions); } $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n"; } } else { if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) { $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions were successfully updated.") . "</div>\n"; } else { $addsummary .= "<div class=\"warningheader\">" . gT("Failed to update survey permissions!") . "</div>\n"; } } $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n"; $addsummary .= "</div>\n"; $aViewUrls['output'] = $addsummary; } else { $this->getController()->error('Access denied'); } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); }
function search() { $pageSize = Yii::app()->user->getState('pageSize', Yii::app()->params['defaultPageSize']); $sort = new CSort(); $sort->attributes = array('usergroup_id' => array('asc' => 'ugid', 'desc' => 'ugid desc'), 'name' => array('asc' => 'name', 'desc' => 'name desc'), 'description' => array('asc' => 'description', 'desc' => 'description desc'), 'owner' => array('asc' => 'users.users_name', 'desc' => 'users.users_name desc'), 'members' => array('asc' => 'member_count', 'desc' => 'member_count desc')); $user_in_groups_table = UserInGroup::model()->tableName(); $member_count_sql = "(SELECT count(*) FROM {$user_in_groups_table} AS users_in_groups WHERE users_in_groups.ugid = t.ugid)"; $criteria = new CDbCriteria(); // select $criteria->select = array('*', $member_count_sql . " as member_count"); $criteria->join .= 'LEFT JOIN {{users}} AS users ON ( users.uid = t.owner_id )'; $dataProvider = new CActiveDataProvider('UserGroup', array('sort' => $sort, 'criteria' => $criteria, 'pagination' => array('pageSize' => $pageSize))); return $dataProvider; }