/**
* surveypermission::surveyright()
* Function responsible to process setting of permission of a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function surveyright($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
$this->getController()->error('Access denied');
}
if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
$addsummary = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>";
$addsummary .= '<div class="row"><div class="col-lg-12 content-right">';
$addsummary .= "<div class=\"jumbotron message-box\">\n";
$addsummary .= "<h2>" . gT("Edit survey permissions") . "</h2>\n";
$where = ' ';
if ($postuserid) {
if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
$where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
$resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
}
} else {
$where .= "sid = :sid";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid));
$iOwnerID = $resrow['owner_id'];
}
$aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
$aPermissions = array();
foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
continue;
}
if ($CRUDValue) {
if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
$aPermissions[$sPermissionKey][$sCRUDKey] = 1;
} else {
$aPermissions[$sPermissionKey][$sCRUDKey] = 0;
}
}
}
}
if (isset($postusergroupid) && $postusergroupid > 0) {
$oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
if (count($oResult) > 0) {
foreach ($oResult as $aRow) {
Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
}
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
}
} else {
if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
Yii::app()->setFlashMessage(gT("Survey permissions were successfully updated."));
} else {
Yii::app()->setFlashMessage(gT("Failed to update survey permissions!"));
}
if (App()->getRequest()->getPost('close-after-save') == 'false') {
Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/set', array('action' => 'setsurveysecurity', 'surveyid' => $surveyid, 'uid' => $postuserid)));
}
Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/view', array('surveyid' => $surveyid)));
}
$addsummary .= "<br/><input class='btn btn-default' type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
$addsummary .= "</div></div></div>\n";
$aViewUrls['output'] = $addsummary;
} else {
$this->getController()->error('Access denied');
}
$aData['sidemenu']['state'] = false;
$surveyinfo = Survey::model()->findByPk($surveyid)->surveyinfo;
$aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $surveyid . ")";
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
function user($ugid, $action = 'add')
{
if (!Permission::model()->hasGlobalPermission('usergroups', 'read') || !in_array($action, array('add', 'remove'))) {
die('access denied');
}
$clang = Yii::app()->lang;
$uid = (int) Yii::app()->request->getPost('uid');
$group = UserGroup::model()->findByAttributes(array('ugid' => $ugid, 'owner_id' => Yii::app()->session['loginID']));
if (empty($group)) {
list($aViewUrls, $aData) = $this->index(0, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('Group not found.')));
} else {
if ($uid > 0 && User::model()->findByPk($uid)) {
if ($group->owner_id == $uid) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('You can not add or remove the group owner from the group.')));
}
$user_in_group = UserInGroup::model()->findByPk(array('ugid' => $ugid, 'uid' => $uid));
switch ($action) {
case 'add':
if (empty($user_in_group) && UserInGroup::model()->insertRecords(array('ugid' => $ugid, 'uid' => $uid))) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User added.')));
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to add user.') . '<br />' . $clang->gT('User already exists in the group.')));
}
break;
case 'remove':
if (!empty($user_in_group) && UserInGroup::model()->deleteByPk(array('ugid' => $ugid, 'uid' => $uid))) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User removed.')));
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to remove user.') . '<br />' . $clang->gT('User does not exist in the group.')));
}
break;
}
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('User not found.')));
}
}
$this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData);
}
/**
* surveypermission::surveyright()
* Function responsible to process setting of permission of a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function surveyright($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
$this->getController()->error('Access denied');
}
if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
$addsummary = "<div class='header ui-widget-header'>" . gT("Edit survey permissions") . "</div>\n";
$addsummary .= "<div class='messagebox ui-corner-all'>\n";
$where = ' ';
if ($postuserid) {
if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
$where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
$resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
}
} else {
$where .= "sid = :sid";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid));
$iOwnerID = $resrow['owner_id'];
}
$aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
$aPermissions = array();
foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
continue;
}
if ($CRUDValue) {
if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
$aPermissions[$sPermissionKey][$sCRUDKey] = 1;
} else {
$aPermissions[$sPermissionKey][$sCRUDKey] = 0;
}
}
}
}
if (isset($postusergroupid) && $postusergroupid > 0) {
$oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
if (count($oResult) > 0) {
foreach ($oResult as $aRow) {
Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
}
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
}
} else {
if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions were successfully updated.") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . gT("Failed to update survey permissions!") . "</div>\n";
}
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
} else {
$this->getController()->error('Access denied');
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
function search()
{
$pageSize = Yii::app()->user->getState('pageSize', Yii::app()->params['defaultPageSize']);
$sort = new CSort();
$sort->attributes = array('usergroup_id' => array('asc' => 'ugid', 'desc' => 'ugid desc'), 'name' => array('asc' => 'name', 'desc' => 'name desc'), 'description' => array('asc' => 'description', 'desc' => 'description desc'), 'owner' => array('asc' => 'users.users_name', 'desc' => 'users.users_name desc'), 'members' => array('asc' => 'member_count', 'desc' => 'member_count desc'));
$user_in_groups_table = UserInGroup::model()->tableName();
$member_count_sql = "(SELECT count(*) FROM {$user_in_groups_table} AS users_in_groups WHERE users_in_groups.ugid = t.ugid)";
$criteria = new CDbCriteria();
// select
$criteria->select = array('*', $member_count_sql . " as member_count");
$criteria->join .= 'LEFT JOIN {{users}} AS users ON ( users.uid = t.owner_id )';
$dataProvider = new CActiveDataProvider('UserGroup', array('sort' => $sort, 'criteria' => $criteria, 'pagination' => array('pageSize' => $pageSize)));
return $dataProvider;
}
