/**
* Returns true if the current user can view the event $event.
*
* @param array $eventDate TimeIt_Model_EventDate as an array.
* @param int $level ACCESS_* constant.
*
* @return boolean
*/
public static function canViewEvent(array $eventDate, $level = ACCESS_READ)
{
$event = $eventDate['Event'];
$groups = UserUtil::getGroupsForUser(UserUtil::getVar('uid'));
// hack: Admins (group id 2 are in group 1(users) to)
if (in_array(2, $groups)) {
$groups[] = 1;
}
if ($event['group'] == 'all') {
$groupId = null;
// group irrelevant
} else {
$groupId = explode(',', $event['group']);
}
static $calendarCache = array();
if (!isset($calendarCache[(int) $event['id']])) {
// get calendar
$calendarCache[(int) $event['id']] = $eventDate['Calendar'];
}
$calendar = $calendarCache[(int) $event['id']];
// check permissions
// hierarchy level 1: module itself
if (!SecurityUtil::checkPermission('TimeIt::', '::', $level)) {
return false;
}
// hierarchy level 2: calendar
if (!SecurityUtil::checkPermission('TimeIt:Calendar:', $calendar['id'] . '::', $level)) {
return false;
}
// hierarchy level 3: group
if (!empty($groupId)) {
$access = false;
foreach ($groupId as $grpId) {
if (in_array($grpId, $groups)) {
$access = true;
}
}
if (!$access) {
return false;
}
}
// hierarchy level 5: timeit category permission
if (count($event['__CATEGORIES__']) > 0) {
$permissionOk = false;
foreach ($event['__CATEGORIES__'] as $cat) {
$cid = $cat;
if (is_array($cat)) {
$cid = $cat['id'];
}
$permissionOk = SecurityUtil::checkPermission('TimeIt:Category:', $cid . "::", $level);
if ($permissionOk) {
// user has got permission -> stop permission checks
$hasPermission = true;
break;
}
}
if (!$hasPermission) {
return false;
}
}
// hierarchy level 6: zikula category permission
if (ModUtil::getVar('TimeIt', 'filterByPermission', 0) && !CategoryUtil::hasCategoryAccess($event['__CATEGORIES__'], 'TimeIt', $level)) {
return false;
}
// hierarchy level 7: event
if (!SecurityUtil::checkPermission('TimeIt::Event', $event['id'] . '::', $level)) {
return false;
}
// hierarchy level 8: contact list
if (ModUtil::available('ContactList')) {
// cache
static $ignored = null;
if ($ignored == null) {
$ignored = ModUtil::apiFunc('ContactList', 'user', 'getallignorelist', array('uid' => UserUtil::getVar('uid')));
}
if ($calendar['friendCalendar']) {
$buddys = ModUtil::apiFunc('ContactList', 'user', 'getBuddyList', array('uid' => $event['cr_uid']));
}
if ((int) $event['sharing'] == 4 && $event['cr_uid'] != UserUtil::getVar('uid')) {
$buddyFound = false;
foreach ($buddys as $buddy) {
if ($buddy['uid'] == UserUtil::getVar('uid')) {
$buddyFound = true;
break;
}
}
if (!$buddyFound) {
return false;
}
}
$ignoredFound = false;
foreach ($ignored as $ignore) {
if ($ignore['iuid'] == $obj['cr_uid']) {
$ignoredFound = true;
break;
}
}
if ($ignoredFound) {
return false;
}
}
return true;
}
/**
* Simplify "in" & "out" file information.
*
* > The purpose is optimize insertion and deletion actions.\n
* > For example, if file indicates that a user must be deleted from a group
* > and added in the same group id, group id will be removed from "in" and "out" list.\n
* > Filter non existent group ids. Aviod redundant information processing
*
* @parameter array $args.
* Array description:
* * integer **uid** User id
* * string **in** Group ids separated by "|". Group ids where user will be added.
* * string **out** Group ids separated by "|". Group ids where user will be removed.
*
* @return array
*/
public function optimizeGroups($args){
$this->throwForbiddenUnless(SecurityUtil::checkPermission('IWusers::', '::', ACCESS_READ));
$line = $args['data'];
//Initialize vars
$result = array();
$result['in'] = null;
$result['out'] = null;
// All Zikula groups
$allGroups = array_keys(UserUtil::getGroups());
// User groups
$usrGroups = UserUtil::getGroupsForUser($args['uid']);
if (array_key_exists('in', $line)) {
// File contains "in" field
// 1. Erase non exitent groups
$clean_in = array_intersect($allGroups, explode('|', $line['in']));
// 2. Mantain only new groups. Remove gid from list "in" if user already belongs to this group
$result['in'] = implode('|', array_diff($clean_in, $usrGroups));
} else {
// Needed in "out" clean process
$clean_in = array();
}
if (array_key_exists('out', $line)) {
// File contains "out" field
$out = explode('|', $line['out']);
// 1. Erase non exitent groups
$clean_out = array_intersect($allGroups, explode('|', $line['out']));
// 2. Only in "out" list gid that are not in "in" list
$out = array_diff($clean_out, $clean_in);
// 3. Only in "out" list gids where user is member
$result['out'] = implode('|', array_intersect($out, $usrGroups));
}
return $result;
}
/** ???
* Retorna els grups als quals pertany un usuari
* @author: Albert Pérez Monfort (aperezm@xtec.cat)
* @return: array amb els grups
*/
public function getAllUserGroups($uid) {
//Verificar permisos
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_READ));
/* $items = array();
// argument needed
if ($uid != null && is_numeric($uid)) {
$table = DBUtil::getTables();
$c = $table['group_membership_column'];
$where = "$c[uid]=" . $uid;
// get the objects from the db
$items = DBUtil::selectObjectArray('group_membership', $where);
// Check for an error with the database code, and if so set an appropriate
// error message and return
if ($items === false)
return LogUtil::registerError($this->__('S\'ha produit una errada. L\'usuari no pertany a cap grup.'));
// Return the items
}
return $items;
*
*/
return UserUtil::getGroupsForUser(UserUtil::getVar('uid'));
}
/**
* Edició d'un usuari del catàleg
*
* > Obre el formulari per a editar l'usuari triat amb les dades que tenia.
*
* ### Paràmetres rebuts per GET:
* * integer **uid** uid de l'usuari triat.
*
* @return void Plantilla *Cataleg_admin_addeditUser.tpl* per a editar les dades
*/
public function editUser() {
if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$gestor = (SecurityUtil::checkPermission('CatalegAdmin::', '::', ACCESS_ADMIN)) ? true : false;
$uid = FormUtil::getPassedValue('uid', null, 'GET');
$grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
$allGroupsUnits = ModUtil::apiFunc('Cataleg', 'admin', 'getAllGroupsUnits');
$catUsersList = UserUtil::getUsersForGroup($grupCat['Sirius']);
if (!in_array($uid, $catUsersList)) {
LogUtil::registerError($this->__('No existeix cap usuari del catàleg amb l\'identificador indicat.'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
//Només els gestors-administradors poden editar altres gestors
if (!SecurityUtil::checkPermission('CatalegAdmin::', '::', ACCESS_ADMIN)) {
$gestorUsersList = UserUtil::getUsersForGroup($grupCat['Gestors']);
if (in_array($uid, $gestorUsersList)) {
LogUtil::registerError($this->__('Només els gestors-administradors poden editar altres gestors.'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
}
$user = UserUtil::getVars($uid);
$user['iw'] = DBUtil::selectObject('IWusers', 'iw_uid = ' . $uid);
$user['pw'] = (DBUtil::selectField('users','pass','uid = '.$uid) != '' ? true: false);
$grups = UserUtil::getGroupsForUser($uid);
$uni = array();
foreach ($grups as $grup) {
($grupCat['Generics'] == $grup) ? $gr['Generics'] = 1 : false;
($grupCat['Personals'] == $grup) ? $gr['Personals'] = 1 : false;
($grupCat['Gestform'] == $grup) ? $gr['Gestform'] = 1 : false;
($grupCat['LectorsCat'] == $grup) ? $gr['LectorsCat'] = 1 : false;
($grupCat['EditorsCat'] == $grup) ? $gr['EditorsCat'] = 1 : false;
($grupCat['Gestors'] == $grup) ? $gr['Gestors'] = 1 : false;
($grupCat['Odissea'] == $grup) ? $gr['Odissea'] = 1 : false;
($grupCat['Cert'] == $grup) ? $gr['Cert'] = 1 : false;
($grupCat['gA'] == $grup) ? $gr['gA'] = 1 : false;
($grupCat['gB'] == $grup) ? $gr['gB'] = 1 : false;
if (isset($allGroupsUnits[$grup])) {
$uni[$grup]['gid'] = $grup;
$uni[$grup]['name'] = $allGroupsUnits[$grup]['name'];
}
}
$user['gr'] = $gr;
$user['uni'] = $uni;
$minpass = ModUtil::getVar('Users', 'minpass');
$gtafInfo = ModUtil::apiFunc($this->name,'admin','getGtafInfo');
$this->view->assign('gtafInfo',$gtafInfo);
$this->view->assign('edit', true);
$this->view->assign('minpass', $minpass);
$this->view->assign('gestor', $gestor);
$this->view->assign('user', $user);
$this->view->assign('grupCat', $grupCat);
$this->view->assign('allGroupsUnits', $allGroupsUnits);
return $this->view->fetch('admin/Cataleg_admin_addeditUser.tpl');
}
