/** * save data array * * @param array $fields * @param int $primary_key - id von person_id * @param array $data_arr * * @return Gibt das alte Array zurueck */ function saveDataArray($fields, $primary_key, $data_arr) { global $user; $res = db_query("SELECT * FROM {" . $fields["tablename"] . "} WHERE " . $fields["idname"] . "=" . $primary_key); $old_arr = $res->fetch(); $error_str = ""; $auth = churchdb_getAuthForAjax(); $person_id = null; if ($fields["tablename"] == "cdb_person" || $fields["tablename"] == "cdb_gemeindeperson") { if (churchdb_isPersonSuperLeaderOfPerson($user->id, $primary_key)) { $auth["leader"] = true; $auth["superleader"] = true; } else { if (churchdb_isPersonLeaderOfPerson($user->id, $primary_key)) { $auth["leader"] = true; } } } else { if ($fields["tablename"] == "cdb_gruppe") { $myGroups = churchdb_getMyGroups($user->id, true, false, true); if (count($myGroups)) { $auth["superleader"] = true; $auth["leader"] = true; } else { $myGroups = churchdb_getMyGroups($user->id, true, true); if (count($myGroups)) { $auth["leader"] = true; } } } } // TODO: use new db methods, with :params $sql = "UPDATE {" . $fields["tablename"] . "} SET "; foreach ($data_arr as $key => $param) { if (isset($fields["fields"][$key])) { if (!isset($fields["fields"][$key]["auth"]) || checkFieldAuth($fields["fields"][$key]["auth"], $auth)) { $param = str_replace("'", "\\'", $param); switch ($fields["fields"][$key]["type"]) { case "number": if ($param == "") { $sql = $sql . $fields["fields"][$key]["sql"] . "=null, "; } else { $sql = $sql . $fields["fields"][$key]["sql"] . "=" . $param . ", "; } break; case "textarea": case "text": case "select": $sql = $sql . $fields["fields"][$key]["sql"] . "='" . $param . "', "; break; case "checkbox": $sql = $sql . $fields["fields"][$key]["sql"] . "=" . $param . ", "; break; case "date": if ($param != "" && $param != "null") { $sql = $sql . $fields["fields"][$key]["sql"] . "='" . $param . "', "; } else { $sql = $sql . $fields["fields"][$key]["sql"] . "=null, "; } break; } } else { $error_str .= "Fehlendes Recht " . $fields["fields"][$key]["auth"] . " fuer Update von Feld: " . $key . ". "; } } } if ($error_str) { throw new CTException($error_str); } // if no change date given set it to now() if (isset($data_arr['letzteaenderung'])) { $sql .= " letzteaenderung='" . $data_arr['letzteaenderung'] . "',"; } else { $sql .= " letzteaenderung=now(),"; } $sql .= " aenderunguser='******' WHERE " . $fields["idname"] . "=" . $primary_key; // cdb_log('Update sql:'.$sql,2,-1,CDB_LOG_PERSON,1); db_query($sql); return $old_arr; }
/** * if group_id is given then get only this group, else all groups user is member of * * @param $params * @return array */ function churchcal_getAbsents($params) { global $user; include_once CHURCHDB . '/churchdb_db.php'; $persons = array(); // Get absents when cal_ids is given if ($cal_ids = getVar("cal_ids", false, $params)) { // who has rights for this calendar? $res = db_query("SELECT *\n FROM {cc_domain_auth} d\n WHERE d.auth_id=403 AND d.daten_id IN (" . db_implode($cal_ids) . ")"); if ($res) { foreach ($res as $auth) { if ($auth->domain_type == "person") { $persons[$auth->domain_id] = $auth->domain_id; } else { if ($auth->domain_type == "gruppe") { $allPersonIds = churchdb_getAllPeopleIdsFromGroups(array($auth->domain_id)); if ($allPersonIds) { foreach ($allPersonIds as $id) { $persons[$id] = $id; } } } } } } } // Get Absents when person_id is given if ($pid = getVar("person_id", false, $params)) { if ($pid == $user->id || user_access("manage absent", "churchservice") || churchdb_isPersonLeaderOfPerson($user->id, $pid)) { $persons[$pid] = $pid; } else { throw new CTNoPermission("manage absent"); } } $arrs = array(); if (count($persons)) { // get absences $res = db_query("SELECT p.id AS p_id, a.id, a.startdate, a.enddate, p.vorname, p.name, absent_reason_id AS reason_id\n FROM {cs_absent} a, {cdb_person} p\n WHERE p.id IN (" . db_implode($persons) . ") AND a.person_id=p.id"); foreach ($res as $a) { $arrs[] = $a; } } return $arrs; }
/** * get person details * TODO: create a class for persons * * @param int $id * @param bool $withComments * * @return person object */ function churchdb_getPersonDetails($id, $withComments = true) { global $user; $allowed = $user->id == $id; $iAmLeader = false; $iAmSuperLeader = false; // the export right give the permission to see everything! if (user_access("export data", "churchdb")) { $allowed = true; $iAmLeader = true; $iAmSuperLeader = true; } else { // user is super leader of person? if (churchdb_isPersonSuperLeaderOfPerson($user->id, $id)) { $iAmSuperLeader = true; $iAmLeader = true; $allowed = true; } // user is leader of person? if (churchdb_isPersonLeaderOfPerson($user->id, $id)) { $iAmLeader = true; $allowed = true; } // user is in group with person? if (!$allowed) { $myGroups = churchdb_getMyGroups($user->id, true, false); if (count($myGroups) > 0) { $res = db_query("SELECT COUNT(*) c\n FROM {cdb_person} p, {cdb_gemeindeperson} gp, {cdb_gemeindeperson_gruppe} gpg\n WHERE p.id=gp.person_id AND gpg.gemeindeperson_id=gp.id AND p.id=:id\n AND gpg.gruppe_id in (" . implode(",", $myGroups) . ") ", array(':id' => $id))->fetch(); if ($res->c > 0) { $allowed = true; } } } if (!$allowed) { // TODO: maybe shorten next 2 lines to: if ($allowedDeps=user_access("view alldata", "churchdb")) { $allowedDeps = user_access("view alldata", "churchdb"); if ($allowedDeps != null) { $res = db_query('SELECT COUNT(*) as c FROM {cdb_bereich_person} WHERE person_id=:p_id AND bereich_id in (' . implode(',', $allowedDeps) . ')', array(':p_id' => $id), false)->fetch(); if ($res->c > 0) { $allowed = true; } } } if (!$allowed) { return "no access"; } } $res = db_query("SELECT f.*, fk.intern_code FROM {cdb_feld} f, {cdb_feldkategorie} fk WHERE f.feldkategorie_id=fk.id\n AND fk.intern_code IN ('f_address', 'f_church', 'f_category') AND aktiv_yn=1"); $sqlFields = array(); $sqlFields[] = "p.id id"; $sqlFields[] = "gp.id gp_id"; $sqlFields[] = "geolat as lat"; $sqlFields[] = "imageurl"; $sqlFields[] = "geolng as lng"; $sqlFields[] = "cmsuserid"; foreach ($res as $res2) { if ($res2->autorisierung == null || _checkPersonAuthorisation($res2->autorisierung, $iAmLeader, $iAmSuperLeader)) { if ($res2->intern_code == "f_address" || $iAmLeader || user_access('view alldetails', "churchdb")) { $sqlFields[] = $res2->db_spalte; } } } $sql = "SELECT " . join($sqlFields, ","); if ($iAmLeader || user_access('view alldetails', "churchdb") || user_access('administer persons', "churchcore")) { $sql .= ', p.letzteaenderung, p.aenderunguser, p.createdate, if (loginstr IS NULL , 0 , 1) AS einladung, p.active_yn, p.lastlogin'; } $sql .= ' FROM {cdb_person} p, {cdb_gemeindeperson} gp WHERE p.id=gp.person_id AND p.id=:pid'; $person = db_query($sql, array(':pid' => $id))->fetch(); if ($withComments) { $comments = db_query("SELECT id, text, person_id, datum, comment_viewer_id, relation_name \n FROM {cdb_comment}\n WHERE relation_id=:relid AND relation_name like 'person%'\n ORDER BY datum desc", array(':relid' => $id)); $auth = user_access("view comments", "churchdb"); if ($comments && $auth != null) { // TODO: test for auth before DB query? if ($withComments && // $auth=user_access("view comments","churchdb")) $arrs = null; foreach ($comments as $arr) { if (isset($auth[$arr->comment_viewer_id]) && $auth[$arr->comment_viewer_id] == $arr->comment_viewer_id) { $arrs[] = $arr; } } $person->comments = $arrs; } } $person->auth = getAuthForPerson($id); return $person; }