/**
* save data array
*
* @param array $fields
* @param int $primary_key - id von person_id
* @param array $data_arr
*
* @return Gibt das alte Array zurueck
*/
function saveDataArray($fields, $primary_key, $data_arr)
{
global $user;
$res = db_query("SELECT * FROM {" . $fields["tablename"] . "} WHERE " . $fields["idname"] . "=" . $primary_key);
$old_arr = $res->fetch();
$error_str = "";
$auth = churchdb_getAuthForAjax();
$person_id = null;
if ($fields["tablename"] == "cdb_person" || $fields["tablename"] == "cdb_gemeindeperson") {
if (churchdb_isPersonSuperLeaderOfPerson($user->id, $primary_key)) {
$auth["leader"] = true;
$auth["superleader"] = true;
} else {
if (churchdb_isPersonLeaderOfPerson($user->id, $primary_key)) {
$auth["leader"] = true;
}
}
} else {
if ($fields["tablename"] == "cdb_gruppe") {
$myGroups = churchdb_getMyGroups($user->id, true, false, true);
if (count($myGroups)) {
$auth["superleader"] = true;
$auth["leader"] = true;
} else {
$myGroups = churchdb_getMyGroups($user->id, true, true);
if (count($myGroups)) {
$auth["leader"] = true;
}
}
}
}
// TODO: use new db methods, with :params
$sql = "UPDATE {" . $fields["tablename"] . "} SET ";
foreach ($data_arr as $key => $param) {
if (isset($fields["fields"][$key])) {
if (!isset($fields["fields"][$key]["auth"]) || checkFieldAuth($fields["fields"][$key]["auth"], $auth)) {
$param = str_replace("'", "\\'", $param);
switch ($fields["fields"][$key]["type"]) {
case "number":
if ($param == "") {
$sql = $sql . $fields["fields"][$key]["sql"] . "=null, ";
} else {
$sql = $sql . $fields["fields"][$key]["sql"] . "=" . $param . ", ";
}
break;
case "textarea":
case "text":
case "select":
$sql = $sql . $fields["fields"][$key]["sql"] . "='" . $param . "', ";
break;
case "checkbox":
$sql = $sql . $fields["fields"][$key]["sql"] . "=" . $param . ", ";
break;
case "date":
if ($param != "" && $param != "null") {
$sql = $sql . $fields["fields"][$key]["sql"] . "='" . $param . "', ";
} else {
$sql = $sql . $fields["fields"][$key]["sql"] . "=null, ";
}
break;
}
} else {
$error_str .= "Fehlendes Recht " . $fields["fields"][$key]["auth"] . " fuer Update von Feld: " . $key . ". ";
}
}
}
if ($error_str) {
throw new CTException($error_str);
}
// if no change date given set it to now()
if (isset($data_arr['letzteaenderung'])) {
$sql .= " letzteaenderung='" . $data_arr['letzteaenderung'] . "',";
} else {
$sql .= " letzteaenderung=now(),";
}
$sql .= " aenderunguser='******' WHERE " . $fields["idname"] . "=" . $primary_key;
// cdb_log('Update sql:'.$sql,2,-1,CDB_LOG_PERSON,1);
db_query($sql);
return $old_arr;
}
/**
* if group_id is given then get only this group, else all groups user is member of
*
* @param $params
* @return array
*/
function churchcal_getAbsents($params)
{
global $user;
include_once CHURCHDB . '/churchdb_db.php';
$persons = array();
// Get absents when cal_ids is given
if ($cal_ids = getVar("cal_ids", false, $params)) {
// who has rights for this calendar?
$res = db_query("SELECT *\n FROM {cc_domain_auth} d\n WHERE d.auth_id=403 AND d.daten_id IN (" . db_implode($cal_ids) . ")");
if ($res) {
foreach ($res as $auth) {
if ($auth->domain_type == "person") {
$persons[$auth->domain_id] = $auth->domain_id;
} else {
if ($auth->domain_type == "gruppe") {
$allPersonIds = churchdb_getAllPeopleIdsFromGroups(array($auth->domain_id));
if ($allPersonIds) {
foreach ($allPersonIds as $id) {
$persons[$id] = $id;
}
}
}
}
}
}
}
// Get Absents when person_id is given
if ($pid = getVar("person_id", false, $params)) {
if ($pid == $user->id || user_access("manage absent", "churchservice") || churchdb_isPersonLeaderOfPerson($user->id, $pid)) {
$persons[$pid] = $pid;
} else {
throw new CTNoPermission("manage absent");
}
}
$arrs = array();
if (count($persons)) {
// get absences
$res = db_query("SELECT p.id AS p_id, a.id, a.startdate, a.enddate, p.vorname, p.name, absent_reason_id AS reason_id\n FROM {cs_absent} a, {cdb_person} p\n WHERE p.id IN (" . db_implode($persons) . ") AND a.person_id=p.id");
foreach ($res as $a) {
$arrs[] = $a;
}
}
return $arrs;
}
/**
* get person details
* TODO: create a class for persons
*
* @param int $id
* @param bool $withComments
*
* @return person object
*/
function churchdb_getPersonDetails($id, $withComments = true)
{
global $user;
$allowed = $user->id == $id;
$iAmLeader = false;
$iAmSuperLeader = false;
// the export right give the permission to see everything!
if (user_access("export data", "churchdb")) {
$allowed = true;
$iAmLeader = true;
$iAmSuperLeader = true;
} else {
// user is super leader of person?
if (churchdb_isPersonSuperLeaderOfPerson($user->id, $id)) {
$iAmSuperLeader = true;
$iAmLeader = true;
$allowed = true;
}
// user is leader of person?
if (churchdb_isPersonLeaderOfPerson($user->id, $id)) {
$iAmLeader = true;
$allowed = true;
}
// user is in group with person?
if (!$allowed) {
$myGroups = churchdb_getMyGroups($user->id, true, false);
if (count($myGroups) > 0) {
$res = db_query("SELECT COUNT(*) c\n FROM {cdb_person} p, {cdb_gemeindeperson} gp, {cdb_gemeindeperson_gruppe} gpg\n WHERE p.id=gp.person_id AND gpg.gemeindeperson_id=gp.id AND p.id=:id\n AND gpg.gruppe_id in (" . implode(",", $myGroups) . ") ", array(':id' => $id))->fetch();
if ($res->c > 0) {
$allowed = true;
}
}
}
if (!$allowed) {
// TODO: maybe shorten next 2 lines to: if ($allowedDeps=user_access("view alldata", "churchdb")) {
$allowedDeps = user_access("view alldata", "churchdb");
if ($allowedDeps != null) {
$res = db_query('SELECT COUNT(*) as c FROM {cdb_bereich_person}
WHERE person_id=:p_id AND bereich_id in (' . implode(',', $allowedDeps) . ')', array(':p_id' => $id), false)->fetch();
if ($res->c > 0) {
$allowed = true;
}
}
}
if (!$allowed) {
return "no access";
}
}
$res = db_query("SELECT f.*, fk.intern_code FROM {cdb_feld} f, {cdb_feldkategorie} fk WHERE f.feldkategorie_id=fk.id\n AND fk.intern_code IN ('f_address', 'f_church', 'f_category') AND aktiv_yn=1");
$sqlFields = array();
$sqlFields[] = "p.id id";
$sqlFields[] = "gp.id gp_id";
$sqlFields[] = "geolat as lat";
$sqlFields[] = "imageurl";
$sqlFields[] = "geolng as lng";
$sqlFields[] = "cmsuserid";
foreach ($res as $res2) {
if ($res2->autorisierung == null || _checkPersonAuthorisation($res2->autorisierung, $iAmLeader, $iAmSuperLeader)) {
if ($res2->intern_code == "f_address" || $iAmLeader || user_access('view alldetails', "churchdb")) {
$sqlFields[] = $res2->db_spalte;
}
}
}
$sql = "SELECT " . join($sqlFields, ",");
if ($iAmLeader || user_access('view alldetails', "churchdb") || user_access('administer persons', "churchcore")) {
$sql .= ', p.letzteaenderung, p.aenderunguser, p.createdate, if (loginstr IS NULL , 0 , 1) AS einladung, p.active_yn, p.lastlogin';
}
$sql .= ' FROM {cdb_person} p, {cdb_gemeindeperson} gp WHERE p.id=gp.person_id AND p.id=:pid';
$person = db_query($sql, array(':pid' => $id))->fetch();
if ($withComments) {
$comments = db_query("SELECT id, text, person_id, datum, comment_viewer_id, relation_name \n FROM {cdb_comment}\n WHERE relation_id=:relid AND relation_name like 'person%'\n ORDER BY datum desc", array(':relid' => $id));
$auth = user_access("view comments", "churchdb");
if ($comments && $auth != null) {
// TODO: test for auth before DB query? if ($withComments &&
// $auth=user_access("view comments","churchdb"))
$arrs = null;
foreach ($comments as $arr) {
if (isset($auth[$arr->comment_viewer_id]) && $auth[$arr->comment_viewer_id] == $arr->comment_viewer_id) {
$arrs[] = $arr;
}
}
$person->comments = $arrs;
}
}
$person->auth = getAuthForPerson($id);
return $person;
}
