function print_user_list() { global $single_user, $is_admin, $nonuser_enabled, $login, $is_nonuser_admin, $is_assistant; if ($single_user == "N" && $is_admin) { $userlist = get_my_users(); if ($nonuser_enabled == "Y") { $nonusers = get_nonuser_cals(); $userlist = !empty($nonuser_at_top) && $nonuser_at_top == "Y" ? array_merge($nonusers, $userlist) : array_merge($userlist, $nonusers); } $num_users = 0; $size = 0; $users = ""; for ($i = 0; $i < count($userlist); $i++) { $l = $userlist[$i]['cal_login']; $size++; $users .= "<option value=\"" . $l . "\""; if (!empty($id) && $id > 0) { if (!empty($participants[$l])) { $users .= " selected=\"selected\""; } } else { if ($l == $login && !$is_assistant && !$is_nonuser_admin) { $users .= " selected=\"selected\""; } } $users .= ">" . $userlist[$i]['cal_fullname'] . "</option>\n"; } if ($size > 50) { $size = 15; } else { if ($size > 5) { $size = 5; } } print "<tr><td style=\"vertical-align:top;\">\n"; print "<label for=\"caluser\">" . translate("Calendar") . "</label></td><td>\n"; print "<select name=\"calUser\" id=\"caluser\" size=\"{$size}\">{$users}\n"; print "</select>\n"; print "</td></tr>\n"; } }
if ($allow_view_other != 'Y' && !$is_admin) { $user = ""; } $can_add = $readonly == "N" || $is_admin == "Y"; if ($public_access == "Y" && $login == "__public__") { if ($public_access_can_add != "Y") { $can_add = false; } if ($public_access_others != "Y") { $user = ""; } // security precaution } if ($groups_enabled == "Y" && $user_sees_only_his_groups == "Y" && !$is_admin) { $valid_user = false; $userlist = get_my_users(); if ($nonuser_enabled == "Y") { $nonusers = get_nonuser_cals(); $userlist = array_merge($nonusers, $userlist); } for ($i = 0; $i < count($userlist); $i++) { if ($user == $userlist[$i]['cal_login']) { $valid_user = true; } } if ($valid_user == false) { $user = ""; // security precaution } } if (!empty($user)) {
dbi_free_result($res); } else { $error = translate("Database error") . ": " . dbi_error(); } if ($all_users) { $viewusers = array(); $users = get_my_users(); for ($i = 0; $i < count($users); $i++) { $viewusers[] = $users[$i]['cal_login']; } } else { // Make sure this user is allowed to see all users in this view // If this is a global view, it may include users that this user // is not allowed to see. if (!empty($user_sees_only_his_groups) && $user_sees_only_his_groups == 'Y') { $myusers = get_my_users(); if (!empty($nonuser_enabled) && $nonuser_enabled == "Y") { $myusers = array_merge($myusers, get_nonuser_cals()); } $userlookup = array(); for ($i = 0; $i < count($myusers); $i++) { $userlookup[$myusers[$i]['cal_login']] = 1; } $newlist = array(); for ($i = 0; $i < count($viewusers); $i++) { if (!empty($userlookup[$viewusers[$i]])) { $newlist[] = $viewusers[$i]; } } $viewusers = $newlist; }
if ($login != '__public__') { if (!$is_nonuser && $readonly == 'N') { if (!access_is_enabled() || access_can_access_function(ACCESS_ADMIN_HOME) || access_can_access_function(ACCESS_PREFERENCES)) { $goto_link[] = '<a title="' . $adminStr . '" class="bold" href="adminhome.php' . ($is_nonuser_admin ? '?user='******'') . "\">{$adminStr}" . '</a>'; } if ($REQUIRE_APPROVALS == 'Y' || $PUBLIC_ACCESS == 'Y') { $goto_link[] = '<a title="' . $unapprovedStr . '" href="list_unapproved.php' . ($is_nonuser_admin ? '?user='******'user') : '') . "\">{$unapprovedStr}" . '</a>'; } } } if ($login == '__public__' && $PUBLIC_ACCESS_OTHERS != 'Y' || $is_nonuser && !access_is_enabled()) { // Don't allow them to see other people's calendar. } else { if (($ALLOW_VIEW_OTHER == 'Y' || $is_admin) && (!access_is_enabled() || access_can_access_function(ACCESS_ANOTHER_CALENDAR))) { // Get count of users this user can see. If > 1, then... $ulist = array_merge(get_my_users(), get_my_nonusers($login, true)); if (count($ulist) > 1) { $calStr = translate('Another Users Calendar'); $goto_link[] = '<a title="' . $calStr . '" href="select_user.php">' . $calStr . '</a>'; } } } } else { $goto_link[] = '<a title="' . $myCalStr . '" class="bold" href="' . "{$mycal}\">{$myCalStr}" . '</a>'; $goto_link[] = '<a title="' . $todayStr . '" class="bold" href="' . "{$todayURL}\">{$todayStr}" . '</a>'; if ($readonly == 'N') { $goto_link[] = '<a title="' . $adminStr . '" class="bold" href="adminhome.php">' . $adminStr . '</a>'; } } // Only display some links if we're viewing our own calendar. if (empty($user) || $user == $login) {
function display_unapproved_events($user) { global $is_admin, $is_nonuser, $login, $MENU_ENABLED, $NONUSER_ENABLED, $PUBLIC_ACCESS; static $retval; // Don't do this for public access login, // admin user must approve public events if UAC is not enabled. if ($user == '__public__' || $is_nonuser) { return; } // Don't run this more than once. if (!empty($retval[$user])) { return $retval[$user]; } $app_user_hash = $app_users = $query_params = array(); $query_params[] = $user; $ret = ''; $sql = 'SELECT COUNT( weu.cal_id ) FROM webcal_entry_user weu, webcal_entry we WHERE weu.cal_id = we.cal_id AND weu.cal_status = \'W\' AND ( weu.cal_login = ?' . ($PUBLIC_ACCESS == 'Y' && $is_admin && !access_is_enabled() ? ' OR weu.cal_login = \'__public__\'' : ''); if (access_is_enabled()) { $app_user_hash[$login] = 1; $app_users[] = $login; $all = $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), get_my_nonusers()) : get_my_users(); for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (access_user_calendar('approve', $x) && empty($app_user_hash[$x])) { $app_user_hash[$x] = 1; $app_users[] = $x; } } for ($i = 0, $cnt = count($app_users); $i < $cnt; $i++) { $query_params[] = $app_users[$i]; $sql .= ' OR weu.cal_login = ? '; } } else { if ($NONUSER_ENABLED == 'Y') { $admincals = get_my_nonusers($login); for ($i = 0, $cnt = count($admincals); $i < $cnt; $i++) { $query_params[] = $admincals[$i]['cal_login']; $sql .= ' OR weu.cal_login = ? '; } } } $rows = dbi_get_cached_rows($sql . ' )', $query_params); if ($rows) { $row = $rows[0]; if ($row && $row[0] > 0) { $ret .= $MENU_ENABLED == 'N' ? '<a class="nav" href="list_unapproved.php' . ($user != $login ? '?user='******'"' : '') . '">' . str_replace('XXX', $row[0], translate('You have XXX unapproved entries')) . "</a><br />\n" : '<!--NOP-->'; } } $retval[$user] = $ret; return $ret; }
$report_id = getValue('report_id', '-?[0-9]+', true); $selected = ' selected="selected"'; $show_participants = $single_user == 'Y' || $DISABLE_PARTICIPANTS_FIELD == 'Y' ? false : true; $updating_public = $is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y'; $report_user = $updating_public ? '__public__' : ''; if (empty($report_id)) { $adding_report = true; $include_header = $report_allow_nav = 'Y'; $report_id = -1; $report_is_global = 'N'; } // Set date range options. $ranges = array('0' => translate('Tomorrow'), '1' => translate('Today'), '2' => translate('Yesterday'), '3' => translate('Day before yesterday'), '10' => translate('Next week'), '11' => translate('This week'), '12' => translate('Last week'), '13' => translate('Week before last'), '20' => translate('Next week and week after'), '21' => translate('This week and next week'), '22' => translate('Last week and this week'), '23' => translate('Last two weeks'), '30' => translate('Next month'), '31' => translate('This month'), '32' => translate('Last month'), '33' => translate('Month before last'), '40' => translate('Next year'), '41' => translate('This year'), '42' => translate('Last year'), '43' => translate('Year before last'), '50' => translate('Next 14 days'), '51' => translate('Next 30 days'), '52' => translate('Next 60 days'), '53' => translate('Next 90 days'), '54' => translate('Next 180 days'), '55' => translate('Next 365 days')); // Get list of users visible to the current user. if (empty($error) && $show_participants) { $userlist = get_my_users('', 'view'); if ($NONUSER_ENABLED == 'Y') { // Restrict NUC list if groups are enabled. $nonusers = get_my_nonusers($login, true, 'view'); $userlist = $NONUSER_AT_TOP == 'Y' ? array_merge($nonusers, $userlist) : array_merge($userlist, $nonusers); } $userlistcnt = count($userlist); } // Default values. $day_template = '<dt><b>${date}</b></dt> <dd><dl>${events}</dl></dd>'; $event_template = '<dt>${name}</dt> <dd><b>' . translate('Date') . ':</b> ${date}<br /> <b>' . translate('Time') . ':</b> ${time}<br /> ${description}</dd> ';
<?php if ($is_admin) { $defIdx = !empty($viewisglobal) && $viewisglobal == 'Y' ? 'Y' : 'N'; echo '<tr><td><label>' . translate('Global') . ":</label></td>\n<td>" . print_radio('is_global', '', '', $defIdx, '</td><td>') . "</td></tr>\n"; } $defIdx = !empty($all_users) && $all_users == true ? 'Y' : 'N'; echo '<tr><td><label>' . translate('Users') . ":</label></td>\n<td>" . print_radio('viewuserall', array('N' => 'Selected', 'Y' => 'All'), 'usermode_handler', $defIdx, '</td><td>') . "</td></tr>\n"; ?> <tr><td colspan="4"> <div id="viewuserlist"> <select name="users[]" id="viewusers" size="10" multiple="multiple"> <?php // get list of all users $users = get_my_users('', 'view'); if ($NONUSER_ENABLED == 'Y') { $nonusers = get_my_nonusers($user, true, 'view'); $users = $NONUSER_AT_TOP == 'Y' ? array_merge($nonusers, $users) : array_merge($users, $nonusers); } for ($i = 0, $cnt = count($users); $i < $cnt; $i++) { $u = $users[$i]['cal_login']; echo "<option value=\"{$u}\""; if (!empty($viewuser[$u])) { echo $selected; } echo '>' . $users[$i]['cal_fullname'] . "</option>\n"; } ?> </select> <?php
} } // List Unapproved. if ($login != '__public__' && !$is_nonuser && $readonly == 'N' && ($REQUIRE_APPROVALS == 'Y' || $PUBLIC_ACCESS == 'Y')) { $unapproved_url = 'list_unapproved.php' . ($is_nonuser_admin ? '?user='******'user') : ''); } // Another User's Calendar. if ($login == '__public__' && $PUBLIC_ACCESS_OTHERS != 'Y' || $is_nonuser && !access_is_enabled()) { // Don't allow them to see other people's calendar. } else { if ($ALLOW_VIEW_OTHER == 'Y' || $is_admin) { // Also, make sure they able to access either day/week/month/year view. // If not, the only way to view another user's calendar is a custom view. if (!access_is_enabled() || access_can_access_function(ACCESS_ANOTHER_CALENDAR)) { // Get count of users this user can see. If > 1, then... $ulist = array_merge(get_my_users($login, 'view'), get_my_nonusers($login, true, 'view')); //remove duplicates if any if (function_exists('array_intersect_key')) { $ulist = array_intersect_key($ulist, array_unique(array_map('serialize', $ulist))); } if (count($ulist) > 1) { $select_user_url = 'select_user.php'; } } } } } // Only display some links if we're viewing our own calendar. if (empty($user) || $user == $login || !empty($user) && access_is_enabled() && access_user_calendar('view', $user)) { // Search if (access_can_access_function(ACCESS_SEARCH, $user)) {
function get_list_of_users($user) { global $is_admin, $is_nonuser_admin; //Let Admins userlist be returnd if ($user == '__default__') { $user = ''; } $u = get_my_users($user, 'view'); if ($is_admin || $is_nonuser_admin) { // Get public NUCs also. $nonusers = get_my_nonusers($user, true); $u = array_merge($nonusers, $u); } return $u; }
} // If a user is specified, we list just that user. if (($is_assistant || $is_nonuser_admin || $is_admin || access_is_enabled()) && !empty($user) && $user != $login) { if (!access_is_enabled() || access_user_calendar('approve', $user)) { $app_user_hash[$user] = 1; $app_users[] = $user; } else { // Not authorized to approve for specified user. echo translate('Not authorized'); } } else { // First, we list ourself. $app_user_hash[$login] = 1; $app_users[] = $login; if (access_is_enabled()) { $all = $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), $my_non_users) : get_my_users(); for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (access_user_calendar('approve', $x) && empty($app_user_hash[$x])) { $app_user_hash[$x] = 1; $app_users[] = $x; } } } else { if ($is_admin && $PUBLIC_ACCESS == 'Y' && (empty($user) || $user != '__public__')) { $app_users_hash['__public__'] = 1; $app_users[] = '__public__'; } $all = $my_non_users; for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login'];
<a name="tabparticipants"></a> <div id="tabscontent_participants">' : ' <fieldset> <legend>' . translate('Participants') . '</legend>') . ' <table>'; // . // Only ask for participants if we are multi-user. $show_participants = $DISABLE_PARTICIPANTS_FIELD != 'Y'; if ($is_admin) { $show_participants = true; } if ($login == '__public__' && $PUBLIC_ACCESS_OTHERS != 'Y') { $show_participants = false; } if ($single_user == 'N' && $show_participants) { $userlist = get_my_users($create_by, 'invite'); if ($NONUSER_ENABLED == 'Y') { // Include public NUCs. $nonusers = get_my_nonusers($real_user, false); $userlist = $NONUSER_AT_TOP == 'Y' ? array_merge($nonusers, $userlist) : array_merge($userlist, $nonusers); } $num_users = $size = 0; $usercnt = count($userlist); $users = ''; for ($i = 0; $i < $usercnt; $i++) { $l = $userlist[$i]['cal_login']; $size++; $users .= ' <option value="' . $l . '"'; if ($id > 0) { if (!empty($participants[$l])) {
function get_users_to_approve() { global $is_admin, $login, $NONUSER_ENABLED, $PUBLIC_ACCESS, $user; $app_user_hash = $app_users = $my_non_users = array(); $non_users = get_nonuser_cals(); foreach ($non_users as $nonuser) { if (user_is_nonuser_admin($login, $nonuser['cal_login'])) { $my_non_users[]['cal_login'] = $nonuser['cal_login']; // echo $nonuser['cal_login'] . "<br />"; } } // First, we list ourself. $app_users[] = $login; $app_user_hash[$login] = 1; if (access_is_enabled()) { $all = !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), $my_non_users) : get_my_users(); for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (access_user_calendar('approve', $x)) { if (empty($app_user_hash[$x])) { $app_users[] = $x; $app_user_hash[$x] = 1; } } } } else { if ($is_admin && $PUBLIC_ACCESS == 'Y' && (empty($user) || $user != '__public__')) { $app_users[] = '__public__'; $app_users_hash['__public__'] = 1; } $all = $my_non_users; for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (empty($app_user_hash[$x])) { $app_users[] = $x; $app_user_hash[$x] = 1; } } } return $app_users; }
/** * Remove any users from the view list who this user is not * allowed to view. * @param int $view_id id of the view * @return the array of valid users */ function view_get_user_list($view_id) { global $error, $login, $is_admin, $NONUSER_ENABLED, $USER_SEES_ONLY_HIS_GROUPS; // get users in this view $res = dbi_execute('SELECT cal_login FROM webcal_view_user WHERE cal_view_id = ?', array($view_id)); $ret = array(); $all_users = false; if ($res) { while ($row = dbi_fetch_row($res)) { $ret[] = $row[0]; if ($row[0] == '__all__') { $all_users = true; } } dbi_free_result($res); } else { $error = db_error(); } if ($all_users) { $users = get_my_users('', 'view'); $ret = array(); $usercnt = count($users); for ($i = 0; $i < $usercnt; $i++) { $ret[] = $users[$i]['cal_login']; } } else { $myusers = get_my_users('', 'view'); if (!empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') { $myusers = array_merge($myusers, get_my_nonusers($login, true, 'view')); } // Make sure this user is allowed to see all users in this view // If this is a global view, it may include users that this user // is not allowed to see. if (!empty($USER_SEES_ONLY_HIS_GROUPS) && $USER_SEES_ONLY_HIS_GROUPS == 'Y') { $userlookup = array(); $myusercnt = count($myusers); for ($i = 0; $i < $myusercnt; $i++) { $userlookup[$myusers[$i]['cal_login']] = 1; } $newlist = array(); $retcnt = count($ret); for ($i = 0; $i < $retcnt; $i++) { if (!empty($userlookup[$ret[$i]])) { $newlist[] = $ret[$i]; } } $ret = $newlist; } //Sort user list... $sortlist = array(); $myusercnt = count($myusers); $retcnt = count($ret); for ($i = 0; $i < $myusercnt; $i++) { for ($j = 0; $j < $retcnt; $j++) { if ($myusers[$i]['cal_login'] == $ret[$j]) { $sortlist[] = $ret[$j]; break; } } } $ret = $sortlist; } // If user access control enabled, check against that as well. if (access_is_enabled() && !$is_admin) { $newlist = array(); $retcnt = count($ret); for ($i = 0; $i < $retcnt; $i++) { if (access_user_calendar('view', $ret[$i])) { $newlist[] = $ret[$i]; } } $ret = $newlist; } //echo "<pre>"; print_r ( $ret ); echo "</pre>\n"; return $ret; }