function pieform_element_rolepermissions(Pieform $form, $element) { /*{{{*/ $value = $form->get_value($element); $roles = group_get_role_info($element['group']); $permissions = array_keys(get_object_vars($value['member'])); $result = '<table class="editpermissions"><tbody>'; $result .= '<tr><th>' . get_string('Role', 'group') . '</th>'; foreach ($permissions as $p) { $result .= '<th>' . get_string('filepermission.' . $p, 'artefact.file') . '</th>'; } $result .= '</tr>'; $prefix = $form->get_name() . '_' . $element['name'] . '_p'; foreach ($roles as $r) { $result .= '<tr>'; $result .= '<td>' . hsc($r->display) . '</td>'; foreach ($permissions as $p) { $inputname = $prefix . '_' . $r->name . '_' . $p; $result .= '<td><input type="checkbox" class="permission" name="' . hsc($inputname) . '"'; if ($r->name == 'admin') { $result .= ' checked disabled'; } else { if ($value[$r->name]->{$p}) { $result .= ' checked'; } } $result .= '/></td>'; } $result .= '</tr>'; } $result .= '</tbody></table>'; return $result; }
function pieform_element_filebrowser_get_groupinfo($group) { require_once 'group.php'; $groupinfo = array('roles' => group_get_role_info($group), 'perms' => group_get_default_artefact_permissions($group), 'perm' => array()); foreach (current($groupinfo['perms']) as $k => $v) { $groupinfo['perm'][$k] = get_string('filepermission.' . $k, 'artefact.file'); } return $groupinfo; }
$group = group_current_group(); $user = get_record('usr', 'id', $userid, 'deleted', 0); if (!$user) { throw new UserNotFoundException(get_string('usernotfound', 'group', $userid)); } $role = group_user_access($groupid); if ($role != 'admin' && !group_user_can_assess_submitted_views($group->id, $USER->get('id'))) { if (!$group->invitefriends || !is_friend($user->id, $USER->get('id'))) { throw new AccessDeniedException(get_string('cannotinvitetogroup', 'group')); } } if (record_exists('group_member', 'group', $groupid, 'member', $userid) || record_exists('group_member_invite', 'group', $groupid, 'member', $userid)) { throw new UserException(get_string('useralreadyinvitedtogroup', 'group')); } define('TITLE', get_string('invitemembertogroup', 'group', display_name($userid), $group->name)); $roles = group_get_role_info($groupid); foreach ($roles as $k => &$v) { $v = $v->display; } safe_require('grouptype', $group->grouptype); $form = pieform(array('name' => 'invitetogroup', 'autofocus' => false, 'method' => 'post', 'elements' => array('reason' => array('type' => 'textarea', 'cols' => 50, 'rows' => 4, 'title' => get_string('reason')), 'role' => array('type' => 'select', 'options' => $roles, 'title' => get_string('Role', 'group'), 'defaultvalue' => call_static_method('GroupType' . $group->grouptype, 'default_role'), 'ignore' => $role != 'admin'), 'submit' => array('type' => 'submitcancel', 'value' => array(get_string('invite', 'group'), get_string('cancel')), 'goto' => profile_url($user))))); $smarty = smarty(); $smarty->assign('subheading', TITLE); $smarty->assign('form', $form); $smarty->display('group/invite.tpl'); function invitetogroup_submit(Pieform $form, $values) { global $SESSION, $USER, $group, $user; group_invite_user($group, $user->id, $USER, isset($values['role']) ? $values['role'] : null); $SESSION->add_ok_msg(get_string('userinvited', 'group')); redirect(profile_url($user));
/** * The CSV file is parsed here so validation errors can be returned to the * user. The data from a successful parsing is stored in the <var>$CVSDATA</var> * array so it can be accessed by the submit function * * @param Pieform $form The form to validate * @param array $values The values submitted */ function uploadcsv_validate(Pieform $form, $values) { global $CSVDATA, $ALLOWEDKEYS, $MANDATORYFIELDS, $FORMAT, $USER, $UPDATES, $MEMBERS, $GROUPS; // Don't even start attempting to parse if there are previous errors if ($form->has_errors()) { return; } if ($values['file']['size'] == 0) { $form->set_error('file', $form->i18n('rule', 'required', 'required', array())); return; } $institution = $values['institution']; if (!$USER->can_edit_institution($institution)) { $form->set_error('institution', get_string('notadminforinstitution', 'admin')); return; } require_once 'csvfile.php'; $csvgroups = new CsvFile($values['file']['tmp_name']); $csvgroups->set('allowedkeys', $ALLOWEDKEYS); $csvgroups->set('mandatoryfields', $MANDATORYFIELDS); $csvdata = $csvgroups->get_data(); if (!empty($csvdata->errors['file'])) { $form->set_error('file', $csvdata->errors['file']); return; } $csverrors = new CSVErrors(); $formatkeylookup = array_flip($csvdata->format); $shortnames = array(); $hadadmin = array(); $num_lines = count($csvdata->data); foreach ($csvdata->data as $key => $line) { // If headers exists, increment i = key + 2 for actual line number $i = $csvgroups->get('headerExists') ? $key + 2 : $key + 1; // In adding 5000 groups, this part was approx 8% of the wall time. if (!($key % 25)) { set_progress_info('uploadgroupmemberscsv', $key, $num_lines * 10, get_string('validating', 'admin')); } // Trim non-breaking spaces -- they get left in place by File_CSV foreach ($line as &$field) { $field = preg_replace('/^(\\s|\\xc2\\xa0)*(.*?)(\\s|\\xc2\\xa0)*$/', '$2', $field); } $shortname = $line[$formatkeylookup['shortname']]; $username = $line[$formatkeylookup['username']]; $role = $line[$formatkeylookup['role']]; $gid = get_field('group', 'id', 'shortname', $shortname, 'institution', $institution); if (!$gid) { $csverrors->add($i, get_string('uploadgroupmemberscsverrornosuchshortname', 'admin', $i, $shortname, $institution)); continue; } $uid = get_field_sql('SELECT id FROM {usr} WHERE LOWER(username) = ?', array(strtolower($username))); if (!$uid) { $csverrors->add($i, get_string('uploadgroupmemberscsverrornosuchusername', 'admin', $i, $username)); continue; } if ($institution != 'mahara' && !record_exists('usr_institution', 'usr', $uid, 'institution', $institution)) { $csverrors->add($i, get_string('uploadgroupmemberscsverrorusernotininstitution', 'admin', $i, $username, $institution)); continue; } if (!in_array($role, array_keys(group_get_role_info($gid)))) { $csverrors->add($i, get_string('uploadgroupmemberscsverrorinvalidrole', 'admin', $i, $role)); continue; } if (!isset($MEMBERS[$gid])) { $MEMBERS[$gid] = array(); } if (isset($MEMBERS[$gid][$uid])) { $csverrors->add($i, get_string('uploadgroupmemberscsverrorduplicateusername', 'admin', $i, $shortname, $username)); continue; } $MEMBERS[$gid][$uid] = $role; $GROUPS[$gid] = $shortname; if ($role == 'admin') { $hasadmin[$shortname] = 1; } } foreach ($GROUPS as $shortname) { if (!isset($hasadmin[$shortname])) { $csverrors->add($i, get_string('uploadgroupmemberscsverrornoadminlisted', 'admin', $i, $shortname)); } } if ($errors = $csverrors->process()) { $form->set_error('file', clean_html($errors)); return; } $FORMAT = $csvdata->format; $CSVDATA = $csvdata->data; }
/** * Set the view access rules * @param $accessdata array For each view access row Can contain id, type, startdate, stopdate, allowcomments, approvecomments * @param $viewids array Contains ids of the views getting the access rules * @param $allowcomments bool Holding the view wide allowcomments option Needed when changing this and saving page at same time as the views are not saved at this point. * * @return $accessdata_added array The added access rows */ public function set_access($accessdata, $viewids = null, $allowcomments = true) { global $USER; require_once 'activity.php'; require_once 'group.php'; require_once 'institution.php'; $beforeusers = activity_get_viewaccess_users($this->get('id')); $select = 'view = ? AND visible = 1 AND token IS NULL'; db_begin(); delete_records_select('view_access', $select, array($this->id)); // View access $accessdata_added = array(); if ($accessdata) { /* * There should be a cleaner way to do this * $accessdata_added ensures that the same access is not granted twice because the profile page * gets very grumpy if there are duplicate access rules * * Additional rules: * - Don't insert records with stopdate in the past * - Remove startdates that are in the past * - If view allows comments, access record comment permissions, don't apply, so reset them. * @todo: merge overlapping date ranges. */ $time = time(); foreach ($accessdata as $item) { if (!empty($item['stopdate']) && $item['stopdate'] < $time) { continue; } if (!empty($item['startdate']) && $item['startdate'] < $time) { unset($item['startdate']); } if ($allowcomments) { unset($item['allowcomments']); unset($item['approvecomments']); } $accessrecord = (object) array('accesstype' => null, 'group' => null, 'role' => null, 'institution' => null, 'usr' => null, 'token' => null, 'startdate' => null, 'stopdate' => null, 'allowcomments' => 0, 'approvecomments' => 1, 'ctime' => db_format_timestamp(time())); switch ($item['type']) { case 'user': $accessrecord->usr = $item['id']; break; case 'group': $accessrecord->group = $item['id']; if (isset($item['role']) && strlen($item['role'])) { // Don't insert a record for a role the group doesn't have $roleinfo = group_get_role_info($item['id']); if (!isset($roleinfo[$item['role']])) { break; } $accessrecord->role = $item['role']; } break; case 'institution': $accessrecord->institution = $item['id']; break; case 'friends': if (!$this->owner) { continue; // Don't add friend access to group, institution or system views } case 'public': case 'loggedin': $accessrecord->accesstype = $item['type']; } if (isset($item['allowcomments'])) { $accessrecord->allowcomments = (int) (!empty($item['allowcomments'])); if ($accessrecord->allowcomments) { $accessrecord->approvecomments = (int) (!empty($item['approvecomments'])); } } if (isset($item['startdate'])) { $accessrecord->startdate = db_format_timestamp($item['startdate']); } if (isset($item['stopdate'])) { $accessrecord->stopdate = db_format_timestamp($item['stopdate']); } if (array_search($accessrecord, $accessdata_added) === false) { $accessrecord->view = $this->get('id'); insert_record('view_access', $accessrecord); unset($accessrecord->view); $accessdata_added[] = $accessrecord; } } } $data = new StdClass(); $data->view = $this->get('id'); $data->oldusers = $beforeusers; if (!empty($viewids) && sizeof($viewids) > 1) { $views = array(); foreach ($viewids as $viewid) { $view = new View($viewid); $views[] = array('id' => $view->get('id'), 'title' => $view->get('title')); } $data->views = $views; } activity_occurred('viewaccess', $data); handle_event('saveview', $this->get('id')); db_commit(); return $accessdata_added; }
function group_get_membersearch_data($results, $group, $query, $membershiptype, $setlimit = false, $sortoption = '') { global $USER; $params = array(); if ($query != '') { $params['query'] = $query; } if (!empty($membershiptype)) { $params['membershiptype'] = $membershiptype; } if (!empty($sortoption)) { $params['sortoption'] = $sortoption; } $searchurl = get_config('wwwroot') . 'group/members.php?id=' . $group . (!empty($params) ? '&' . http_build_query($params) : ''); $smarty = smarty_core(); $role = group_user_access($group); $userid = $USER->get('id'); foreach ($results['data'] as &$r) { if ($role == 'admin' && ($r['id'] != $userid || group_user_can_leave($group, $r['id']))) { $r['removeform'] = group_get_removeuser_form($r['id'], $group); } // NOTE: this is a quick approximation. We should really check whether, // for each role in the group, that the user can change to it (using // group_can_change_role). This only controls whether the 'change // role' link appears though, so it doesn't matter too much. If the // user clicks on this link, changerole.php does the full check and // sends them back here saying that the user has no roles they can // change to anyway. $r['canchangerole'] = !group_is_only_admin($group, $r['id']); } if (!empty($membershiptype)) { if ($membershiptype == 'request') { foreach ($results['data'] as &$r) { $r['addform'] = group_get_adduser_form($r['id'], $group); $r['denyform'] = group_get_denyuser_form($r['id'], $group); // TODO: this will suck when there's quite a few on the page, // would be better to grab all the reasons in one go $r['reason'] = get_field('group_member_request', 'reason', 'group', $group, 'member', $r['id']); } } $smarty->assign('membershiptype', $membershiptype); } $results['cdata'] = array_chunk($results['data'], 2); $results['roles'] = group_get_role_info($group); $smarty->assign_by_ref('results', $results); $smarty->assign('searchurl', $searchurl); $smarty->assign('pagebaseurl', $searchurl); $smarty->assign('caneditroles', group_user_access($group) == 'admin'); $smarty->assign('group', $group); $html = $smarty->fetch('group/membersearchresults.tpl'); $pagination = build_pagination(array('id' => 'member_pagination', 'class' => 'center', 'url' => $searchurl, 'count' => $results['count'], 'setlimit' => $setlimit, 'limit' => $results['limit'], 'offset' => $results['offset'], 'jumplinks' => 8, 'numbersincludeprevnext' => 2, 'datatable' => 'membersearchresults', 'searchresultsheading' => 'searchresultsheading', 'jsonscript' => 'group/membersearchresults.json.php', 'firsttext' => '', 'previoustext' => '', 'nexttext' => '', 'lasttext' => '', 'numbersincludefirstlast' => false, 'resultcounttextsingular' => get_string('member', 'group'), 'resultcounttextplural' => get_string('members', 'group'))); return array($html, $pagination, $results['count'], $results['offset'], $membershiptype); }
public function set_access($accessdata) { global $USER; require_once 'activity.php'; // For users who are being removed from having access to this view, they // need to have the view and any attached artefacts removed from their // watchlist. $oldusers = array(); foreach ($this->get_access() as $item) { if ($item['type'] == 'user') { $oldusers[] = $item; } } $newusers = array(); if ($accessdata) { foreach ($accessdata as $item) { if ($item['type'] == 'user') { $newusers[] = $item; } } } $userstodelete = array(); foreach ($oldusers as $olduser) { foreach ($newusers as $newuser) { if ($olduser['id'] == $newuser['id']) { continue 2; } } $userstodelete[] = $olduser; } if ($userstodelete) { $userids = array(); foreach ($userstodelete as $user) { $userids[] = intval($user['id']); } $userids = implode(',', $userids); execute_sql('DELETE FROM {usr_watchlist_view} WHERE view = ' . $this->get('id') . ' AND usr IN (' . $userids . ')'); } $beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess'); // Procedure: // get list of current friends - this is available in global $data // compare with list of new friends // work out which friends are being removed // foreach friend // // remove record from usr_watchlist_view where usr = ? and view = ? // // remove records from usr_watchlist_artefact where usr = ? and view = ? // endforeach // db_begin(); delete_records('view_access', 'view', $this->get('id')); delete_records('view_access_usr', 'view', $this->get('id')); delete_records('view_access_group', 'view', $this->get('id')); delete_records('view_access_token', 'view', $this->get('id'), 'visible', 1); $time = db_format_timestamp(time()); // View access if ($accessdata) { foreach ($accessdata as $item) { $accessrecord = new StdClass(); $accessrecord->view = $this->get('id'); if (isset($item['startdate'])) { $accessrecord->startdate = db_format_timestamp($item['startdate']); } if (isset($item['stopdate'])) { $accessrecord->stopdate = db_format_timestamp($item['stopdate']); } switch ($item['type']) { case 'public': case 'loggedin': case 'friends': $accessrecord->accesstype = $item['type']; insert_record('view_access', $accessrecord); break; case 'user': $accessrecord->usr = $item['id']; insert_record('view_access_usr', $accessrecord); break; case 'group': $accessrecord->group = $item['id']; if ($item['role']) { // Don't insert a record for a role the group doesn't have $roleinfo = group_get_role_info($item['id']); if (!isset($roleinfo[$item['role']])) { break; } $accessrecord->role = $item['role']; } insert_record('view_access_group', $accessrecord); break; case 'token': $accessrecord->token = $item['id']; insert_record('view_access_token', $accessrecord); break; } } } $data = new StdClass(); $data->view = $this->get('id'); $data->owner = $USER->get('id'); $data->oldusers = $beforeusers; activity_occurred('viewaccess', $data); handle_event('saveview', $this->get('id')); db_commit(); }