function pieform_element_rolepermissions(Pieform $form, $element)
{
/*{{{*/
$value = $form->get_value($element);
$roles = group_get_role_info($element['group']);
$permissions = array_keys(get_object_vars($value['member']));
$result = '<table class="editpermissions"><tbody>';
$result .= '<tr><th>' . get_string('Role', 'group') . '</th>';
foreach ($permissions as $p) {
$result .= '<th>' . get_string('filepermission.' . $p, 'artefact.file') . '</th>';
}
$result .= '</tr>';
$prefix = $form->get_name() . '_' . $element['name'] . '_p';
foreach ($roles as $r) {
$result .= '<tr>';
$result .= '<td>' . hsc($r->display) . '</td>';
foreach ($permissions as $p) {
$inputname = $prefix . '_' . $r->name . '_' . $p;
$result .= '<td><input type="checkbox" class="permission" name="' . hsc($inputname) . '"';
if ($r->name == 'admin') {
$result .= ' checked disabled';
} else {
if ($value[$r->name]->{$p}) {
$result .= ' checked';
}
}
$result .= '/></td>';
}
$result .= '</tr>';
}
$result .= '</tbody></table>';
return $result;
}
function pieform_element_filebrowser_get_groupinfo($group)
{
require_once 'group.php';
$groupinfo = array('roles' => group_get_role_info($group), 'perms' => group_get_default_artefact_permissions($group), 'perm' => array());
foreach (current($groupinfo['perms']) as $k => $v) {
$groupinfo['perm'][$k] = get_string('filepermission.' . $k, 'artefact.file');
}
return $groupinfo;
}
$group = group_current_group();
$user = get_record('usr', 'id', $userid, 'deleted', 0);
if (!$user) {
throw new UserNotFoundException(get_string('usernotfound', 'group', $userid));
}
$role = group_user_access($groupid);
if ($role != 'admin' && !group_user_can_assess_submitted_views($group->id, $USER->get('id'))) {
if (!$group->invitefriends || !is_friend($user->id, $USER->get('id'))) {
throw new AccessDeniedException(get_string('cannotinvitetogroup', 'group'));
}
}
if (record_exists('group_member', 'group', $groupid, 'member', $userid) || record_exists('group_member_invite', 'group', $groupid, 'member', $userid)) {
throw new UserException(get_string('useralreadyinvitedtogroup', 'group'));
}
define('TITLE', get_string('invitemembertogroup', 'group', display_name($userid), $group->name));
$roles = group_get_role_info($groupid);
foreach ($roles as $k => &$v) {
$v = $v->display;
}
safe_require('grouptype', $group->grouptype);
$form = pieform(array('name' => 'invitetogroup', 'autofocus' => false, 'method' => 'post', 'elements' => array('reason' => array('type' => 'textarea', 'cols' => 50, 'rows' => 4, 'title' => get_string('reason')), 'role' => array('type' => 'select', 'options' => $roles, 'title' => get_string('Role', 'group'), 'defaultvalue' => call_static_method('GroupType' . $group->grouptype, 'default_role'), 'ignore' => $role != 'admin'), 'submit' => array('type' => 'submitcancel', 'value' => array(get_string('invite', 'group'), get_string('cancel')), 'goto' => profile_url($user)))));
$smarty = smarty();
$smarty->assign('subheading', TITLE);
$smarty->assign('form', $form);
$smarty->display('group/invite.tpl');
function invitetogroup_submit(Pieform $form, $values)
{
global $SESSION, $USER, $group, $user;
group_invite_user($group, $user->id, $USER, isset($values['role']) ? $values['role'] : null);
$SESSION->add_ok_msg(get_string('userinvited', 'group'));
redirect(profile_url($user));
/**
* The CSV file is parsed here so validation errors can be returned to the
* user. The data from a successful parsing is stored in the <var>$CVSDATA</var>
* array so it can be accessed by the submit function
*
* @param Pieform $form The form to validate
* @param array $values The values submitted
*/
function uploadcsv_validate(Pieform $form, $values)
{
global $CSVDATA, $ALLOWEDKEYS, $MANDATORYFIELDS, $FORMAT, $USER, $UPDATES, $MEMBERS, $GROUPS;
// Don't even start attempting to parse if there are previous errors
if ($form->has_errors()) {
return;
}
if ($values['file']['size'] == 0) {
$form->set_error('file', $form->i18n('rule', 'required', 'required', array()));
return;
}
$institution = $values['institution'];
if (!$USER->can_edit_institution($institution)) {
$form->set_error('institution', get_string('notadminforinstitution', 'admin'));
return;
}
require_once 'csvfile.php';
$csvgroups = new CsvFile($values['file']['tmp_name']);
$csvgroups->set('allowedkeys', $ALLOWEDKEYS);
$csvgroups->set('mandatoryfields', $MANDATORYFIELDS);
$csvdata = $csvgroups->get_data();
if (!empty($csvdata->errors['file'])) {
$form->set_error('file', $csvdata->errors['file']);
return;
}
$csverrors = new CSVErrors();
$formatkeylookup = array_flip($csvdata->format);
$shortnames = array();
$hadadmin = array();
$num_lines = count($csvdata->data);
foreach ($csvdata->data as $key => $line) {
// If headers exists, increment i = key + 2 for actual line number
$i = $csvgroups->get('headerExists') ? $key + 2 : $key + 1;
// In adding 5000 groups, this part was approx 8% of the wall time.
if (!($key % 25)) {
set_progress_info('uploadgroupmemberscsv', $key, $num_lines * 10, get_string('validating', 'admin'));
}
// Trim non-breaking spaces -- they get left in place by File_CSV
foreach ($line as &$field) {
$field = preg_replace('/^(\\s|\\xc2\\xa0)*(.*?)(\\s|\\xc2\\xa0)*$/', '$2', $field);
}
$shortname = $line[$formatkeylookup['shortname']];
$username = $line[$formatkeylookup['username']];
$role = $line[$formatkeylookup['role']];
$gid = get_field('group', 'id', 'shortname', $shortname, 'institution', $institution);
if (!$gid) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrornosuchshortname', 'admin', $i, $shortname, $institution));
continue;
}
$uid = get_field_sql('SELECT id FROM {usr} WHERE LOWER(username) = ?', array(strtolower($username)));
if (!$uid) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrornosuchusername', 'admin', $i, $username));
continue;
}
if ($institution != 'mahara' && !record_exists('usr_institution', 'usr', $uid, 'institution', $institution)) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrorusernotininstitution', 'admin', $i, $username, $institution));
continue;
}
if (!in_array($role, array_keys(group_get_role_info($gid)))) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrorinvalidrole', 'admin', $i, $role));
continue;
}
if (!isset($MEMBERS[$gid])) {
$MEMBERS[$gid] = array();
}
if (isset($MEMBERS[$gid][$uid])) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrorduplicateusername', 'admin', $i, $shortname, $username));
continue;
}
$MEMBERS[$gid][$uid] = $role;
$GROUPS[$gid] = $shortname;
if ($role == 'admin') {
$hasadmin[$shortname] = 1;
}
}
foreach ($GROUPS as $shortname) {
if (!isset($hasadmin[$shortname])) {
$csverrors->add($i, get_string('uploadgroupmemberscsverrornoadminlisted', 'admin', $i, $shortname));
}
}
if ($errors = $csverrors->process()) {
$form->set_error('file', clean_html($errors));
return;
}
$FORMAT = $csvdata->format;
$CSVDATA = $csvdata->data;
}
/**
* Set the view access rules
* @param $accessdata array For each view access row
Can contain id, type, startdate, stopdate, allowcomments, approvecomments
* @param $viewids array Contains ids of the views getting the access rules
* @param $allowcomments bool Holding the view wide allowcomments option
Needed when changing this and saving page at same time
as the views are not saved at this point.
*
* @return $accessdata_added array The added access rows
*/
public function set_access($accessdata, $viewids = null, $allowcomments = true)
{
global $USER;
require_once 'activity.php';
require_once 'group.php';
require_once 'institution.php';
$beforeusers = activity_get_viewaccess_users($this->get('id'));
$select = 'view = ? AND visible = 1 AND token IS NULL';
db_begin();
delete_records_select('view_access', $select, array($this->id));
// View access
$accessdata_added = array();
if ($accessdata) {
/*
* There should be a cleaner way to do this
* $accessdata_added ensures that the same access is not granted twice because the profile page
* gets very grumpy if there are duplicate access rules
*
* Additional rules:
* - Don't insert records with stopdate in the past
* - Remove startdates that are in the past
* - If view allows comments, access record comment permissions, don't apply, so reset them.
* @todo: merge overlapping date ranges.
*/
$time = time();
foreach ($accessdata as $item) {
if (!empty($item['stopdate']) && $item['stopdate'] < $time) {
continue;
}
if (!empty($item['startdate']) && $item['startdate'] < $time) {
unset($item['startdate']);
}
if ($allowcomments) {
unset($item['allowcomments']);
unset($item['approvecomments']);
}
$accessrecord = (object) array('accesstype' => null, 'group' => null, 'role' => null, 'institution' => null, 'usr' => null, 'token' => null, 'startdate' => null, 'stopdate' => null, 'allowcomments' => 0, 'approvecomments' => 1, 'ctime' => db_format_timestamp(time()));
switch ($item['type']) {
case 'user':
$accessrecord->usr = $item['id'];
break;
case 'group':
$accessrecord->group = $item['id'];
if (isset($item['role']) && strlen($item['role'])) {
// Don't insert a record for a role the group doesn't have
$roleinfo = group_get_role_info($item['id']);
if (!isset($roleinfo[$item['role']])) {
break;
}
$accessrecord->role = $item['role'];
}
break;
case 'institution':
$accessrecord->institution = $item['id'];
break;
case 'friends':
if (!$this->owner) {
continue;
// Don't add friend access to group, institution or system views
}
case 'public':
case 'loggedin':
$accessrecord->accesstype = $item['type'];
}
if (isset($item['allowcomments'])) {
$accessrecord->allowcomments = (int) (!empty($item['allowcomments']));
if ($accessrecord->allowcomments) {
$accessrecord->approvecomments = (int) (!empty($item['approvecomments']));
}
}
if (isset($item['startdate'])) {
$accessrecord->startdate = db_format_timestamp($item['startdate']);
}
if (isset($item['stopdate'])) {
$accessrecord->stopdate = db_format_timestamp($item['stopdate']);
}
if (array_search($accessrecord, $accessdata_added) === false) {
$accessrecord->view = $this->get('id');
insert_record('view_access', $accessrecord);
unset($accessrecord->view);
$accessdata_added[] = $accessrecord;
}
}
}
$data = new StdClass();
$data->view = $this->get('id');
$data->oldusers = $beforeusers;
if (!empty($viewids) && sizeof($viewids) > 1) {
$views = array();
foreach ($viewids as $viewid) {
$view = new View($viewid);
$views[] = array('id' => $view->get('id'), 'title' => $view->get('title'));
}
$data->views = $views;
}
activity_occurred('viewaccess', $data);
handle_event('saveview', $this->get('id'));
db_commit();
return $accessdata_added;
}
function group_get_membersearch_data($results, $group, $query, $membershiptype, $setlimit = false, $sortoption = '')
{
global $USER;
$params = array();
if ($query != '') {
$params['query'] = $query;
}
if (!empty($membershiptype)) {
$params['membershiptype'] = $membershiptype;
}
if (!empty($sortoption)) {
$params['sortoption'] = $sortoption;
}
$searchurl = get_config('wwwroot') . 'group/members.php?id=' . $group . (!empty($params) ? '&' . http_build_query($params) : '');
$smarty = smarty_core();
$role = group_user_access($group);
$userid = $USER->get('id');
foreach ($results['data'] as &$r) {
if ($role == 'admin' && ($r['id'] != $userid || group_user_can_leave($group, $r['id']))) {
$r['removeform'] = group_get_removeuser_form($r['id'], $group);
}
// NOTE: this is a quick approximation. We should really check whether,
// for each role in the group, that the user can change to it (using
// group_can_change_role). This only controls whether the 'change
// role' link appears though, so it doesn't matter too much. If the
// user clicks on this link, changerole.php does the full check and
// sends them back here saying that the user has no roles they can
// change to anyway.
$r['canchangerole'] = !group_is_only_admin($group, $r['id']);
}
if (!empty($membershiptype)) {
if ($membershiptype == 'request') {
foreach ($results['data'] as &$r) {
$r['addform'] = group_get_adduser_form($r['id'], $group);
$r['denyform'] = group_get_denyuser_form($r['id'], $group);
// TODO: this will suck when there's quite a few on the page,
// would be better to grab all the reasons in one go
$r['reason'] = get_field('group_member_request', 'reason', 'group', $group, 'member', $r['id']);
}
}
$smarty->assign('membershiptype', $membershiptype);
}
$results['cdata'] = array_chunk($results['data'], 2);
$results['roles'] = group_get_role_info($group);
$smarty->assign_by_ref('results', $results);
$smarty->assign('searchurl', $searchurl);
$smarty->assign('pagebaseurl', $searchurl);
$smarty->assign('caneditroles', group_user_access($group) == 'admin');
$smarty->assign('group', $group);
$html = $smarty->fetch('group/membersearchresults.tpl');
$pagination = build_pagination(array('id' => 'member_pagination', 'class' => 'center', 'url' => $searchurl, 'count' => $results['count'], 'setlimit' => $setlimit, 'limit' => $results['limit'], 'offset' => $results['offset'], 'jumplinks' => 8, 'numbersincludeprevnext' => 2, 'datatable' => 'membersearchresults', 'searchresultsheading' => 'searchresultsheading', 'jsonscript' => 'group/membersearchresults.json.php', 'firsttext' => '', 'previoustext' => '', 'nexttext' => '', 'lasttext' => '', 'numbersincludefirstlast' => false, 'resultcounttextsingular' => get_string('member', 'group'), 'resultcounttextplural' => get_string('members', 'group')));
return array($html, $pagination, $results['count'], $results['offset'], $membershiptype);
}
public function set_access($accessdata)
{
global $USER;
require_once 'activity.php';
// For users who are being removed from having access to this view, they
// need to have the view and any attached artefacts removed from their
// watchlist.
$oldusers = array();
foreach ($this->get_access() as $item) {
if ($item['type'] == 'user') {
$oldusers[] = $item;
}
}
$newusers = array();
if ($accessdata) {
foreach ($accessdata as $item) {
if ($item['type'] == 'user') {
$newusers[] = $item;
}
}
}
$userstodelete = array();
foreach ($oldusers as $olduser) {
foreach ($newusers as $newuser) {
if ($olduser['id'] == $newuser['id']) {
continue 2;
}
}
$userstodelete[] = $olduser;
}
if ($userstodelete) {
$userids = array();
foreach ($userstodelete as $user) {
$userids[] = intval($user['id']);
}
$userids = implode(',', $userids);
execute_sql('DELETE FROM {usr_watchlist_view}
WHERE view = ' . $this->get('id') . '
AND usr IN (' . $userids . ')');
}
$beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess');
// Procedure:
// get list of current friends - this is available in global $data
// compare with list of new friends
// work out which friends are being removed
// foreach friend
// // remove record from usr_watchlist_view where usr = ? and view = ?
// // remove records from usr_watchlist_artefact where usr = ? and view = ?
// endforeach
//
db_begin();
delete_records('view_access', 'view', $this->get('id'));
delete_records('view_access_usr', 'view', $this->get('id'));
delete_records('view_access_group', 'view', $this->get('id'));
delete_records('view_access_token', 'view', $this->get('id'), 'visible', 1);
$time = db_format_timestamp(time());
// View access
if ($accessdata) {
foreach ($accessdata as $item) {
$accessrecord = new StdClass();
$accessrecord->view = $this->get('id');
if (isset($item['startdate'])) {
$accessrecord->startdate = db_format_timestamp($item['startdate']);
}
if (isset($item['stopdate'])) {
$accessrecord->stopdate = db_format_timestamp($item['stopdate']);
}
switch ($item['type']) {
case 'public':
case 'loggedin':
case 'friends':
$accessrecord->accesstype = $item['type'];
insert_record('view_access', $accessrecord);
break;
case 'user':
$accessrecord->usr = $item['id'];
insert_record('view_access_usr', $accessrecord);
break;
case 'group':
$accessrecord->group = $item['id'];
if ($item['role']) {
// Don't insert a record for a role the group doesn't have
$roleinfo = group_get_role_info($item['id']);
if (!isset($roleinfo[$item['role']])) {
break;
}
$accessrecord->role = $item['role'];
}
insert_record('view_access_group', $accessrecord);
break;
case 'token':
$accessrecord->token = $item['id'];
insert_record('view_access_token', $accessrecord);
break;
}
}
}
$data = new StdClass();
$data->view = $this->get('id');
$data->owner = $USER->get('id');
$data->oldusers = $beforeusers;
activity_occurred('viewaccess', $data);
handle_event('saveview', $this->get('id'));
db_commit();
}
