function do_updateGroups()
{
$old_search = KTUtil::arrayGet($_REQUEST, 'old_search');
$user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
$oUser = User::get($user_id);
if (PEAR::isError($oUser) || $oUser === false) {
$this->errorRedirectToMain(_kt('Please select a user first.'), sprintf("old_search=%s&do_search=1", $old_search));
}
$groupAdded = KTUtil::arrayGet($_REQUEST, 'groups_items_added', '');
$groupRemoved = KTUtil::arrayGet($_REQUEST, 'groups_items_removed', '');
$aGroupToAddIDs = explode(",", $groupAdded);
$aGroupToRemoveIDs = explode(",", $groupRemoved);
// FIXME we need to ensure that only groups which are allocatable by the admin are added here.
// FIXME what groups are _allocatable_?
$this->startTransaction();
$groupsAdded = array();
$groupsRemoved = array();
$addWarnings = array();
$removeWarnings = array();
foreach ($aGroupToAddIDs as $iGroupID) {
if ($iGroupID > 0) {
$oGroup = Group::get($iGroupID);
$memberReason = GroupUtil::getMembershipReason($oUser, $oGroup);
//var_dump($memberReason);
if (!(PEAR::isError($memberReason) || is_null($memberReason))) {
$addWarnings[] = $memberReason;
}
$res = $oGroup->addMember($oUser);
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(sprintf(_kt('Unable to add user to group "%s"'), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search));
} else {
$groupsAdded[] = $oGroup->getName();
}
}
}
// Remove groups
foreach ($aGroupToRemoveIDs as $iGroupID) {
if ($iGroupID > 0) {
$oGroup = Group::get($iGroupID);
$res = $oGroup->removeMember($oUser);
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(sprintf(_kt('Unable to remove user from group "%s"'), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search));
} else {
$groupsRemoved[] = $oGroup->getName();
$memberReason = GroupUtil::getMembershipReason($oUser, $oGroup);
//var_dump($memberReason);
if (!(PEAR::isError($memberReason) || is_null($memberReason))) {
$removeWarnings[] = $memberReason;
}
}
}
}
if (!empty($addWarnings)) {
$sWarnStr = _kt('Warning: the user was already a member of some subgroups') . ' — ';
$sWarnStr .= implode(', ', $addWarnings);
$_SESSION['KTInfoMessage'][] = $sWarnStr;
}
if (!empty($removeWarnings)) {
$sWarnStr = _kt('Warning: the user is still a member of some subgroups') . ' — ';
$sWarnStr .= implode(', ', $removeWarnings);
$_SESSION['KTInfoMessage'][] = $sWarnStr;
}
$msg = '';
if (!empty($groupsAdded)) {
$msg .= ' ' . _kt('Added to groups') . ': ' . implode(', ', $groupsAdded) . '.';
}
if (!empty($groupsRemoved)) {
$msg .= ' ' . _kt('Removed from groups') . ': ' . implode(', ', $groupsRemoved) . '.';
}
if (!Permission::userIsSystemAdministrator($_SESSION['userID'])) {
$this->rollbackTransaction();
$this->errorRedirectTo('editgroups', _kt('For security purposes, you cannot remove your own administration priviledges.'), sprintf('user_id=%d&do_search=1&old_search=%s', $oUser->getId(), $old_search));
exit(0);
}
$this->commitTransaction();
$this->successRedirectToMain($msg, sprintf("old_search=%s&do_search=1", $old_search));
}
function do_updateUserMembers()
{
$old_search = KTUtil::arrayGet($_REQUEST, 'old_search');
$group_id = KTUtil::arrayGet($_REQUEST, 'group_id');
$oGroup = Group::get($group_id);
if (PEAR::isError($oGroup) || $oGroup === false) {
$this->errorRedirectToMain(_kt('No such group.'));
}
$userAdded = KTUtil::arrayGet($_REQUEST, 'users_items_added', '');
$userRemoved = KTUtil::arrayGet($_REQUEST, 'users_items_removed', '');
$aUserToAddIDs = explode(",", $userAdded);
$aUserToRemoveIDs = explode(",", $userRemoved);
$this->startTransaction();
$usersAdded = array();
$usersRemoved = array();
$addWarnings = array();
$removeWarnings = array();
foreach ($aUserToAddIDs as $iUserId) {
if ($iUserId > 0) {
$oUser = User::Get($iUserId);
$memberReason = GroupUtil::getMembershipReason($oUser, $oGroup);
//var_dump($memberReason);
if (!(PEAR::isError($memberReason) || is_null($memberReason))) {
$addWarnings[] = $memberReason;
}
$res = $oGroup->addMember($oUser);
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(sprintf(_kt('Unable to add user "%s" to group "%s"'), $oUser->getName(), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search));
} else {
$usersAdded[] = $oUser->getName();
}
}
}
// Remove groups
foreach ($aUserToRemoveIDs as $iUserId) {
if ($iUserId > 0) {
$oUser = User::get($iUserId);
$res = $oGroup->removeMember($oUser);
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(sprintf(_kt('Unable to remove user "%s" from group "%s"'), $oUser->getName(), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search));
} else {
$usersRemoved[] = $oUser->getName();
$memberReason = GroupUtil::getMembershipReason($oUser, $oGroup);
//var_dump($memberReason);
if (!(PEAR::isError($memberReason) || is_null($memberReason))) {
$removeWarnings[] = $memberReason;
}
}
}
}
if (!empty($addWarnings)) {
$sWarnStr = _kt('Warning: some users were already members of some subgroups') . ' — ';
$sWarnStr .= implode(', ', $addWarnings);
$_SESSION['KTInfoMessage'][] = $sWarnStr;
}
if (!empty($removeWarnings)) {
$sWarnStr = _kt('Warning: some users are still members of some subgroups') . ' — ';
$sWarnStr .= implode(', ', $removeWarnings);
$_SESSION['KTInfoMessage'][] = $sWarnStr;
}
$msg = '';
if (!empty($usersAdded)) {
$msg .= ' ' . _kt('Added') . ': ' . implode(', ', $usersAdded) . '. ';
}
if (!empty($usersRemoved)) {
$msg .= ' ' . _kt('Removed') . ': ' . implode(', ', $usersRemoved) . '.';
}
if (!Permission::userIsSystemAdministrator($_SESSION['userID'])) {
$this->rollbackTransaction();
$this->errorRedirectTo('manageUsers', _kt('For security purposes, you cannot remove your own administration priviledges.'), sprintf('group_id=%d', $oGroup->getId()), sprintf("old_search=%s&do_search=1", $old_search));
exit(0);
}
$this->commitTransaction();
$this->successRedirectToMain($msg, sprintf("old_search=%s&do_search=1", $old_search));
}
function hasMember($oUser)
{
$oPD = $this->getPermissionDescriptor();
if (PEAR::isError($oPD) || $oPD == false) {
return false;
}
$aAllowed = $oPD->getAllowed();
$iUserId = $oUser->getId();
if ($aAllowed['user'] != null) {
if (array_search($iUserId, $aAllowed['user']) !== false) {
return true;
}
}
// now we need the group objects.
// FIXME this could accelerated to a single SQL query on group_user_link.
$aGroups = $this->getGroups();
if (PEAR::isError($aGroups) || $aGroups == false) {
return false;
} else {
foreach ($aGroups as $oGroup) {
$reason = GroupUtil::getMembershipReason($oUser, $oGroup);
if (PEAR::isError($reason) || is_null($reason)) {
continue;
}
return true;
// don't bother continuing - short-circuit for performance.
}
}
return false;
}
function allowTransition($oDocument, $oUser)
{
if (!$this->isLoaded()) {
return true;
}
$iGroupId = $this->aConfig['group_id'];
$oGroup = Group::get($this->aConfig['group_id']);
if (PEAR::isError($oGroup)) {
return true;
// fail safe for cases where the role is deleted.
}
$res = GroupUtil::getMembershipReason($oUser, $oGroup);
if (PEAR::isError($res) || empty($res)) {
// broken setup, or no reason
return false;
} else {
return true;
}
}
