/** * Save the settings for the timecard * * @param array $params $_POST values * * @return void */ public function setSettings($params) { $namespace = new Zend_Session_Namespace(Phprojekt_Setting::IDENTIFIER . Phprojekt_Auth::getUserId()); $fields = $this->getFieldDefinition(Phprojekt_ModelInformation_Default::ORDERING_FORM); foreach ($fields as $data) { foreach ($params as $key => $value) { if ($key == $data['key']) { $setting = new Phprojekt_Setting(); $setting->setModule('Timecard'); if ($key == 'favorites') { if (count($value) === 1 && $value[0] === "") { $value = array(); } $value = serialize($value); } $where = sprintf('user_id = %d AND key_value = %s AND module_id = %d', (int) Phprojekt_Auth::getUserId(), $setting->_db->quote($key), (int) Phprojekt_Module::getId('Timecard')); $record = $setting->fetchAll($where); if (isset($record[0])) { $record[0]->keyValue = $key; $record[0]->value = $value; $record[0]->save(); } else { $setting->userId = Phprojekt_Auth::getUserId(); $setting->moduleId = Phprojekt_Module::getId('Timecard'); $setting->keyValue = $key; $setting->value = $value; $setting->identifier = 'Timecard'; $setting->save(); } $namespace->{$key} = $value; break; } } } }
/** * Returns the recipients for this Helpdesk item. * * @return array Array with user IDs. */ public function getTo() { $userId = Phprojekt_Auth::getUserId(); // Gets only the recipients with at least a 'read' right. $recipients = parent::getTo(); // Assigned user if ($this->_model->assigned != $userId) { $recipients[] = $this->_model->assigned; } // Author user if ($this->_model->author != $userId) { $recipients[] = $this->_model->author; } // Owner user if ($this->_model->ownerId != $userId) { $recipients[] = $this->_model->ownerId; } // If the item has been reassigned, add the previous assigned user to the recipients $history = new Phprojekt_History(); $olUser = $history->getLastAssignedUser($this->_model, 'assigned'); if ($olUser > 0) { $recipients[] = $olUser; } // Return without duplicates return array_unique($recipients); }
/** * Collect all the values of the settings and return it in one row. * * @param integer $moduleId The current moduleId. * @param array $metadata Array with all the fields. * @param integer $userId The user ID, if is not setted, the current user is used. * * @return array Array with all the settings and values. */ public function getList($moduleId, $metadata, $userId = null) { $setting = new Phprojekt_Setting(); $setting->setModule('Notification'); $settings = array(); if ($userId === null) { $userId = (int) Phprojekt_Auth::getUserId(); } $where = sprintf('module_id = %d AND user_id = %d', (int) $moduleId, (int) $userId); $record = $setting->fetchAll($where); $data = array(); $data['id'] = 0; foreach ($metadata as $meta) { $data[$meta['key']] = $meta['default']; // This is to use the default value defined in getFieldDefinition() foreach ($record as $oneSetting) { if ($oneSetting->keyValue == $meta['key']) { $getter = 'get' . ucfirst($oneSetting->keyValue); if (method_exists($this, $getter)) { $data[$meta['key']] = call_user_func(array($this, $getter), $oneSetting->value); } else { $data[$meta['key']] = $oneSetting->value; } break; } } } $settings[] = $data; return $settings; }
public function indexAction() { // Set the root directory $webdavPath = Phprojekt::getInstance()->getConfig()->webdavPath; if (Phprojekt_Auth::isLoggedIn()) { $project = new Project_Models_Project(); $project = $project->find(1); $rootDirectory = new WebDAV_Models_ProjectDirectory($project); } else { // Some clients seem to send some queries without http auth. We need the dummy to serve those. $rootDirectory = new WebDAV_Models_EmptyDir(); } // The server object is responsible for making sense out of the WebDAV protocol $server = new Sabre_DAV_Server($rootDirectory); $server->setBaseUri($this->view->baseUrl('index.php/WebDAV/index/index/')); // The lock manager is reponsible for making sure users don't overwrite each others changes. // Change 'data' to a different directory, if you're storing your data somewhere else. $lockBackend = new Sabre_DAV_Locks_Backend_File($webdavPath . 'data/locks'); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); // Authentication $authBackend = new WebDAV_Helper_Auth(); $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend, 'WebDAV'); $server->addPlugin($authPlugin); // All we need to do now, is to fire up the server $server->exec(); }
/** * Returns the current effective user. * * @return Phprojekt_User_User The current effective user */ public static function getEffectiveUser() { if (!is_null(self::$_effectiveUser)) { return self::$_effectiveUser; } else { $user = new Phprojekt_User_User(); return $user->findUserById(Phprojekt_Auth::getUserId()); } }
/** * PreDispatch function. * * Only admin users can access to these actions, * if the user is not an admin, is redirected to the login form or throws an exception. * * @throws Zend_Controller_Action_Exception If the user is not an admin. * * @return void */ public function preDispatch() { parent::preDispatch(); if (!Phprojekt_Auth::isAdminUser()) { $this->getResponse()->setRawHeader('HTTP/1.1 401 Authorization Required'); $this->getResponse()->sendHeaders(); exit; } }
/** * Creates a subdirectory below this one. */ public function createDirectory($name) { $filemanager = new Filemanager_Models_Filemanager(); $filemanager->title = $name; $filemanager->projectId = $this->_project->id; $filemanager->files = ''; $filemanager->ownerId = Phprojekt_Auth::getUserId(); $filemanager->save(); $rights = $this->_getDefaultRightsForProject($this->_project->id); $filemanager->saveRights($rights); }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { /* Redirect to the upgrade controller if an upgrade is neccessary */ if (Phprojekt_Auth::isLoggedIn() && ($request->getModuleName() != 'Core' || $request->getControllerName() != 'Upgrade') && ($request->getControllerName() != 'Login' || $request->getActionName() != 'logout')) { $migration = new Phprojekt_Migration($this->_extensions); if ($migration->needsUpgrade()) { $this->_request->setModuleName('Core'); $this->_request->setControllerName('Upgrade'); $this->_request->setActionName('index'); } } }
/** * Overwrite checkAuthentication. * We don't use the normal authentication. Instead, we have to authenticate the user based on httpauth data. */ public function checkAuthentication() { try { if (array_key_exists('PHP_AUTH_USER', $_SERVER)) { Phprojekt_Auth::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } } catch (Phprojekt_Auth_Exception $e) { // We have to delete the stack trace here because we need to avoid logging the user's password. // This would be done because of Phprojekt_Auth::login($user, $password) throw new Phprojekt_Auth_Exception($e->getMessage(), $e->getCode()); } }
/** * Return an array of field information. * * @param integer $ordering An ordering constant. * * @return array Array with fields definitions. */ public function getFieldDefinition($ordering = Phprojekt_ModelInformation_Default::ORDERING_DEFAULT) { $meta = parent::getFieldDefinition($ordering); // If ownerId != currentUser then set readOnly for all fields except status if ($this->_model->ownerId && Phprojekt_Auth::getUserId() != $this->_model->ownerId) { foreach (array_keys($meta) as $key) { if ('status' != $meta[$key]['key']) { $meta[$key]['readOnly'] = 1; } } } return $meta; }
/** * Returns a list of all the active users. * * Returns a list of all the users with: * <pre> * - id => id of user. * - display => Display for the user. * - current => True or false if is the current user. * </pre> * * The return is in JSON format. * * @return void */ public function jsonGetUsersAction() { IndexController::setCurrentProjectId(); $db = Phprojekt::getInstance()->getDb(); $user = Phprojekt_Loader::getLibraryClass('Phprojekt_User_User'); $records = $user->getAllowedUsers(); $current = Phprojekt_Auth::getUserId(); $data = array(); foreach ($records as $record) { $data['data'][] = array('id' => (int) $record['id'], 'display' => $record['name'], 'current' => $current == $record['id']); } Phprojekt_Converter_Json::echoConvert($data, Phprojekt_ModelInformation_Default::ORDERING_LIST); }
/** * Returns all global modules. * * Returns a list of all the global modules with: * <pre> * - id => id of the module. * - name => Name of the module. * - label => Display for the module. * </pre> * Also return in the metadata, if the user is an admin or not. * * The return is in JSON format. * * @return array */ function jsonGetGlobalModulesAction() { $modules = array(); $model = new Phprojekt_Module_Module(); foreach ($model->fetchAll('active = 1 AND (save_type = 1 OR save_type = 2)', 'name ASC') as $module) { $modules['data'][$module->id] = array(); $modules['data'][$module->id]['id'] = $module->id; $modules['data'][$module->id]['name'] = $module->name; $modules['data'][$module->id]['label'] = $module->label; } $modules['metadata'] = Phprojekt_Auth::isAdminUser(); Phprojekt_Converter_Json::echoConvert($modules); }
/** * Init function. * * Only admin users can access to these actions, * if the user is not an admin, is redirected to the login form or throws an exception. * * @throws Phprojekt_PublishedException If the user is not an admin. * * @return void */ public function init() { parent::init(); if (!Phprojekt_Auth::isAdminUser()) { // If is a GET, show the login page // If is a POST, send message in json format if (!$this->getFrontController()->getRequest()->isGet()) { throw new Phprojekt_PublishedException('Admin section is only for admin users', 500); } else { $this->_redirect(Phprojekt::getInstance()->getConfig()->webpath . 'index.php/Login/logout'); } exit; } }
/** * Save each field that is with other value that before. * * For add actions, the oldValue is empty and all the fields are saved. * For delete actions, the newValue is empty and all the fields are saved. * For edit action, only the fields with other value that before are saved. * * @param Phprojekt_Item_Abstract $object The item object. * @param string $action Action (edit/add/delete). * * @throws Zend_Exception If the object do not exist. * * @return void */ public function saveFields(Phprojekt_Item_Abstract $object, $action) { $differences = $this->_getDifferences($object, $action); foreach ($differences as $fieldName => $difference) { $history = clone $this; $history->userId = Phprojekt_Auth::getUserId(); $history->moduleId = Phprojekt_Module::getId($object->getModelName()); $history->itemId = $object->id; $history->field = $fieldName; $history->oldValue = $difference['oldValue']; $history->newValue = $difference['newValue']; $history->action = $action; $history->datetime = gmdate("Y-m-d H:i:s"); $history->save(); } }
/** * Init function. * * There are only a few actions that a normal user can do requesting the Core controller. * The function check them, and allow the acction or not, * if not, the user is redirected to the login form or throws an exception. * * @throws Zend_Controller_Action_Exception If the user is not an admin. * * @return void */ public function preDispatch() { parent::preDispatch(); if (!Phprojekt_Auth::isAdminUser()) { $valid = false; // Add exceptions for public calls into the Core $controller = strtolower($this->getRequest()->getControllerName()); $action = $this->getRequest()->getActionName(); if ($controller == 'history' && $action == 'jsonList') { $valid = true; } else { if ($controller == 'module' && $action == 'jsonGetGlobalModules') { $valid = true; } else { if ($controller == 'role' && $action == 'jsonGetModulesAccess') { $valid = true; } else { if ($controller == 'user' && $action == 'jsonGetUsers') { $valid = true; } else { if ($controller == 'user' && $action == 'jsonGetProxyableUsers') { $valid = true; } else { if ($controller == 'tab' && $action == 'jsonList') { $valid = true; } else { if ($controller == 'setting') { $valid = true; } else { if ($controller == 'upgrade') { $valid = true; } } } } } } } } if (!$valid) { $this->getResponse()->setRawHeader('HTTP/1.1 401 Authorization Require'); $this->getResponse()->sendHeaders(); exit; } } }
/** * Save each field that is with other value that before. * * For add actions, the oldValue is empty and all the fields are saved. * For delete actions, the newValue is empty and all the fields are saved. * For edit action, only the fields with other value that before are saved. * * @param Phprojekt_Item_Abstract $object The item object. * @param string $action Action (edit/add/delete). * * @throws Zend_Exception If the object do not exist. * * @return void */ public function saveFields($object, $action) { if (is_object($object) === true) { $differences = $this->_getDifferences($object, $action); foreach ($differences as $fieldName => $difference) { $history = clone $this; $history->userId = Phprojekt_Auth::getUserId(); $history->moduleId = Phprojekt_Module::getId($object->getModelName()); $history->itemId = $object->id; $history->field = $fieldName; $history->oldValue = $difference['oldValue']; $history->newValue = $difference['newValue']; $history->action = $action; $history->datetime = gmdate("Y-m-d H:i:s"); $history->save(); } } else { throw new Zend_Exception('The object do not exist'); } }
/** * Init function. * * There are only a few actions that a normal user can do requesting the Core controller. * The function check them, and allow the acction or not, * if not, the user is redirected to the login form or throws an exception. * * @throws Phprojekt_PublishedException If the user is not an admin. * * @return void */ public function init() { parent::init(); if (!Phprojekt_Auth::isAdminUser()) { $valid = false; // Add exceptions for public calls into the Core if ($this->getRequest()->getControllerName() == 'history' && $this->getRequest()->getActionName() == 'jsonList') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'module' && $this->getRequest()->getActionName() == 'jsonGetGlobalModules') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'role' && $this->getRequest()->getActionName() == 'jsonGetModulesAccess') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'user' && $this->getRequest()->getActionName() == 'jsonGetUsers') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'tab' && $this->getRequest()->getActionName() == 'jsonList') { $valid = true; } else { if ($this->getRequest()->getControllerName() == 'setting') { $valid = true; } } } } } } if (!$valid) { // If is a GET, show the login page // If is a POST, send message in json format if (!$this->getFrontController()->getRequest()->isGet()) { throw new Phprojekt_PublishedException('Admin section is only for admin users', 500); } else { $this->_redirect(Phprojekt::getInstance()->getConfig()->webpath . 'index.php/Login/logout'); } exit; } } }
/** * Perform the upgrade for a single module. * * The module is taken from the 'upgradeModule' parameter of the request. * * @return void */ public function jsonUpgradeAction() { if (!Phprojekt_Auth::isAdminUser()) { throw new Zend_Controller_Action_Exception('Insufficient rights.', 403); } $extensions = new Phprojekt_Extensions(PHPR_CORE_PATH); $migration = new Phprojekt_Migration($extensions); $failed = true; try { $migration->performUpgrade($this->getRequest()->getParam('upgradeModule')); $failed = false; } catch (Phprojekt_Migration_IKilledTheDatabaseException $e) { Phprojekt::getInstance()->getLog()->debug("IKilledTheDatabaseException occurred while migrating: " . $e->getFile() . ':' . $e->getLine() . "\n" . $e->getMessage() . "\n" . $e->getTraceAsString() . "\n"); Phprojekt_Converter_Json::echoConvert(array('type' => 'fatalFailure', 'message' => 'A fatal error has occured.')); } catch (Exception $e) { Phprojekt::getInstance()->getLog()->debug("Exception occurred while migrating: " . $e->getFile() . ':' . $e->getLine() . "\n" . $e->getMessage() . "\n" . $e->getTraceAsString() . "\n"); Phprojekt_Converter_Json::echoConvert(array('type' => 'failure', 'message' => 'An error has occured.')); } if (!$failed) { Phprojekt_Converter_Json::echoConvert(array('type' => 'success', 'message' => 'The module was upgraded correctly')); } }
public function hasRight($userId, $right, $projectId = null) { if (Phprojekt_Auth::isAdminUser() || $this->isNew()) { return true; } $projectId = is_null($projectId) ? $this->projectId : $projectId; $moduleId = Phprojekt_Module::getId($this->getModelName()); $rights = Phprojekt_Right::getRightsForItems($moduleId, $projectId, $userId, array($this->id)); if (!isset($rights[$this->id])) { return Phprojekt_Acl::NONE; } return ($rights[$this->id] & $right) == $right; }
/** * Log the error adding the user id and some extra values. * * @param string $message The message to log. * @param array $values Array with values to show. * * @return void */ private static function _logError($message, $values) { // Log error Phprojekt::getInstance()->getLog()->err($message . " User Id: " . Phprojekt_Auth::getUserId() . " - Values: " . implode(",", $values)); }
/** * Save the settings into the table. * * @param array $params $_POST fields. * @param integer $userId The user ID, if is not setted, the current user is used. * * @return void */ public function setSettings($params, $userId = 0) { if (!$userId) { $userId = Phprojekt_Auth::getUserId(); } if (method_exists($this->getModel(), 'setSettings')) { call_user_func(array($this->getModel(), 'setSettings'), $params, $userId); } else { $namespace = new Zend_Session_Namespace(self::IDENTIFIER . $userId); $fields = $this->getModel()->getFieldDefinition(Phprojekt_ModelInformation_Default::ORDERING_FORM); foreach ($fields as $data) { foreach ($params as $key => $value) { if ($key == $data['key']) { $where = sprintf('user_id = %d AND key_value = %s AND module_id = %d', (int) $userId, $this->_db->quote($key), (int) $this->_moduleId); $record = $this->fetchAll($where); if (isset($record[0])) { $record[0]->keyValue = $key; $record[0]->value = $value; $record[0]->save(); } else { $clone = clone $this; $clone->userId = $userId; $clone->moduleId = (int) $this->_moduleId; $clone->keyValue = $key; $clone->value = $value; $clone->identifier = $this->_module; $clone->save(); } $namespace->{$key} = $value; break; } } } } }
/** * Set some values deppend on the params. * * Set the author, solvedBy, solvedDate. * Also set the rights for each user (owner, assigned and the normal access tab). * * @return array POST values with some changes. */ public function setParams() { $args = func_get_args(); $params = $args[0]; $model = $args[1]; $newItem = isset($args[2]) ? $args[2] : false; if ($newItem) { $params['author'] = (int) Phprojekt_Auth::getUserId(); $params['date'] = date("Y-m-d"); if ($params['status'] == Helpdesk_Models_Helpdesk::STATUS_SOLVED) { $params['solvedBy'] = (int) Phprojekt_Auth::getUserId(); $params['solvedDate'] = date("Y-m-d"); } } else { // The author comes as a STRING but must be saved as an INT (and it doesn't change since the item creation) $params['author'] = (int) $model->author; } if (!$newItem && isset($params['status'])) { if ($params['status'] != Helpdesk_Models_Helpdesk::STATUS_SOLVED) { // Status != 'Solved' - The solver should be null (the solved date can't be deleted, but should be) $params['solvedBy'] = 0; } else { // Status 'Solved' - If it has just been changed to this state, save user and date if ($model->status != Helpdesk_Models_Helpdesk::STATUS_SOLVED) { $params['solvedBy'] = (int) Phprojekt_Auth::getUserId(); $params['solvedDate'] = date("Y-m-d"); } else { // The solver comes as a STRING but must be saved as an INT (and the Id doesn't change) $params['solvedBy'] = (int) $model->solvedBy; } } } return Default_Helpers_Right::addRightsToAssignedUser('assigned', $params, $model, $newItem); }
/** * Checks that the user has permission for modifying the item, in this case for uploading or deleting files. * If not, prints an error, terminating script execution. * * @param Phprojekt_Model_Interface $model Current module. * @param integer $itemId Current item id. * * @return void */ private function _fileCheckWritePermission($model, $itemId) { $model->find($itemId); $rights = $model->getRights(); if (!$rights['currentUser']['write']) { $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.'); // Log error Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName()); // Show error to user and stop script execution die($error); } }
/** * Saves the new values of the projects dates. * * OPTIONAL request parameters: * <pre> * - array <b>projects</b> Array with projectId,startDate and endDate by comma separated * </pre> * * If there is an error, the save will return a Phprojekt_PublishedException, * if not, it returns a string in JSON format with: * <pre> * - type => 'success'. * - message => Success message. * - code => 0. * - id => 0. * </pre> * * @throws Phprojekt_PublishedException On error in the action save or wrong parameters. * * @return void */ public function jsonSaveAction() { $projects = (array) $this->getRequest()->getParam('projects', array()); $activeRecord = Phprojekt_Loader::getModel('Project', 'Project'); $rights = Phprojekt_Loader::getLibraryClass('Phprojekt_Item_Rights'); $userId = Phprojekt_Auth::getUserId(); $this->setCurrentProjectId(); // Error check: no project received if (empty($projects)) { $label = Phprojekt::getInstance()->translate('Projects'); $message = Phprojekt::getInstance()->translate('No project info was received'); throw new Phprojekt_PublishedException($label . ': ' . $message); } foreach ($projects as $project) { list($id, $startDate, $endDate) = explode(",", $project); // Check: are the three values available? if (empty($id) || empty($startDate) || empty($endDate)) { $label = Phprojekt::getInstance()->translate('Projects'); $message = Phprojekt::getInstance()->translate('Incomplete data received'); throw new Phprojekt_PublishedException($label . ': ' . $message); } $id = (int) $id; $activeRecord->find($id); // Check: project id exists? if (empty($activeRecord->id)) { $label = Phprojekt::getInstance()->translate('Project'); $message = Phprojekt::getInstance()->translate('Id not found #') . $id; throw new Phprojekt_PublishedException($label . ': ' . $message); } // Check: dates are valid? $validStart = Cleaner::validate('date', $startDate, false); $validEnd = Cleaner::validate('date', $endDate, false); if (!$validStart || !$validEnd) { $label = Phprojekt::getInstance()->translate('Project id #') . $id; if (!$validStart) { $message = Phprojekt::getInstance()->translate('Start date invalid'); } else { $message = Phprojekt::getInstance()->translate('End date invalid'); } throw new Phprojekt_PublishedException($label . ': ' . $message); } // Check: start date after end date? $startDateTemp = strtotime($startDate); $endDateTemp = strtotime($endDate); if ($startDateTemp > $endDateTemp) { $label = Phprojekt::getInstance()->translate('Project id #') . $id; $message = Phprojekt::getInstance()->translate('Start date can not be after End date'); throw new Phprojekt_PublishedException($label . ': ' . $message); } $activeRecord->startDate = $startDate; $activeRecord->endDate = $endDate; if ($rights->getItemRight(1, $id, $userId) >= Phprojekt_Acl::WRITE) { $activeRecord->parentSave(); } } $message = Phprojekt::getInstance()->translate(self::EDIT_MULTIPLE_TRUE_TEXT); $return = array('type' => 'success', 'message' => $message, 'code' => 0, 'id' => 0); Phprojekt_Converter_Json::echoConvert($return); }
/** * Trying a login with a valid user and its password * This try has to log in the user */ public function testLogin() { try { $tmp = Phprojekt_Auth::login('david', 'test'); } catch (Phprojekt_Auth_Exception $error) { $this->fail($error->getMessage() . " " . $error->getCode()); } $this->assertTrue($tmp); /* logged in needs to be true */ $this->assertTrue(Phprojekt_Auth::isLoggedIn()); }
/** * Get all the modules-item with the wordId. * * @param array $words Array with words IDs. * @param string $operator Query operator. * @param integer $count Limit query. * * @return array Array of results. */ public function searchModuleByWordId($words, $operator = 'AND', $count = 0) { $ids = array(); $result = array(); $rights = Phprojekt_Loader::getLibraryClass('Phprojekt_Item_Rights'); $userId = Phprojekt_Auth::getUserId(); $db = Phprojekt::getInstance()->getDb(); foreach ($words as $content) { $ids[] = (int) $content['id']; } if (!empty($ids)) { // Search by AND if ($operator == 'AND') { $sqlString = ''; $selects = array(); $first = true; while (!empty($ids)) { $id = array_pop($ids); if ($first) { $first = false; if (!empty($ids)) { $selects[] = $db->select()->from('search_word_module', array('item_id'))->where('word_id = ' . (int) $id); } else { $selects[] = $db->select()->from('search_word_module')->where('word_id = ' . (int) $id); } } else { if (!empty($ids)) { $selects[] = $db->select()->from('search_word_module', array('item_id'))->where('word_id = ' . (int) $id . ' AND item_id IN (%s)'); } else { $selects[] = $db->select()->from('search_word_module')->where('word_id = ' . (int) $id . ' AND item_id IN (%s)'); } } } $first = true; while (!empty($selects)) { $select = array_shift($selects)->__toString(); if ($first) { $sqlString = $select; $first = false; } else { $sqlString = sprintf($select, $sqlString); } } $stmt = $db->query($sqlString); $tmpResult = $stmt->fetchAll(Zend_Db::FETCH_ASSOC); } else { // Search By OR $where = 'word_id IN (' . implode(', ', $ids) . ')'; $order = array('module_id ASC', 'item_id DESC'); $tmpResult = $this->fetchAll($where, $order)->toArray(); } foreach ($tmpResult as $data) { // Limit to $count results if ((int) $count > 0 && count($result) >= $count) { break; } // Only fetch records with read access if ($rights->getItemRight($data['module_id'], $data['item_id'], $userId) > 0) { $result[$data['module_id'] . '-' . $data['item_id']] = $data; } } } return $result; }
/** * Saves a frontend message to the database using the abstract record pattern. * * Since the actor id is allways the user who calls this method, the actor_id will be set here. * * @return boolean True on a sucessful save. */ public function saveFrontendMessage() { $return = ''; $this->actorId = (int) Phprojekt_Auth::getUserId(); if (false === is_array($this->recipientId)) { $return = parent::save(); } else { $recipient = $this->recipientId; foreach ($recipient as $id) { $model = clone $this; $model->actorId = $this->actorId; $model->projectId = $this->projectId; $model->itemId = $this->itemId; $model->process = $this->process; $model->validUntil = $this->validUntil; $model->validFrom = $this->validFrom; $model->moduleId = $this->moduleId; $model->description = $this->description; $model->details = $this->details; $model->recipientId = $id; $model->itemName = $this->itemName; $return = $model->save(); } } return $return; }
/** * Trying a login with a valid user and its password * This try has to log in the user */ public function testLogin() { $tmp = Phprojekt_Auth::login('Test', 'test'); $this->assertTrue($tmp); /* logged in needs to be true */ $this->assertTrue(Phprojekt_Auth::isLoggedIn()); }
/** * Check if the user has write access to the item if is not a global module. * * @param Phprojekt_Model_Interface $model The model to save. * @param string $moduleName The current module. * * @return boolean False if not. */ private static function _checkItemRights($model, $moduleName) { $canWrite = false; if ($moduleName == 'Core') { return Phprojekt_Auth::isAdminUser(); } else { if (Phprojekt_Module::saveTypeIsNormal(Phprojekt_Module::getId($moduleName))) { $itemRights = $model->getRights(); if (isset($itemRights['currentUser'])) { if (!$itemRights['currentUser']['write'] && !$itemRights['currentUser']['create'] && !$itemRights['currentUser']['copy'] && !$itemRights['currentUser']['admin']) { $canWrite = false; } else { $canWrite = true; } } } else { $canWrite = true; } } return $canWrite; }
/** * Returns all the events connected with the current one by the parentId, * for the logged user as participant. * Doesn't return the current event among them. * * @return array Array of Calendar IDs. */ public function getRelatedEvents() { $return = array(); $rootEventId = $this->getRootEventId($this); if ($rootEventId > 0) { $userId = Phprojekt_Auth::getUserId(); $where = sprintf('(parent_id = %d OR id = %d) AND id != %d AND participant_id = %d', (int) $rootEventId, (int) $rootEventId, (int) $this->id, (int) $userId); $records = $this->fetchAll($where); $return = array(); foreach ($records as $record) { if ($record->id != $this->id) { $return[] = $record->id; } } } return $return; }