PHP User::canEdit Examples

PHP User::canEdit - 9 examples found. These are the top rated real world PHP examples of User::canEdit extracted from open source projects. You can rate examples to help us improve the quality of examples.
 /**
  * Reset API key
  *
  * @param void
  * @return null
  */
 function api_reset_key()
 {
     if ($this->active_user->isNew()) {
         $this->httpError(HTTP_ERR_NOT_FOUND);
     }
     // if
     if (!$this->active_user->canEdit($this->logged_user)) {
         $this->httpError(HTTP_ERR_FORBIDDEN);
     }
     // if
     if ($this->request->isSubmitted()) {
         $this->active_user->setToken(make_string(40));
         $save = $this->active_user->save();
         if ($save && !is_error($save)) {
             flash_success('API key updated');
         } else {
             flash_error('Failed to update API key. Try again in a few minutes');
         }
         // if
         $this->redirectToUrl($this->active_user->getApiSettingsUrl());
     } else {
         $this->httpError(HTTP_ERR_BAD_REQUEST);
     }
     // if
 }
Example #2
0
 public function indexAction()
 {
     $this->_resource->addInlineJs('
   var canEdit = ' . intval($this->_user->canEdit($this->_module)) . ';
   var canDelete = ' . intval($this->_user->canDelete($this->_module)) . ';
      var canPublish = ' . intval($this->_user->canPublish($this->_module)) . ';
  ');
     $this->includeScripts();
 }
Example #3
0
 /**
  * Default action
  */
 public function indexAction()
 {
     $this->_resource->addInlineJs('
      	var canEdit = ' . intval($this->_user->canEdit($this->_module)) . ';
      	var canDelete = ' . intval($this->_user->canDelete($this->_module)) . ';
    ');
     $this->includeScripts();
     $modulesConfig = Config::factory(Config::File_Array, $this->_configMain->get('backend_modules'));
     $moduleCfg = $modulesConfig->get($this->_module);
     if (strlen($moduleCfg['designer'])) {
         $this->_runDesignerProject($moduleCfg['designer']);
     } else {
         if (file_exists('./js/app/system/crud/' . strtolower($this->_module) . '.js')) {
             $this->_resource->addJs('/js/app/system/crud/' . strtolower($this->_module) . '.js', 4);
         }
     }
 }
Example #4
0
 /**
  * Show rights of a user
  *
  * @param $user User object
  **/
 static function showForUser(User $user)
 {
     global $DB, $CFG_GLPI;
     $ID = $user->getField('id');
     if (!$user->can($ID, READ)) {
         return false;
     }
     $canedit = $user->canEdit($ID);
     $strict_entities = self::getUserEntities($ID, false);
     if (!Session::haveAccessToOneOfEntities($strict_entities) && !Session::isViewAllEntities()) {
         $canedit = false;
     }
     $canshowentity = Entity::canView();
     $rand = mt_rand();
     if ($canedit) {
         echo "<div class='firstbloc'>";
         echo "<form name='entityuser_form{$rand}' id='entityuser_form{$rand}' method='post' action='";
         echo Toolbox::getItemTypeFormURL(__CLASS__) . "'>";
         echo "<table class='tab_cadre_fixe'>";
         echo "<tr class='tab_bg_1'><th colspan='6'>" . __('Add an authorization to a user') . "</tr>";
         echo "<tr class='tab_bg_2'><td class='center'>";
         echo "<input type='hidden' name='users_id' value='{$ID}'>";
         Entity::dropdown(array('entity' => $_SESSION['glpiactiveentities']));
         echo "</td><td class='center'>" . self::getTypeName(1) . "</td><td>";
         Profile::dropdownUnder(array('value' => Profile::getDefault()));
         echo "</td><td>" . __('Recursive') . "</td><td>";
         Dropdown::showYesNo("is_recursive", 0);
         echo "</td><td class='center'>";
         echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='submit'>";
         echo "</td></tr>";
         echo "</table>";
         Html::closeForm();
         echo "</div>";
     }
     $query = "SELECT DISTINCT `glpi_profiles_users`.`id` AS linkID,\n                       `glpi_profiles`.`id`,\n                       `glpi_profiles`.`name`,\n                       `glpi_profiles_users`.`is_recursive`,\n                       `glpi_profiles_users`.`is_dynamic`,\n                       `glpi_entities`.`completename`,\n                       `glpi_profiles_users`.`entities_id`\n                FROM `glpi_profiles_users`\n                LEFT JOIN `glpi_profiles`\n                     ON (`glpi_profiles_users`.`profiles_id` = `glpi_profiles`.`id`)\n                LEFT JOIN `glpi_entities`\n                     ON (`glpi_profiles_users`.`entities_id` = `glpi_entities`.`id`)\n                WHERE `glpi_profiles_users`.`users_id` = '{$ID}'\n                ORDER BY `glpi_profiles`.`name`, `glpi_entities`.`completename`";
     $result = $DB->query($query);
     $num = $DB->numrows($result);
     echo "<div class='spaced'>";
     Html::openMassiveActionsForm('mass' . __CLASS__ . $rand);
     if ($canedit && $num) {
         $massiveactionparams = array('num_displayed' => $num, 'container' => 'mass' . __CLASS__ . $rand);
         Html::showMassiveActions($massiveactionparams);
     }
     if ($num > 0) {
         echo "<table class='tab_cadre_fixehov'>";
         $header_begin = "<tr>";
         $header_top = '';
         $header_bottom = '';
         $header_end = '';
         if ($canedit) {
             $header_begin .= "<th>";
             $header_top .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand);
             $header_bottom .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand);
             $header_end .= "</th>";
         }
         $header_end .= "<th>" . _n('Entity', 'Entities', Session::getPluralNumber()) . "</th>";
         $header_end .= "<th>" . sprintf(__('%1$s (%2$s)'), self::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive'));
         $header_end .= "</th></tr>";
         echo $header_begin . $header_top . $header_end;
         while ($data = $DB->fetch_assoc($result)) {
             echo "<tr class='tab_bg_1'>";
             if ($canedit) {
                 echo "<td width='10'>";
                 if (in_array($data["entities_id"], $_SESSION['glpiactiveentities'])) {
                     Html::showMassiveActionCheckBox(__CLASS__, $data["linkID"]);
                 } else {
                     echo "&nbsp;";
                 }
                 echo "</td>";
             }
             echo "<td>";
             $link = $data["completename"];
             if ($_SESSION["glpiis_ids_visible"]) {
                 $link = sprintf(__('%1$s (%2$s)'), $link, $data["entities_id"]);
             }
             if ($canshowentity) {
                 echo "<a href='" . Toolbox::getItemTypeFormURL('Entity') . "?id=" . $data["entities_id"] . "'>";
             }
             echo $link . ($canshowentity ? "</a>" : '');
             echo "</td>";
             if (Profile::canView()) {
                 $entname = "<a href='" . Toolbox::getItemTypeFormURL('Profile') . "?id=" . $data["id"] . "'>" . $data["name"] . "</a>";
             } else {
                 $entname = $data["name"];
             }
             if ($data["is_dynamic"] || $data["is_recursive"]) {
                 $entname = sprintf(__('%1$s %2$s'), $entname, "<span class='b'>(");
                 if ($data["is_dynamic"]) {
                     //TRANS: letter 'D' for Dynamic
                     $entname = sprintf(__('%1$s%2$s'), $entname, __('D'));
                 }
                 if ($data["is_dynamic"] && $data["is_recursive"]) {
                     $entname = sprintf(__('%1$s%2$s'), $entname, ", ");
                 }
                 if ($data["is_recursive"]) {
                     //TRANS: letter 'R' for Recursive
                     $entname = sprintf(__('%1$s%2$s'), $entname, __('R'));
                 }
                 $entname = sprintf(__('%1$s%2$s'), $entname, ")</span>");
             }
             echo "<td>" . $entname . "</td>";
             echo "</tr>";
         }
         echo $header_begin . $header_bottom . $header_end;
         echo "</table>";
     } else {
         echo "<table class='tab_cadre_fixe'>";
         echo "<tr><th>" . __('No item found') . "</th></tr>";
         echo "</table>\n";
     }
     if ($canedit && $num) {
         $massiveactionparams['ontop'] = false;
         Html::showMassiveActions($massiveactionparams);
     }
     Html::closeForm();
     echo "</div>";
 }
                        target='_blank'><i class='fa fa-comment'></i> Send PM</a><a
                    class='btn btn-default btn-xs popup-link'
                    href='<?php 
echo EMAIL . $memberInfo->member_id;
?>
&url=<?php 
echo CLANAOD . $memberInfo->member_id;
?>
'
                    target='_blank'><i class='fa fa-envelope'></i> Send Email</a>
            </h2>
        </div>

        <div class='col-xs-6'>
            <?php 
if (User::canEdit($memberInfo->member_id, $user, $member)) {
    ?>
                <div class='btn-group pull-right' data-player-id='<?php 
    echo $memberInfo->member_id;
    ?>
'
                     data-user-id='<?php 
    echo $member->member_id;
    ?>
'>
                    <button type='button' class='btn btn-info edit-member'><i class="fa fa-pencil fa-lg"></i> Edit
                    </button>
                    <!-- <button type='button' class='btn btn-success'><i class="fa fa-user-plus fa-lg"></i> <span class="hidden-sm hidden-xs">Promote</span></button> -->
                    <?php 
    if ($user->role >= 2 && $member->rank_id >= 9 && $memberInfo->status_id != 4) {
        ?>
Example #6
0
 public static function resizeEvent($frm_submitted)
 {
     global $obj_db;
     $arr_calendar = array();
     if ($frm_submitted['cal_id'] > 0) {
         $arr_calendar = Calendar::getCalendar($frm_submitted['cal_id']);
     } else {
         $int_calendar_id = Calendar::getCalendarIdByEventId($frm_submitted['event_id']);
         $arr_calendar = Calendar::getCalendar($int_calendar_id);
     }
     if (IGNORE_TIMEZONE) {
         $str_startdate = $frm_submitted['str_date_start'];
         $str_enddate = $frm_submitted['str_date_end'];
         $str_starttime = substr($frm_submitted['str_date_start'], 10);
         $str_endtime = substr($frm_submitted['str_date_end'], 10);
     } else {
         $frm_submitted['date_start'] -= TIME_OFFSET;
         $frm_submitted['date_end'] -= TIME_OFFSET;
         $str_startdate = date('Y-m-d', $frm_submitted['date_start']);
         $str_enddate = date('Y-m-d', $frm_submitted['date_end']);
         $str_starttime = date('H:i:s', $frm_submitted['date_start']);
         $str_endtime = date('H:i:s', $frm_submitted['date_end']);
     }
     $str_query = 'UPDATE events SET date_start = "' . $str_startdate . '" ' . ', date_end = "' . $str_enddate . '" ' . ', time_start = "' . $str_starttime . '" ' . ', time_end = "' . $str_endtime . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id'];
     //        if(isset($_SESSION['calendar-uid']['uid']) && $_SESSION['calendar-uid']['uid'] > 0) {
     //            $bln_users_can_change_items_from_others = Settings::getAdminSetting('users_can_change_items_from_others', $_SESSION['calendar-uid']['uid']);
     //        } else {
     //            $bln_users_can_change_items_from_others = USERS_CAN_CHANGE_ITEMS_FROM_OTHERS;
     //        }
     //if($bln_users_can_change_items_from_others) {
     $bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin());
     $bln_public_cal_and_edit_allowed = $arr_calendar['share_type'] == 'public' && $arr_calendar['can_edit'];
     if (User::isLoggedIn() && $bln_admin_and_full_control) {
         // don't check on user_id
     } else {
         if (!User::isLoggedIn() && $bln_public_cal_and_edit_allowed) {
             // don't check on user_id
         } else {
             $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
         }
     }
     $obj_result = mysqli_query($obj_db, $str_query);
     if ($obj_result !== false) {
         $str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM events WHERE event_id = ' . $frm_submitted['event_id'];
         $obj_result = mysqli_query($obj_db, $str_query);
         $arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC);
         $arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true;
         $arr_event['allowEdit'] = User::canEdit($arr_event['user_id']);
         $arr_event['deletable'] = User::canDelete($arr_event['user_id']);
         return $arr_event;
     }
     return false;
 }
Example #7
0
 public static function resizeEvent($frm_submitted)
 {
     global $link;
     global $hostname, $username, $password, $database, $eventTable, $repeatTable;
     //$link = mysqli_connect($hostname, $username, $password, $database);
     if ($link === FALSE) {
         $error = "Database connection failed";
         printf("Connect failed: %s\n", mysqli_connect_error());
         exit;
     }
     mysqli_set_charset($link, 'utf8');
     $frm_submitted['date_start'] -= TIME_OFFSET;
     $frm_submitted['date_end'] -= TIME_OFFSET;
     $str_query = 'UPDATE ' . $eventTable . ' SET date_start = "' . date('Y-m-d', $frm_submitted['date_start']) . '" ' . ', date_end = "' . date('Y-m-d', $frm_submitted['date_end']) . '" ' . ', time_start = "' . date('H:i:s', $frm_submitted['date_start']) . '" ' . ', time_end = "' . date('H:i:s', $frm_submitted['date_end']) . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id'];
     if (defined('USERS_CAN_CHANGE_ITEMS_FROM_OTHERS') && USERS_CAN_CHANGE_ITEMS_FROM_OTHERS) {
         // don't check on user_id
     } else {
         $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
     }
     $obj_result = mysqli_query($link, $str_query);
     if ($obj_result !== false) {
         $str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM ' . $eventTable . ' WHERE event_id = ' . $frm_submitted['event_id'];
         $obj_result = mysqli_query($link, $str_query);
         $arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC);
         $arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true;
         $arr_event['allowEdit'] = User::canEdit($arr_event['user_id']);
         $arr_event['deletable'] = User::canDelete($arr_event['user_id']);
         return $arr_event;
     }
     return false;
 }
 public static function _doUpdateMember()
 {
     // user attempting to make changes
     $respUser = User::find(intval($_SESSION['userid']));
     $respMember = Member::find(intval($_SESSION['memberid']));
     // member being changed
     $memberData = $_POST['memberData'];
     $member = Member::findByMemberId($memberData['member_id']);
     $user = User::findByMemberId(Member::findId($memberData['member_id']));
     // only update values allowed by role
     if (!User::isDev()) {
         if ($respUser->role < 2) {
             unset($memberData['squad_id'], $memberData['position_id'], $memberData['platoon_id']);
         }
         if ($respUser->role < 3) {
             unset($memberData['platoon_id']);
         }
     }
     // only continue if we have permission to edit the user
     if (User::canEdit($memberData['member_id'], $respUser, $member) == true) {
         // don't log if user edits their own profile
         if ($respMember->member_id != $member->member_id) {
             UserAction::create(array('type_id' => 3, 'date' => date("Y-m-d H:i:s"), 'user_id' => $respMember->member_id, 'target_id' => $member->member_id));
         }
         // validate recruiter
         if ($memberData['recruiter'] != 0 && !Member::exists($memberData['recruiter'])) {
             $data = array('success' => false, 'message' => "Recruiter id is invalid.");
             // validate squad leader / squad_id setting
         } else {
             if ($respMember->member_id != $member->member_id && $memberData['position_id'] == 5 && $memberData['squad_id'] != 0) {
                 $data = array('success' => false, 'message' => "Squad leaders cannot be in a squad.");
             } else {
                 // update member info
                 Member::modify($memberData);
             }
         }
         // update games
         if (isset($_POST['played_games'])) {
             $games = $_POST['played_games'];
             foreach ($games as $game) {
                 $params = new stdClass();
                 $params->member_id = $member->id;
                 $params->game_id = $game;
                 MemberGame::add($params);
             }
         }
         // update user
         if (isset($_POST['userData'])) {
             $userData = $_POST['userData'];
             // wish I had a better way to do this... yuck
             $userData['developer'] = isset($userData['developer']) ? $userData['developer'] : 0;
             if (!User::isDev()) {
                 unset($userData['developer']);
             }
             if ($respMember->member_id != $member->member_id && $user->role >= $respUser->role && !User::isDev()) {
                 $data = array('success' => false, 'message' => "You are not authorized to make that change.");
             } else {
                 User::modify($userData);
             }
         }
         // update aliases
         if (isset($_POST['userAliases'])) {
             $aliases = $_POST['userAliases'];
             foreach ($aliases as $type => $value) {
                 $type = Handle::findByName($type)->id;
                 if ($value != '') {
                     $params = array('member_id' => $memberData['id'], 'handle_type' => $type, 'handle_value' => trim($value), 'handle_account_id' => '0', 'invalid' => '0', 'invalid_date' => '0000-00-00');
                     $id = MemberHandle::hasAlias($type, $memberData['id']);
                     if ($id) {
                         $params['id'] = $id;
                         MemberHandle::modify($params);
                     } else {
                         MemberHandle::add($params);
                     }
                 }
             }
         }
     } else {
         $data = array('success' => false, 'message' => 'You do not have permission to modify this player.');
     }
     if (!isset($data['success'])) {
         $data = array('success' => true, 'message' => "Member information updated!");
     }
     // print out a pretty response
     echo json_encode($data);
 }
Example #9
0
 /**
  * Check if this user can add new account to this group
  *
  * @access public
  * @param User $user
  * @return boolean
  */
 function canAddUser(User $user)
 {
     return User::canEdit($user);
 }