PHP User::perms Examples

PHP User::perms - 8 examples found. These are the top rated real world PHP examples of User::perms extracted from open source projects. You can rate examples to help us improve the quality of examples.
Example #1
0
     if ($user->perms('edit_own_comments') && !$user->perms('edit_comments')) {
         $where = ' AND user_id = ?';
         array_push($params, $user->id);
     }
     $db->Query("UPDATE  {comments}\n                       SET  comment_text = ?, last_edited_time = ?\n                     WHERE  comment_id = ? AND task_id = ? {$where}", $params);
     $db->Query("DELETE FROM {cache} WHERE  topic = ? AND type = ?", array(Post::val('comment_id'), 'comm'));
     Flyspray::logEvent($task['task_id'], 5, Post::val('comment_text'), Post::val('previous_text'), Post::val('comment_id'));
     Backend::upload_files($task['task_id'], Post::val('comment_id'));
     Backend::delete_files(Post::val('delete_att'));
     Backend::upload_links($task['task_id'], Post::val('comment_id'));
     Backend::delete_links(Post::val('delete_link'));
     $_SESSION['SUCCESS'] = L('editcommentsaved');
     break;
     // ##################
     // deleting a comment
     // ##################
 // ##################
 // deleting a comment
 // ##################
 case 'details.deletecomment':
     if (!$user->perms('delete_comments')) {
         break;
     }
     $result = $db->Query('SELECT  task_id, comment_text, user_id, date_added
                             FROM  {comments}
                            WHERE  comment_id = ?', array(Get::val('comment_id')));
     $comment = $db->FetchRow($result);
     // Check for files attached to this comment
     $check_attachments = $db->Query('SELECT  *
                                        FROM  {attachments}
                                       WHERE  comment_id = ?', array(Req::val('comment_id')));
     if ($db->CountRows($check_attachments) && !$user->perms('delete_attachments')) {
Example #2
0
    header(':', true, 412);
    # 'Precondition Failed'
    die('wrongtoken');
}
$task = Flyspray::GetTaskDetails(Post::val('task_id'));
if (!$user->can_edit_task($task)) {
    header(':', true, 403);
    # 'Forbidden'
    #Flyspray::show_error(L('nopermission'));
    die(L('nopermission'));
}
# check field for update against allowed dbfields for quickedit.
# maybe FUTURE: add (dynamic read from database) allowed CUSTOM FIELDS checks for the project and user
# (if there is urgent request for implementing custom fields into Flyspray and using of tag-feature isn't enough to accomplish - like numbers/dates/timestamps as custom fields)
$allowedFields = array('due_date', 'item_status', 'percent_complete', 'task_type', 'product_category', 'task_severity', 'task_priority', 'product_version', 'closedby_version');
if ($proj->prefs['use_effort_tracking'] && $user->perms('track_effort')) {
    $allowedFields[] = 'estimated_effort';
}
if (!in_array(Post::val('name'), $allowedFields)) {
    header(':', true, 403);
    die(L('invalidfield'));
}
$value = Post::val('value');
# check if user is not sending manipulated invalid values
switch (Post::val('name')) {
    case 'due_date':
        $value = Flyspray::strtotime(Post::val('value'));
        $value = intval($value);
        break;
    case 'estimated_effort':
        $value = effort::EditStringToSeconds(Post::val('value'), $proj->prefs['hours_per_manday'], $proj->prefs['estimated_effort_format']);
Example #3
0
if (Req::has('action')) {
    # enforcing if the form sent the correct anti csrf token
    # only allow token by post
    if (!Post::has('csrftoken')) {
        die('missingtoken');
    } elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) {
        require_once BASEDIR . '/includes/modify.inc.php';
    } else {
        die('wrongtoken');
    }
}
# start collecting infos for the answer page
if ($proj->id && $user->perms('manage_project')) {
    // Find out if there are any PM requests wanting attention
    $sql = $db->Query('SELECT COUNT(*) FROM {admin_requests} WHERE project_id = ? AND resolved_by = 0', array($proj->id));
    list($count) = $db->fetchRow($sql);
    $page->assign('pm_pendingreq_num', $count);
}
if ($user->perms('is_admin')) {
    $sql = $db->Query('SELECT COUNT(*) FROM {admin_requests} WHERE request_type = 3 AND project_id = 0 AND resolved_by = 0');
    list($count) = $db->fetchRow($sql);
    $page->assign('admin_pendingreq_num', $count);
}
$sql = $db->Query('SELECT  project_id, project_title, project_is_active, others_view, default_entry,
                 upper(project_title) AS sort_names
           FROM  {projects}
       ORDER BY  sort_names');
# old:
#$fs->projects = array_filter($db->FetchAllArray($sql), array($user, 'can_view_project'));
# new: project_id as index for easier access, needs testing and maybe simplification
# similiar situation also includes/class.flyspray.php function listProjects()
Example #4
0
    returns it for HTML display in a page.
*/
define('IN_FS', true);
header('Content-type: text/html; charset=utf-8');
require_once '../../header.php';
require_once '../../includes/events.inc.php';
$baseurl = dirname(dirname($baseurl)) . '/';
// Initialise user
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
    $user = new User(Cookie::val('flyspray_userid'));
    $user->check_account_ok();
} else {
    $user = new User(0, $proj);
}
// Check permissions
if (!$user->perms('view_history')) {
    die;
}
// Load translations
load_translations();
if ($details = Get::num('details')) {
    $details = " AND h.history_id = {$details}";
} else {
    $details = null;
}
$sql = get_events(Get::num('task_id'), $details);
$histories = $db->fetchAllArray($sql);
$page = new FSTpl();
$page->setTheme($proj->prefs['theme_style']);
$page->uses('histories', 'details');
if ($details) {
Example #5
0
 function action_edituser()
 {
     global $fs, $db, $proj, $user, $do, $conf;
     if (Post::val('delete_user')) {
         // check that he is not the last user
         if ($db->x->GetOne('SELECT count(*) FROM {users}') > 1) {
             Backend::delete_user(Post::val('user_id'));
             return array(SUBMIT_OK, L('userdeleted'), CreateURL(array('admin', 'groups')));
         } else {
             return array(ERROR_RECOVER, L('lastuser'));
         }
     }
     if (!Post::val('real_name') || !Post::val('email_address')) {
         return array(ERROR_RECOVER, L('realandnotify'));
     }
     if ((!$user->perms('is_admin') || $user->id == Post::val('user_id')) && !Post::val('oldpass') && (Post::val('changepass') || Post::val('confirmpass'))) {
         return array(ERROR_RECOVER, L('nooldpass'));
     }
     if (Post::val('changepass') || Post::val('confirmpass')) {
         if (Post::val('changepass') != Post::val('confirmpass')) {
             return array(ERROR_RECOVER, L('passnomatch'));
         }
         if (Post::val('oldpass')) {
             $oldpass = $db->x->getRow('SELECT user_pass, password_salt FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
             $oldsalt = $oldpass['password_salt'] ? $oldpass['password_salt'] : null;
             if (Flyspray::cryptPassword(Post::val('oldpass'), $oldsalt) !== $oldpass['user_pass']) {
                 return array(ERROR_RECOVER, L('oldpasswrong'));
             }
         }
         $new_salt = md5(uniqid(mt_rand(), true));
         $new_hash = Flyspray::cryptPassword(Post::val('changepass'), $new_salt);
         $db->x->execParam('UPDATE {users} SET user_pass = ?, password_salt = ? WHERE user_id = ?', array($new_hash, $new_salt, Post::val('user_id')));
         // If the user is changing their password, better update their cookie hash
         if ($user->id == Post::val('user_id')) {
             Flyspray::setcookie('flyspray_passhash', hash_hmac('md5', $new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30);
         }
     }
     // Check for existing email / jabber ID
     $taken = $db->x->GetOne("SELECT COUNT(*)\n                                FROM {users}\n                               WHERE (jabber_id = ? AND ? != NULL\n                                     OR email_address = ? AND ? != NULL)\n                                     AND user_id != ?", null, array(Post::val('jabber_id'), Post::val('jabber_id'), Post::val('email_address'), Post::val('email_address'), Post::val('user_id')));
     if ($taken) {
         return array(ERROR_RECOVER, L('emailtaken'));
     }
     if (Post::val('old_jabber_id') != Post::val('jabber_id')) {
         Notifications::JabberRequestAuth(Post::val('jabber_id'));
     }
     $previous = $db->x->GetRow('SELECT real_name, user_name FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
     $db->x->execParam('UPDATE  {users}
                      SET  real_name = ?, email_address = ?, notify_own = ?,
                           jabber_id = ?, notify_type = ?, show_contact = ?,
                           dateformat = ?, dateformat_extended = ?, defaultorder = ?,
                           tasks_perpage = ?, time_zone = ?, defaultsortcolumn = ?,
                           notify_blacklist = ?, lang_code = ?, syntax_plugins = ?
                    WHERE  user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', 0), Post::num('notify_type'), Post::num('show_contact'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::val('defaultorder', 'asc'), Post::num('tasks_perpage'), Post::num('time_zone'), implode(' ', Post::val('defaultsortcolumn')), implode(' ', Post::val('notify_blacklist', array())), Post::val('lang_code', ''), implode(' ', (array) Post::val('syntax_plugins')), Post::num('user_id')));
     if ($previous['real_name'] != Post::val('real_name')) {
         Backend::UpdateRedudantUserData($previous['user_name']);
     }
     if ($do == 'myprofile') {
         $user = new User($user->id);
     }
     if ($user->perms('is_admin')) {
         $db->x->execParam('UPDATE {users} SET account_enabled = ?  WHERE user_id = ?', array(Post::val('account_enabled', 0), Post::val('user_id')));
         $db->x->execParam('UPDATE {users_in_groups} SET group_id = ?
                      WHERE group_id = ? AND user_id = ?', array(Post::val('group_in'), Post::val('old_global_id'), Post::val('user_id')));
     }
     return array(SUBMIT_OK, L('userupdated'));
 }
Example #6
0
 public static function destroy()
 {
     session_regenerate_id(true);
     // session itself is not destroyed; status changed => regenerate id
     session_unset();
     $_SESSION['locale'] = self::$localeId;
     // keep locale
     $_SESSION['dataKey'] = self::$dataKey;
     // keep dataKey
     self::$id = 0;
     self::$displayName = '';
     self::$perms = 0;
     self::$groups = U_GROUP_NONE;
 }
Example #7
0
} else {
    $user = new User(0, $proj);
}
// don't allow anonymous users to access this page at all
if ($user->isAnon()) {
    die(L('nopermission'));
}
load_translations();
if (!Post::has('csrftoken')) {
    header(':', true, 428);
    # 'Precondition Required'
    die('missingtoken');
} elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) {
    # empty
} else {
    header(':', true, 412);
    # 'Precondition Failed'
    die('wrongtoken');
}
if (!$user->perms('is_admin')) {
    header(':', true, 403);
    # 'Forbidden'
    die(L('nopermission'));
}
$notify = new Notifications();
$result = $notify->SendEmail($user->infos['email_address'], 'test', 'testcontent', 1);
if ($result != 1) {
    header(':', true, 406);
    # 'not acceptable'
}
echo 'ok';
Example #8
0
    ob_start();
}
$page = new FSTpl();
if ($show_task = Get::val('show_task')) {
    // If someone used the 'show task' form, redirect them
    if (is_numeric($show_task)) {
        Flyspray::Redirect(CreateURL('details', $show_task));
    } else {
        Flyspray::Redirect($baseurl . '?string=' . $show_task);
    }
}
if (Flyspray::requestDuplicated()) {
    // Check that this page isn't being submitted twice
    Flyspray::show_error(3);
}
if ($proj->id && $user->perms('manage_project')) {
    // Find out if there are any PM requests wanting attention
    $sql = $db->Query("SELECT COUNT(*) FROM {admin_requests} WHERE project_id = ? AND resolved_by = '0'", array($proj->id));
    list($count) = $db->fetchRow($sql);
    $page->assign('pm_pendingreq_num', $count);
}
$sql = $db->Query('SELECT  project_id, project_title, project_is_active, others_view,
                 upper(project_title) AS sort_names
           FROM  {projects}
       ORDER BY  sort_names');
$fs->projects = array_filter($db->FetchAllArray($sql), array($user, 'can_view_project'));
// Get e-mail addresses of the admins
if ($user->isAnon() && !$fs->prefs['user_notify']) {
    $sql = $db->Query('SELECT email_address
                         FROM {users} u
                    LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id