static function isOwner($type, $id)
{
if (!in_array($type, array(_STUDENT_GROUP, _INSTITUTE_GROUP, _ORGANISATION_GROUP, _PROJECT_OBJ, _PROPOSAL_OBJ))) {
drupal_set_message(tt('You cannot be the owner of an entity called %1$s', $type), 'error');
return FALSE;
}
if (Users::isAdmin()) {
//We always want the admin to be able to delete stuff for example and can expect him/her to be very
//cautious about that of course
return TRUE;
}
$key_field = self::keyField($type);
$entity = db_query("SELECT * FROM " . tableName($type) . " WHERE {$key_field} = {$id}")->fetchAssoc();
//fetchAssoc returns next record (array) or false if there is none
if (!$entity) {
return false;
}
// just for projects, allow assigned mentors to also have shared ownership
// so a project owner can also allow the nominated mentor to edit the project details
if ($type == 'project') {
if ($entity['mentor_id'] == $GLOBALS['user']->uid) {
return TRUE;
}
}
//fetchAssoc returns next record (array) or false if there is none
return $entity && $entity['owner_id'] == $GLOBALS['user']->uid;
}
function __construct($view, $method = null, $parameters = null)
{
//instantiate the load class
$this->view = new View();
new Model();
//check the user
$u = new Users();
//check access
if ($this->access == 1 && !$u->isAdmin()) {
$_SESSION['redirect'] = $view;
header('Location: ' . BASE_URL . 'login/');
} else {
//run any task methods
if ($method) {
$this->runTask($method, $parameters);
} else {
$this->index();
$method = 'index';
}
//render the view
if (file_exists('views/' . strtolower($view) . '/' . strtolower($method) . '.php')) {
$this->view->load($view, $method, $this->data);
} else {
$this->view->load($view, 'index', $this->data);
}
}
}
function createPage($smarty)
{
if (!Users::isAdmin()) {
Redirect::error(403);
}
$smarty->assign('edit_headers', Queries::itemListHeaders(Input::get('table', 'get')));
$smarty->assign('edit_table', Queries::itemList(Input::get('table', 'get')));
return $smarty;
}
function createPage($smarty)
{
if (!Users::isAdmin()) {
Redirect::error(403);
}
if (Input::exists() && Input::get('action') === 'admin_item_insert') {
Update::adminInsertItem();
}
if (Input::exists() && Input::get('action') === 'admin_item_update') {
Update::adminUpdateItem();
}
if (Input::exists() && Input::get('action') === 'admin_item_delete') {
Update::adminDeleteItem();
}
$smarty->assign('columns', Queries::editableEntry(Input::get('table', 'get'), Input::get('id', 'get')));
return $smarty;
}
function __construct($view, $method = null, $parameters = null)
{
$this->load = new Load();
new Model();
//check the user
$u = new Users();
//check access
if ($this->access == 1 && !$u->isAdmin()) {
$_SESSION['redirect'] = $view;
header('Location: ' . BASE_URL . 'login/');
} else {
//run any task methods
if ($method) {
$this->runTask($method, $parameters);
} else {
$this->defaultTask();
}
//render the view
$this->load->view($view . '.php', $this->data);
}
}
/**
*
* @param array $comment
* @param int $depth
*/
private function format_comment($comment)
{
if (isset($comment['parent_id'])) {
$class_display = 'threaded-comment-wrapper';
$post_type = t('Replied on');
} else {
$class_display = 'initial-threaded-comment-wrapper';
$post_type = t('Posted on');
}
$id = $comment['id'];
$this->output .= "<div id='threaded-comment-wrapper-{$id}' class='" . $class_display . "'>";
$this->output .= "\t<div class='threaded-comment'>";
$this->output .= "\t<div id='msg_threaded-comment-wrapper-{$id}'></div>";
if (Users::isAdmin()) {
//$this->output .= " ";
$this->output .= "\t\t\t<div class='totheright'><a href='#' onclick='ajaxCall(\"comment\", \"delete\", {id: {$id}}, \"threaded-comment-wrapper-{$id}\");'>" . t('delete') . "</a>";
$this->output .= "\t\t\t</div>";
}
$this->output .= "\t\t<div class='threaded-comment-header'>";
$this->output .= "\t\t\t<span class='comment_author'>";
//<a href='#'>";
$this->output .= "\t\t\t{$comment['name']}";
$this->output .= "\t\t\t</span>";
$this->output .= "\t\t\t ({$comment['type']}) - ";
$this->output .= $post_type;
$this->output .= "\t\t\t ";
// TODO check date
$this->output .= date('F j, Y, g:i a', strtotime($comment['date_posted']));
$this->output .= "\t\t</div>";
// end header
$this->output .= "\t\t<div class='threaded-comment-body'>";
$this->output .= $comment['description'];
$this->output .= "\t\t\t<br/>";
$this->output .= ' <a class="reply-comment" href="">reply</a>';
$this->output .= "\t\t</div>";
// end body
$this->output .= "\t</div>";
$this->output .= $this->getPostNewCommentForm($comment);
}
public function action_check()
{
$rules = array('email' => 'required|max:60', 'password' => 'required|max:60');
$validation = Validator::make(Input::get(), $rules);
if ($validation->fails()) {
return Redirect::to('login');
}
$email = Input::get('email');
$password = Input::get('password');
$credentials = array('username' => $email, 'password' => $password);
if (Auth::attempt($credentials)) {
$lastURL = Session::has('lastURL') ? Session::get('lastURL') : 'home';
Session::forget('lastURL');
if (Users::isAdmin(Auth::user()->id)) {
Session::put('isAdmin', true);
} else {
Session::put('isAdmin', false);
}
return Redirect::to($lastURL);
} else {
return Redirect::to('login');
}
}
$prev_nr = $current > 0 ? $current - 1 : FALSE;
$prev_pid = $prev_nr !== FALSE ? $_SESSION['lists']['projects']['list'][$prev_nr]->pid : FALSE;
$project['nav'] = array('next_pid' => $next_pid, 'next_nr' => $next_nr, 'prev_pid' => $prev_pid, 'prev_nr' => $prev_nr);
break;
}
$current++;
}
}
}
//It might be that the project is in draft and is not returned by the browse and so it is not
//present in the session lists
if (!$project) {
$project = Project::getProjectById($project_id, false, PDO::FETCH_ASSOC, true);
}
$my_id = Users::getMyId();
if ($project['state'] == 'draft' && !($project['mentor_id'] == $my_id || $project['owner_id'] == $my_id || Users::isAdmin() || Groups::isAssociate(_PROJECT_OBJ, $project_id))) {
jsonBadResult(t('You cannot view this proposal. It is in draft state.'));
return;
}
if (Users::isSuperVisor()) {
$project['rate'] = Project::getRating($project_id, $my_id);
} else {
$project['rate'] = -2;
if (Users::isStudent()) {
$table = tableName('student_favourite');
$favourite = db_select($table)->fields($table)->condition('pid', $project_id)->condition('uid', $my_id)->execute()->rowCount();
$project['favourite'] = $favourite != 0;
//Count the views of the students
$result = db_update(tableName('project'))->condition('pid', $project_id)->fields(array('views' => $project['views'] + 1))->execute();
}
}
function initBrowseProjectLayout($pid = '')
{
$org_id = 0;
if (isset($_GET['organisation'])) {
$org_id = $_GET['organisation'];
}
$state = null;
if (isset($_GET['state'])) {
$state = $_GET['state'];
}
$apply_projects = vals_soc_access_check('dashboard/projects/apply') ? 1 : 0;
$rate_projects = Users::isSuperVisor();
$is_student = Users::isStudent();
?>
<div class="filtering" id="browse_projects">
<span id="infotext" style="margin-left: 34px"></span>
<form id="project_filter">
<?php
echo t('Tags');
?>
: <input type="text" name="tags" id="tags" />
<?php
echo t('Organisations');
?>
:
<select id="organisation" name="organisation">
<option <?php
echo !$org_id ? 'selected="selected"' : '';
?>
value="0"><?php
echo t('All Organisations');
?>
</option><?php
$result = Organisations::getInstance()->getOrganisationsLite();
foreach ($result as $record) {
$selected = $record->org_id == $org_id ? 'selected="selected" ' : '';
echo '<option ' . $selected . 'value="' . $record->org_id . '">' . $record->name . '</option>';
}
?>
</select>
<?php
if ($is_student) {
?>
<input type='button' value='<?php
echo t('Filter on Favourites');
?>
' id='favourite_filter'/>
<?php
}
?>
<?php
echo "<BR/>";
echo t('Status');
?>
:
<select id="state" name="state">
<option <?php
echo !$state ? 'selected="selected"' : '';
?>
value="0"><?php
echo t('NA');
?>
</option><?php
$states = array('draft' => 'draft', 'pending' => 'pending', 'open' => 'open', 'preselected' => 'preselected', 'active' => 'active', 'ended' => 'ended', 'archived' => 'archived');
if (!Users::isAdmin()) {
if (Users::isMentor()) {
unset($states['archived']);
} else {
unset($states['draft']);
if ($is_student) {
unset($states['pending'], $states['archived']);
} elseif (Users::isUser()) {
unset($states['archived']);
} else {
$states = array();
}
}
}
foreach ($states as $key => $stat) {
$selected = $key == $state ? 'selected="selected" ' : '';
echo "<option {$selected} value='{$key}'>{$stat}</option>";
}
?>
</select>
</form>
</div>
<div id="ProjectTableContainer" style="width: 700px;"></div>
<script type="text/javascript">
jQuery(document).ready(function($){
window.view_settings = {};
window.view_settings.apply_projects = <?php
echo $apply_projects ? 1 : 0;
?>
;
window.view_settings.rate_projects = <?php
echo $rate_projects ? 1 : 0;
?>
;
//Prepare jTable
$("#ProjectTableContainer").jtable({
//title: "Table of projects",
paging: true,
pageSize: 10,
sorting: true,
defaultSorting: "title ASC",
actions: {
listAction: moduleUrl + "actions/project_actions.php?action=list_search"
},
fields: {
pid: {
key: true,
create: false,
edit: false,
list: false
},
title: {
title: "Project title",
width: "40%",
display: function (data) {
return "<a title=\"View project details\" href=\"javascript:void(0);\" onclick=\"getProjectDetail("+
data.record.pid+")\">" + data.record.title + "</a>";
},
create: false,
edit: false
},
name: {
title: "Organisation",
width: "20%"
},
tags: {
title: "Tags",
width: "26%",
create: false,
edit: false
},
proposal_count: {
title: "Proposals",
width: "12%",
create: false,
edit: false
},
state: {
title: "Status",
//width: "12%",
create: false,
edit: false
}
/*
,
Detail: {
width: "2%",
title: "",
sorting: false,
display: function (data) {
return "<a title=\"View project details\" href=\"#\" onclick=\"getProjectDetail("+
data.record.pid+")\"><span class=\"ui-icon ui-icon-info\"></span></a>";
},
create: false,
edit: false
}
*/
<?php
if ($apply_projects) {
?>
,
Propose: {
width: "2%",
title: "",
sorting: false,
display: function (data) {
return "<a title=\"Propose a project for this idea\" href=\"#\" onclick=\"getProposalFormForProject("+data.record.pid+")\">"+
"<span class=\"ui-icon ui-icon-script\"></span></a>";
},
create: false,
edit: false
}<?php
}
?>
}
/*
//this makes of each row a filter for that project
,recordsLoaded: function(event, data) {
var browse_url = baseUrl + "dashboard/projects/browse?pid=";
$(".jtable-data-row").each(function(){
var $parent = $(this);
var row_id = $parent.attr("data-record-key");
$parent.children('td:first-child').click(function() {
document.location.href=browse_url + row_id;
});
});
}
*/
});
//Load project list from server on initial page load
$("#ProjectTableContainer").jtable("load", {
tags: $("#tags").val(),
state: $("#state").val(),
organisation: $("#organisation").val()<?php
if ($pid) {
echo ", pid: {$pid}";
}
?>
});
$("#tags").keyup(function(e) {
e.preventDefault();
// only auto clear when there is no tag info
if(testTagInput() && $("#tags").val()==""){
$("#ProjectTableContainer").jtable("load", {
tags: $("#tags").val(),
state: $("#state").val(),
organisation: $("#organisation").val()
});
}
});
$("#organisation").change(function(e) {
e.preventDefault();
if(testTagInput()){
$("#ProjectTableContainer").jtable("load", {
tags: $("#tags").val(),
state: $("#state").val(),
organisation: $("#organisation").val()
});
}
});
$("#state").change(function(e) {
e.preventDefault();
if(testTagInput()){
$("#ProjectTableContainer").jtable("load", {
tags: $("#tags").val(),
state: $("#state").val(),
organisation: $("#organisation").val()
});
}
});
<?php
if ($is_student) {
?>
$("#favourite_filter").click(function(e) {
e.preventDefault();
//if(testTagInput()){
$("#ProjectTableContainer").jtable("load", {favourites :true});
//}
});
<?php
}
?>
$("#project_filter").submit(function(e){
e.preventDefault();
if(testTagInput()){
$("#ProjectTableContainer").jtable("load", {
tags: $("#tags").val(),
state: $("#state").val(),
organisation: $("#organisation").val()
});
}
});
// define these at the window level so that they can still be called once loaded
window.getProposalFormForProject = getProposalFormForProject;
window.getProjectDetail = getProjectDetail;
});
</script>
<?php
}
?>
</h3></a> <span style="color: #808080;"><i style="vertical-align: middle;" class="mdi mdi-calendar"></i> <?php
echo englishConvertDate($row['post_date']);
?>
<i style="vertical-align: middle;" class="mdi mdi-file"></i> <?php
echo getCategoryById(getPostCategories($row['ID'])[0]);
?>
</span>
<p><?php
echo $row['post_excerpt'];
?>
</p>
<p><?php
echo $row['post_content'];
?>
</p>
<?php
if (Users::getUsernameBySeassion() !== false && Users::isAdmin(Users::getUsernameBySeassion())) {
?>
<div align="right"><a href="<?php
echo $posts->getPostEditLink($row['ID']);
?>
"><i style="vertical-align: middle;" class="mdi mdi-pencil-box-outline"></i>Edit</a></div><br>
<?php
}
?>
</article>
</div>
<?php
include_once 'comments.php';
getFooter();
static function updateProposal($props, $proposal_id)
{
if (!$props) {
drupal_set_message(t('Update requested with empty (filtered) data set'), 'error');
return false;
}
global $user;
$txn = db_transaction();
try {
$uid = Users::getMyId();
if (!Users::isOfType(_STUDENT_TYPE, $uid) && !Users::isAdmin()) {
drupal_set_message(t('You must be a student to submit a proposal'), 'error');
return FALSE;
}
//$project = Project::getProjectById($project_id);
// $student_details = Users::getStudentDetails($uid);
// $props['owner_id'] = $uid;
// $props['org_id'] = $project['org_id'];
// $props['inst_id'] = $student_details->inst_id ;
// $props['supervisor_id'] = $student_details->supervisor_id ;
//$props['pid'] = $project['pid'];
//$props['state'] = 'draft' ;
$id = db_update(tableName(_PROPOSAL_OBJ))->fields($props)->condition(self::keyField(_PROPOSAL_OBJ), $proposal_id)->execute();
// if ($id){
// //TODO: notify mentor???
// drupal_set_message('You have saved your proposal. Later you can edit it.');
// return TRUE;
// } else {
// drupal_set_message(tt('We could not add your %1$s.', $type), 'error');
// }
return TRUE;
} catch (Exception $ex) {
$txn->rollback();
drupal_set_message(t('We could not update your proposal.') . (_DEBUG ? $ex->__toString() : ''), 'error');
}
return FALSE;
}
*
* All Drupal code is released under the GNU General Public License.
* See COPYRIGHT.txt and LICENSE.txt.
*/
/**
* Root directory of Drupal installation.
*/
define('DRUPAL_ROOT', getcwd());
/*For some reason the server could not derive well the scheme of the url and returned something like ://<host>
* in Ubuntu, giving such a malformed base url and resulting in an identical path to the base_url and thereby
* an empty base_root. It is not sure whether this exists also in non-ajax calls, but it seemed better to derive the
* very basic globals the same for both ajax and non-ajax. So we derive the scheme based on the HTTPS server var and
* our own path derivation in initial.php.
*
* COPY THIS FILE TO THE ROOT OF THE INSTALLATION, REPLACING THE DRUPAL INDEX!
*/
include DRUPAL_ROOT . '/initial.php';
//Needed to derive the _WEB_URL which will be '' or '/vals'
$scheme = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http';
$base_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . _WEB_URL;
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
$vals_soc_pretend_possible = defined('_DEBUG') && _DEBUG && (Users::isAdmin() || defined('_VALS_SOC_TEST_ENV') && _VALS_SOC_TEST_ENV);
if (Users::isAdmin() || $vals_soc_pretend_possible) {
list($u, $o_state) = pretendUser();
}
menu_execute_active_handler();
if ($vals_soc_pretend_possible) {
restoreUser($u, $o_state);
}
//////// EDIT THE FILE UNDER THE ROOT IF YOU HAVE ALREADY INSTALLED THE APPLICATION
<?php
include 'include.php';
module_load_include('php', 'vals_soc', 'includes/functions/ajax_functions');
module_load_include('php', 'vals_soc', 'includes/classes/ThreadedComments');
module_load_include('php', 'vals_soc', 'includes/classes/ThreadUIBuilder');
module_load_include('php', 'vals_soc', 'includes/classes/Project');
module_load_include('php', 'vals_soc', 'includes/classes/Proposal');
module_load_include('php', 'vals_soc', 'includes/classes/Institutes');
module_load_include('php', 'vals_soc', 'includes/classes/Organisations');
switch ($_GET['action']) {
case 'delete':
if (!Users::isAdmin()) {
echo errorDiv("You cannot delete comments");
} else {
$type = altSubValue($_POST, 'entity_type', '');
$id = altSubValue($_POST, 'id', '');
$entity_id = altSubValue($_POST, 'entity_id', '');
try {
$result = db_delete(tableName('comment'))->condition('id', $id);
} catch (Exception $e) {
echo "Error " . $e->getMessage();
}
echo $result ? successDiv(tt('You succesfully deleted your %1$s.', t('comment'))) : errorDiv(tt('We could not delete your %1%s.', t('comment')));
}
break;
case 'save':
global $user;
$type = altSubValue($_POST, 'entity_type', '');
$id = altSubValue($_POST, 'id', '');
$entity_id = altSubValue($_POST, 'entity_id', '');
<?php
echo $form->labelEx($model, 'sex');
?>
<?php
echo $form->dropdownList($model, 'sex', Users::userSex('admin'), array('class' => 'form-control'));
?>
<?php
echo $form->error($model, 'sex');
?>
</div>
<div class="form-group">
<?php
echo $form->labelEx($model, 'isAdmin');
?>
<?php
echo $form->dropdownList($model, 'isAdmin', Users::isAdmin('admin'), array('class' => 'form-control'));
?>
<?php
echo $form->error($model, 'isAdmin');
?>
</div>
<div class="form-group">
<?php
echo $form->labelEx($model, 'status');
?>
<?php
echo $form->dropdownList($model, 'status', Users::userStatus('admin'), array('class' => 'form-control'));
?>
<?php
echo $form->error($model, 'status');
?>
public static function getUsers($member_type, $group_type = '', $group_id = '', $id = '')
{
global $user;
$group_head = $user->uid;
//todo: find out whether current user is indeed head of the group
$group_type = $group_type ?: self::participationGroup($member_type);
if ($group_id == 'all') {
// updated to ensure we only retrieve users that belong to
// one of the logged in users 'soc_user_membership ' groups.
// For example, this was originally retrieving ALL mentors,
// inc ones not in any of the current users organisations
$group_ids = Users::isAdmin() ? null : db_query("SELECT group_id from soc_user_membership t" . " WHERE t.uid = {$group_head} AND t.type = '{$group_type}' ")->fetchCol();
if ($group_ids) {
//So we know which groups and of which type membertype should be member
$query = "SELECT DISTINCT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' AND um.group_id IN (" . implode(',', $group_ids) . ")";
$members = db_query($query);
} else {
//So the admin cannot see who are subscribed???? Used to be : return NULL;
$query = "SELECT DISTINCT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' ";
$members = db_query($query);
}
} else {
if ($id) {
$members = db_query("SELECT u.*,n.name as fullname from users as u " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE u.uid = '{$id}'");
} else {
if ($group_id && $group_type) {
$group_ids = array($group_id);
} else {
if ($group_type) {
$key = self::keyField($group_type);
$table = tableName($group_type);
//get the organisation from the current user, assuming he/she is head of the organisation/group/etc
$group_ids = db_query("SELECT {$key} from {$table} t" . " WHERE t.owner_id = {$group_head} ")->fetchCol();
} else {
$group_ids = null;
}
}
if ($group_ids) {
//So we know which groups and of which type membertype should be member
$members = db_query("SELECT u.*,n.name as fullname from users as u " . "left join users_roles as ur on u.uid = ur.uid " . "left join role as r on ur.rid = r.rid " . "left join soc_user_membership as um on u.uid = um.uid " . 'left join soc_names as n on u.uid=n.names_uid ' . "WHERE r.name = '{$member_type}' AND um.type = '{$group_type}' AND um.group_id IN (" . implode(',', $group_ids) . ")");
} else {
return NULL;
}
}
}
return $members;
}
public static function adminDeleteItem()
{
if (Users::isAdmin()) {
$validation = new Validate();
$validation->check($_POST, array('action' => array('name' => 'Action', 'required' => true, 'wildcard' => 'admin_item_delete'), 'table' => array('name' => 'Table Name', 'required' => true), 'id' => array('name' => 'Entry ID', 'required' => true)));
if ($validation->passed()) {
DB::instance()->delete(Input::get('table'), array("", "id", "=", Input::get('id')));
if (Input::get('table') === Users::safeSid() . '_assignments') {
Calendar::deleteAssignment(Input::get('id'));
}
Notifications::addSuccess('Entry deleted!');
Redirect::to('?page=home');
} else {
Notifications::addValidationFail($validation->getErrors());
}
} else {
Redirect::error(403);
}
}
