/** * This function sends out a notification of the given type * with the specified message. * * @param $type string A notification type guid * @param $message string The message to send * @param $persons (object)array The netId, method, and email address of a specific person(s) to receive the message * usually the person to whom the message is referring (i.e. performance logs) */ function notify($type, $message, $persons = null) { global $areaGuid, $db; // Find permission needed to receive notification try { $stmt = $db->prepare("SELECT * FROM notificationTypes WHERE guid=:guid"); $stmt->execute(array(':guid' => $type)); } catch (PDOException $e) { exit("error in query"); } $notType = $stmt->fetch(); // Get notifications url $url = getEnv('NOTIFICATIONSURL'); // Get recipients try { $stmt = $db->prepare("SELECT notificationPreferences.*, employee.email FROM notificationPreferences JOIN employee\n\t\t\tON notificationPreferences.netId=employee.netID WHERE type=:type AND notificationPreferences.area=:area"); $stmt->execute(array(':type' => $type, ':area' => $areaGuid)); } catch (PDOException $e) { exit("error in query"); } // Make sure each recipient can recieve the notification // If not, remove them from the list and delete that preference $receivers = array(); if ($persons !== null) { $receivers = $persons; // If no permission is required, send to all } else { if ($notType->resource == null) { while ($recipient = $stmt->fetch()) { $receivers[] = (object) array("netId" => $recipient->netId, "method" => $recipient->method, "email" => $recipient->email); } // If user must be an admin to receive this notification } else { if ($notType->resource == "admin") { while ($recipient = $stmt->fetch()) { // Add to send list only if the user is an admin or can be superuser if (isAdmin($recipient->netId, $areaGuid) || canBeSuperuser($recipient->netId)) { $receivers[] = (object) array("netId" => $recipient->netId, "method" => $recipient->method, "email" => $recipient->email); } else { // User is not authorized to receive permission, remove entry from table try { $stmt2 = $db->prepare("DELETE FROM notificationPreferences WHERE netId=:netId AND type=:type AND area=:area"); $stmt2->execute(array(':netId' => $recipient->netId, ':type' => $type, ':area' => $areaGuid)); } catch (PDOException $e) { exit("error in query"); } } } // Normal permission check } else { while ($recipient = $stmt->fetch()) { // Add to send list only if the user is an admin or can be superuser if (can($notType->verb, $notType->resource, $recipient->netId) || canBeSuperuser($recipient->netId)) { $receivers[] = (object) array("netId" => $recipient->netId, "method" => $recipient->method, "email" => $recipient->email); } else { // User is not authorized to receive permission, remove entry from table try { $stmt2 = $db->prepare("DELETE FROM notificationPreferences WHERE netId=:netId AND type=:type AND area=:area"); $stmt2->execute(array(':netId' => $recipient->netId, ':type' => $type, ':area' => $areaGuid)); } catch (PDOException $e) { exit("error in query"); } } } } } } $guid = newGuid(); try { $stmt3 = $db->prepare("INSERT INTO notifications (message, type, area, guid) VALUES (:message, :type, :area, :guid)"); $stmt3->execute(array(":message" => $message, ":type" => $type, ":area" => $areaGuid, ":guid" => $guid)); } catch (PDOException $e) { exit("error in query"); } if (count($receivers) > 0) { sendAuthenticatedRequest("POST", "https://" . $url . "/notify", array("message" => $message, "receivers" => json_encode($receivers))); foreach ($receivers as $receiver) { if ($receiver->method == "onsite" || $receiver->method == "all") { try { $stmt4 = $db->prepare("INSERT INTO userNotifications (netId, notificationGuid) VALUES (:netId, :guid)"); $stmt4->execute(array(":netId" => $receiver->netId, ":guid" => $guid)); } catch (PDOException $e) { } // catch exceptions if they arise, but try to add as many as possible } } } }
?> /includes/template/img/byu-logo-small.gif" alt="BYU Logo" /></a> <a href="http://it.byu.edu" id="parent">Office of Information Technology</a> </div> <a href="/" id="site-name"><?php echo getAreaName(); ?> </a> <div id="search-container"> <?php if ($auth) { ?> <?php if (canBeSuperuser()) { if (isSuperuser()) { ?> <a id="superuserButton" onclick="stop('<?php echo $netID; ?> ')" class="button">Stop Superuser</a> <?php } else { ?> <a id="superuserButton" onclick="elevate('<?php echo $netID; ?> ')" class="button">Elevate to Superuser</a> <?php }