function getSurveyUserGroupList($outputformat = 'htmloptions', $surveyid)
{
    $surveyid = sanitize_int($surveyid);
    $surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da\n    FROM {{user_groups}} AS a\n    LEFT JOIN (\n    SELECT b.ugid\n    FROM {{user_in_groups}} AS b\n    LEFT JOIN (SELECT * FROM {{permissions}}\n    WHERE entity_id = {$surveyid} and entity='survey') AS c ON b.uid = c.uid WHERE c.uid IS NULL\n    ) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL";
    $surveyidresult = Yii::app()->db->createCommand($surveyidquery)->query();
    //Checked
    $aResult = $surveyidresult->readAll();
    $surveyselecter = "";
    if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == true) {
        $authorizedGroupsList = getUserGroupList(NULL, 'simplegidarray');
    }
    foreach ($aResult as $sv) {
        if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == false || in_array($sv['ugid'], $authorizedGroupsList)) {
            $surveyselecter .= "<option";
            $surveyselecter .= " value='{$sv['ugid']}'>{$sv['name']}</option>\n";
            $simpleugidarray[] = $sv['ugid'];
        }
    }
    if (!isset($svexist)) {
        $surveyselecter = "<option value='-1' selected='selected'>" . gT("Please choose...") . "</option>\n" . $surveyselecter;
    } else {
        $surveyselecter = "<option value='-1'>" . gT("None") . "</option>\n" . $surveyselecter;
    }
    if ($outputformat == 'simpleugidarray') {
        return $simpleugidarray;
    } else {
        return $surveyselecter;
    }
}
            <img src='<?php 
echo $imageurl;
?>
blank.gif' alt='' width='92' height='20' />
            <img src='<?php 
echo $imageurl;
?>
separator.gif' class='separator' alt='' />
        </div>
        <div class='menubar-right'>
            <label for="ugid"><?php 
$clang->eT("User groups");
?>
:</label>  <select name='ugid' id='ugid' onchange="window.location=this.options[this.selectedIndex].value">
                <?php 
echo getUserGroupList($ugid, 'optionlist');
?>
            </select>
            <?php 
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
    ?>
                <a href='<?php 
    echo $this->createUrl("admin/usergroups/sa/add");
    ?>
'>
                    <img src='<?php 
    echo $imageurl;
    ?>
add.png' alt='<?php 
    $clang->eT("Add new user group");
    ?>
 /**
  * Load survey security screen.
  * @param mixed $surveyid
  * @return void
  */
 function index($surveyid)
 {
     $aData['surveyid'] = $surveyid = sanitize_int($surveyid);
     $aViewUrls = array();
     $clang = Yii::app()->lang;
     $imageurl = Yii::app()->getConfig('adminimageurl');
     if (hasSurveyPermission($surveyid, 'survey', 'read')) {
         $aBaseSurveyPermissions = Survey_permissions::model()->getBasePermissions();
         $this->getController()->_js_admin_includes(Yii::app()->getConfig('generalscripts') . 'jquery/jquery.tablesorter.min.js');
         $this->getController()->_js_admin_includes(Yii::app()->getConfig('adminscripts') . 'surveysecurity.js');
         $result2 = Survey_permissions::model()->getUserDetails($surveyid);
         $surveysecurity = "<div class='header ui-widget-header'>" . $clang->gT("Survey permissions") . "</div>\n" . "<table class='surveysecurity'><thead>" . "<tr>\n" . "<th>" . $clang->gT("Action") . "</th>\n" . "<th>" . $clang->gT("Username") . "</th>\n" . "<th>" . $clang->gT("User group") . "</th>\n" . "<th>" . $clang->gT("Full name") . "</th>\n";
         foreach ($aBaseSurveyPermissions as $sPermission => $aSubPermissions) {
             $surveysecurity .= "<th><img src=\"{$imageurl}{$aSubPermissions['img']}_30.png\" alt=\"<span style='font-weight:bold;'>" . $aSubPermissions['title'] . "</span><br />" . $aSubPermissions['description'] . "\" /></th>\n";
         }
         $surveysecurity .= "</tr></thead>\n";
         // Foot first
         if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == true) {
             $authorizedGroupsList = getUserGroupList(NULL, 'simplegidarray');
         }
         $surveysecurity .= "<tbody>\n";
         if (count($result2) > 0) {
             //    output users
             $row = 0;
             foreach ($result2 as $PermissionRow) {
                 $result3 = User_in_groups::model()->with('users')->findAll('users.uid = :uid', array(':uid' => $PermissionRow['uid']));
                 foreach ($result3 as $resul3row) {
                     if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == false || in_array($resul3row->ugid, $authorizedGroupsList)) {
                         $group_ids[] = $resul3row->ugid;
                     }
                 }
                 if (isset($group_ids) && $group_ids[0] != NULL) {
                     $group_ids_query = implode(",", $group_ids);
                     unset($group_ids);
                     $result4 = User_groups::model()->findAll("ugid IN ({$group_ids_query})");
                     foreach ($result4 as $resul4row) {
                         $group_names[] = $resul4row->name;
                     }
                     if (count($group_names) > 0) {
                         $group_names_query = implode(", ", $group_names);
                     }
                 }
                 //                  else {break;} //TODO Commented by lemeur
                 $surveysecurity .= "<tr>\n";
                 $surveysecurity .= "<td>\n";
                 $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post', array('style' => "display:inline;")) . "<input type='image' src='{$imageurl}edit_16.png' alt='" . $clang->gT("Edit permissions") . "' />" . "<input type='hidden' name='action' value='setsurveysecurity' />" . "<input type='hidden' name='user' value='{$PermissionRow['users_name']}' />" . "<input type='hidden' name='uid' value='{$PermissionRow['uid']}' />" . "</form>\n";
                 $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/delete/surveyid/{$surveyid}"), 'post', array('style' => "display:inline;")) . "<input type='image' src='{$imageurl}/token_delete.png' alt='" . $clang->gT("Delete") . "' onclick='return confirm(\"" . $clang->gT("Are you sure you want to delete this entry?", "js") . "\")' />" . "<input type='hidden' name='action' value='delsurveysecurity' />" . "<input type='hidden' name='user' value='{$PermissionRow['users_name']}' />" . "<input type='hidden' name='uid' value='{$PermissionRow['uid']}' />" . "</form>";
                 $surveysecurity .= "</td>\n";
                 $surveysecurity .= "<td>{$PermissionRow['users_name']}</td>\n" . "<td>";
                 if (isset($group_names) > 0) {
                     $surveysecurity .= $group_names_query;
                 } else {
                     $surveysecurity .= "---";
                 }
                 unset($group_names);
                 $surveysecurity .= "</td>\n" . "<td>\n{$PermissionRow['full_name']}</td>\n";
                 //Now show the permissions
                 foreach ($aBaseSurveyPermissions as $sPKey => $aPDetails) {
                     unset($aPDetails['img']);
                     unset($aPDetails['description']);
                     unset($aPDetails['title']);
                     $iCount = 0;
                     $iPermissionCount = 0;
                     foreach ($aPDetails as $sPDetailKey => $sPDetailValue) {
                         if ($sPDetailValue && hasSurveyPermission($surveyid, $sPKey, $sPDetailKey, $PermissionRow['uid']) && !($sPKey == 'survey' && $sPDetailKey == 'read')) {
                             $iCount++;
                         }
                         if ($sPDetailValue) {
                             $iPermissionCount++;
                         }
                     }
                     if ($sPKey == 'survey') {
                         $iPermissionCount--;
                     }
                     if ($iCount == $iPermissionCount) {
                         $insert = "<div class=\"ui-icon ui-icon-check\">&nbsp;</div>";
                     } elseif ($iCount > 0) {
                         $insert = "<div class=\"ui-icon ui-icon-check mixed\">&nbsp;</div>";
                     } else {
                         $insert = "<div>&nbsp;</div>";
                     }
                     $surveysecurity .= "<td>\n{$insert}\n</td>\n";
                 }
                 $surveysecurity .= "</tr>\n";
                 $row++;
             }
         } else {
             $surveysecurity .= "<tr><td colspan='16'></td></tr>";
             //fix error on empty table
         }
         $surveysecurity .= "</tbody>\n" . "</table>\n" . CHtml::form(array("admin/surveypermission/sa/adduser/surveyid/{$surveyid}"), 'post', array('class' => "form44")) . "<ul>\n" . "<li><label for='uidselect'>" . $clang->gT("User") . ": </label><select id='uidselect' name='uid'>\n" . getSurveyUserList(false, false, $surveyid) . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add User") . "'  onclick=\"if (document.getElementById('uidselect').value == -1) { alert('" . $clang->gT("Please select a user first", "js") . "'); return false;}\"/>" . "<input type='hidden' name='action' value='addsurveysecurity' />" . "</li></ul></form>\n" . CHtml::form(array("admin/surveypermission/sa/addusergroup/surveyid/{$surveyid}"), 'post', array('class' => "form44")) . "<ul><li>\n" . "<label for='ugidselect'>" . $clang->gT("Groups") . ": </label><select id='ugidselect' name='ugid'>\n" . getSurveyUserGroupList('htmloptions', $surveyid) . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add user group") . "' onclick=\"if (document.getElementById('ugidselect').value == -1) { alert('" . $clang->gT("Please select a user group first", "js") . "'); return false;}\" />" . "<input type='hidden' name='action' value='addusergroupsurveysecurity' />\n" . "</li></ul></form>";
         $aViewUrls['output'] = $surveysecurity;
     } else {
         accessDenied();
     }
     $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
 }
 /**
  * surveypermission::surveyright()
  * Function responsible to process setting of permission of a user/usergroup.
  * @param mixed $surveyid
  * @return void
  */
 function surveyright($surveyid)
 {
     $aData['surveyid'] = $surveyid = sanitize_int($surveyid);
     $aViewUrls = array();
     $action = $_POST['action'];
     $imageurl = Yii::app()->getConfig('imageurl');
     $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
     $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
     if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
         $this->getController()->error('Access denied');
     } elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
         $this->getController()->error('Access denied');
     }
     if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
         $addsummary = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>";
         $addsummary .= '<div class="row"><div class="col-lg-12 content-right">';
         $addsummary .= "<div class=\"jumbotron message-box\">\n";
         $addsummary .= "<h2>" . gT("Edit survey permissions") . "</h2>\n";
         $where = ' ';
         if ($postuserid) {
             if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
                 $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
                 $resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
             }
         } else {
             $where .= "sid = :sid";
             $resrow = Survey::model()->find($where, array(':sid' => $surveyid));
             $iOwnerID = $resrow['owner_id'];
         }
         $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
         $aPermissions = array();
         foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
             foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
                 if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
                     continue;
                 }
                 if ($CRUDValue) {
                     if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 1;
                     } else {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 0;
                     }
                 }
             }
         }
         if (isset($postusergroupid) && $postusergroupid > 0) {
             $oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
             if (count($oResult) > 0) {
                 foreach ($oResult as $aRow) {
                     Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
                 }
                 $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
             }
         } else {
             if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
                 Yii::app()->setFlashMessage(gT("Survey permissions were successfully updated."));
             } else {
                 Yii::app()->setFlashMessage(gT("Failed to update survey permissions!"));
             }
             if (App()->getRequest()->getPost('close-after-save') == 'false') {
                 Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/set', array('action' => 'setsurveysecurity', 'surveyid' => $surveyid, 'uid' => $postuserid)));
             }
             Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/view', array('surveyid' => $surveyid)));
         }
         $addsummary .= "<br/><input class='btn btn-default'  type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
         $addsummary .= "</div></div></div>\n";
         $aViewUrls['output'] = $addsummary;
     } else {
         $this->getController()->error('Access denied');
     }
     $aData['sidemenu']['state'] = false;
     $surveyinfo = Survey::model()->findByPk($surveyid)->surveyinfo;
     $aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $surveyid . ")";
     $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
 }
 /**
  * surveypermission::surveyright()
  * Function responsible to process setting of permission of a user/usergroup.
  * @param mixed $surveyid
  * @return void
  */
 function surveyright($surveyid)
 {
     $aData['surveyid'] = $surveyid = sanitize_int($surveyid);
     $aViewUrls = array();
     $action = $_POST['action'];
     $imageurl = Yii::app()->getConfig('imageurl');
     $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
     $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
     if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
         $this->getController()->error('Access denied');
     } elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
         $this->getController()->error('Access denied');
     }
     if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
         $addsummary = "<div class='header ui-widget-header'>" . gT("Edit survey permissions") . "</div>\n";
         $addsummary .= "<div class='messagebox ui-corner-all'>\n";
         $where = ' ';
         if ($postuserid) {
             if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
                 $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
                 $resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
             }
         } else {
             $where .= "sid = :sid";
             $resrow = Survey::model()->find($where, array(':sid' => $surveyid));
             $iOwnerID = $resrow['owner_id'];
         }
         $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
         $aPermissions = array();
         foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
             foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
                 if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
                     continue;
                 }
                 if ($CRUDValue) {
                     if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 1;
                     } else {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 0;
                     }
                 }
             }
         }
         if (isset($postusergroupid) && $postusergroupid > 0) {
             $oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
             if (count($oResult) > 0) {
                 foreach ($oResult as $aRow) {
                     Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
                 }
                 $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
             }
         } else {
             if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
                 $addsummary .= "<div class=\"successheader\">" . gT("Survey permissions were successfully updated.") . "</div>\n";
             } else {
                 $addsummary .= "<div class=\"warningheader\">" . gT("Failed to update survey permissions!") . "</div>\n";
             }
         }
         $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
         $addsummary .= "</div>\n";
         $aViewUrls['output'] = $addsummary;
     } else {
         $this->getController()->error('Access denied');
     }
     $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
 }
Exemple #6
0
function clearSingleTidList($tids)
{
    if (empty($tids)) {
        return;
    }
    global $_G, $expireTime;
    $gids = getUserGroupList();
    if (empty($gids)) {
        return;
    }
    $cacheKeys = array();
    foreach ($gids as $gid) {
        $cacheKey = 'bigapp_group_tids_' . $gid . '_' . implode(', ', $tids);
        $md5Key = md5($cacheKey);
        $cacheKeys[] = $md5Key;
        true === BIGAPP_DEV && runlog('bigapp', "add key to delete list [ key: {$cacheKey}, md5 key: {$md5Key} ]");
    }
    C::t('common_syscache')->delete((array) $cacheKeys);
}