function getSurveyUserGroupList($outputformat = 'htmloptions', $surveyid)
{
$surveyid = sanitize_int($surveyid);
$surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da\n FROM {{user_groups}} AS a\n LEFT JOIN (\n SELECT b.ugid\n FROM {{user_in_groups}} AS b\n LEFT JOIN (SELECT * FROM {{permissions}}\n WHERE entity_id = {$surveyid} and entity='survey') AS c ON b.uid = c.uid WHERE c.uid IS NULL\n ) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL";
$surveyidresult = Yii::app()->db->createCommand($surveyidquery)->query();
//Checked
$aResult = $surveyidresult->readAll();
$surveyselecter = "";
if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == true) {
$authorizedGroupsList = getUserGroupList(NULL, 'simplegidarray');
}
foreach ($aResult as $sv) {
if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == false || in_array($sv['ugid'], $authorizedGroupsList)) {
$surveyselecter .= "<option";
$surveyselecter .= " value='{$sv['ugid']}'>{$sv['name']}</option>\n";
$simpleugidarray[] = $sv['ugid'];
}
}
if (!isset($svexist)) {
$surveyselecter = "<option value='-1' selected='selected'>" . gT("Please choose...") . "</option>\n" . $surveyselecter;
} else {
$surveyselecter = "<option value='-1'>" . gT("None") . "</option>\n" . $surveyselecter;
}
if ($outputformat == 'simpleugidarray') {
return $simpleugidarray;
} else {
return $surveyselecter;
}
}
<img src='<?php
echo $imageurl;
?>
blank.gif' alt='' width='92' height='20' />
<img src='<?php
echo $imageurl;
?>
separator.gif' class='separator' alt='' />
</div>
<div class='menubar-right'>
<label for="ugid"><?php
$clang->eT("User groups");
?>
:</label> <select name='ugid' id='ugid' onchange="window.location=this.options[this.selectedIndex].value">
<?php
echo getUserGroupList($ugid, 'optionlist');
?>
</select>
<?php
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
?>
<a href='<?php
echo $this->createUrl("admin/usergroups/sa/add");
?>
'>
<img src='<?php
echo $imageurl;
?>
add.png' alt='<?php
$clang->eT("Add new user group");
?>
/**
* Load survey security screen.
* @param mixed $surveyid
* @return void
*/
function index($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$clang = Yii::app()->lang;
$imageurl = Yii::app()->getConfig('adminimageurl');
if (hasSurveyPermission($surveyid, 'survey', 'read')) {
$aBaseSurveyPermissions = Survey_permissions::model()->getBasePermissions();
$this->getController()->_js_admin_includes(Yii::app()->getConfig('generalscripts') . 'jquery/jquery.tablesorter.min.js');
$this->getController()->_js_admin_includes(Yii::app()->getConfig('adminscripts') . 'surveysecurity.js');
$result2 = Survey_permissions::model()->getUserDetails($surveyid);
$surveysecurity = "<div class='header ui-widget-header'>" . $clang->gT("Survey permissions") . "</div>\n" . "<table class='surveysecurity'><thead>" . "<tr>\n" . "<th>" . $clang->gT("Action") . "</th>\n" . "<th>" . $clang->gT("Username") . "</th>\n" . "<th>" . $clang->gT("User group") . "</th>\n" . "<th>" . $clang->gT("Full name") . "</th>\n";
foreach ($aBaseSurveyPermissions as $sPermission => $aSubPermissions) {
$surveysecurity .= "<th><img src=\"{$imageurl}{$aSubPermissions['img']}_30.png\" alt=\"<span style='font-weight:bold;'>" . $aSubPermissions['title'] . "</span><br />" . $aSubPermissions['description'] . "\" /></th>\n";
}
$surveysecurity .= "</tr></thead>\n";
// Foot first
if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == true) {
$authorizedGroupsList = getUserGroupList(NULL, 'simplegidarray');
}
$surveysecurity .= "<tbody>\n";
if (count($result2) > 0) {
// output users
$row = 0;
foreach ($result2 as $PermissionRow) {
$result3 = User_in_groups::model()->with('users')->findAll('users.uid = :uid', array(':uid' => $PermissionRow['uid']));
foreach ($result3 as $resul3row) {
if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == false || in_array($resul3row->ugid, $authorizedGroupsList)) {
$group_ids[] = $resul3row->ugid;
}
}
if (isset($group_ids) && $group_ids[0] != NULL) {
$group_ids_query = implode(",", $group_ids);
unset($group_ids);
$result4 = User_groups::model()->findAll("ugid IN ({$group_ids_query})");
foreach ($result4 as $resul4row) {
$group_names[] = $resul4row->name;
}
if (count($group_names) > 0) {
$group_names_query = implode(", ", $group_names);
}
}
// else {break;} //TODO Commented by lemeur
$surveysecurity .= "<tr>\n";
$surveysecurity .= "<td>\n";
$surveysecurity .= CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post', array('style' => "display:inline;")) . "<input type='image' src='{$imageurl}edit_16.png' alt='" . $clang->gT("Edit permissions") . "' />" . "<input type='hidden' name='action' value='setsurveysecurity' />" . "<input type='hidden' name='user' value='{$PermissionRow['users_name']}' />" . "<input type='hidden' name='uid' value='{$PermissionRow['uid']}' />" . "</form>\n";
$surveysecurity .= CHtml::form(array("admin/surveypermission/sa/delete/surveyid/{$surveyid}"), 'post', array('style' => "display:inline;")) . "<input type='image' src='{$imageurl}/token_delete.png' alt='" . $clang->gT("Delete") . "' onclick='return confirm(\"" . $clang->gT("Are you sure you want to delete this entry?", "js") . "\")' />" . "<input type='hidden' name='action' value='delsurveysecurity' />" . "<input type='hidden' name='user' value='{$PermissionRow['users_name']}' />" . "<input type='hidden' name='uid' value='{$PermissionRow['uid']}' />" . "</form>";
$surveysecurity .= "</td>\n";
$surveysecurity .= "<td>{$PermissionRow['users_name']}</td>\n" . "<td>";
if (isset($group_names) > 0) {
$surveysecurity .= $group_names_query;
} else {
$surveysecurity .= "---";
}
unset($group_names);
$surveysecurity .= "</td>\n" . "<td>\n{$PermissionRow['full_name']}</td>\n";
//Now show the permissions
foreach ($aBaseSurveyPermissions as $sPKey => $aPDetails) {
unset($aPDetails['img']);
unset($aPDetails['description']);
unset($aPDetails['title']);
$iCount = 0;
$iPermissionCount = 0;
foreach ($aPDetails as $sPDetailKey => $sPDetailValue) {
if ($sPDetailValue && hasSurveyPermission($surveyid, $sPKey, $sPDetailKey, $PermissionRow['uid']) && !($sPKey == 'survey' && $sPDetailKey == 'read')) {
$iCount++;
}
if ($sPDetailValue) {
$iPermissionCount++;
}
}
if ($sPKey == 'survey') {
$iPermissionCount--;
}
if ($iCount == $iPermissionCount) {
$insert = "<div class=\"ui-icon ui-icon-check\"> </div>";
} elseif ($iCount > 0) {
$insert = "<div class=\"ui-icon ui-icon-check mixed\"> </div>";
} else {
$insert = "<div> </div>";
}
$surveysecurity .= "<td>\n{$insert}\n</td>\n";
}
$surveysecurity .= "</tr>\n";
$row++;
}
} else {
$surveysecurity .= "<tr><td colspan='16'></td></tr>";
//fix error on empty table
}
$surveysecurity .= "</tbody>\n" . "</table>\n" . CHtml::form(array("admin/surveypermission/sa/adduser/surveyid/{$surveyid}"), 'post', array('class' => "form44")) . "<ul>\n" . "<li><label for='uidselect'>" . $clang->gT("User") . ": </label><select id='uidselect' name='uid'>\n" . getSurveyUserList(false, false, $surveyid) . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add User") . "' onclick=\"if (document.getElementById('uidselect').value == -1) { alert('" . $clang->gT("Please select a user first", "js") . "'); return false;}\"/>" . "<input type='hidden' name='action' value='addsurveysecurity' />" . "</li></ul></form>\n" . CHtml::form(array("admin/surveypermission/sa/addusergroup/surveyid/{$surveyid}"), 'post', array('class' => "form44")) . "<ul><li>\n" . "<label for='ugidselect'>" . $clang->gT("Groups") . ": </label><select id='ugidselect' name='ugid'>\n" . getSurveyUserGroupList('htmloptions', $surveyid) . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add user group") . "' onclick=\"if (document.getElementById('ugidselect').value == -1) { alert('" . $clang->gT("Please select a user group first", "js") . "'); return false;}\" />" . "<input type='hidden' name='action' value='addusergroupsurveysecurity' />\n" . "</li></ul></form>";
$aViewUrls['output'] = $surveysecurity;
} else {
accessDenied();
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
/**
* surveypermission::surveyright()
* Function responsible to process setting of permission of a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function surveyright($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
$this->getController()->error('Access denied');
}
if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
$addsummary = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>";
$addsummary .= '<div class="row"><div class="col-lg-12 content-right">';
$addsummary .= "<div class=\"jumbotron message-box\">\n";
$addsummary .= "<h2>" . gT("Edit survey permissions") . "</h2>\n";
$where = ' ';
if ($postuserid) {
if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
$where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
$resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
}
} else {
$where .= "sid = :sid";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid));
$iOwnerID = $resrow['owner_id'];
}
$aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
$aPermissions = array();
foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
continue;
}
if ($CRUDValue) {
if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
$aPermissions[$sPermissionKey][$sCRUDKey] = 1;
} else {
$aPermissions[$sPermissionKey][$sCRUDKey] = 0;
}
}
}
}
if (isset($postusergroupid) && $postusergroupid > 0) {
$oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
if (count($oResult) > 0) {
foreach ($oResult as $aRow) {
Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
}
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
}
} else {
if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
Yii::app()->setFlashMessage(gT("Survey permissions were successfully updated."));
} else {
Yii::app()->setFlashMessage(gT("Failed to update survey permissions!"));
}
if (App()->getRequest()->getPost('close-after-save') == 'false') {
Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/set', array('action' => 'setsurveysecurity', 'surveyid' => $surveyid, 'uid' => $postuserid)));
}
Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/view', array('surveyid' => $surveyid)));
}
$addsummary .= "<br/><input class='btn btn-default' type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
$addsummary .= "</div></div></div>\n";
$aViewUrls['output'] = $addsummary;
} else {
$this->getController()->error('Access denied');
}
$aData['sidemenu']['state'] = false;
$surveyinfo = Survey::model()->findByPk($surveyid)->surveyinfo;
$aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $surveyid . ")";
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
/**
* surveypermission::surveyright()
* Function responsible to process setting of permission of a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function surveyright($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, getUserGroupList(null, 'simplegidarray'))) {
$this->getController()->error('Access denied');
}
if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) {
$addsummary = "<div class='header ui-widget-header'>" . gT("Edit survey permissions") . "</div>\n";
$addsummary .= "<div class='messagebox ui-corner-all'>\n";
$where = ' ';
if ($postuserid) {
if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
$where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
$resrow = Survey::model()->find($where, array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
}
} else {
$where .= "sid = :sid";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid));
$iOwnerID = $resrow['owner_id'];
}
$aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
$aPermissions = array();
foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
continue;
}
if ($CRUDValue) {
if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
$aPermissions[$sPermissionKey][$sCRUDKey] = 1;
} else {
$aPermissions[$sPermissionKey][$sCRUDKey] = 0;
}
}
}
}
if (isset($postusergroupid) && $postusergroupid > 0) {
$oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
if (count($oResult) > 0) {
foreach ($oResult as $aRow) {
Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions);
}
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
}
} else {
if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) {
$addsummary .= "<div class=\"successheader\">" . gT("Survey permissions were successfully updated.") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . gT("Failed to update survey permissions!") . "</div>\n";
}
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
} else {
$this->getController()->error('Access denied');
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
function clearSingleTidList($tids)
{
if (empty($tids)) {
return;
}
global $_G, $expireTime;
$gids = getUserGroupList();
if (empty($gids)) {
return;
}
$cacheKeys = array();
foreach ($gids as $gid) {
$cacheKey = 'bigapp_group_tids_' . $gid . '_' . implode(', ', $tids);
$md5Key = md5($cacheKey);
$cacheKeys[] = $md5Key;
true === BIGAPP_DEV && runlog('bigapp', "add key to delete list [ key: {$cacheKey}, md5 key: {$md5Key} ]");
}
C::t('common_syscache')->delete((array) $cacheKeys);
}