<?php require_once "../../lib/init.php"; protectPage(11); @($id = DB::Safe($_GET['id'])); $c = Calling::Load($id); if (!is_object($c)) { fail("Bad calling ID."); } if ($c->Preset()) { fail("Can't delete a pre-defined calling."); } if ($c->WardID() != $MEMBER->WardID) { Response::Send(403, "Can't delete a calling which does not belong to your ward."); } if ($c->Delete(true)) { Response::Send(200); } else { fail("Oops, something went wrong. Please report this error."); }
public function Object() { if (!$this->ObjectID) { return null; } if ($this->ObjectType == 'Calling') { return Calling::Load($this->ObjectID); } elseif ($this->ObjectType == 'Member') { return Member::Load($this->ObjectID); } else { return null; } }
public function Delete($sure = false, $hardDelete = false) { if ($sure !== true) { fail("Cannot delete ward; please pass boolean true as a second argument."); } if (!$this->ID) { return false; } $wid = $this->ID; // convenience // FHE groups DB::Run("DELETE FROM FheGroups WHERE WardID={$wid}"); // Residences $res = $ward->Residences(true); foreach ($res as $residence) { $res->Delete(true); } // SurveyQuestions, SurveyAnswers, SurveyAnswerOptions, Permissions $r = DB::Run("SELECT ID FROM SurveyQuestions WHERE WardID={$wid}"); while ($row = mysql_fetch_array($r)) { $sq = SurveyQuestion::Load($row['ID']); $sq->Delete(true); } // Callings, MembersCallings, and any remaining calling Permissions (shouldn't be any...) $r = DB::Run("SELECT ID FROM Callings WHERE WardID={$wid}"); while ($row = mysql_fetch_array($r)) { $c = Calling::Load($row['ID']); $c->Delete(true); } // Members, Credentials, GrantedPrivileges, remaining Callings, PwdResetTokens, // profile pic, and remaining member Permissions (shouldn't be any...) // (Everything else except the ward itself) $r = DB::Run("SELECT ID FROM Members WHERE WardID={$wid}"); while ($row = mysql_fetch_array($r)) { $m = Member::Load($row['ID']); $m->Delete(true); } // Ward itself if ($hardDelete) { DB::Run("DELETE FROM Wards WHERE ID={$wid} LIMIT 1"); // Unset this object so it can't inadvertently be saved again $this->ID = null; $this->Name = null; } else { $this->Deleted = true; $this->Save(); } return true; }
public function Callings() { $q = "SELECT CallingID FROM MembersCallings WHERE MemberID='{$this->ID}' ORDER BY ID ASC"; $r = DB::Run($q); $callings = array(); while ($row = mysql_fetch_array($r)) { $callings[] = Calling::Load($row['CallingID']); } return $callings; }
<?php require_once "lib/init.php"; protectPage(); // Build list of callings and members who hold those callings // to render it below. $list = ''; $r = DB::Run("SELECT ID FROM Callings WHERE WardID={$MEMBER->WardID} ORDER BY Name ASC"); if (!$r) { fail("ERROR > Could not request callings. Please report this: " . mysql_error()); } $callings = array(); while ($row = mysql_fetch_array($r)) { $c = Calling::Load($row['ID']); if (!$c) { continue; } $r2 = DB::Run("SELECT MemberID FROM MembersCallings WHERE CallingID={$c->ID()}"); if (!$r2) { fail("ERROR > Can't list members' callings. Please report this: " . mysql_error()); } if (mysql_num_rows($r2) > 0) { $callings[$c->Name] = array(); // Get a list of members with this calling while ($row2 = mysql_fetch_array($r2)) { $m = Member::Load($row2['MemberID']); if (!$m) { continue; } $callings[$c->Name][] = $m; }
</form> <br> <h2 id="by-calling">Privileges granted to callings</h2> <table class="privList"> <tr> <th>Calling</th> <th>Privilege</th> <th>Options</th> </tr> <?php $rm = DB::Run("SELECT CallingID, PrivilegeID FROM GrantedPrivileges INNER JOIN Callings ON Callings.ID = CallingID INNER JOIN Privileges ON Privileges.ID = GrantedPrivileges.PrivilegeID WHERE CallingID > 0 AND Callings.WardID={$MEMBER->WardID} ORDER BY Callings.Name ASC, Privileges.Privilege ASC"); while ($row = mysql_fetch_array($rm)) { $priv = Privilege::Load($row['PrivilegeID']); $call = Calling::Load($row['CallingID']); ?> <tr> <td> <b><?php echo $call->Name; ?> </b> </td> <td> <span title="<?php echo $priv->HelpText(); ?> "><?php echo $priv->Privilege(); ?>
fail("Nothing to do; don't forget to choose at least one question for which to grant permission."); } // If they chose a wildcard, make sure the selection of a member // or calling is not set (as a safety) if ($allMembers && $memberID) { fail("You selected to set this permission for ALL members but chose a specific member. Which one? Please go back and try again."); } if ($allCallings && $callingID) { fail("You selected to set this permission for ALL callings but chose a specific calling. Which one? Please go back and try again."); } if ($allMembers && $callingID || $allCallings && $memberID) { fail("You chose a wildcard permission across all callings or members but also chose a specific member or calling. Please select only one or the other."); } // Make sure the selected member or calling is in this ward if ($callingID) { $c = Calling::Load($callingID); if ($c->WardID() != $MEMBER->WardID) { fail("The calling you chose is not in your ward."); } } else { if ($memberID) { $m = Member::Load($memberID); if ($m->WardID != $MEMBER->WardID) { fail("The member you chose is not in your ward."); } } } $objID = $callingID ? $callingID : $memberID; $objType = $callingID ? "Calling" : "Member"; $n = count($questionID); for ($i = 0; $i < $n; $i++) {
<?php require_once "../../lib/init.php"; protectPage(11); @($name = $_POST['name']); if (!$name || strlen(trim($name)) < 2) { fail("Please submit a valid name for this calling."); } $c = new Calling($name, $MEMBER->WardID); if ($c->Save()) { Response::Send(200, $c->ID()); } else { fail("Something bad happened... hmm..."); }
// 10 is Manage Site Privileges; at least one member or calling from the ward should always have this. // This query gets a list of unique privileges. $epicQuery = "SELECT GrantedPrivileges.ID, Members.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Members ON Members.ID = GrantedPrivileges.MemberID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10\n\t\t\t\t\t\tUNION\n\t\t\t\t\t\tSELECT GrantedPrivileges.ID, Callings.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Callings ON Callings.ID = GrantedPrivileges.CallingID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10;"; if (mysql_num_rows(DB::Run($epicQuery)) == 1) { fail("At least one member or calling of your ward must be able to manage the site privileges. This was the last one; could not revoke."); } } if ($m) { $mem = Member::Load($m); if ($mem->WardID != $MEMBER->WardID) { fail("You can only revoke privileges from members of your ward."); } else { $priv->RevokeFromMember($m); } $redirectAppend = "?revoked#by-member"; } else { $call = Calling::Load($c); if ($call->WardID() != $MEMBER->WardID) { fail("You can only revoke privileges of callings in your ward."); } else { $priv->RevokeFromCalling($c); } $redirectAppend = "?revoked#by-calling"; } } else { fail("Bad request"); } } else { fail("Bad request; no input found"); } header("Location: ../privileges.php" . $redirectAppend);