$aCurators[$nID] = array('name' => $zCurators[$nID]['name'], 'level' => $zCurators[$nID]['level'], 'allow_edit' => (int) in_array($nID, $_POST['allow_edit']), 'shown' => (int) in_array($nID, $_POST['shown'])); } } else { // First time on form. Use current database contents. // Retrieve current curators and collaborators, order by current order. // Special ORDER BY statement makes sure show_order value of 0 is sent to the bottom of the list. $qCurators = $_DB->query('SELECT u.id, u.name, c.allow_edit, (c.show_order > 0) AS shown, u.level FROM ' . TABLE_CURATES . ' AS c INNER JOIN ' . TABLE_USERS . ' AS u ON (c.userid = u.id) WHERE c.geneid = ? ' . (ACTION == 'authorize' ? '' : 'AND c.allow_edit = 1 ') . 'ORDER BY (c.show_order > 0) DESC, c.show_order, u.level DESC, u.name', array($sID)); while ($z = $qCurators->fetchAssoc()) { $aCurators[$z['id']] = $z; } } lovd_errorPrint(); if (ACTION == 'authorize') { // Show viewList() of users that are NO curator or collaborator at this moment. require ROOT_PATH . 'class/object_users.php'; $_DATA = new LOVD_User(); lovd_showInfoTable('The following users are currently not a curator for this gene. Click on a user to select him/her as Curator or Collaborator.', 'information'); if ($aCurators) { // Create search string that hides the users currently selected to be curator or collaborator. $_GET['search_id'] = '!' . implode(' !', array_keys($aCurators)); } else { // We must have something non-empty here, otherwise the JS fails when selecting users. $_GET['search_id'] = '!0'; } $_GET['page_size'] = 10; $_DATA->setRowLink('Genes_AuthorizeUser', 'javascript:lovd_passAndRemoveViewListRow("{{ViewListID}}", "{{ID}}", {id: "{{ID}}", name: "{{zData_name}}", level: "{{zData_level}}"}, lovd_authorizeUser); return false;'); $_DATA->viewList('Genes_AuthorizeUser', array('id', 'status_', 'last_login_', 'created_date_'), true); // Create known viewListID for lovd_unauthorizeUser(). // Show curators, to sort and to select whether or not they can edit. print ' <BR><BR>' . "\n\n"; lovd_showInfoTable('All users below have access to all data (public and non-public) of the ' . $sID . ' gene database. If you don\'t want to give the user access to <I>edit</I> any of the data that is not their own, deselect the "Allow edit" checkbox. Please note that users with level Manager or higher, cannot be restricted in their right to edit all information in the database.<BR>Users without edit rights are called Collaborators. Users having edit rights are called Curators; they receive email notifications of new submission and are shown on the gene\'s home page by default. You can disable that below by deselecting the "Shown" checkbox next to their name. To sort the list of curators for this gene, click and drag the <IMG src="gfx/drag_vertical.png" alt="" width="5" height="13"> icon up or down the list. Release the mouse button in the preferred location.', 'information');
$aSQL[$sClause] = ''; continue; } $aSQL[$sClause] = $sPart; $sSQL = rtrim(substr($sSQL, 0, $nPosition)); } } return $aSQL; } // Loop through the queries. Run the optimizer, and compare the resulting query // with what we expect. Also run both queries and test the time needed to run // each; the modified query should be faster. Also the number of results should // be the same. // We need the object, but we really don't care which one. require ROOT_PATH . 'class/object_users.php'; $o = new LOVD_User(); $i = 0; foreach ($aSQL as $sSQLInput => $sSQLExpectedOutput) { // Query counter, starting at 1. $i++; // Check if the input query indeed still has SQL_CALC_FOUND_ROWS, otherwise // we can't test. assert("strpos('{$sSQLInput}', 'SQL_CALC_FOUND_ROWS') !== false"); // Check if outcome is as expected. $sSQLOutput = $o->getRowCountForViewList(lovd_splitSQL($sSQLInput), array(), true); assert("'{$sSQLOutput}' == '{$sSQLExpectedOutput}'"); // If we're here, the output was as expected. Now run both queries, and time // them. Because timing may vary, we'll run it a maximum of 5 times if it's // not faster than the original. If after 5 tries it's still not, then // we'll bail out. $nTries = 0;
} elseif ($_GET['step'] == 0) { $_GET['step']++; } if ($_GET['step'] == 1 && defined('NOT_INSTALLED')) { // Step 1: Administrator account details. if ($_DB->query('SHOW TABLES LIKE "' . TABLE_USERS . '"')->fetchColumn() && $_DB->query('SELECT COUNT(*) FROM ' . TABLE_USERS)->fetchColumn()) { // We already have a database user! header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] + 2)); exit; } $_T->printHeader(); lovd_printSideBar(); require ROOT_PATH . 'inc-lib-form.php'; // Load User class. require ROOT_PATH . 'class/object_users.php'; $_USER = new LOVD_User(); print ' <B>Administrator account details</B><BR>' . "\n" . ' <BR>' . "\n\n"; if (isset($_GET['sent'])) { lovd_errorClean(); $_USER->checkFields($_POST); if (!lovd_error()) { // Gather information and go to next page. // Prepare password... $_POST['password'] = lovd_createPasswordHash($_POST['password_1']); unset($_POST['password_1'], $_POST['password_2']); print ' Account details OK. Ready to proceed to the next step.<BR>' . "\n" . ' <BR>' . "\n\n"; lovd_printInstallForm(); $_T->printFooter(); exit; } else { // Errors, thus we must return to the form. Remove the password fields!
} list($aColleagues, $sColTable) = lovd_colleagueTableHTML($nID, $sUserListID, $aColleagues, $bAllowGrantEdit); $_T->printHeader(); $_T->printTitle(); lovd_errorPrint(); lovd_showInfoTable('To share access with other users, find the user in the list below, click on the user to add him to the selection. Then click <B>save</B> to save the changes.', 'information'); // Set number of items per page for viewlist. $_GET['page_size'] = 10; // Set filter for viewlist to hide current colleagues and the user being viewed. $_GET['search_userid'] = '!' . $nID; foreach ($aColleagues as $aColleague) { $_GET['search_userid'] .= ' !' . $aColleague['id']; } // Show viewlist to select new users to share access with. $_DATA = new LOVD_User(); $_DATA->setRowLink('users_share_access', 'javascript:lovd_passAndRemoveViewListRow("{{ViewListID}}", "{{ID}}", {id: "{{ID}}", name: "{{zData_name}}"}, lovd_addUserShareAccess); return false;'); // The columns hidden here are also specified (enforced) in ajax/viewlist.php to make sure Submitters can't hack their way into the users table. $_DATA->viewList($sUserListID, array('username', 'status_', 'last_login_', 'created_date_', 'curates', 'level_'), true); lovd_showInfoTable('<B>' . $zData['name'] . ' (' . $nID . ')</B> shares access to all data owned by him with the users listed below.', 'information'); print '<FORM action="users/' . $nID . '?share_access" method="post">' . "\n"; // Array which will make up the form table. print $sColTable . "\n"; $aForm = array(array('POST', '', '', '', '0%', '0', '100%'), array('', '', 'print', 'Enter your password for authorization'), array('', '', 'password', 'password', 20), array('', '', 'print', '<INPUT type="submit" value="Save access permissions"> <INPUT type="submit" value="Cancel" onclick="window.location.href=\'' . lovd_getInstallURL() . $_PE[0] . '/' . $nID . '\'; return false;" style="border : 1px solid #FF4422;">')); lovd_viewForm($aForm); print '</FORM>'; $_T->printFooter(); exit; }