/**
* Add or delete groups.
*/
public function update_groups($handler_vars, $ajax = true)
{
$wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']);
if (isset($handler_vars['digest']) && $handler_vars['digest'] != $wsse['digest'] || isset($handler_vars['password_digest']) && $handler_vars['password_digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
return Session::messages_get(true, 'array');
}
if (isset($handler_vars['password_digest']) || isset($handler_vars['digest'])) {
if (isset($handler_vars['action']) && $handler_vars['action'] == 'add' || isset($handler_vars['newgroup'])) {
if (isset($handler_vars['newgroup'])) {
$name = trim($handler_vars['new_groupname']);
} else {
$name = trim($handler_vars['name']);
}
$settings = array('name' => $name);
$this->theme->addform = $settings;
if (UserGroup::exists($name)) {
Session::notice(sprintf(_t('The group %s already exists'), $name));
if ($ajax) {
return Session::messages_get(true, 'array');
} else {
return;
}
} elseif (empty($name)) {
Session::notice(_t('The group must have a name'));
if ($ajax) {
return Session::message_get(true, 'array');
} else {
return;
}
} else {
$groupdata = array('name' => $name);
$group = UserGroup::create($groupdata);
Session::notice(sprintf(_t('Added group %s'), $name));
// reload the groups
$this->theme->groups = UserGroups::get_all();
$this->theme->addform = array();
}
if ($ajax) {
return Session::messages_get(true, 'array');
} else {
if (!$ajax) {
Utils::redirect(URL::get('admin', 'page=groups'));
}
}
}
if (isset($handler_vars['action']) && $handler_vars['action'] == 'delete' && $ajax == true) {
$ids = array();
foreach ($_POST as $id => $delete) {
// skip POST elements which are not group ids
if (preg_match('/^p\\d+$/', $id) && $delete) {
$id = (int) substr($id, 1);
$ids[] = array('id' => $id);
}
}
$count = 0;
if (!isset($ids)) {
Session::notice(_t('No groups deleted.'));
return Session::messages_get(true, 'array');
}
foreach ($ids as $id) {
$id = $id['id'];
$group = UserGroup::get_by_id($id);
$group->delete();
$count++;
}
if (!isset($msg_status)) {
$msg_status = sprintf(_t('Deleted %d groups.'), $count);
}
Session::notice($msg_status);
return Session::messages_get(true, 'array');
}
}
}
/**
* Handles POST requests to a group's page.
*/
public function post_group()
{
$group = UserGroup::get_by_id($this->handler_vars['id']);
$tokens = ACL::all_tokens();
if (isset($this->handler_vars['nonce'])) {
$wsse = Utils::WSSE($this->handler_vars['nonce'], $this->handler_vars['timestamp']);
if (isset($this->handler_vars['digest']) && $this->handler_vars['digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
}
if (isset($this->handler_vars['delete'])) {
$group->delete();
Utils::redirect(URL::get('admin', 'page=groups'));
}
if (isset($this->handler_vars['user'])) {
$users = $this->handler_vars['user'];
foreach ($users as $user => $status) {
if ($status == 1) {
$group->add($user);
} else {
$group->remove($user);
}
}
foreach ($tokens as $token) {
$bitmask = new Bitmask(ACL::$access_names);
if (isset($this->handler_vars['tokens'][$token->id]['deny'])) {
$bitmask->value = 0;
$group->deny($token->id);
} else {
foreach (ACL::$access_names as $name) {
if (isset($this->handler_vars['tokens'][$token->id][$name])) {
$bitmask->{$name} = true;
}
}
if (isset($this->handler_vars['tokens'][$token->id]['full'])) {
$bitmask->value = $bitmask->full;
}
if ($bitmask->value != 0) {
$group->grant($token->id, $bitmask);
} else {
$group->revoke($token->id);
}
}
}
}
}
Session::notice(_t('Updated permissions.'), 'permissions');
Utils::redirect(URL::get('admin', 'page=group') . '?id=' . $group->id);
}
/**
* Remove a permission token from the group permissions table
* @param integer $group_id The group ID
* @param mixed $token_id The name or ID of the permission token
* @return the result of the DB query
*/
public static function revoke_group_token($group_id, $token_id)
{
$token_id = self::token_id($token_id);
$ug = UserGroup::get_by_id($group_id);
$access = self::get_group_token_access($group_id, $token_id);
if (empty($access)) {
$result = true;
} else {
$result = DB::delete('{group_token_permissions}', array('group_id' => $group_id, 'token_id' => $token_id));
EventLog::log(_t('Group %1$s: Permission to %2$s revoked.', array($ug->name, ACL::token_name($token_id))), 'notice', 'user', 'habari');
}
$ug->clear_permissions_cache();
ACL::clear_caches();
return $result;
}
