Exemple #1
0
 public static function adminAction()
 {
     PHPWS_Core::initModClass('users', 'Group.php');
     $title = $message = $content = null;
     if (!Current_User::allow('users')) {
         PHPWS_User::disallow(dgettext('users', 'Tried to perform an admin function in Users.'));
         return;
     }
     $message = User_Action::getMessage();
     $panel = User_Action::cpanel();
     $panel->enableSecure();
     if (isset($_REQUEST['command'])) {
         $command = $_REQUEST['command'];
     } else {
         $command = $panel->getCurrentTab();
     }
     if (isset($_REQUEST['user_id'])) {
         $user = new PHPWS_User((int) $_REQUEST['user_id']);
     } else {
         $user = new PHPWS_User();
     }
     if (isset($_REQUEST['group_id'])) {
         $group = new PHPWS_Group((int) $_REQUEST['group_id']);
     } else {
         $group = new PHPWS_Group();
     }
     switch ($command) {
         /** Form cases * */
         /** User Forms * */
         case 'new_user':
             if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
                 $panel->setCurrentTab('new_user');
                 $title = dgettext('users', 'Create User');
                 $content = User_Form::userForm($user);
             } else {
                 Current_User::disallow();
             }
             break;
         case 'search_members':
             self::searchMembers();
             exit;
             break;
         case 'manage_users':
             $title = dgettext('users', 'Manage Users');
             $content = User_Form::manageUsers();
             break;
         case 'editUser':
             $title = dgettext('users', 'Edit User');
             $user = new PHPWS_User($_REQUEST['user_id']);
             $content = User_Form::userForm($user);
             break;
         case 'deleteUser':
             if (!Current_User::secured('users', 'delete_users')) {
                 Current_User::disallow();
                 return;
             }
             $user->kill();
             PHPWS_Core::goBack();
             break;
         case 'deify_user':
             if (!Current_User::authorized('users') || !Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user->deity = 1;
             $user->save();
             PHPWS_Core::goBack();
             break;
         case 'mortalize_user':
             if (!Current_User::authorized('users') || !Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user->deity = 0;
             $user->save();
             PHPWS_Core::goBack();
             break;
         case 'authorization':
         case 'postAuthorization':
         case 'dropAuthScript':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
             }
             if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) {
                 User_Action::dropAuthorization($_REQUEST['script_id']);
             } elseif ($command == 'postAuthorization') {
                 User_Action::postAuthorization();
                 $message = dgettext('users', 'Authorization updated.');
             }
             $title = dgettext('users', 'Authorization');
             $content = User_Form::authorizationSetup();
             break;
         case 'editScript':
             $title = dgettext('users', 'Edit Authorization Script');
             // no reason to edit scripts yet
             break;
         case 'setUserPermissions':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             if (!$user->id) {
                 PHPWS_Core::errorPage('404');
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Set User Permissions') . ' : ' . $user->getUsername();
             $content = User_Form::setPermissions($user->getUserGroup());
             break;
         case 'deactivateUser':
             if (!Current_User::authorized('users')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::activateUser($_REQUEST['user_id'], false);
             PHPWS_Core::goBack();
             break;
         case 'activateUser':
             if (!Current_User::authorized('users')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::activateUser($_REQUEST['user_id'], true);
             PHPWS_Core::goBack();
             break;
             /** End User Forms * */
             /*             * ******************** Group Forms *********************** */
         /** End User Forms * */
         /*             * ******************** Group Forms *********************** */
         case 'setGroupPermissions':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Set Group Permissions') . ' : ' . $group->getName();
             $content = User_Form::setPermissions($_REQUEST['group_id'], 'group');
             break;
         case 'new_group':
             $title = dgettext('users', 'Create Group');
             $content = User_Form::groupForm($group);
             break;
         case 'edit_group':
             $title = dgettext('users', 'Edit Group');
             $content = User_Form::groupForm($group);
             break;
         case 'remove_group':
             $group->kill();
             $title = dgettext('users', 'Manage Groups');
             $content = User_Form::manageGroups();
             break;
         case 'manage_groups':
             $panel->setCurrentTab('manage_groups');
             PHPWS_Core::killSession('Last_Member_Search');
             $title = dgettext('users', 'Manage Groups');
             $content = User_Form::manageGroups();
             break;
         case 'manageMembers':
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
             $content = User_Form::manageMembers($group);
             break;
         case 'postMembers':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 Current_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
             $content = User_Form::manageMembers($group);
             break;
             /*             * *********************** End Group Forms ****************** */
             /*             * *********************** Misc Forms *********************** */
         /*             * *********************** End Group Forms ****************** */
         /*             * *********************** Misc Forms *********************** */
         case 'settings':
             if (!Current_User::authorized('users', 'settings')) {
                 Current_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Settings');
             $content = User_Form::settings();
             break;
             /** End Misc Forms * */
             /** Action cases * */
         /** End Misc Forms * */
         /** Action cases * */
         case 'deify':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user = new PHPWS_User($_REQUEST['user']);
             if (isset($_GET['authorize'])) {
                 if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
                     $user->setDeity(true);
                     $user->save();
                     User_Action::sendMessage(dgettext('users', 'User deified.'), 'manage_users');
                     break;
                 } else {
                     User_Action::sendMessage(dgettext('users', 'User remains a lowly mortal.'), 'manage_users');
                     break;
                 }
             } else {
                 $content = User_Form::deify($user);
             }
             break;
         case 'mortalize':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user = new PHPWS_User($_REQUEST['user']);
             if (isset($_GET['authorize'])) {
                 if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
                     $user->setDeity(false);
                     $user->save();
                     $content = dgettext('users', 'User transformed into a lowly mortal.') . '<hr />' . User_Form::manageUsers();
                     break;
                 } else {
                     $content = dgettext('users', 'User remains a deity.') . '<hr />' . User_Form::manageUsers();
                     break;
                 }
             } else {
                 $content = User_Form::mortalize($user);
             }
             break;
         case 'postUser':
             if (isset($_POST['user_id'])) {
                 if (!Current_User::authorized('users', 'edit_users')) {
                     PHPWS_User::disallow();
                     return;
                 }
             } else {
                 // posting new user
                 if (!Current_User::authorized('users')) {
                     PHPWS_User::disallow();
                     return;
                 }
             }
             $result = User_Action::postUser($user);
             if ($result === true) {
                 $new_user = !(bool) $user->id;
                 $user->setActive(true);
                 $user->setApproved(true);
                 if (PHPWS_Error::logIfError($user->save())) {
                     $title = dgettext('users', 'Sorry');
                     $content = dgettext('users', 'An error occurred when trying to save the user. Check your logs.');
                     break;
                 }
                 if ($new_user) {
                     User_Action::assignDefaultGroup($user);
                     if (isset($_POST['group_add']) && is_array($_POST['group_add'])) {
                         foreach ($_POST['group_add'] as $group_id) {
                             $group = new PHPWS_Group($group_id);
                             $group->addMember($user->_user_group);
                             $group->save();
                         }
                     }
                 }
                 $panel->setCurrentTab('manage_users');
                 if (isset($_POST['notify_user'])) {
                     self::notifyUser($user, $_POST['password1']);
                 }
                 if (isset($_POST['user_id'])) {
                     User_Action::sendMessage(dgettext('users', 'User updated.'), 'manage_users');
                 } elseif (Current_User::allow('users', 'edit_permissions')) {
                     if (isset($_POST['notify_user'])) {
                         User_Action::sendMessage(dgettext('users', 'New user created and notified.'), 'setUserPermissions&user_id=' . $user->id);
                     } else {
                         User_Action::sendMessage(dgettext('users', 'New user created.'), 'setUserPermissions&user_id=' . $user->id);
                     }
                 } else {
                     User_Action::sendMessage(dgettext('users', 'User created.'), 'new_user');
                 }
             } else {
                 $message = implode('<br />', $result);
                 if (isset($_POST['user_id'])) {
                     $title = dgettext('users', 'Edit User');
                 } else {
                     $title = dgettext('users', 'Create User');
                 }
                 $content = User_Form::userForm($user);
             }
             break;
         case 'postPermission':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::postPermission();
             User_Action::sendMessage(dgettext('users', 'Permissions updated'), $panel->getCurrentTab());
             break;
         case 'postGroup':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $result = User_Action::postGroup($group);
             if (PHPWS_Error::isError($result)) {
                 $message = $result->getMessage();
                 $title = isset($group->id) ? dgettext('users', 'Edit Group') : dgettext('users', 'Create Group');
                 $content = User_form::groupForm($group);
             } else {
                 $result = $group->save();
                 if (PHPWS_Error::logIfError($result)) {
                     $message = dgettext('users', 'An error occurred when trying to save the group.');
                 } else {
                     $message = dgettext('users', 'Group created.');
                 }
                 User_Action::sendMessage($message, 'manage_groups');
             }
             break;
         case 'addMember':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $group->addMember($_REQUEST['member']);
             $group->save();
             unset($_SESSION['Last_Member_Search']);
             User_Action::sendMessage(dgettext('users', 'Member added.'), 'manageMembers&group_id=' . $group->id);
             break;
         case 'dropMember':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $group->dropMember($_REQUEST['member']);
             $group->save();
             unset($_SESSION['Last_Member_Search']);
             User_Action::sendMessage(dgettext('users', 'Member removed.'), 'manageMembers&group_id=' . $group->id);
             break;
         case 'update_settings':
             if (!Current_User::authorized('users', 'settings')) {
                 PHPWS_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Settings');
             $result = User_Action::update_settings();
             if ($result === true) {
                 $message = dgettext('users', 'User settings updated.');
             } else {
                 $message = $result;
             }
             $content = User_Form::settings();
             break;
         case 'check_permission_tables':
             if (!Current_User::authorized('users', 'settings')) {
                 PHPWS_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Register Module Permissions');
             $content = User_Action::checkPermissionTables();
             break;
         default:
             PHPWS_Core::errorPage('404');
             break;
     }
     $template['CONTENT'] = $content;
     $template['TITLE'] = $title;
     $template['MESSAGE'] = $message;
     $final = PHPWS_Template::process($template, 'users', 'main.tpl');
     $panel->setContent($final);
     Layout::add(PHPWS_ControlPanel::display($panel->display()));
 }