public static function set($usr)
{
if (self::$user != null) {
error_logging('ERROR', "Currentuser class being overwritten");
return new error('Invalid user.');
} else {
if (get_class($usr) != 'user') {
error_logging('ERROR', 'Attempt to run currentuser::set() with class of wrong type; ' . get_class($usr));
return new error('Invalid class use.');
} else {
if (!$usr->populated) {
error_logging('ERROR', 'Attempted to use unpopulated class as current user.');
return new error('Invalid user.');
} else {
if ($usr->getID() < 1) {
error_logging('ERROR', 'Attempted to use broken user class as current user. ID;' . $usr->getID());
return new error('Invalid user.');
} else {
if ($usr->enabled != 1) {
error_logging('ERROR', 'Attempted to use disabled user class as current user.');
return new error('Invalid user.');
} else {
error_logging('DEBUG', 'currentuser setting new user id; ' . $usr->getID());
self::$user = $usr;
}
}
}
}
}
return self::$user;
}
/**
* Returns some basic info about the current user.
*
* @param $params - ignored, filled for API concurrency.
* @return response array with username, id, fullname
*
*/
function run($params)
{
if (currentuser::getInstance() != null) {
$response = new response('Success');
$user = currentuser::getInstance();
$response->set('name', $user->fullname);
$response->set('user', $user->getUsername());
$response->set('id', $user->getID());
return $response;
} else {
return new error('Access denied', 403);
}
}
public function create($urgency, $importance, $type, $person, $brief, $details, $sys)
{
// We are creating a WR
// request_id is automatic
// request_on is automatic
// active is automatic - do we ever want it to be false initially?
// last_status I don't want to do right now
//wap_status - is it ever used?
//sla_response_hours - don't care yet
if (is_numeric($urgency)) {
$this->urgency = intval($urgency);
} else {
return new error("Urgency must be numeric");
}
$this->importance = intval($importance);
$this->request_type = intval($type);
$this->requester_id = intval($person);
$this->brief = $brief;
//TODO secure this
$this->detailed = $details;
//TODO secure this
$user = currentuser::getInstance();
$entered_by = $user->getUserId();
$this->entered_by = $entered_by;
if (is_numeric($sys)) {
$this->system_id = intval($sys);
} else {
return new error("System ID must be numeric");
}
// Make sure the person exists
//eta -- old, can't see a use for it
//last_activity -- auto updates
//sla_response_time and sla_response_type -- don't care yet
//requested_by_date -- TODO
//agreed_due_date -- TODO
//request_by -- Can be null?
//parent_request -- TODO don't care yet
//invoice_to -- TODO
return $this->writeToDatabase();
}
/**
* Calls all the methods necessary to do a login
*
* @param $params
* Array of parameters
* - $params['POST']['username']: The username of the user POSTed to the page
* - $params['POST']['password']: The password of the user POSTed to the page
* @return
* A response object with a session ID on success, an error object on failure to login
*/
public function do_login($params)
{
/*
* Assumes we've already checked for an existing session - which we do in index
* Will hand out as many sessions for a valid login as the user wants
* If we had malicious users they could use this to flood memcache and force other users sessions to expire
*/
$username = $params['POST']['username'];
# Don't allow logins via GET!
$password = $params['POST']['password'];
# Don't allow logins via GET!
/*
* Make sure we were called properly
*/
if (is_null($username) || empty($username)) {
return new error('No username supplied', 403);
}
if (is_null($password) || empty($password)) {
return new error('No password supplied', 403);
}
if (login::valid_credentials($username, $password, $user_id, $response)) {
// Make a session and all that lovely stuff
// If we successfully put out session into memcache
if (login::create_session($user_id, &$response)) {
currentuser::set(new user($user_id));
$resp = new response('Login success');
$resp->set('session_id', $response);
$resp->set('user_id', $user_id);
return $resp;
} else {
return new error($response, 500);
}
} else {
return new error($response, 403);
}
}
/**
* Performs the insert of the timesheet
*
* @param $params
* Associative array of parameters
* - $params->wr: Work Request ID
* - $params->datetime: The date and time to record the timesheet for in ISO format
* - $params->quantity: The quantity of units to add
* - $params->units: The units to use (default: hours)
* - $params->rate: Optional rate of charge - if not supplied we apply the WRMS logic. - Note: If units is 'amount' then rate is required
* - $params->description: A description about what the time was spent on
* @return
* TRUE on success, FALSE on failure to add
*/
function run($params)
{
// All the things we might need to enter a timesheet
$wr = $params['GET']['wr'];
$datetime = $params['GET']['datetime'];
$quantity = $params['GET']['quantity'];
$units = $params['GET']['units'];
$rate = $params['GET']['rate'];
$description = $params['GET']['description'];
$needsreview = (int) (bool) $params['GET']['needs_review'];
// Who are we logged in as, and can we actually add timesheets?
$user = currentuser::getInstance();
$access = access::getInstance();
if ($access->permitted('wr/timesheet/add', $wr)) {
// Get the ID of the user
$id = $user->getID();
if ($id == null) {
return new error('You must be logged in to add a timesheet', '403');
}
// Is this a real WR?
$result = db_query("SELECT request_id FROM request WHERE request_id = %d", $wr);
if (db_fetch_object($result) == null) {
return new error("You cannot put time against a non-existant work request", '405');
}
// Make sure the date and time are valid - convert to wrms-happy timestamp
$timestamp = date('Y-m-d H:i:s', strtotime($datetime));
if ($timestamp == 0 || $timestamp == 43200) {
# Change to proper UTC time at some point
return new error('Unable to add timesheet: Invalid date', 400);
}
// Get the amount of time worked -- Can't be negative or zero
if ($quantity <= 0) {
return new error("Unable to add timesheet: You can't work 0 hours or less on a WR", '405');
}
/*
* So there's more than one way to log 'time' on a WR
* The standard is hours, so this will be the default if you don't specify
* Days is only here because of the few that use it - I personally would love to see it gone forever
* Amount is for when you buy hardware or a fixed cost item as part of a WR - new server - travel expenses, etc.
* All the others I've yet to find a reason to implement
*/
switch ($units) {
case 'hours':
// If we are in hours, then our job is very simple - we do nothing and the SQL figures itself out
break;
case 'days':
// If we are in days, then our job is very simple - we do nothing and the SQL figures itself out
break;
case 'minutes':
// If we don't handle minutes, we'll pass it in as hours, and that'll be bad.
break;
case 'amount':
if (empty($rate)) {
return new error('Unable to add timesheet: you must specify a rate when adding an amount to a WR', '400');
} else {
if (!is_numeric($rate)) {
return new error('Unable to add timesheet: rate must be a numeric value', '400');
}
}
// So long as we've got this far the below rate calculation logic won't be applied
break;
case 'dollars':
return new error('dollars not implemented for this method - please use hours, days or amount', 406);
break;
case 'pounds':
return new error('pounds not implemented for this method - please use hours, days or amount', 406);
break;
case 'euros':
return new error('euros not implemented for this method - please use hours, days or amount', 406);
break;
case 'usd':
return new error('usd not implemented for this method - please use hours, days or amount', 406);
break;
case 'aud':
return new error('aud not implemented for this method - please use hours, days or amount', 406);
break;
default:
$units = 'hours';
break;
}
/*
* Okay, I'm not saying this logic is any good, but it's what WRMS 2.0 does (pick the first that applies)
* 1. If the user has specified a rate in the call to this method, use that
* 2. If the client has a rate set, use that rate
* 3. If the user has a rate set, use that rate
* 4. If the supplier has a rate set, use that rate
* 5. Default to the config value (120 at time of coding, but configurable from lib/medusa/config/config.php)
*/
// If we haven't got a rate, set $rate to null so the default rate logic will kick in
if (empty($rate)) {
$rate = null;
} else {
if (!is_numeric($rate)) {
return new error('Unable to add timesheet: rate must be numeric', '400');
}
}
// Check the rate for the client (requestor)
if ($rate == null) {
$result = db_query("SELECT work_rate FROM request \n INNER JOIN usr ON (request.requester_id = usr.user_no) \n INNER JOIN organisation_plus ON (usr.org_code = organisation_plus.org_code) \n WHERE request.request_id=%d LIMIT 1", $wr);
while ($row = db_fetch_object($result)) {
$rate = $row->work_rate;
}
}
// If we didn't have any luck there, check the rate for the user
if ($rate == null) {
$result = db_query("SELECT base_rate FROM usr WHERE user_no=%d LIMIT 1", $id);
while ($row = db_fetch_object($result)) {
$rate = $row->base_rate;
}
}
// Still no luck? Check the supplier rate
if ($rate == null) {
$result = db_query("SELECT work_rate FROM usr INNER JOIN organisation_plus ON (usr.org_code = organisation_plus.org_code) \n WHERE usr.user_no=%d LIMIT 1", $id);
while ($row = db_fetch_object($result)) {
$rate = $row->work_rate;
}
}
// If all our options have failed us, set a default rate from config
if ($rate == null) {
$rate = DEFAULT_CHARGE_RATE;
}
// Description - URL Encoded
$description = urldecode($description);
// I know "$quantity $units" looks bad, postgres puts this into an 'interval' database field, so _it_ figures out how to make it nice, not us
if ($units != 'amount') {
$duration = "{$quantity} {$units}";
} else {
$duration = "null";
}
$result = db_query("INSERT INTO request_timesheet (request_id, work_on, work_quantity, work_duration, work_by_id, work_description, work_rate, work_units, review_needed)\n VALUES (%d, '%s', %d, '%s', %d, '%s', %d, '%s', %b)", $wr, $timestamp, $quantity, $duration, $id, $description, $rate, $units, $needsreview);
if ($result == false) {
return new error('Database query failed', '500');
} else {
return new response('Success');
}
} else {
return new error('You are not authorised to add timesheets', 403);
}
}
}
if (is_null($params['POST']['session_id'])) {
# Problem, complain not logged in and boot out, unless doing a login
if ($method == 'wrms_login' && class_exists($method)) {
error_logging('DEBUG', "Creating class login::");
$class = new wrms_login();
$result = $class->run($params);
} else {
$result = new error("Session not set.");
error_logging('WARNING', 'session_id not set');
}
} else {
currentuser::set(new user(login::check_session($params['POST']['session_id'])));
if (currentuser::getInstance() != null) {
if (substr($method, 0, 5) == 'wrms_' && class_exists($method)) {
$access = access::getInstance();
$access->setUser(currentuser::getInstance());
error_logging('DEBUG', "method {$method} exists");
$class = new $method();
error_logging('DEBUG', "about to run {$method}");
$result = $class->run($params);
} else {
error_logging('WARNING', "Method {$method} does not exist");
$result = new error("The method you are trying to call does not exist");
}
} else {
error_logging('DEBUG', "Session is invalid, timed out, or no longer exists.");
$result = new error("Session is invalid, timed out, or no longer exists.");
}
}
echo $response_renderer->render($result);