function GetActiveEntityId()
{
if (NULL === $this->mActiveEntityId) {
// Get entity id from user_auth library
$CI =& get_instance();
if ($CI->user_auth->isLoggedIn) {
$this->mActiveEntityId = VipOrganisationId();
if (FALSE === $this->mActiveEntityId) {
$this->mReadOnly = FALSE;
$this->mActiveEntityId = $CI->user_auth->entityId;
$this->mActiveEntityType = self::$cEntityUser;
} else {
$this->mReadOnly = !VipLevel('rep');
$this->mActiveEntityType = self::$cEntityVip;
}
} else {
// Default to an entity id with default events
$this->mReadOnly = TRUE;
$this->mActiveEntityId = 0;
$this->mActiveEntityType = self::$cEntityPublic;
}
}
return $this->mActiveEntityId;
}
/**
* @param $Permission string or array of the following levels (in the order that
* they are to be obtained:
* - 'public' - anyone
* - 'student' - must be logged on
* - 'vip' - must be logged on as a vip
* - 'vip+pr' - must be logged on as a vip or a pr rep
* - 'office' - must be in the office
* - 'pr' - must be in the office as a pr rep
* - 'editor' - must be in the office as an editor
* - 'admin' - must be in the office as an administrator
* @param $LoadMainFrame bool Whether to load the mainframe if permision hasn't
* yet been acquired (for the login screen).
* @return bool Whether enough privilages.
*/
function CheckPermissions($Permission = 'public', $LoadMainFrame = TRUE, $NoPost = FALSE)
{
// Start a session
$CI =& get_instance();
// Initialisation stuff
$CI->load->library('messages');
$CI->load->model('user_auth');
$CI->load->model('pages_model');
// Decide on output format
if (isset($_POST['fb_sig'])) {
/// @todo AUTHENTICATE FACEBOOK
OutputMode('fbml');
global $_SESSION;
$_SESSION = array();
} else {
if (isset($_GET['opmode'])) {
OutputMode($_GET['opmode']);
} else {
OutputMode(DefaultOutputMode());
}
}
// If the output mode is not supported, show a 404
if (!in_array(OutputMode(), OutputModes())) {
show_404();
}
// Translate some auxilliary permissions
$auxilliary_permissions = array('moderator' => 'editor');
if (array_key_exists($Permission, $auxilliary_permissions)) {
$Permission = $auxilliary_permissions[$Permission];
}
$user_level = GetUserLevel();
// URL analysis regarding vip area
$thru_viparea = $CI->uri->total_segments() >= 1 && $CI->uri->segment(1) === 'viparea';
$thru_office_pr = $CI->uri->total_segments() >= 3 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'pr' && $CI->uri->segment(3) === 'org';
$thru_office_manage = $CI->uri->total_segments() >= 2 && $CI->uri->segment(1) === 'office' && $CI->uri->segment(2) === 'manage';
$company_short_name = $CI->config->Item('company_organisation_id');
$organisation_specified = FALSE;
if ($thru_viparea) {
if ($CI->uri->total_segments() > 1) {
$organisation_shortname = $CI->uri->segment(2);
$organisation_specified = TRUE;
VipSegments(2);
} else {
$organisation_shortname = $CI->user_auth->organisationShortName;
}
// don't allow access to vip area of the company, only through office/manage
if ($organisation_shortname === $company_short_name) {
$organisation_shortname = '';
$CI->user_auth->logoutOrganisation();
redirect('');
}
vip_url('viparea/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_pr) {
$organisation_shortname = $CI->uri->segment(4);
$organisation_specified = TRUE;
VipSegments(4);
vip_url('office/pr/org/' . $organisation_shortname . '/', TRUE);
} elseif ($thru_office_manage) {
$organisation_shortname = $company_short_name;
$organisation_specified = TRUE;
VipSegments(2);
vip_url('office/manage/', TRUE);
} else {
$organisation_shortname = '';
}
VipOrganisation(FALSE, $organisation_shortname);
VipOrganisation(TRUE, $CI->user_auth->organisationShortName);
// Login actions for student/vip/office logins
$student_login_action = array('redirect+url', 'login/main', 'post' => TRUE);
if ($organisation_specified) {
$vip_login_action = array('redirect+url', 'login/vipswitch/' . $organisation_shortname, 'post' => TRUE);
} else {
$vip_login_action = array('redirect+url', 'login/vip', 'post' => TRUE);
}
$office_login_action = array('redirect+url', 'login/office', 'post' => TRUE);
// If vip+pr, use URI to decide which
if ($Permission === 'vip+pr') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_pr ? 'pr' : ($thru_office_manage ? 'manage' : ''));
} elseif ($Permission === 'vip') {
$Permission = $thru_viparea ? 'vip' : ($thru_office_manage ? 'manage' : '');
} elseif ($thru_office_pr && $Permission !== 'pr' || $thru_viparea && $Permission !== 'vip' || $thru_office_manage && $Permission !== 'manage') {
$Permission = '';
}
// Matrix indexed by user level, then page level, of behaviour
// Possible values:
// NULL/notset http error 404
// TRUE allowed
// array specially handled
// otherwise access denied
if ($user_level === 'public') {
$action_levels = array('public' => TRUE, 'student' => $student_login_action, 'vip' => $student_login_action, 'office' => $student_login_action, 'pr' => $student_login_action, 'editor' => $student_login_action, 'manage' => $student_login_action, 'admin' => $student_login_action);
} elseif ($user_level === 'student') {
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $vip_login_action, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} elseif ($user_level === 'organisation') {
// Logged in from public as organisation
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
$action_levels = array('public' => TRUE, 'student' => TRUE, 'vip' => $allow_vip, 'office' => FALSE, 'pr' => FALSE, 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
if ($allow_vip) {
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
}
} elseif ($user_level === 'vip') {
// Logged in as student and in VIP area
$vip_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/vip' . $CI->uri->uri_string()), 'Leave VIP Area') . $CI->pages_model->GetPropertyText('login:warn_open_vip', TRUE), TRUE);
$allow_vip = array_key_exists($organisation_shortname, $CI->user_auth->allTeams);
if ($allow_vip) {
$vip_accessible = TRUE;
VipOrganisationId(FALSE, $CI->user_auth->allTeams[$organisation_shortname][0]);
VipOrganisationName(FALSE, $CI->user_auth->allTeams[$organisation_shortname][1]);
VipOrganisationId(TRUE, $CI->user_auth->organisationLogin);
VipOrganisationName(TRUE, $CI->user_auth->organisationName);
VipMode('viparea');
VipLevel('write', TRUE);
} else {
// check permissions to access this organisation
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $organisation_shortname) {
$vip_accessible = $vip_login_action;
break;
}
}
if (!isset($vip_accessible)) {
$vip_accessible = FALSE;
}
}
$action_levels = array('public' => $vip_door_open_action, 'student' => $vip_door_open_action, 'vip' => $vip_accessible, 'office' => $office_login_action, 'pr' => $office_login_action, 'editor' => $office_login_action, 'manage' => $office_login_action, 'admin' => $office_login_action);
} else {
// Office
// Door left open actions
$office_door_open_action = array('message', 'warning', HtmlButtonLink(site_url('logout/office' . $CI->uri->uri_string()), 'Leave Office') . $CI->pages_model->GetPropertyText('login:warn_open_office', TRUE), TRUE);
$admin_door_open_action = $office_door_open_action;
// check permissions to access this organisation
$manage_accessible = FALSE;
$vip_organisations = $CI->user_auth->getOrganisationLogins();
foreach ($vip_organisations as $organisation) {
if ($organisation['organisation_directory_entry_name'] == $company_short_name) {
$manage_accessible = TRUE;
break;
}
}
// Refine further
if ($user_level === 'office') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => 'pr', 'editor' => FALSE, 'manage' => FALSE, 'admin' => FALSE);
} elseif ($user_level === 'editor') {
$action_levels = array('public' => $office_door_open_action, 'student' => $office_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => FALSE);
} elseif ($user_level === 'admin') {
$action_levels = array('public' => $admin_door_open_action, 'student' => $admin_door_open_action, 'vip' => $vip_login_action, 'office' => TRUE, 'pr' => TRUE, 'editor' => TRUE, 'manage' => $manage_accessible, 'admin' => TRUE);
}
// Change an office user to pr if they rep for the organisation
static $vipModes = array('pr' => 'office', 'manage' => 'manage');
if (array_key_exists($Permission, $vipModes)) {
// Get organisation information
$CI->db->select('organisation_entity_id AS id,' . 'organisation_name AS name,' . 'organisation_pr_rep AS rep');
$CI->db->join('entities', 'organisation_entity_id = entity_id', 'inner');
$CI->db->where(array('organisation_directory_entry_name' => $organisation_shortname, 'entity_deleted = FALSE'));
$matching_org = $CI->db->get('organisations')->result_array();
if (empty($matching_org)) {
$action_levels[$Permission] = FALSE;
} else {
$matching_org = $matching_org[0];
if ($action_levels[$Permission] === 'pr') {
$action_levels[$Permission] = TRUE;
$rep = $matching_org['rep'] == $CI->user_auth->entityId;
if ($rep) {
VipLevel('rep', TRUE);
} else {
VipLevel('read', TRUE);
}
} elseif ($action_levels[$Permission]) {
VipLevel('write', TRUE);
}
VipOrganisationId(FALSE, $matching_org['id']);
VipOrganisationName(FALSE, $matching_org['name']);
VipOrganisationId(TRUE, $matching_org['id']);
VipOrganisationName(TRUE, $matching_org['name']);
VipMode($vipModes[$Permission]);
}
}
}
$access_allowed = FALSE;
// No permission set or NULL indicates page doesn't exist at this URI
if (!array_key_exists($Permission, $action_levels) || NULL === $action_levels[$Permission]) {
return show_404();
} else {
$action = $action_levels[$Permission];
// True is allow
if (TRUE === $action) {
$access_allowed = TRUE;
} elseif (is_array($action)) {
// Array is special decider
// Perform action
switch ($action[0]) {
case 'handle':
$access_allowed = $action[1]($action[2], $Permission);
if (array_key_exists(3, $action)) {
$CI->messages->AddMessage($action[3], $action[4], FALSE);
}
break;
case 'redirect+url':
$action[1] .= $CI->uri->uri_string();
case 'redirect':
if (array_key_exists(2, $action)) {
$CI->messages->AddMessage($action[2], $action[3]);
}
if (array_key_exists('post', $action) && $action['post']) {
// store post data
if (!empty($_POST)) {
SetRedirectData($action[1], serialize($_POST));
}
}
// Before redirecting, forward on the redirected post data
$post_data = GetRedirectData();
if (NULL !== $post_data) {
SetRedirectData($action[1], $post_data);
}
// Do the redirect
redirect($action[1]);
return FALSE;
case 'message':
$CI->messages->AddMessage($action[1], $action[2], FALSE);
$access_allowed = $action[3];
break;
default:
break;
}
} else {
// Anything else is disallow
$CI->messages->AddMessage('warning', 'You do not have the ' . $Permission . ' privilages required!');
//redirect('');
}
// Restore post data
if ((TRUE === $action || is_array($action)) && !$NoPost) {
$post_data = GetRedirectData();
if (NULL !== $post_data) {
$post_data = @unserialize($post_data);
if (is_array($post_data)) {
if (!isset($_POST)) {
global $_POST;
$_POST = array();
}
foreach ($post_data as $key => $value) {
$_POST[$key] = $value;
}
}
}
}
}
if ('fbml' === OutputMode()) {
$Permission = 'facebookapp';
} elseif ('ajax' === OutputMode()) {
$Permission = 'ajax';
} elseif (FeedOutputMode()) {
$Permission = 'feed';
}
SetupMainFrame($Permission, FALSE);
if (!$access_allowed && $LoadMainFrame) {
$CI->load->library('Custom_pages');
$page = new CustomPageView('error:permissions');
$CI->main_frame->SetContent($page);
$CI->main_frame->Load();
}
return $access_allowed;
}
/**
* @param $Suboption1 [string/integer] Operation code or business card id.
* - 'filter'
* - 'request'
* - 'new'
* @param $Suboption2 [string] Sub operation code.
* - 'filter'
* - 'send'
* - 'post'
* - 'edit'
* @param $Suboption3 [string] Another sub operation code.
*
* @todo Move back to directory :P
*/
function cards($Suboption1 = NULL, $Suboption2 = NULL, $Suboption3 = NULL)
{
if (!CheckPermissions('vip+pr')) {
return;
}
$this->load->library('image');
$this->load->model('members_model');
$mode = 'view';
$sql = array('TRUE', array());
if ($Suboption1 === 'filter') {
static $field_translator = array('teamid' => 'subscriptions.subscription_organisation_entity_id', 'user' => 'business_cards.business_card_user_entity_id', 'card' => 'business_cards.business_card_id', 'paid' => 'subscriptions.subscription_paid', 'vip' => 'subscriptions.subscription_vip_status', 'confirmed' => '1', 'carded' => 'NULL', 'carding' => 'NULL', 'cardable' => 'NULL', 'mailable' => 'subscriptions.subscription_email', 'search' => 'NULL', 'firstname' => 'users.user_firstname', 'surname' => 'users.user_surname', 'nickname' => 'users.user_nickname', 'enrol_year' => 'users.user_enrolled_year');
try {
$filter = $this->_GetFilter(4);
$sql = $this->_GenerateFilterSql($filter, $field_translator);
} catch (Exception $e) {
$this->messages->AddMessage('error', 'The filter is invalid: ' . $e->getMessage());
}
} elseif (is_numeric($Suboption1)) {
$sql[0] = 'business_cards.business_card_id=?';
$sql[1] = array($Suboption1);
if ($Suboption2 === 'edit') {
$mode = 'edit';
}
}
$business_cards = $this->members_model->GetBusinessCards(VipOrganisationId(), $sql[0], $sql[1]);
// DISPLAY BUSINESS CARDS ----------------------------------- //
if ($mode === 'view') {
$this->pages_model->SetPageCode('viparea_members_cards');
$data = array('main_text' => $this->pages_model->GetPropertyWikitext('main_text'), 'business_cards' => $business_cards);
// Set up the content
$this->main_frame->SetContentSimple('members/members_cards', $data);
// Set the title parameters
$this->main_frame->SetTitleParameters(array('organisation' => VipOrganisationName()));
} elseif ($mode === 'edit') {
if (!count($business_cards)) {
$this->messages->AddMessage('error', 'Business card ' . $Suboption1 . ' could not be found');
redirect(vip_url('directory/cards'));
}
$this->pages_model->SetPageCode('viparea_members_card_edit');
$this->load->model('directory_model');
// translate into nice names for view
$data = array('business_card' => $business_cards[0], 'business_card_goups' => array(), 'url' => vip_url('directory/cards/' . $business_cards[0]['id'] . '/edit'), 'cancel_url' => vip_url('directory/contacts'));
//Get post data
if (!empty($_POST["card_editbutton"])) {
if (empty($_POST["card_name"]) || empty($_POST["card_title"])) {
$this->main_frame->AddMessage('error', 'Please include a name and a title for your contact card');
//add failed send the data back into the form
$data['card_form'] = $_POST;
} else {
//find user id if exist
if (!empty($_POST["card_username"])) {
//find user id from username
$user_id = $this->businesscards_model->GetUserIdFromUsername($_POST["card_username"]);
} else {
$user_id = "";
}
//Send message if username was given and no id found
if ($user_id == "" && !empty($_POST["card_username"])) {
$this->main_frame->AddMessage('error', 'The user ' . $_POST["card_username"] . ' was not found, you may have spelt the username incorrectly or the user is not on the yorker. You may wish to leave that field blank.');
//add failed send the data back into the form
$data['card_form'] = $_POST;
} else {
//add contact card
//@note start time, end time, order, and image id are all currently null and not in use.
$this->businesscards_model->UpdateBuisnessCard($user_id, $_POST["group_id"], null, $_POST["card_name"], $_POST["card_title"], $_POST["card_about"], $_POST["card_course"], $_POST["email"], $_POST["phone_mobile"], $_POST["phone_internal"], $_POST["phone_external"], $_POST["postal_address"], 0, null, null, $Suboption1, 1);
//The last param 1 forces immediate publishing
$this->main_frame->AddMessage('success', 'The contact card was successfully updated.');
redirect(vip_url('directory/contacts/viewgroup/' . $_POST["group_id"]));
}
}
} else {
//Send data to form if it isnt reloaded from a update attempt
$cards_data = $this->directory_model->GetDirectoryOrganisationCardsById($Suboption1);
foreach ($cards_data as $card_data) {
if ($card_data['business_card_user_entity_id'] != 0) {
$username = $this->businesscards_model->GetUsernameFromUserId($card_data['business_card_user_entity_id']);
} else {
$username = "";
}
$data['card_form'] = array('card_name' => $card_data['business_card_name'], 'card_title' => $card_data['business_card_title'], 'group_id' => $card_data['business_card_business_card_group_id'], 'card_username' => $username, 'card_course' => $card_data['business_card_course'], 'email' => $card_data['business_card_email'], 'card_about' => $card_data['business_card_blurb'], 'postal_address' => $card_data['business_card_postal_address'], 'phone_mobile' => $card_data['business_card_mobile'], 'phone_internal' => $card_data['business_card_phone_internal'], 'phone_external' => $card_data['business_card_phone_external']);
}
}
// Business Card Groups
$groups = $this->directory_model->GetDirectoryOrganisationCardGroups(VipOrganisation());
foreach ($groups as $group) {
$data['groups'][] = array('name' => $group['business_card_group_name'], 'id' => $group['business_card_group_id'], 'href' => vip_url('directory/cards/filter/cardgroup/' . $group['business_card_group_id']));
}
// Set the title parameters
$this->main_frame->SetTitleParameters(array('organisation' => VipOrganisationName(), 'name' => $business_cards[0]['name']));
$this->main_frame->SetContentSimple('directory/viparea_directory_contacts', $data);
}
$this->_SetupOrganisationNavbar();
$this->main_frame->SetPage('contacts');
// Load the main frame
$this->main_frame->Load();
}
/**
*/
function compose($members = NULL)
{
if (!CheckPermissions('vip')) {
return;
}
//add any members in the session to the list of recipients
if (isset($_SESSION['members_email_to']) && is_array($_SESSION['members_email_to'])) {
$members = $_SESSION['members_email_to'];
$_SESSION['members_email_to'] = NULL;
//clear the send list
} else {
$members = array();
}
//set the defaults for the email
$signature = $this->directory_model->GetOrganisationEmailSignature(VIPOrganisation());
$subject = '';
$content = "\r\r" . $signature;
if (!empty($_POST)) {
$selected_members = array();
//make an array of selected member ids where checked boxes are ticked
if (isset($_POST['cb'])) {
foreach ($_POST['cb'] as $key => $value) {
if ($value = 'on') {
$selected_members[] = $key;
}
}
} else {
$selected_members = array();
}
if (count($selected_members) == 0) {
$this->messages->AddMessage('error', 'You must select some members to send the email to.');
$content = $_POST['a_content'];
$subject = $_POST['a_subject'];
} else {
if ($_POST['a_subject'] == '') {
$this->messages->AddMessage('error', 'You must enter a subject for the email.');
$members = $selected_members;
$content = $_POST['a_content'];
} else {
if ($_POST['a_content'] == '') {
$this->messages->AddMessage('error', 'You must enter a message for the email.');
$members = $selected_members;
$subject = $_POST['a_subject'];
} else {
//no errors so send the email
$this->load->helper('yorkermail');
foreach ($selected_members as $member) {
$member_emails[] = $this->members_model->GetMemberEmail($member);
}
$from = $this->members_model->GetMemberEmail($this->user_auth->entityId);
$from = VipOrganisationName() . ' <' . $from . '>';
//try to send the email, report fail if error occurs
try {
yorkermail(array(), $_POST['a_subject'], $_POST['a_content'], $from, array(), $member_emails);
$this->messages->AddMessage('success', 'The email has been sent.');
} catch (Exception $e) {
$this->main_frame->AddMessage('error', $e->getMessage());
}
}
}
}
}
//set page code and setup tab nav bar
$this->pages_model->SetPageCode('viparea_members_compose');
$this->_SetupTabs('compose');
//view data
$data = array('main_text' => $this->pages_model->GetPropertyWikitext('main_text'), 'target' => $this->uri->uri_string(), 'to_members' => $members, 'subject' => $subject, 'content' => $content, 'from' => VipOrganisationName() . ' <' . $this->members_model->GetMemberEmail($this->user_auth->entityId) . '>');
// get member details
$member_details = $this->members_model->GetMemberDetails(VipOrganisationId());
$members = array();
//add required member info to the data array
foreach ($member_details as $details) {
$data['members'][] = array('id' => $details['user_id'], 'name' => $details['firstname'] . ' ' . $details['surname'], 'email' => $details['email']);
}
//$this->messages->AddDumpMessage('members', $members);
//set content view
$this->main_frame->SetContentSimple('members/compose', $data);
// Load the main frame
$this->main_frame->Load();
}
